# Flog Txt Version 1
# Analyzer Version: 4.1.1
# Analyzer Build Date: Feb 8 2021 16:19:57
# Log Creation Date: 16.03.2021 11:10:13.061
Process:
id = "1"
image_name = "fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe"
filename = "c:\\users\\keecfmwgj\\desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe"
page_root = "0x46f4a000"
os_pid = "0xe68"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "analysis_target"
parent_id = "0"
os_parent_pid = "0x450"
cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe\" "
cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e4d5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 3
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 4
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 5
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 6
start_va = 0xb0000
end_va = 0xeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000b0000"
filename = ""
Region:
id = 7
start_va = 0x290000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 8
start_va = 0x12b0000
end_va = 0x13f9fff
monitored = 1
entry_point = 0x13c780e
region_type = mapped_file
name = "fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe"
filename = "\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe")
Region:
id = 9
start_va = 0x76e60000
end_va = 0x77008fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 10
start_va = 0x77040000
end_va = 0x771bffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 11
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 12
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 13
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 14
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 15
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 16
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 17
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 156
start_va = 0x120000
end_va = 0x19ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000120000"
filename = ""
Region:
id = 157
start_va = 0x74590000
end_va = 0x74597fff
monitored = 0
entry_point = 0x745920f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 158
start_va = 0x745a0000
end_va = 0x745fbfff
monitored = 0
entry_point = 0x745df798
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 159
start_va = 0x74600000
end_va = 0x7463efff
monitored = 0
entry_point = 0x7462de78
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 160
start_va = 0x76c40000
end_va = 0x76d5efff
monitored = 0
entry_point = 0x76c55ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 161
start_va = 0x766d0000
end_va = 0x767dffff
monitored = 0
entry_point = 0x766e32d3
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 162
start_va = 0x76c40000
end_va = 0x76d5efff
monitored = 0
entry_point = 0x76c55ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 163
start_va = 0x76c40000
end_va = 0x76d5efff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076c40000"
filename = ""
Region:
id = 164
start_va = 0x76d60000
end_va = 0x76e59fff
monitored = 0
entry_point = 0x76d7a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 165
start_va = 0x76d60000
end_va = 0x76e59fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076d60000"
filename = ""
Region:
id = 166
start_va = 0x390000
end_va = 0x4bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000390000"
filename = ""
Region:
id = 167
start_va = 0x749b0000
end_va = 0x749f9fff
monitored = 1
entry_point = 0x749b2e54
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 168
start_va = 0x766d0000
end_va = 0x767dffff
monitored = 0
entry_point = 0x766e32d3
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 169
start_va = 0x76160000
end_va = 0x761a5fff
monitored = 0
entry_point = 0x76167478
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 170
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 171
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 172
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 173
start_va = 0x20000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 174
start_va = 0x1a0000
end_va = 0x206fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 175
start_va = 0x210000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 176
start_va = 0x76280000
end_va = 0x7631ffff
monitored = 0
entry_point = 0x762949e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 177
start_va = 0x76480000
end_va = 0x7652bfff
monitored = 0
entry_point = 0x7648a472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 178
start_va = 0x766b0000
end_va = 0x766c8fff
monitored = 0
entry_point = 0x766b4975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 179
start_va = 0x74d90000
end_va = 0x74e7ffff
monitored = 0
entry_point = 0x74da0569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 180
start_va = 0x74b90000
end_va = 0x74beffff
monitored = 0
entry_point = 0x74baa3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 181
start_va = 0x74b80000
end_va = 0x74b8bfff
monitored = 0
entry_point = 0x74b810e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 182
start_va = 0x4c0000
end_va = 0x64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 183
start_va = 0x74920000
end_va = 0x749acfff
monitored = 1
entry_point = 0x74932860
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 184
start_va = 0x72930000
end_va = 0x72932fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 185
start_va = 0x76320000
end_va = 0x76376fff
monitored = 0
entry_point = 0x76339ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 186
start_va = 0x761e0000
end_va = 0x7626ffff
monitored = 0
entry_point = 0x761f6343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 187
start_va = 0x75c40000
end_va = 0x75d3ffff
monitored = 0
entry_point = 0x75c5b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 188
start_va = 0x766a0000
end_va = 0x766a9fff
monitored = 0
entry_point = 0x766a36a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 189
start_va = 0x75d80000
end_va = 0x75e1cfff
monitored = 0
entry_point = 0x75db3fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 190
start_va = 0x70000
end_va = 0x8dfff
monitored = 0
entry_point = 0x8158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 191
start_va = 0x650000
end_va = 0x7d7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000650000"
filename = ""
Region:
id = 192
start_va = 0x70000
end_va = 0x8dfff
monitored = 0
entry_point = 0x8158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 193
start_va = 0x768c0000
end_va = 0x7691ffff
monitored = 0
entry_point = 0x768d158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 194
start_va = 0x75e20000
end_va = 0x75eebfff
monitored = 0
entry_point = 0x75e2168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 195
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 196
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000070000"
filename = ""
Region:
id = 197
start_va = 0x7e0000
end_va = 0x960fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007e0000"
filename = ""
Region:
id = 198
start_va = 0x1400000
end_va = 0x27fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001400000"
filename = ""
Region:
id = 199
start_va = 0x4c0000
end_va = 0x605fff
monitored = 1
entry_point = 0x5d780e
region_type = mapped_file
name = "fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe"
filename = "\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe")
Region:
id = 200
start_va = 0x640000
end_va = 0x64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 201
start_va = 0x4c0000
end_va = 0x605fff
monitored = 1
entry_point = 0x5d780e
region_type = mapped_file
name = "fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe"
filename = "\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe")
Region:
id = 202
start_va = 0x73a90000
end_va = 0x73a98fff
monitored = 0
entry_point = 0x73a91220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 203
start_va = 0x71830000
end_va = 0x71fdefff
monitored = 1
entry_point = 0x7184d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 204
start_va = 0x70570000
end_va = 0x70d1efff
monitored = 1
entry_point = 0x7058d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 205
start_va = 0x71830000
end_va = 0x71fdefff
monitored = 1
entry_point = 0x7184d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 206
start_va = 0x74a30000
end_va = 0x74a43fff
monitored = 0
entry_point = 0x74a3ac00
region_type = mapped_file
name = "vcruntime140_clr0400.dll"
filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")
Region:
id = 207
start_va = 0x74870000
end_va = 0x7491afff
monitored = 0
entry_point = 0x74905f20
region_type = mapped_file
name = "ucrtbase_clr0400.dll"
filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")
Region:
id = 208
start_va = 0x80000
end_va = 0x80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 209
start_va = 0x90000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000090000"
filename = ""
Region:
id = 210
start_va = 0xa0000
end_va = 0xaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 211
start_va = 0xf0000
end_va = 0xfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 212
start_va = 0x100000
end_va = 0x10ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 213
start_va = 0x110000
end_va = 0x11ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 214
start_va = 0x210000
end_va = 0x21ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 215
start_va = 0x240000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000240000"
filename = ""
Region:
id = 216
start_va = 0x220000
end_va = 0x220fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000220000"
filename = ""
Region:
id = 217
start_va = 0x230000
end_va = 0x230fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000230000"
filename = ""
Region:
id = 218
start_va = 0x4c0000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 219
start_va = 0x970000
end_va = 0xb6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000970000"
filename = ""
Region:
id = 220
start_va = 0x5a0000
end_va = 0x5dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 221
start_va = 0x600000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 222
start_va = 0xc80000
end_va = 0xd7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c80000"
filename = ""
Region:
id = 223
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 224
start_va = 0x280000
end_va = 0x28ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 225
start_va = 0x2800000
end_va = 0x47fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 226
start_va = 0x4c0000
end_va = 0x55ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 227
start_va = 0x560000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000560000"
filename = ""
Region:
id = 228
start_va = 0xd90000
end_va = 0xe8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d90000"
filename = ""
Region:
id = 229
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 230
start_va = 0xa70000
end_va = 0xaaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a70000"
filename = ""
Region:
id = 231
start_va = 0xb30000
end_va = 0xb6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b30000"
filename = ""
Region:
id = 232
start_va = 0xfe0000
end_va = 0x10dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fe0000"
filename = ""
Region:
id = 233
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 234
start_va = 0x4800000
end_va = 0x4acefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 235
start_va = 0x6f910000
end_va = 0x70d1afff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")
Region:
id = 236
start_va = 0x76920000
end_va = 0x76a7bfff
monitored = 0
entry_point = 0x7696ba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 237
start_va = 0x73870000
end_va = 0x738effff
monitored = 0
entry_point = 0x738837c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 238
start_va = 0x10e0000
end_va = 0x126ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010e0000"
filename = ""
Region:
id = 239
start_va = 0x970000
end_va = 0xa4efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000970000"
filename = ""
Region:
id = 240
start_va = 0x280000
end_va = 0x28ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 241
start_va = 0x390000
end_va = 0x39ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000390000"
filename = ""
Region:
id = 242
start_va = 0x3c0000
end_va = 0x4bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003c0000"
filename = ""
Region:
id = 243
start_va = 0x6eeb0000
end_va = 0x6f904fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")
Region:
id = 244
start_va = 0x6e690000
end_va = 0x6eea7fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")
Region:
id = 245
start_va = 0x74680000
end_va = 0x74861fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.visualbasic.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")
Region:
id = 246
start_va = 0x6e600000
end_va = 0x6e688fff
monitored = 1
entry_point = 0x6e601130
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 247
start_va = 0x76830000
end_va = 0x768befff
monitored = 0
entry_point = 0x76833fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 248
start_va = 0x3a0000
end_va = 0x3affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003a0000"
filename = ""
Region:
id = 249
start_va = 0x6e450000
end_va = 0x6e5f2fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")
Region:
id = 250
start_va = 0x6d5e0000
end_va = 0x6e445fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")
Region:
id = 251
start_va = 0x6d4d0000
end_va = 0x6d5d4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.configuration.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")
Region:
id = 252
start_va = 0x6cd50000
end_va = 0x6d4c3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")
Region:
id = 253
start_va = 0x74a10000
end_va = 0x74a22fff
monitored = 1
entry_point = 0x74a1d900
region_type = mapped_file
name = "nlssorting.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")
Region:
id = 254
start_va = 0x4ad0000
end_va = 0x4da1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nlp"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp")
Region:
id = 255
start_va = 0x74e80000
end_va = 0x75ac9fff
monitored = 0
entry_point = 0x74f01601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 256
start_va = 0x3b0000
end_va = 0x3b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003b0000"
filename = ""
Region:
id = 257
start_va = 0x73860000
end_va = 0x7386afff
monitored = 0
entry_point = 0x73861992
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 258
start_va = 0x4db0000
end_va = 0x4f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004db0000"
filename = ""
Region:
id = 259
start_va = 0x74660000
end_va = 0x74676fff
monitored = 0
entry_point = 0x746635fa
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 260
start_va = 0x73610000
end_va = 0x73626fff
monitored = 0
entry_point = 0x73613573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 261
start_va = 0xab0000
end_va = 0xaebfff
monitored = 0
entry_point = 0xab128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 262
start_va = 0xab0000
end_va = 0xaebfff
monitored = 0
entry_point = 0xab128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 263
start_va = 0xab0000
end_va = 0xaebfff
monitored = 0
entry_point = 0xab128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 264
start_va = 0xab0000
end_va = 0xaebfff
monitored = 0
entry_point = 0xab128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 265
start_va = 0xab0000
end_va = 0xaebfff
monitored = 0
entry_point = 0xab128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 266
start_va = 0x735d0000
end_va = 0x7360afff
monitored = 0
entry_point = 0x735d128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 267
start_va = 0xb70000
end_va = 0xbf1fff
monitored = 0
entry_point = 0xb719a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 268
start_va = 0xb70000
end_va = 0xbf1fff
monitored = 0
entry_point = 0xb719a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 269
start_va = 0x6ccc0000
end_va = 0x6cd43fff
monitored = 0
entry_point = 0x6ccc19a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 270
start_va = 0xe90000
end_va = 0xfcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e90000"
filename = ""
Region:
id = 271
start_va = 0x6cbf0000
end_va = 0x6ccbffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.runtime.remoting.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\fd0048cfdcd58dd454d2575e5cb55e70\\System.Runtime.Remoting.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runt73a1fc9d#\\fd0048cfdcd58dd454d2575e5cb55e70\\system.runtime.remoting.ni.dll")
Region:
id = 272
start_va = 0x6c640000
end_va = 0x6cbe3fff
monitored = 1
entry_point = 0x6cbcb692
region_type = mapped_file
name = "system.windows.forms.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.windows.forms\\v4.0_4.0.0.0__b77a5c561934e089\\system.windows.forms.dll")
Region:
id = 273
start_va = 0x5e0000
end_va = 0x5e1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005e0000"
filename = ""
Region:
id = 274
start_va = 0x5f0000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005f0000"
filename = ""
Region:
id = 275
start_va = 0x7ef50000
end_va = 0x7ef9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef50000"
filename = ""
Region:
id = 276
start_va = 0x7ef40000
end_va = 0x7ef4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef40000"
filename = ""
Region:
id = 277
start_va = 0x6c3d0000
end_va = 0x6cbe9fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.data.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Data\\df2dd09ed7c341842a104e1e668f184e\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.data\\df2dd09ed7c341842a104e1e668f184e\\system.data.ni.dll")
Region:
id = 278
start_va = 0x6c070000
end_va = 0x6c3c3fff
monitored = 1
entry_point = 0x6c3a7a72
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 279
start_va = 0x75d40000
end_va = 0x75d74fff
monitored = 0
entry_point = 0x75d4145d
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 280
start_va = 0x76270000
end_va = 0x76275fff
monitored = 0
entry_point = 0x76271782
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")
Region:
id = 281
start_va = 0x76560000
end_va = 0x76680fff
monitored = 0
entry_point = 0x7656158e
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")
Region:
id = 282
start_va = 0x760f0000
end_va = 0x760fbfff
monitored = 0
entry_point = 0x760f238e
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")
Region:
id = 283
start_va = 0x4f10000
end_va = 0x5260fff
monitored = 1
entry_point = 0x5247a72
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 284
start_va = 0x4f10000
end_va = 0x5260fff
monitored = 1
entry_point = 0x5247a72
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 285
start_va = 0x4f10000
end_va = 0x5260fff
monitored = 1
entry_point = 0x5247a72
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 286
start_va = 0x4f10000
end_va = 0x5260fff
monitored = 1
entry_point = 0x5247a72
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 287
start_va = 0x5f0000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005f0000"
filename = ""
Region:
id = 288
start_va = 0xab0000
end_va = 0xb11fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 289
start_va = 0xa50000
end_va = 0xa5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a50000"
filename = ""
Region:
id = 290
start_va = 0xa60000
end_va = 0xa6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a60000"
filename = ""
Region:
id = 291
start_va = 0xa50000
end_va = 0xa5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a50000"
filename = ""
Region:
id = 292
start_va = 0xb70000
end_va = 0xb92fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b70000"
filename = ""
Region:
id = 293
start_va = 0xa50000
end_va = 0xa5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a50000"
filename = ""
Region:
id = 294
start_va = 0xa60000
end_va = 0xa6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a60000"
filename = ""
Region:
id = 295
start_va = 0xa60000
end_va = 0xa6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a60000"
filename = ""
Region:
id = 296
start_va = 0xb20000
end_va = 0xb2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b20000"
filename = ""
Region:
id = 297
start_va = 0xba0000
end_va = 0xbaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ba0000"
filename = ""
Region:
id = 298
start_va = 0xbb0000
end_va = 0xbbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000bb0000"
filename = ""
Region:
id = 299
start_va = 0xb20000
end_va = 0xb2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b20000"
filename = ""
Region:
id = 300
start_va = 0xba0000
end_va = 0xbdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ba0000"
filename = ""
Region:
id = 301
start_va = 0xbe0000
end_va = 0xc1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000be0000"
filename = ""
Region:
id = 302
start_va = 0xc20000
end_va = 0xc2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c20000"
filename = ""
Region:
id = 303
start_va = 0x10e0000
end_va = 0x11dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010e0000"
filename = ""
Region:
id = 304
start_va = 0x1230000
end_va = 0x126ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001230000"
filename = ""
Region:
id = 305
start_va = 0x5080000
end_va = 0x517ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005080000"
filename = ""
Region:
id = 306
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 307
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 308
start_va = 0xc30000
end_va = 0xc3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c30000"
filename = ""
Region:
id = 309
start_va = 0xc40000
end_va = 0xc4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c40000"
filename = ""
Region:
id = 310
start_va = 0xc50000
end_va = 0xc5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c50000"
filename = ""
Region:
id = 311
start_va = 0xc60000
end_va = 0xc6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c60000"
filename = ""
Region:
id = 312
start_va = 0xc70000
end_va = 0xc7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c70000"
filename = ""
Region:
id = 313
start_va = 0xd80000
end_va = 0xd8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d80000"
filename = ""
Region:
id = 314
start_va = 0xe90000
end_va = 0xe9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e90000"
filename = ""
Region:
id = 315
start_va = 0xfc0000
end_va = 0xfcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fc0000"
filename = ""
Region:
id = 316
start_va = 0xea0000
end_va = 0xeaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ea0000"
filename = ""
Region:
id = 317
start_va = 0xeb0000
end_va = 0xebffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000eb0000"
filename = ""
Region:
id = 318
start_va = 0xec0000
end_va = 0xecffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ec0000"
filename = ""
Region:
id = 319
start_va = 0xed0000
end_va = 0xedffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ed0000"
filename = ""
Region:
id = 320
start_va = 0xee0000
end_va = 0xeeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ee0000"
filename = ""
Region:
id = 321
start_va = 0xef0000
end_va = 0xefffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ef0000"
filename = ""
Region:
id = 322
start_va = 0xf00000
end_va = 0xf0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f00000"
filename = ""
Region:
id = 323
start_va = 0xf10000
end_va = 0xf1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f10000"
filename = ""
Region:
id = 324
start_va = 0xf20000
end_va = 0xf2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f20000"
filename = ""
Region:
id = 325
start_va = 0xf30000
end_va = 0xf3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f30000"
filename = ""
Region:
id = 326
start_va = 0xf40000
end_va = 0xf4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f40000"
filename = ""
Region:
id = 327
start_va = 0x71500000
end_va = 0x7168ffff
monitored = 0
entry_point = 0x7159d026
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")
Region:
id = 328
start_va = 0x5180000
end_va = 0x536ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005180000"
filename = ""
Region:
id = 329
start_va = 0xc20000
end_va = 0xc2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c20000"
filename = ""
Region:
id = 330
start_va = 0x4e30000
end_va = 0x4e6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e30000"
filename = ""
Region:
id = 331
start_va = 0x4ed0000
end_va = 0x4f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ed0000"
filename = ""
Region:
id = 332
start_va = 0x5260000
end_va = 0x535ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005260000"
filename = ""
Region:
id = 333
start_va = 0x5360000
end_va = 0x536ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005360000"
filename = ""
Region:
id = 334
start_va = 0x7efa4000
end_va = 0x7efa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa4000"
filename = ""
Region:
id = 335
start_va = 0xe90000
end_va = 0xf0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e90000"
filename = ""
Region:
id = 336
start_va = 0x4f10000
end_va = 0x500ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f10000"
filename = ""
Region:
id = 337
start_va = 0x71400000
end_va = 0x714fafff
monitored = 0
entry_point = 0x714117e1
region_type = mapped_file
name = "windowscodecs.dll"
filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")
Region:
id = 338
start_va = 0xf10000
end_va = 0xf7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f10000"
filename = ""
Region:
id = 339
start_va = 0xc30000
end_va = 0xc3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c30000"
filename = ""
Region:
id = 340
start_va = 0xc30000
end_va = 0xc3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c30000"
filename = ""
Region:
id = 341
start_va = 0x4db0000
end_va = 0x4e1efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004db0000"
filename = ""
Region:
id = 342
start_va = 0xc30000
end_va = 0xc3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c30000"
filename = ""
Region:
id = 343
start_va = 0xc40000
end_va = 0xc4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c40000"
filename = ""
Region:
id = 344
start_va = 0xc50000
end_va = 0xc5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c50000"
filename = ""
Region:
id = 345
start_va = 0xc30000
end_va = 0xc3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c30000"
filename = ""
Region:
id = 346
start_va = 0xc40000
end_va = 0xc4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c40000"
filename = ""
Region:
id = 347
start_va = 0xc60000
end_va = 0xc6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c60000"
filename = ""
Region:
id = 348
start_va = 0xc70000
end_va = 0xc7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c70000"
filename = ""
Region:
id = 349
start_va = 0xd80000
end_va = 0xd8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d80000"
filename = ""
Region:
id = 350
start_va = 0xf80000
end_va = 0xf8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f80000"
filename = ""
Region:
id = 351
start_va = 0xf90000
end_va = 0xf9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f90000"
filename = ""
Region:
id = 352
start_va = 0xfa0000
end_va = 0xfaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fa0000"
filename = ""
Region:
id = 353
start_va = 0xfb0000
end_va = 0xfbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fb0000"
filename = ""
Region:
id = 354
start_va = 0xfd0000
end_va = 0xfdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fd0000"
filename = ""
Region:
id = 355
start_va = 0x11e0000
end_va = 0x11effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011e0000"
filename = ""
Region:
id = 356
start_va = 0x11f0000
end_va = 0x11fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011f0000"
filename = ""
Region:
id = 357
start_va = 0x1200000
end_va = 0x120ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001200000"
filename = ""
Region:
id = 358
start_va = 0x1210000
end_va = 0x121ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001210000"
filename = ""
Region:
id = 359
start_va = 0x1220000
end_va = 0x122ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001220000"
filename = ""
Region:
id = 360
start_va = 0x1270000
end_va = 0x127ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001270000"
filename = ""
Region:
id = 361
start_va = 0x1280000
end_va = 0x128ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001280000"
filename = ""
Region:
id = 362
start_va = 0xc30000
end_va = 0xc3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c30000"
filename = ""
Region:
id = 363
start_va = 0xc30000
end_va = 0xc3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c30000"
filename = ""
Region:
id = 364
start_va = 0xc30000
end_va = 0xc3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c30000"
filename = ""
Region:
id = 365
start_va = 0x73830000
end_va = 0x73850fff
monitored = 0
entry_point = 0x7383145e
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll")
Region:
id = 366
start_va = 0x75ad0000
end_va = 0x75b14fff
monitored = 0
entry_point = 0x75ad11e1
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll")
Region:
id = 367
start_va = 0xc30000
end_va = 0xc3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c30000"
filename = ""
Region:
id = 368
start_va = 0x733d0000
end_va = 0x734c4fff
monitored = 0
entry_point = 0x733e0d9e
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll")
Region:
id = 369
start_va = 0xc30000
end_va = 0xc31fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c30000"
filename = ""
Region:
id = 370
start_va = 0x738f0000
end_va = 0x73a8dfff
monitored = 0
entry_point = 0x7391e6b5
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 371
start_va = 0x5370000
end_va = 0x546ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005370000"
filename = ""
Region:
id = 372
start_va = 0xc40000
end_va = 0xc40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 373
start_va = 0xc60000
end_va = 0xc61fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c60000"
filename = ""
Region:
id = 374
start_va = 0x734d0000
end_va = 0x7351bfff
monitored = 0
entry_point = 0x734d2c14
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")
Region:
id = 375
start_va = 0xc40000
end_va = 0xc40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c40000"
filename = ""
Region:
id = 376
start_va = 0x75b20000
end_va = 0x75ba2fff
monitored = 0
entry_point = 0x75b223d2
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 377
start_va = 0xc70000
end_va = 0xc70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c70000"
filename = ""
Region:
id = 378
start_va = 0x73b10000
end_va = 0x7458ffff
monitored = 0
entry_point = 0x73b16b95
region_type = mapped_file
name = "ieframe.dll"
filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll")
Region:
id = 379
start_va = 0x77010000
end_va = 0x77014fff
monitored = 0
entry_point = 0x77011438
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 380
start_va = 0x73ad0000
end_va = 0x73b0bfff
monitored = 0
entry_point = 0x73ad3089
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll")
Region:
id = 381
start_va = 0x75ef0000
end_va = 0x760eafff
monitored = 0
entry_point = 0x75ef22d9
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll")
Region:
id = 382
start_va = 0xd80000
end_va = 0xd80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll")
Region:
id = 383
start_va = 0xf80000
end_va = 0xf81fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f80000"
filename = ""
Region:
id = 384
start_va = 0x76b00000
end_va = 0x76c35fff
monitored = 0
entry_point = 0x76b01b35
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll")
Region:
id = 385
start_va = 0x76380000
end_va = 0x76474fff
monitored = 0
entry_point = 0x76381865
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll")
Region:
id = 386
start_va = 0x74bf0000
end_va = 0x74d8cfff
monitored = 0
entry_point = 0x74bf17e7
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll")
Region:
id = 387
start_va = 0x76800000
end_va = 0x76826fff
monitored = 0
entry_point = 0x768058b9
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 388
start_va = 0x767e0000
end_va = 0x767f1fff
monitored = 0
entry_point = 0x767e1441
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll")
Region:
id = 389
start_va = 0xf90000
end_va = 0xf9cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui")
Region:
id = 390
start_va = 0xfa0000
end_va = 0xfa3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 391
start_va = 0x11e0000
end_va = 0x11f5fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000003.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000003.db")
Region:
id = 392
start_va = 0xfb0000
end_va = 0xfb0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000fb0000"
filename = ""
Region:
id = 393
start_va = 0xfa0000
end_va = 0xfa3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 394
start_va = 0x1200000
end_va = 0x122ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db")
Region:
id = 395
start_va = 0xfd0000
end_va = 0xfd3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 396
start_va = 0x5010000
end_va = 0x5075fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 397
start_va = 0x1270000
end_va = 0x127dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui")
Region:
id = 398
start_va = 0x1280000
end_va = 0x1280fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001280000"
filename = ""
Region:
id = 432
start_va = 0x73560000
end_va = 0x7356dfff
monitored = 0
entry_point = 0x73561235
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")
Region:
id = 449
start_va = 0x5210000
end_va = 0x524ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005210000"
filename = ""
Region:
id = 450
start_va = 0x5490000
end_va = 0x558ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005490000"
filename = ""
Region:
id = 451
start_va = 0x7efa1000
end_va = 0x7efa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa1000"
filename = ""
Region:
id = 478
start_va = 0x1290000
end_va = 0x129ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001290000"
filename = ""
Region:
id = 479
start_va = 0x12a0000
end_va = 0x12affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000012a0000"
filename = ""
Region:
id = 480
start_va = 0x4e20000
end_va = 0x4e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e20000"
filename = ""
Region:
id = 530
start_va = 0x5190000
end_va = 0x51cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005190000"
filename = ""
Region:
id = 531
start_va = 0x55d0000
end_va = 0x56cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000055d0000"
filename = ""
Region:
id = 532
start_va = 0x7ef3d000
end_va = 0x7ef3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3d000"
filename = ""
Region:
id = 533
start_va = 0x1290000
end_va = 0x129ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001290000"
filename = ""
Region:
id = 544
start_va = 0x4e90000
end_va = 0x4ecffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e90000"
filename = ""
Region:
id = 545
start_va = 0x5870000
end_va = 0x596ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005870000"
filename = ""
Region:
id = 546
start_va = 0x7ef3a000
end_va = 0x7ef3cfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3a000"
filename = ""
Thread:
id = 1
os_tid = 0xe6c
[0072.789] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0077.284] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1b7
[0077.284] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1b9
[0077.469] GetCurrentProcess () returned 0xffffffff
[0077.471] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ead0 | out: TokenHandle=0x38ead0*=0x1e4) returned 1
[0077.514] GetCurrentProcess () returned 0xffffffff
[0077.514] GetCurrentThread () returned 0xfffffffe
[0077.514] GetCurrentProcess () returned 0xffffffff
[0077.514] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x38eb2c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x38eb2c*=0x1e8) returned 1
[0077.517] GetCurrentThreadId () returned 0xe6c
[0077.672] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe.config", nBufferLength=0x105, lpBuffer=0x38e3f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe.config", lpFilePart=0x0) returned 0x66
[0077.679] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x38e0f0 | out: phkResult=0x38e0f0*=0x0) returned 0x2
[0077.680] RegCloseKey (hKey=0x80000002) returned 0x0
[0077.876] GetCurrentProcess () returned 0xffffffff
[0077.876] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e730 | out: TokenHandle=0x38e730*=0x40) returned 1
[0077.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x38e1e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0078.026] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x38e728 | out: lpFileInformation=0x38e728*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0078.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x38e1b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0078.028] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x38e730 | out: lpFileInformation=0x38e730*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0078.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x38e150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0078.030] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38e668) returned 1
[0078.030] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f8
[0078.031] GetFileType (hFile=0x1f8) returned 0x1
[0078.031] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38e664) returned 1
[0078.031] GetFileType (hFile=0x1f8) returned 0x1
[0082.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x38d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0082.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x38da04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0082.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38dc44) returned 1
[0082.520] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x38df08 | out: lpFileInformation=0x38df08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0082.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38dc40) returned 1
[0082.845] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x38ddd4 | out: pfEnabled=0x38ddd4) returned 0x0
[0083.236] GetFileSize (in: hFile=0x1f8, lpFileSizeHigh=0x38e724 | out: lpFileSizeHigh=0x38e724*=0x0) returned 0x8c8e
[0083.237] ReadFile (in: hFile=0x1f8, lpBuffer=0x2830568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e6e0, lpOverlapped=0x0 | out: lpBuffer=0x2830568*, lpNumberOfBytesRead=0x38e6e0*=0x1000, lpOverlapped=0x0) returned 1
[0083.255] ReadFile (in: hFile=0x1f8, lpBuffer=0x2830568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e590, lpOverlapped=0x0 | out: lpBuffer=0x2830568*, lpNumberOfBytesRead=0x38e590*=0x1000, lpOverlapped=0x0) returned 1
[0083.257] ReadFile (in: hFile=0x1f8, lpBuffer=0x2830568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e444, lpOverlapped=0x0 | out: lpBuffer=0x2830568*, lpNumberOfBytesRead=0x38e444*=0x1000, lpOverlapped=0x0) returned 1
[0083.257] ReadFile (in: hFile=0x1f8, lpBuffer=0x2830568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e444, lpOverlapped=0x0 | out: lpBuffer=0x2830568*, lpNumberOfBytesRead=0x38e444*=0x1000, lpOverlapped=0x0) returned 1
[0083.258] ReadFile (in: hFile=0x1f8, lpBuffer=0x2830568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e444, lpOverlapped=0x0 | out: lpBuffer=0x2830568*, lpNumberOfBytesRead=0x38e444*=0x1000, lpOverlapped=0x0) returned 1
[0083.259] ReadFile (in: hFile=0x1f8, lpBuffer=0x2830568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e37c, lpOverlapped=0x0 | out: lpBuffer=0x2830568*, lpNumberOfBytesRead=0x38e37c*=0x1000, lpOverlapped=0x0) returned 1
[0083.265] ReadFile (in: hFile=0x1f8, lpBuffer=0x2830568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e4e8, lpOverlapped=0x0 | out: lpBuffer=0x2830568*, lpNumberOfBytesRead=0x38e4e8*=0x1000, lpOverlapped=0x0) returned 1
[0083.266] ReadFile (in: hFile=0x1f8, lpBuffer=0x2830568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e3dc, lpOverlapped=0x0 | out: lpBuffer=0x2830568*, lpNumberOfBytesRead=0x38e3dc*=0x1000, lpOverlapped=0x0) returned 1
[0083.267] ReadFile (in: hFile=0x1f8, lpBuffer=0x2830568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e3dc, lpOverlapped=0x0 | out: lpBuffer=0x2830568*, lpNumberOfBytesRead=0x38e3dc*=0xc8e, lpOverlapped=0x0) returned 1
[0083.267] ReadFile (in: hFile=0x1f8, lpBuffer=0x2830568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e4a0, lpOverlapped=0x0 | out: lpBuffer=0x2830568*, lpNumberOfBytesRead=0x38e4a0*=0x0, lpOverlapped=0x0) returned 1
[0083.267] CloseHandle (hObject=0x1f8) returned 1
[0083.267] CloseHandle (hObject=0x40) returned 1
[0083.268] GetCurrentProcess () returned 0xffffffff
[0083.268] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e87c | out: TokenHandle=0x38e87c*=0x40) returned 1
[0083.269] CloseHandle (hObject=0x40) returned 1
[0083.269] GetCurrentProcess () returned 0xffffffff
[0083.269] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e87c | out: TokenHandle=0x38e87c*=0x40) returned 1
[0083.270] CloseHandle (hObject=0x40) returned 1
[0083.277] GetCurrentProcess () returned 0xffffffff
[0083.277] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e730 | out: TokenHandle=0x38e730*=0x40) returned 1
[0083.277] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x38e728 | out: lpFileInformation=0x38e728*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0083.278] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe.config", nBufferLength=0x105, lpBuffer=0x38e1b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe.config", lpFilePart=0x0) returned 0x66
[0083.278] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x38e730 | out: lpFileInformation=0x38e730*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0083.279] CloseHandle (hObject=0x40) returned 1
[0083.279] GetCurrentProcess () returned 0xffffffff
[0083.279] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e87c | out: TokenHandle=0x38e87c*=0x40) returned 1
[0083.280] CloseHandle (hObject=0x40) returned 1
[0083.281] GetCurrentProcess () returned 0xffffffff
[0083.281] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e87c | out: TokenHandle=0x38e87c*=0x40) returned 1
[0083.281] CloseHandle (hObject=0x40) returned 1
[0083.302] GetCurrentProcess () returned 0xffffffff
[0083.302] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e694 | out: TokenHandle=0x38e694*=0x40) returned 1
[0083.308] CloseHandle (hObject=0x40) returned 1
[0083.308] GetCurrentProcess () returned 0xffffffff
[0083.308] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38e6ac | out: TokenHandle=0x38e6ac*=0x40) returned 1
[0083.315] CloseHandle (hObject=0x40) returned 1
[0083.320] GetSystemMetrics (nIndex=75) returned 1
[0083.340] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0084.774] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x766d0000
[0084.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x38ea00, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory", lpUsedDefaultChar=0x0) returned 15
[0084.777] GetProcAddress (hModule=0x766d0000, lpProcName="AddDllDirectory") returned 0x0
[0084.794] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6ccc0000
[0084.814] GetModuleHandleW (lpModuleName="user32.dll") returned 0x75c40000
[0084.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x38e944, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\x80m«H+kDþ\x83q(í8", lpUsedDefaultChar=0x0) returned 14
[0084.815] GetProcAddress (hModule=0x75c40000, lpProcName="DefWindowProcW") returned 0x770725dd
[0084.816] GetStockObject (i=5) returned 0x1900015
[0084.819] GetModuleHandleW (lpModuleName=0x0) returned 0x12b0000
[0084.824] CoTaskMemAlloc (cb=0x5c) returned 0x4515f0
[0084.824] RegisterClassW (lpWndClass=0x38e934) returned 0xc059
[0084.825] CoTaskMemFree (pv=0x4515f0)
[0084.825] GetModuleHandleW (lpModuleName=0x0) returned 0x12b0000
[0084.826] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x12b0000, lpParam=0x0) returned 0x8010e
[0084.827] SetWindowLongW (hWnd=0x8010e, nIndex=-4, dwNewLong=1996957149) returned 82643158
[0084.829] GetWindowLongW (hWnd=0x8010e, nIndex=-4) returned 1996957149
[0084.835] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x38e248 | out: phkResult=0x38e248*=0x1f8) returned 0x0
[0084.837] RegQueryValueExW (in: hKey=0x1f8, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x38e268, lpData=0x0, lpcbData=0x38e264*=0x0 | out: lpType=0x38e268*=0x0, lpData=0x0, lpcbData=0x38e264*=0x0) returned 0x2
[0084.837] RegQueryValueExW (in: hKey=0x1f8, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x38e268, lpData=0x0, lpcbData=0x38e264*=0x0 | out: lpType=0x38e268*=0x0, lpData=0x0, lpcbData=0x38e264*=0x0) returned 0x2
[0084.837] RegCloseKey (hKey=0x1f8) returned 0x0
[0084.841] SetWindowLongW (hWnd=0x8010e, nIndex=-4, dwNewLong=82643198) returned 1996957149
[0084.841] GetWindowLongW (hWnd=0x8010e, nIndex=-4) returned 82643198
[0084.841] GetWindowLongW (hWnd=0x8010e, nIndex=-16) returned 113311744
[0084.842] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc1b8
[0084.843] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0x8010e, Msg=0x24, wParam=0x0, lParam=0x38e520) returned 0x0
[0084.843] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc108
[0084.843] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0x8010e, Msg=0x81, wParam=0x0, lParam=0x38e514) returned 0x1
[0084.844] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0x8010e, Msg=0x83, wParam=0x0, lParam=0x38e500) returned 0x0
[0084.844] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0x8010e, Msg=0x1, wParam=0x0, lParam=0x38e514) returned 0x0
[0084.845] GetClientRect (in: hWnd=0x8010e, lpRect=0x38e27c | out: lpRect=0x38e27c) returned 1
[0084.845] GetWindowRect (in: hWnd=0x8010e, lpRect=0x38e27c | out: lpRect=0x38e27c) returned 1
[0084.848] GetParent (hWnd=0x8010e) returned 0x0
[0085.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x38e93c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77
[0085.167] IsAppThemed () returned 0x1
[0085.174] CoTaskMemAlloc (cb=0xf0) returned 0x463ef8
[0085.175] CreateActCtxA (pActCtx=0x38ee60) returned 0x468914
[0085.582] CoTaskMemFree (pv=0x463ef8)
[0088.664] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x4585e8
[0088.667] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x458670
[0088.692] AdjustWindowRectEx (in: lpRect=0x38e968, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x38e968) returned 1
[0088.719] EtwEventRegister () returned 0x0
[0088.734] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe.config", nBufferLength=0x105, lpBuffer=0x38e224, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe.config", lpFilePart=0x0) returned 0x66
[0088.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38e46c) returned 1
[0088.734] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x38e730 | out: lpFileInformation=0x38e730*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0088.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38e468) returned 1
[0143.595] GdiplusStartup (in: token=0x106b98, input=0x38ce78, output=0x38cec8 | out: token=0x106b98, output=0x38cec8) returned 0x0
[0143.615] GdipLoadImageFromStream (stream=0xc20030, image=0x38d960) returned 0x0
[0144.105] GdipImageForceValidation (image=0x5362230) returned 0x0
[0144.116] GdipGetImageType (image=0x5362230, type=0x38d95c) returned 0x0
[0144.117] GdipGetImageRawFormat (image=0x5362230, format=0x38d8d0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0
[0144.152] GdipGetImageWidth (image=0x5362230, width=0x38decc) returned 0x0
[0144.152] GdipGetImageHeight (image=0x5362230, height=0x38decc) returned 0x0
[0144.190] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.190] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.190] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=0, color=0x38debc) returned 0x0
[0144.228] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.228] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.228] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=1, color=0x38debc) returned 0x0
[0144.228] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.228] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.228] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=2, color=0x38debc) returned 0x0
[0144.228] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.229] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.229] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=3, color=0x38debc) returned 0x0
[0144.229] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.229] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.229] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=4, color=0x38debc) returned 0x0
[0144.229] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.229] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.229] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=5, color=0x38debc) returned 0x0
[0144.229] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.229] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.229] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=6, color=0x38debc) returned 0x0
[0144.229] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.229] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.229] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=7, color=0x38debc) returned 0x0
[0144.229] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.229] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.230] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=8, color=0x38debc) returned 0x0
[0144.230] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.230] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.230] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=9, color=0x38debc) returned 0x0
[0144.230] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.230] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.230] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=10, color=0x38debc) returned 0x0
[0144.230] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.230] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.230] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=11, color=0x38debc) returned 0x0
[0144.230] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.230] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.230] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=12, color=0x38debc) returned 0x0
[0144.230] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.230] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.230] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=13, color=0x38debc) returned 0x0
[0144.230] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.231] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.231] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=14, color=0x38debc) returned 0x0
[0144.231] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.231] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.231] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=15, color=0x38debc) returned 0x0
[0144.231] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.231] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.231] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=16, color=0x38debc) returned 0x0
[0144.231] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.231] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.231] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=17, color=0x38debc) returned 0x0
[0144.231] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.231] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.231] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=18, color=0x38debc) returned 0x0
[0144.231] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.231] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.231] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=19, color=0x38debc) returned 0x0
[0144.232] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.232] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.232] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=20, color=0x38debc) returned 0x0
[0144.232] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.232] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.232] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=21, color=0x38debc) returned 0x0
[0144.232] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.232] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.232] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=22, color=0x38debc) returned 0x0
[0144.232] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.232] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.232] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=23, color=0x38debc) returned 0x0
[0144.232] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.232] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.232] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=24, color=0x38debc) returned 0x0
[0144.232] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.233] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.233] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=25, color=0x38debc) returned 0x0
[0144.233] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.233] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.233] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=26, color=0x38debc) returned 0x0
[0144.233] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.233] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.233] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=27, color=0x38debc) returned 0x0
[0144.233] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.233] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.233] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=28, color=0x38debc) returned 0x0
[0144.233] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.233] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.233] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=29, color=0x38debc) returned 0x0
[0144.233] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.233] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.233] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=30, color=0x38debc) returned 0x0
[0144.234] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.234] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.234] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=31, color=0x38debc) returned 0x0
[0144.234] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.234] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.234] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=32, color=0x38debc) returned 0x0
[0144.234] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.234] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.234] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=33, color=0x38debc) returned 0x0
[0144.235] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.235] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.235] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=34, color=0x38debc) returned 0x0
[0144.235] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.235] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.235] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=35, color=0x38debc) returned 0x0
[0144.235] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.235] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.235] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=36, color=0x38debc) returned 0x0
[0144.236] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.236] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.236] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=37, color=0x38debc) returned 0x0
[0144.236] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.236] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.236] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=38, color=0x38debc) returned 0x0
[0144.236] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.236] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.236] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=39, color=0x38debc) returned 0x0
[0144.237] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.237] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.237] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=40, color=0x38debc) returned 0x0
[0144.237] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.237] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.237] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=41, color=0x38debc) returned 0x0
[0144.237] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.237] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.237] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=42, color=0x38debc) returned 0x0
[0144.237] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.237] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.237] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=43, color=0x38debc) returned 0x0
[0144.237] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.237] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.237] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=44, color=0x38debc) returned 0x0
[0144.238] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.238] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.238] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=45, color=0x38debc) returned 0x0
[0144.238] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.238] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.238] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=46, color=0x38debc) returned 0x0
[0144.238] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.238] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.238] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=47, color=0x38debc) returned 0x0
[0144.238] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.238] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.238] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=48, color=0x38debc) returned 0x0
[0144.238] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.238] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.238] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=49, color=0x38debc) returned 0x0
[0144.238] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.238] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.239] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=50, color=0x38debc) returned 0x0
[0144.239] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.239] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.239] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=51, color=0x38debc) returned 0x0
[0144.239] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.239] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.239] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=52, color=0x38debc) returned 0x0
[0144.239] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.239] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.239] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=53, color=0x38debc) returned 0x0
[0144.239] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.239] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.239] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=54, color=0x38debc) returned 0x0
[0144.239] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.240] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.240] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=55, color=0x38debc) returned 0x0
[0144.240] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.240] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.240] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=56, color=0x38debc) returned 0x0
[0144.240] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.240] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.240] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=57, color=0x38debc) returned 0x0
[0144.240] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.240] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.240] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=58, color=0x38debc) returned 0x0
[0144.240] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.240] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.240] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=59, color=0x38debc) returned 0x0
[0144.240] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.240] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.240] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=60, color=0x38debc) returned 0x0
[0144.241] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.241] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.241] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=61, color=0x38debc) returned 0x0
[0144.241] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.241] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.241] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=62, color=0x38debc) returned 0x0
[0144.241] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.241] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.241] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=63, color=0x38debc) returned 0x0
[0144.241] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.241] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.241] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=64, color=0x38debc) returned 0x0
[0144.241] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.241] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.241] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=65, color=0x38debc) returned 0x0
[0144.242] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.242] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.242] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=66, color=0x38debc) returned 0x0
[0144.242] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.242] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.242] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=67, color=0x38debc) returned 0x0
[0144.242] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.242] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.242] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=68, color=0x38debc) returned 0x0
[0144.242] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.242] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.242] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=69, color=0x38debc) returned 0x0
[0144.242] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.242] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.242] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=70, color=0x38debc) returned 0x0
[0144.242] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.243] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.243] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=71, color=0x38debc) returned 0x0
[0144.243] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.243] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.243] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=72, color=0x38debc) returned 0x0
[0144.243] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.243] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.243] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=73, color=0x38debc) returned 0x0
[0144.243] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.243] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.243] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=74, color=0x38debc) returned 0x0
[0144.243] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.243] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.244] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=75, color=0x38debc) returned 0x0
[0144.244] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.244] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.244] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=76, color=0x38debc) returned 0x0
[0144.244] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.244] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.244] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=77, color=0x38debc) returned 0x0
[0144.244] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.244] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.244] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=78, color=0x38debc) returned 0x0
[0144.244] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.244] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.244] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=79, color=0x38debc) returned 0x0
[0144.244] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.244] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.244] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=80, color=0x38debc) returned 0x0
[0144.245] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.245] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.245] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=81, color=0x38debc) returned 0x0
[0144.245] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.245] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.245] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=82, color=0x38debc) returned 0x0
[0144.245] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.245] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.245] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=83, color=0x38debc) returned 0x0
[0144.245] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.245] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.245] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=84, color=0x38debc) returned 0x0
[0144.245] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.245] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.245] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=85, color=0x38debc) returned 0x0
[0144.245] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.245] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.245] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=86, color=0x38debc) returned 0x0
[0144.245] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.246] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.246] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=87, color=0x38debc) returned 0x0
[0144.246] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.246] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.246] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=88, color=0x38debc) returned 0x0
[0144.246] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.246] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.246] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=89, color=0x38debc) returned 0x0
[0144.246] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.246] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.246] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=90, color=0x38debc) returned 0x0
[0144.246] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.246] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.246] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=91, color=0x38debc) returned 0x0
[0144.246] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.246] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.246] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=92, color=0x38debc) returned 0x0
[0144.246] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.246] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.246] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=93, color=0x38debc) returned 0x0
[0144.247] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.247] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.247] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=94, color=0x38debc) returned 0x0
[0144.247] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.247] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.247] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=95, color=0x38debc) returned 0x0
[0144.247] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.247] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.247] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=96, color=0x38debc) returned 0x0
[0144.247] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.247] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.247] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=97, color=0x38debc) returned 0x0
[0144.247] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.247] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.247] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=98, color=0x38debc) returned 0x0
[0144.247] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.247] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.247] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=99, color=0x38debc) returned 0x0
[0144.247] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.247] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.247] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=100, color=0x38debc) returned 0x0
[0144.248] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.248] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.248] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=101, color=0x38debc) returned 0x0
[0144.248] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.248] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.248] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=102, color=0x38debc) returned 0x0
[0144.248] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.248] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.248] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=103, color=0x38debc) returned 0x0
[0144.248] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.248] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.248] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=104, color=0x38debc) returned 0x0
[0144.248] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.248] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.248] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=105, color=0x38debc) returned 0x0
[0144.248] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.248] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.248] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=106, color=0x38debc) returned 0x0
[0144.248] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.248] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.248] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=107, color=0x38debc) returned 0x0
[0144.248] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.249] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.249] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=108, color=0x38debc) returned 0x0
[0144.249] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.249] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.249] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=109, color=0x38debc) returned 0x0
[0144.249] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.249] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.249] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=110, color=0x38debc) returned 0x0
[0144.249] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.249] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.249] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=111, color=0x38debc) returned 0x0
[0144.249] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.249] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.249] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=112, color=0x38debc) returned 0x0
[0144.249] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.249] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.249] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=113, color=0x38debc) returned 0x0
[0144.249] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.249] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.249] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=114, color=0x38debc) returned 0x0
[0144.249] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.250] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.250] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=115, color=0x38debc) returned 0x0
[0144.250] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.250] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.250] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=116, color=0x38debc) returned 0x0
[0144.250] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.250] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.250] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=117, color=0x38debc) returned 0x0
[0144.250] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.250] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.250] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=118, color=0x38debc) returned 0x0
[0144.250] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.250] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.250] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=119, color=0x38debc) returned 0x0
[0144.250] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.250] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.250] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=120, color=0x38debc) returned 0x0
[0144.250] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.250] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.250] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=121, color=0x38debc) returned 0x0
[0144.251] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.251] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.251] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=122, color=0x38debc) returned 0x0
[0144.251] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.251] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.251] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=123, color=0x38debc) returned 0x0
[0144.251] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.251] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.251] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=124, color=0x38debc) returned 0x0
[0144.251] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.251] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.251] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=125, color=0x38debc) returned 0x0
[0144.251] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.251] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.251] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=126, color=0x38debc) returned 0x0
[0144.251] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.251] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.251] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=127, color=0x38debc) returned 0x0
[0144.251] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.251] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.252] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=128, color=0x38debc) returned 0x0
[0144.252] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.252] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.252] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=129, color=0x38debc) returned 0x0
[0144.252] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.252] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.252] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=130, color=0x38debc) returned 0x0
[0144.252] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.252] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.252] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=131, color=0x38debc) returned 0x0
[0144.252] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.252] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.252] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=132, color=0x38debc) returned 0x0
[0144.252] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.252] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.252] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=133, color=0x38debc) returned 0x0
[0144.252] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.252] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.252] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=134, color=0x38debc) returned 0x0
[0144.253] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.253] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.253] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=135, color=0x38debc) returned 0x0
[0144.253] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.253] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.253] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=136, color=0x38debc) returned 0x0
[0144.253] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.253] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.253] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=137, color=0x38debc) returned 0x0
[0144.253] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.253] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.253] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=138, color=0x38debc) returned 0x0
[0144.253] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.253] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.253] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=139, color=0x38debc) returned 0x0
[0144.253] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.253] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.253] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=140, color=0x38debc) returned 0x0
[0144.253] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.253] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.254] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=141, color=0x38debc) returned 0x0
[0144.254] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.254] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.254] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=142, color=0x38debc) returned 0x0
[0144.254] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.254] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.254] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=143, color=0x38debc) returned 0x0
[0144.254] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.254] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.254] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=144, color=0x38debc) returned 0x0
[0144.254] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.254] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.254] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=145, color=0x38debc) returned 0x0
[0144.254] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.254] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.254] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=146, color=0x38debc) returned 0x0
[0144.254] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.254] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.254] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=147, color=0x38debc) returned 0x0
[0144.254] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.255] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.255] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=148, color=0x38debc) returned 0x0
[0144.255] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.255] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.255] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=149, color=0x38debc) returned 0x0
[0144.255] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.255] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.255] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=150, color=0x38debc) returned 0x0
[0144.255] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.255] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.255] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=151, color=0x38debc) returned 0x0
[0144.256] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.256] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.256] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=152, color=0x38debc) returned 0x0
[0144.256] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.256] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.256] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=153, color=0x38debc) returned 0x0
[0144.256] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.256] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.257] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=154, color=0x38debc) returned 0x0
[0144.257] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.257] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.257] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=155, color=0x38debc) returned 0x0
[0144.257] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.257] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.257] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=156, color=0x38debc) returned 0x0
[0144.258] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.258] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.258] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=157, color=0x38debc) returned 0x0
[0144.258] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.259] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.259] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=158, color=0x38debc) returned 0x0
[0144.259] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.259] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.259] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=159, color=0x38debc) returned 0x0
[0144.259] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.259] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.259] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=160, color=0x38debc) returned 0x0
[0144.260] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.260] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.260] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=161, color=0x38debc) returned 0x0
[0144.260] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.260] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.260] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=162, color=0x38debc) returned 0x0
[0144.260] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.260] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.260] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=163, color=0x38debc) returned 0x0
[0144.261] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.261] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.261] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=164, color=0x38debc) returned 0x0
[0144.261] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.261] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.261] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=165, color=0x38debc) returned 0x0
[0144.261] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.261] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.261] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=166, color=0x38debc) returned 0x0
[0144.261] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.262] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.262] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=167, color=0x38debc) returned 0x0
[0144.262] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.262] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.262] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=168, color=0x38debc) returned 0x0
[0144.262] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.262] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.262] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=169, color=0x38debc) returned 0x0
[0144.262] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.263] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.263] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=170, color=0x38debc) returned 0x0
[0144.263] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.263] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.263] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=171, color=0x38debc) returned 0x0
[0144.263] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.263] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.263] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=172, color=0x38debc) returned 0x0
[0144.263] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.263] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.264] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=173, color=0x38debc) returned 0x0
[0144.264] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.264] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.264] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=174, color=0x38debc) returned 0x0
[0144.264] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.264] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.264] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=175, color=0x38debc) returned 0x0
[0144.264] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.264] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.264] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=176, color=0x38debc) returned 0x0
[0144.264] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.264] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.264] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=177, color=0x38debc) returned 0x0
[0144.264] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.264] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.264] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=178, color=0x38debc) returned 0x0
[0144.264] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.265] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.265] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=179, color=0x38debc) returned 0x0
[0144.265] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.265] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.265] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=180, color=0x38debc) returned 0x0
[0144.265] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.265] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.265] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=181, color=0x38debc) returned 0x0
[0144.265] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.265] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.265] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=182, color=0x38debc) returned 0x0
[0144.265] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.265] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.265] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=183, color=0x38debc) returned 0x0
[0144.265] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.265] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.265] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=184, color=0x38debc) returned 0x0
[0144.265] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.265] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.265] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=185, color=0x38debc) returned 0x0
[0144.265] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.265] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.265] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=186, color=0x38debc) returned 0x0
[0144.265] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.265] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.266] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=187, color=0x38debc) returned 0x0
[0144.266] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.266] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.266] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=188, color=0x38debc) returned 0x0
[0144.266] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.266] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.266] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=189, color=0x38debc) returned 0x0
[0144.266] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.266] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.266] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=190, color=0x38debc) returned 0x0
[0144.266] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.266] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.266] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=191, color=0x38debc) returned 0x0
[0144.266] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.266] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.266] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=192, color=0x38debc) returned 0x0
[0144.266] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.266] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.266] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=193, color=0x38debc) returned 0x0
[0144.266] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.266] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.267] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=194, color=0x38debc) returned 0x0
[0144.267] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.267] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.267] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=195, color=0x38debc) returned 0x0
[0144.267] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.267] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.267] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=196, color=0x38debc) returned 0x0
[0144.267] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.267] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.267] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=197, color=0x38debc) returned 0x0
[0144.267] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.267] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.267] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=198, color=0x38debc) returned 0x0
[0144.267] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.267] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.267] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=199, color=0x38debc) returned 0x0
[0144.267] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.267] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.267] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=200, color=0x38debc) returned 0x0
[0144.267] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.267] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.268] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=201, color=0x38debc) returned 0x0
[0144.268] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.268] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.268] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=202, color=0x38debc) returned 0x0
[0144.268] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.268] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.268] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=203, color=0x38debc) returned 0x0
[0144.268] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.268] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.268] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=204, color=0x38debc) returned 0x0
[0144.268] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.268] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.268] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=205, color=0x38debc) returned 0x0
[0144.268] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.268] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.268] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=206, color=0x38debc) returned 0x0
[0144.269] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.269] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.269] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=207, color=0x38debc) returned 0x0
[0144.269] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.269] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.269] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=208, color=0x38debc) returned 0x0
[0144.269] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.269] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.269] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=209, color=0x38debc) returned 0x0
[0144.269] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.269] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.269] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=210, color=0x38debc) returned 0x0
[0144.269] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.269] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.269] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=211, color=0x38debc) returned 0x0
[0144.269] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.269] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.269] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=212, color=0x38debc) returned 0x0
[0144.269] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.269] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.270] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=213, color=0x38debc) returned 0x0
[0144.270] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.270] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.270] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=214, color=0x38debc) returned 0x0
[0144.270] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.270] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.270] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=215, color=0x38debc) returned 0x0
[0144.270] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.270] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.270] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=216, color=0x38debc) returned 0x0
[0144.270] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.270] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.270] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=217, color=0x38debc) returned 0x0
[0144.270] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.270] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.270] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=218, color=0x38debc) returned 0x0
[0144.270] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.270] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.270] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=219, color=0x38debc) returned 0x0
[0144.270] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.270] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.271] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=220, color=0x38debc) returned 0x0
[0144.271] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.271] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.271] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=221, color=0x38debc) returned 0x0
[0144.271] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.271] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.271] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=222, color=0x38debc) returned 0x0
[0144.271] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.271] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.271] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=223, color=0x38debc) returned 0x0
[0144.271] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.271] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.271] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=224, color=0x38debc) returned 0x0
[0144.271] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.271] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.271] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=225, color=0x38debc) returned 0x0
[0144.271] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.271] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.271] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=226, color=0x38debc) returned 0x0
[0144.272] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.272] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.272] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=227, color=0x38debc) returned 0x0
[0144.272] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.272] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.272] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=228, color=0x38debc) returned 0x0
[0144.272] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.272] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.272] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=229, color=0x38debc) returned 0x0
[0144.272] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.272] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.272] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=230, color=0x38debc) returned 0x0
[0144.272] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.272] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.272] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=231, color=0x38debc) returned 0x0
[0144.272] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.272] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.272] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=232, color=0x38debc) returned 0x0
[0144.272] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.272] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.273] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=233, color=0x38debc) returned 0x0
[0144.273] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.273] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.273] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=234, color=0x38debc) returned 0x0
[0144.273] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.273] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.273] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=235, color=0x38debc) returned 0x0
[0144.273] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.273] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.273] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=236, color=0x38debc) returned 0x0
[0144.273] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.273] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.273] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=237, color=0x38debc) returned 0x0
[0144.273] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.273] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.273] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=238, color=0x38debc) returned 0x0
[0144.273] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.273] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.273] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=239, color=0x38debc) returned 0x0
[0144.274] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.274] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.274] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=240, color=0x38debc) returned 0x0
[0144.274] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.274] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.274] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=241, color=0x38debc) returned 0x0
[0144.274] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.274] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.274] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=242, color=0x38debc) returned 0x0
[0144.274] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.274] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.274] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=243, color=0x38debc) returned 0x0
[0144.274] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.275] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.275] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=244, color=0x38debc) returned 0x0
[0144.275] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.275] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.275] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=245, color=0x38debc) returned 0x0
[0144.275] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.275] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.275] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=246, color=0x38debc) returned 0x0
[0144.275] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.275] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.275] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=247, color=0x38debc) returned 0x0
[0144.275] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.275] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.275] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=248, color=0x38debc) returned 0x0
[0144.275] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.275] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.275] GdipBitmapGetPixel (bitmap=0x5362230, x=0, y=249, color=0x38debc) returned 0x0
[0144.388] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.388] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.388] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=220, color=0x38debc) returned 0x0
[0144.388] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.388] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.389] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=221, color=0x38debc) returned 0x0
[0144.389] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.389] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.389] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=222, color=0x38debc) returned 0x0
[0144.389] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.389] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.389] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=223, color=0x38debc) returned 0x0
[0144.389] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.389] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.389] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=224, color=0x38debc) returned 0x0
[0144.389] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.389] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.389] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=225, color=0x38debc) returned 0x0
[0144.389] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.389] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.389] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=226, color=0x38debc) returned 0x0
[0144.389] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.390] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.390] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=227, color=0x38debc) returned 0x0
[0144.390] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.390] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.390] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=228, color=0x38debc) returned 0x0
[0144.390] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.390] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.390] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=229, color=0x38debc) returned 0x0
[0144.390] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.390] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.390] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=230, color=0x38debc) returned 0x0
[0144.390] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.390] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.390] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=231, color=0x38debc) returned 0x0
[0144.390] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.390] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.390] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=232, color=0x38debc) returned 0x0
[0144.390] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.391] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.391] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=233, color=0x38debc) returned 0x0
[0144.391] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.391] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.391] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=234, color=0x38debc) returned 0x0
[0144.391] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.391] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.391] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=235, color=0x38debc) returned 0x0
[0144.391] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.391] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.391] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=236, color=0x38debc) returned 0x0
[0144.391] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.391] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.391] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=237, color=0x38debc) returned 0x0
[0144.391] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.392] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.392] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=238, color=0x38debc) returned 0x0
[0144.392] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.392] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.392] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=239, color=0x38debc) returned 0x0
[0144.392] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.392] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.392] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=240, color=0x38debc) returned 0x0
[0144.392] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.392] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.392] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=241, color=0x38debc) returned 0x0
[0144.392] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.392] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.392] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=242, color=0x38debc) returned 0x0
[0144.392] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.392] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.392] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=243, color=0x38debc) returned 0x0
[0144.392] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.393] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.393] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=244, color=0x38debc) returned 0x0
[0144.393] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.393] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.393] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=245, color=0x38debc) returned 0x0
[0144.393] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.393] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.393] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=246, color=0x38debc) returned 0x0
[0144.393] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.393] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.393] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=247, color=0x38debc) returned 0x0
[0144.393] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.393] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.393] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=248, color=0x38debc) returned 0x0
[0144.393] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.393] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.393] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=249, color=0x38debc) returned 0x0
[0144.394] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.394] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.394] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=250, color=0x38debc) returned 0x0
[0144.394] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.394] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.394] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=251, color=0x38debc) returned 0x0
[0144.394] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.394] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.394] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=252, color=0x38debc) returned 0x0
[0144.394] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.394] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.394] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=253, color=0x38debc) returned 0x0
[0144.394] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.394] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.394] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=254, color=0x38debc) returned 0x0
[0144.394] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.394] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.395] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=255, color=0x38debc) returned 0x0
[0144.395] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.395] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.395] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=256, color=0x38debc) returned 0x0
[0144.395] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.395] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.395] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=257, color=0x38debc) returned 0x0
[0144.396] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.396] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.396] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=258, color=0x38debc) returned 0x0
[0144.396] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.396] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.396] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=259, color=0x38debc) returned 0x0
[0144.397] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.397] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.397] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=260, color=0x38debc) returned 0x0
[0144.397] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.397] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.397] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=261, color=0x38debc) returned 0x0
[0144.398] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.398] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.398] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=262, color=0x38debc) returned 0x0
[0144.398] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.398] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.398] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=263, color=0x38debc) returned 0x0
[0144.399] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.399] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.399] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=264, color=0x38debc) returned 0x0
[0144.399] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.399] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.399] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=265, color=0x38debc) returned 0x0
[0144.399] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.399] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.400] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=266, color=0x38debc) returned 0x0
[0144.400] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.400] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.400] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=267, color=0x38debc) returned 0x0
[0144.400] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.400] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.400] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=268, color=0x38debc) returned 0x0
[0144.400] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.400] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.400] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=269, color=0x38debc) returned 0x0
[0144.400] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.401] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.401] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=270, color=0x38debc) returned 0x0
[0144.401] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.401] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.401] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=271, color=0x38debc) returned 0x0
[0144.401] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.401] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.401] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=272, color=0x38debc) returned 0x0
[0144.401] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.401] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.401] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=273, color=0x38debc) returned 0x0
[0144.401] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.401] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.401] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=274, color=0x38debc) returned 0x0
[0144.402] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.402] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.402] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=275, color=0x38debc) returned 0x0
[0144.402] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.402] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.402] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=276, color=0x38debc) returned 0x0
[0144.402] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.402] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.402] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=277, color=0x38debc) returned 0x0
[0144.402] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.402] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.402] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=278, color=0x38debc) returned 0x0
[0144.402] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.402] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.402] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=279, color=0x38debc) returned 0x0
[0144.402] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.403] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.403] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=280, color=0x38debc) returned 0x0
[0144.403] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.403] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.403] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=281, color=0x38debc) returned 0x0
[0144.403] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.403] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.403] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=282, color=0x38debc) returned 0x0
[0144.403] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.403] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.403] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=283, color=0x38debc) returned 0x0
[0144.403] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.403] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.403] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=284, color=0x38debc) returned 0x0
[0144.403] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.403] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.403] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=285, color=0x38debc) returned 0x0
[0144.404] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.404] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.404] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=286, color=0x38debc) returned 0x0
[0144.404] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.404] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.404] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=287, color=0x38debc) returned 0x0
[0144.404] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.404] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.404] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=288, color=0x38debc) returned 0x0
[0144.404] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.404] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.404] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=289, color=0x38debc) returned 0x0
[0144.404] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.404] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.404] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=290, color=0x38debc) returned 0x0
[0144.404] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.404] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.404] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=291, color=0x38debc) returned 0x0
[0144.405] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.405] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.405] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=292, color=0x38debc) returned 0x0
[0144.405] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.405] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.405] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=293, color=0x38debc) returned 0x0
[0144.405] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.405] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.405] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=294, color=0x38debc) returned 0x0
[0144.405] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.405] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.405] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=295, color=0x38debc) returned 0x0
[0144.405] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.405] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.405] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=296, color=0x38debc) returned 0x0
[0144.405] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.405] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.406] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=297, color=0x38debc) returned 0x0
[0144.406] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.406] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.406] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=298, color=0x38debc) returned 0x0
[0144.406] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.406] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.406] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=299, color=0x38debc) returned 0x0
[0144.406] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.406] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.406] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=300, color=0x38debc) returned 0x0
[0144.406] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.406] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.406] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=301, color=0x38debc) returned 0x0
[0144.406] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.406] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.406] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=302, color=0x38debc) returned 0x0
[0144.406] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.406] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.407] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=303, color=0x38debc) returned 0x0
[0144.407] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.407] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.407] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=304, color=0x38debc) returned 0x0
[0144.407] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.407] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.407] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=305, color=0x38debc) returned 0x0
[0144.407] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.407] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.407] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=306, color=0x38debc) returned 0x0
[0144.407] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.407] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.407] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=307, color=0x38debc) returned 0x0
[0144.407] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.407] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.407] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=308, color=0x38debc) returned 0x0
[0144.407] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.407] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.407] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=309, color=0x38debc) returned 0x0
[0144.407] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.408] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.408] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=310, color=0x38debc) returned 0x0
[0144.408] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.408] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.408] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=311, color=0x38debc) returned 0x0
[0144.408] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.408] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.408] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=312, color=0x38debc) returned 0x0
[0144.408] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.408] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.408] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=313, color=0x38debc) returned 0x0
[0144.408] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.408] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.408] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=314, color=0x38debc) returned 0x0
[0144.408] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.408] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.408] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=315, color=0x38debc) returned 0x0
[0144.408] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.408] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.408] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=316, color=0x38debc) returned 0x0
[0144.408] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.409] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.409] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=317, color=0x38debc) returned 0x0
[0144.409] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.409] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.409] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=318, color=0x38debc) returned 0x0
[0144.409] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.409] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.409] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=319, color=0x38debc) returned 0x0
[0144.409] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.409] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.409] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=320, color=0x38debc) returned 0x0
[0144.409] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.409] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.409] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=321, color=0x38debc) returned 0x0
[0144.409] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.409] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.409] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=322, color=0x38debc) returned 0x0
[0144.409] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.409] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.409] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=323, color=0x38debc) returned 0x0
[0144.410] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.410] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.410] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=324, color=0x38debc) returned 0x0
[0144.410] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.410] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.410] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=325, color=0x38debc) returned 0x0
[0144.410] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.410] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.410] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=326, color=0x38debc) returned 0x0
[0144.410] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.410] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.411] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=327, color=0x38debc) returned 0x0
[0144.411] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.411] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.411] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=328, color=0x38debc) returned 0x0
[0144.411] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.411] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.411] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=329, color=0x38debc) returned 0x0
[0144.411] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.411] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.412] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=330, color=0x38debc) returned 0x0
[0144.412] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.412] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.412] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=331, color=0x38debc) returned 0x0
[0144.412] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.412] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.412] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=332, color=0x38debc) returned 0x0
[0144.412] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.412] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.412] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=333, color=0x38debc) returned 0x0
[0144.413] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.413] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.413] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=334, color=0x38debc) returned 0x0
[0144.413] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.413] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.413] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=335, color=0x38debc) returned 0x0
[0144.413] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.413] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.413] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=336, color=0x38debc) returned 0x0
[0144.413] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.413] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.413] GdipBitmapGetPixel (bitmap=0x5362230, x=286, y=337, color=0x38debc) returned 0x0
[0144.413] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.413] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.413] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=0, color=0x38debc) returned 0x0
[0144.413] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.413] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.413] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=1, color=0x38debc) returned 0x0
[0144.413] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.413] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.413] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=2, color=0x38debc) returned 0x0
[0144.414] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.414] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.414] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=3, color=0x38debc) returned 0x0
[0144.414] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.414] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.414] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=4, color=0x38debc) returned 0x0
[0144.414] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.415] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.415] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=5, color=0x38debc) returned 0x0
[0144.415] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.415] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.416] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=6, color=0x38debc) returned 0x0
[0144.416] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.416] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.416] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=7, color=0x38debc) returned 0x0
[0144.416] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.416] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.416] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=8, color=0x38debc) returned 0x0
[0144.416] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.416] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.416] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=9, color=0x38debc) returned 0x0
[0144.416] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.416] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.416] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=10, color=0x38debc) returned 0x0
[0144.416] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.416] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.416] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=11, color=0x38debc) returned 0x0
[0144.416] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.416] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.416] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=12, color=0x38debc) returned 0x0
[0144.416] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.416] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.416] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=13, color=0x38debc) returned 0x0
[0144.417] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.417] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.417] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=14, color=0x38debc) returned 0x0
[0144.417] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.417] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.417] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=15, color=0x38debc) returned 0x0
[0144.417] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.417] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.417] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=16, color=0x38debc) returned 0x0
[0144.417] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.417] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.417] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=17, color=0x38debc) returned 0x0
[0144.417] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.417] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.417] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=18, color=0x38debc) returned 0x0
[0144.417] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.417] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.417] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=19, color=0x38debc) returned 0x0
[0144.417] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.417] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.417] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=20, color=0x38debc) returned 0x0
[0144.417] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.418] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.418] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=21, color=0x38debc) returned 0x0
[0144.418] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.418] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.418] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=22, color=0x38debc) returned 0x0
[0144.418] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.418] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.418] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=23, color=0x38debc) returned 0x0
[0144.418] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.418] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.418] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=24, color=0x38debc) returned 0x0
[0144.418] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.418] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.418] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=25, color=0x38debc) returned 0x0
[0144.418] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.419] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.419] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=26, color=0x38debc) returned 0x0
[0144.419] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.419] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.419] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=27, color=0x38debc) returned 0x0
[0144.419] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.419] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.419] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=28, color=0x38debc) returned 0x0
[0144.419] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.419] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.419] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=29, color=0x38debc) returned 0x0
[0144.419] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.419] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.419] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=30, color=0x38debc) returned 0x0
[0144.419] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.419] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.419] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=31, color=0x38debc) returned 0x0
[0144.419] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.419] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.419] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=32, color=0x38debc) returned 0x0
[0144.419] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.420] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.420] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=33, color=0x38debc) returned 0x0
[0144.420] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.420] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.420] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=34, color=0x38debc) returned 0x0
[0144.420] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.420] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.420] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=35, color=0x38debc) returned 0x0
[0144.420] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.420] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.420] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=36, color=0x38debc) returned 0x0
[0144.420] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.420] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.420] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=37, color=0x38debc) returned 0x0
[0144.420] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.420] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.420] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=38, color=0x38debc) returned 0x0
[0144.420] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.420] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.420] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=39, color=0x38debc) returned 0x0
[0144.420] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.421] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.421] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=40, color=0x38debc) returned 0x0
[0144.421] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.421] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.421] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=41, color=0x38debc) returned 0x0
[0144.421] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.421] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.421] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=42, color=0x38debc) returned 0x0
[0144.421] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.421] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.421] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=43, color=0x38debc) returned 0x0
[0144.421] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.421] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.421] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=44, color=0x38debc) returned 0x0
[0144.421] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.421] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.421] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=45, color=0x38debc) returned 0x0
[0144.421] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.421] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.421] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=46, color=0x38debc) returned 0x0
[0144.421] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.422] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.422] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=47, color=0x38debc) returned 0x0
[0144.422] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.422] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.422] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=48, color=0x38debc) returned 0x0
[0144.422] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.422] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.422] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=49, color=0x38debc) returned 0x0
[0144.422] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.422] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.422] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=50, color=0x38debc) returned 0x0
[0144.422] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.422] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.422] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=51, color=0x38debc) returned 0x0
[0144.422] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.422] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.422] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=52, color=0x38debc) returned 0x0
[0144.422] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.422] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.422] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=53, color=0x38debc) returned 0x0
[0144.422] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.423] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.423] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=54, color=0x38debc) returned 0x0
[0144.423] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.423] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.423] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=55, color=0x38debc) returned 0x0
[0144.423] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.423] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.423] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=56, color=0x38debc) returned 0x0
[0144.423] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.423] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.423] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=57, color=0x38debc) returned 0x0
[0144.423] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.423] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.423] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=58, color=0x38debc) returned 0x0
[0144.423] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.423] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.423] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=59, color=0x38debc) returned 0x0
[0144.423] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.423] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.423] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=60, color=0x38debc) returned 0x0
[0144.424] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.424] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.424] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=61, color=0x38debc) returned 0x0
[0144.424] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.424] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.424] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=62, color=0x38debc) returned 0x0
[0144.424] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.424] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.424] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=63, color=0x38debc) returned 0x0
[0144.424] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.424] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.424] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=64, color=0x38debc) returned 0x0
[0144.424] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.424] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.424] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=65, color=0x38debc) returned 0x0
[0144.424] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.424] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.424] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=66, color=0x38debc) returned 0x0
[0144.424] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.425] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.425] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=67, color=0x38debc) returned 0x0
[0144.425] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.425] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.425] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=68, color=0x38debc) returned 0x0
[0144.425] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.425] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.425] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=69, color=0x38debc) returned 0x0
[0144.425] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.425] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.425] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=70, color=0x38debc) returned 0x0
[0144.425] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.425] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.425] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=71, color=0x38debc) returned 0x0
[0144.425] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.425] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.425] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=72, color=0x38debc) returned 0x0
[0144.425] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.425] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.426] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=73, color=0x38debc) returned 0x0
[0144.426] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.426] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.426] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=74, color=0x38debc) returned 0x0
[0144.426] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.426] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.426] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=75, color=0x38debc) returned 0x0
[0144.426] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.426] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.426] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=76, color=0x38debc) returned 0x0
[0144.426] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.426] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.426] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=77, color=0x38debc) returned 0x0
[0144.426] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.426] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.426] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=78, color=0x38debc) returned 0x0
[0144.426] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.426] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.426] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=79, color=0x38debc) returned 0x0
[0144.426] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.427] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.427] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=80, color=0x38debc) returned 0x0
[0144.427] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.427] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.427] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=81, color=0x38debc) returned 0x0
[0144.427] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.427] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.427] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=82, color=0x38debc) returned 0x0
[0144.427] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.427] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.427] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=83, color=0x38debc) returned 0x0
[0144.427] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.427] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.427] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=84, color=0x38debc) returned 0x0
[0144.427] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.427] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.427] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=85, color=0x38debc) returned 0x0
[0144.427] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.428] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.428] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=86, color=0x38debc) returned 0x0
[0144.428] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.428] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.428] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=87, color=0x38debc) returned 0x0
[0144.428] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.428] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.428] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=88, color=0x38debc) returned 0x0
[0144.428] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.428] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.428] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=89, color=0x38debc) returned 0x0
[0144.428] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.428] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.428] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=90, color=0x38debc) returned 0x0
[0144.428] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.428] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.428] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=91, color=0x38debc) returned 0x0
[0144.428] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.428] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.428] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=92, color=0x38debc) returned 0x0
[0144.429] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.429] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.429] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=93, color=0x38debc) returned 0x0
[0144.429] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.429] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.429] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=94, color=0x38debc) returned 0x0
[0144.429] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.429] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.429] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=95, color=0x38debc) returned 0x0
[0144.429] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.429] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.429] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=96, color=0x38debc) returned 0x0
[0144.429] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.429] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.429] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=97, color=0x38debc) returned 0x0
[0144.429] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.429] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.429] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=98, color=0x38debc) returned 0x0
[0144.430] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.430] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.430] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=99, color=0x38debc) returned 0x0
[0144.430] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.430] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.430] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=100, color=0x38debc) returned 0x0
[0144.430] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.430] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.430] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=101, color=0x38debc) returned 0x0
[0144.430] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.430] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.430] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=102, color=0x38debc) returned 0x0
[0144.430] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.430] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.430] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=103, color=0x38debc) returned 0x0
[0144.430] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.430] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.430] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=104, color=0x38debc) returned 0x0
[0144.430] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.431] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.431] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=105, color=0x38debc) returned 0x0
[0144.431] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.431] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.431] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=106, color=0x38debc) returned 0x0
[0144.431] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.431] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.431] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=107, color=0x38debc) returned 0x0
[0144.431] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.431] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.431] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=108, color=0x38debc) returned 0x0
[0144.431] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.431] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.431] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=109, color=0x38debc) returned 0x0
[0144.431] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.431] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.431] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=110, color=0x38debc) returned 0x0
[0144.431] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.431] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.431] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=111, color=0x38debc) returned 0x0
[0144.432] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.432] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.432] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=112, color=0x38debc) returned 0x0
[0144.432] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.432] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.432] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=113, color=0x38debc) returned 0x0
[0144.432] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.432] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.432] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=114, color=0x38debc) returned 0x0
[0144.432] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.432] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.432] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=115, color=0x38debc) returned 0x0
[0144.432] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.432] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.432] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=116, color=0x38debc) returned 0x0
[0144.432] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.432] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.432] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=117, color=0x38debc) returned 0x0
[0144.432] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.432] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.432] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=118, color=0x38debc) returned 0x0
[0144.433] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.433] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.433] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=119, color=0x38debc) returned 0x0
[0144.433] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.433] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.433] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=120, color=0x38debc) returned 0x0
[0144.433] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.433] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.433] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=121, color=0x38debc) returned 0x0
[0144.433] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.433] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.433] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=122, color=0x38debc) returned 0x0
[0144.433] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.433] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.433] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=123, color=0x38debc) returned 0x0
[0144.433] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.433] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.433] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=124, color=0x38debc) returned 0x0
[0144.433] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.433] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.433] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=125, color=0x38debc) returned 0x0
[0144.433] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.434] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.434] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=126, color=0x38debc) returned 0x0
[0144.434] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.434] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.434] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=127, color=0x38debc) returned 0x0
[0144.434] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.434] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.434] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=128, color=0x38debc) returned 0x0
[0144.434] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.434] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.434] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=129, color=0x38debc) returned 0x0
[0144.434] GdipGetImageWidth (image=0x5362230, width=0x38deac) returned 0x0
[0144.434] GdipGetImageHeight (image=0x5362230, height=0x38deac) returned 0x0
[0144.434] GdipBitmapGetPixel (bitmap=0x5362230, x=287, y=130, color=0x38debc) returned 0x0
[0145.078] CoTaskMemAlloc (cb=0xd) returned 0x47d2c8
[0145.078] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x283b920, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0145.078] LoadLibraryA (lpLibFileName="kernel32") returned 0x766d0000
[0145.079] CoTaskMemFree (pv=0x47d2c8)
[0145.087] CoTaskMemAlloc (cb=0x11) returned 0x467118
[0145.087] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResumeThread", cchWideChar=12, lpMultiByteStr=0x283b958, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResumeThread", lpUsedDefaultChar=0x0) returned 12
[0145.087] GetProcAddress (hModule=0x766d0000, lpProcName="ResumeThread") returned 0x766e43ef
[0145.088] CoTaskMemFree (pv=0x467118)
[0145.094] CoTaskMemAlloc (cb=0xd) returned 0x47d238
[0145.095] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x283ba14, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0145.095] LoadLibraryA (lpLibFileName="kernel32") returned 0x766d0000
[0145.095] CoTaskMemFree (pv=0x47d238)
[0145.095] CoTaskMemAlloc (cb=0x1a) returned 0x477998
[0145.095] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64SetThreadContext", cchWideChar=21, lpMultiByteStr=0x283ba4c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64SetThreadContext", lpUsedDefaultChar=0x0) returned 21
[0145.095] GetProcAddress (hModule=0x766d0000, lpProcName="Wow64SetThreadContext") returned 0x76765393
[0145.095] CoTaskMemFree (pv=0x477998)
[0145.101] CoTaskMemAlloc (cb=0xd) returned 0x47d2c8
[0145.101] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x283bb18, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0145.102] LoadLibraryA (lpLibFileName="kernel32") returned 0x766d0000
[0145.102] CoTaskMemFree (pv=0x47d2c8)
[0145.102] CoTaskMemAlloc (cb=0x15) returned 0x467118
[0145.102] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetThreadContext", cchWideChar=16, lpMultiByteStr=0x283bb50, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThreadContext", lpUsedDefaultChar=0x0) returned 16
[0145.102] GetProcAddress (hModule=0x766d0000, lpProcName="SetThreadContext") returned 0x76765393
[0145.103] CoTaskMemFree (pv=0x467118)
[0145.104] CoTaskMemAlloc (cb=0xd) returned 0x47d2c8
[0145.104] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x283bc18, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0145.104] LoadLibraryA (lpLibFileName="kernel32") returned 0x766d0000
[0145.104] CoTaskMemFree (pv=0x47d2c8)
[0145.104] CoTaskMemAlloc (cb=0x1a) returned 0x477998
[0145.104] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64GetThreadContext", cchWideChar=21, lpMultiByteStr=0x283bc50, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64GetThreadContext", lpUsedDefaultChar=0x0) returned 21
[0145.104] GetProcAddress (hModule=0x766d0000, lpProcName="Wow64GetThreadContext") returned 0x767079d4
[0145.105] CoTaskMemFree (pv=0x477998)
[0145.106] CoTaskMemAlloc (cb=0xd) returned 0x47d2c8
[0145.106] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x283bd1c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0145.106] LoadLibraryA (lpLibFileName="kernel32") returned 0x766d0000
[0145.106] CoTaskMemFree (pv=0x47d2c8)
[0145.106] CoTaskMemAlloc (cb=0x15) returned 0x467118
[0145.106] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetThreadContext", cchWideChar=16, lpMultiByteStr=0x283bd54, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThreadContext", lpUsedDefaultChar=0x0) returned 16
[0145.106] GetProcAddress (hModule=0x766d0000, lpProcName="GetThreadContext") returned 0x767079d4
[0145.106] CoTaskMemFree (pv=0x467118)
[0145.108] CoTaskMemAlloc (cb=0xd) returned 0x47d2c8
[0145.108] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x283be10, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0145.108] LoadLibraryA (lpLibFileName="kernel32") returned 0x766d0000
[0145.108] CoTaskMemFree (pv=0x47d2c8)
[0145.108] CoTaskMemAlloc (cb=0x13) returned 0x467038
[0145.108] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x283be48, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocEx", lpUsedDefaultChar=0x0) returned 14
[0145.108] GetProcAddress (hModule=0x766d0000, lpProcName="VirtualAllocEx") returned 0x766fd9b0
[0145.108] CoTaskMemFree (pv=0x467038)
[0145.113] CoTaskMemAlloc (cb=0xd) returned 0x47d238
[0145.113] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x283bf04, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0145.113] LoadLibraryA (lpLibFileName="kernel32") returned 0x766d0000
[0145.114] CoTaskMemFree (pv=0x47d238)
[0145.114] CoTaskMemAlloc (cb=0x17) returned 0x467118
[0145.114] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x283bf3c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemory", lpUsedDefaultChar=0x0) returned 18
[0145.114] GetProcAddress (hModule=0x766d0000, lpProcName="WriteProcessMemory") returned 0x766fd9e0
[0145.114] CoTaskMemFree (pv=0x467118)
[0145.121] CoTaskMemAlloc (cb=0xd) returned 0x47d2c8
[0145.121] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x283c000, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0145.121] LoadLibraryA (lpLibFileName="kernel32") returned 0x766d0000
[0145.122] CoTaskMemFree (pv=0x47d2c8)
[0145.122] CoTaskMemAlloc (cb=0x16) returned 0x467038
[0145.122] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReadProcessMemory", cchWideChar=17, lpMultiByteStr=0x283c038, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadProcessMemory", lpUsedDefaultChar=0x0) returned 17
[0145.122] GetProcAddress (hModule=0x766d0000, lpProcName="ReadProcessMemory") returned 0x766fcfcc
[0145.122] CoTaskMemFree (pv=0x467038)
[0145.129] CoTaskMemAlloc (cb=0xa) returned 0x47d238
[0145.129] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ntdll", cchWideChar=5, lpMultiByteStr=0x283c0f8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntdll", lpUsedDefaultChar=0x0) returned 5
[0145.130] LoadLibraryA (lpLibFileName="ntdll") returned 0x77040000
[0145.130] CoTaskMemFree (pv=0x47d238)
[0145.130] CoTaskMemAlloc (cb=0x19) returned 0x477998
[0145.130] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZwUnmapViewOfSection", cchWideChar=20, lpMultiByteStr=0x283c124, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZwUnmapViewOfSection", lpUsedDefaultChar=0x0) returned 20
[0145.130] GetProcAddress (hModule=0x77040000, lpProcName="ZwUnmapViewOfSection") returned 0x7705fc70
[0145.130] CoTaskMemFree (pv=0x477998)
[0145.137] CoTaskMemAlloc (cb=0xd) returned 0x47d238
[0145.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x283c1ec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0145.137] LoadLibraryA (lpLibFileName="kernel32") returned 0x766d0000
[0145.137] CoTaskMemFree (pv=0x47d238)
[0145.137] CoTaskMemAlloc (cb=0x13) returned 0x467038
[0145.138] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateProcessA", cchWideChar=14, lpMultiByteStr=0x283c224, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateProcessA", lpUsedDefaultChar=0x0) returned 14
[0145.138] GetProcAddress (hModule=0x766d0000, lpProcName="CreateProcessA") returned 0x766e1072
[0145.138] CoTaskMemFree (pv=0x467038)
[0145.172] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe", nBufferLength=0x105, lpBuffer=0x38d51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe", lpFilePart=0x0) returned 0x5f
[0145.186] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="HqDKaBWIBgZUJuwRAPSyhcVSy") returned 0x0
[0145.218] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="HqDKaBWIBgZUJuwRAPSyhcVSy") returned 0x24c
[0151.229] CoTaskMemAlloc (cb=0x20c) returned 0x47d410
[0151.229] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x47d410 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0
[0151.230] CoTaskMemFree (pv=0x47d410)
[0151.230] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x38d500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22
[0151.238] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", nBufferLength=0x105, lpBuffer=0x38d594, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", lpFilePart=0x0) returned 0x2f
[0151.238] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38d7d4) returned 1
[0151.238] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\emvflise.exe"), fInfoLevelId=0x0, lpFileInformation=0x38da98 | out: lpFileInformation=0x38da98*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0151.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38d7d0) returned 1
[0151.251] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", nBufferLength=0x105, lpBuffer=0x38d540, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", lpFilePart=0x0) returned 0x2f
[0151.262] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", nBufferLength=0x105, lpBuffer=0x38d540, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", lpFilePart=0x0) returned 0x2f
[0151.267] SetNamedSecurityInfoW () returned 0x2
[0151.776] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe", nBufferLength=0x105, lpBuffer=0x38d54c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe", lpFilePart=0x0) returned 0x5f
[0151.776] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", nBufferLength=0x105, lpBuffer=0x38d54c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", lpFilePart=0x0) returned 0x2f
[0151.776] CopyFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\emvflise.exe"), bFailIfExists=1) returned 1
[0151.878] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", nBufferLength=0x105, lpBuffer=0x38d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", lpFilePart=0x0) returned 0x2f
[0151.880] GetUserNameW (in: lpBuffer=0x38d7b0, pcbBuffer=0x38da28 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x38da28) returned 1
[0151.888] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", dwFileAttributes=0x2007) returned 1
[0151.899] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x38d840, DesiredAccess=0x800, PolicyHandle=0x38d800 | out: PolicyHandle=0x38d800) returned 0x0
[0151.904] CoTaskMemAlloc (cb=0x8) returned 0x478fa0
[0151.906] CoTaskMemAlloc (cb=0x14) returned 0x467098
[0151.908] LsaLookupNames2 (in: PolicyHandle=0x4670f8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x38d814, Sids=0x38d808 | out: ReferencedDomains=0x38d814, Sids=0x38d808) returned 0x0
[0151.910] CoTaskMemFree (pv=0x467098)
[0151.910] CoTaskMemFree (pv=0x478fa0)
[0151.919] LsaClose (ObjectHandle=0x4670f8) returned 0x0
[0151.919] LsaFreeMemory (Buffer=0x454de8) returned 0x0
[0151.919] LsaFreeMemory (Buffer=0x3ffed0) returned 0x0
[0151.920] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x38d840, DesiredAccess=0x800, PolicyHandle=0x38d800 | out: PolicyHandle=0x38d800) returned 0x0
[0151.920] CoTaskMemAlloc (cb=0x8) returned 0x478fa0
[0151.920] CoTaskMemAlloc (cb=0x14) returned 0x467098
[0151.920] LsaLookupNames2 (in: PolicyHandle=0x4670f8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x38d814, Sids=0x38d808 | out: ReferencedDomains=0x38d814, Sids=0x38d808) returned 0x0
[0151.920] CoTaskMemFree (pv=0x467098)
[0151.921] CoTaskMemFree (pv=0x478fa0)
[0151.921] LsaClose (ObjectHandle=0x4670f8) returned 0x0
[0151.921] LsaFreeMemory (Buffer=0x454de8) returned 0x0
[0151.921] LsaFreeMemory (Buffer=0x3ffed0) returned 0x0
[0151.923] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x38d840, DesiredAccess=0x800, PolicyHandle=0x38d800 | out: PolicyHandle=0x38d800) returned 0x0
[0151.923] CoTaskMemAlloc (cb=0x8) returned 0x478fa0
[0151.923] CoTaskMemAlloc (cb=0x14) returned 0x467098
[0151.923] LsaLookupNames2 (in: PolicyHandle=0x4670f8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x38d814, Sids=0x38d808 | out: ReferencedDomains=0x38d814, Sids=0x38d808) returned 0x0
[0151.924] CoTaskMemFree (pv=0x467098)
[0151.924] CoTaskMemFree (pv=0x478fa0)
[0151.924] LsaClose (ObjectHandle=0x4670f8) returned 0x0
[0151.924] LsaFreeMemory (Buffer=0x454de8) returned 0x0
[0151.924] LsaFreeMemory (Buffer=0x3ffed0) returned 0x0
[0151.924] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x38d840, DesiredAccess=0x800, PolicyHandle=0x38d800 | out: PolicyHandle=0x38d800) returned 0x0
[0151.924] CoTaskMemAlloc (cb=0x8) returned 0x478fa0
[0151.925] CoTaskMemAlloc (cb=0x14) returned 0x467098
[0151.925] LsaLookupNames2 (in: PolicyHandle=0x4670f8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x38d814, Sids=0x38d808 | out: ReferencedDomains=0x38d814, Sids=0x38d808) returned 0x0
[0151.925] CoTaskMemFree (pv=0x467098)
[0151.925] CoTaskMemFree (pv=0x478fa0)
[0151.925] LsaClose (ObjectHandle=0x4670f8) returned 0x0
[0151.925] LsaFreeMemory (Buffer=0x454de8) returned 0x0
[0151.925] LsaFreeMemory (Buffer=0x3ffed0) returned 0x0
[0151.927] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x38d840, DesiredAccess=0x800, PolicyHandle=0x38d800 | out: PolicyHandle=0x38d800) returned 0x0
[0151.928] CoTaskMemAlloc (cb=0x8) returned 0x478fa0
[0151.928] CoTaskMemAlloc (cb=0x14) returned 0x467098
[0151.928] LsaLookupNames2 (in: PolicyHandle=0x4670f8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x38d814, Sids=0x38d808 | out: ReferencedDomains=0x38d814, Sids=0x38d808) returned 0x0
[0151.928] CoTaskMemFree (pv=0x467098)
[0151.928] CoTaskMemFree (pv=0x478fa0)
[0151.928] LsaClose (ObjectHandle=0x4670f8) returned 0x0
[0151.929] LsaFreeMemory (Buffer=0x454de8) returned 0x0
[0151.929] LsaFreeMemory (Buffer=0x3ffed0) returned 0x0
[0151.929] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x38d840, DesiredAccess=0x800, PolicyHandle=0x38d800 | out: PolicyHandle=0x38d800) returned 0x0
[0151.929] CoTaskMemAlloc (cb=0x8) returned 0x478fa0
[0151.929] CoTaskMemAlloc (cb=0x14) returned 0x467098
[0151.929] LsaLookupNames2 (in: PolicyHandle=0x4670f8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x38d814, Sids=0x38d808 | out: ReferencedDomains=0x38d814, Sids=0x38d808) returned 0x0
[0151.929] CoTaskMemFree (pv=0x467098)
[0151.930] CoTaskMemFree (pv=0x478fa0)
[0151.930] LsaClose (ObjectHandle=0x4670f8) returned 0x0
[0151.930] LsaFreeMemory (Buffer=0x454de8) returned 0x0
[0151.930] LsaFreeMemory (Buffer=0x3ffed0) returned 0x0
[0151.930] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x38d840, DesiredAccess=0x800, PolicyHandle=0x38d800 | out: PolicyHandle=0x38d800) returned 0x0
[0151.930] CoTaskMemAlloc (cb=0x8) returned 0x478fa0
[0151.931] CoTaskMemAlloc (cb=0x14) returned 0x467098
[0151.931] LsaLookupNames2 (in: PolicyHandle=0x4670f8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x38d814, Sids=0x38d808 | out: ReferencedDomains=0x38d814, Sids=0x38d808) returned 0x0
[0151.931] CoTaskMemFree (pv=0x467098)
[0151.931] CoTaskMemFree (pv=0x478fa0)
[0151.931] LsaClose (ObjectHandle=0x4670f8) returned 0x0
[0151.931] LsaFreeMemory (Buffer=0x454de8) returned 0x0
[0151.931] LsaFreeMemory (Buffer=0x3ffed0) returned 0x0
[0151.932] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x38d840, DesiredAccess=0x800, PolicyHandle=0x38d800 | out: PolicyHandle=0x38d800) returned 0x0
[0151.932] CoTaskMemAlloc (cb=0x8) returned 0x478fa0
[0151.932] CoTaskMemAlloc (cb=0x14) returned 0x467098
[0151.932] LsaLookupNames2 (in: PolicyHandle=0x4670f8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x38d814, Sids=0x38d808 | out: ReferencedDomains=0x38d814, Sids=0x38d808) returned 0x0
[0151.933] CoTaskMemFree (pv=0x467098)
[0151.933] CoTaskMemFree (pv=0x478fa0)
[0151.933] LsaClose (ObjectHandle=0x4670f8) returned 0x0
[0151.933] LsaFreeMemory (Buffer=0x454de8) returned 0x0
[0151.933] LsaFreeMemory (Buffer=0x3ffed0) returned 0x0
[0151.933] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x38d840, DesiredAccess=0x800, PolicyHandle=0x38d800 | out: PolicyHandle=0x38d800) returned 0x0
[0151.933] CoTaskMemAlloc (cb=0x8) returned 0x478fa0
[0151.933] CoTaskMemAlloc (cb=0x14) returned 0x467098
[0151.934] LsaLookupNames2 (in: PolicyHandle=0x4670f8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x38d814, Sids=0x38d808 | out: ReferencedDomains=0x38d814, Sids=0x38d808) returned 0x0
[0151.934] CoTaskMemFree (pv=0x467098)
[0151.934] CoTaskMemFree (pv=0x478fa0)
[0151.934] LsaClose (ObjectHandle=0x4670f8) returned 0x0
[0151.934] LsaFreeMemory (Buffer=0x454de8) returned 0x0
[0151.934] LsaFreeMemory (Buffer=0x3ffed0) returned 0x0
[0151.934] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", nBufferLength=0x105, lpBuffer=0x38d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", lpFilePart=0x0) returned 0x2f
[0151.934] SetNamedSecurityInfoW () returned 0x0
[0152.033] GetCurrentProcess () returned 0xffffffff
[0152.033] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38d9cc | out: TokenHandle=0x38d9cc*=0x28c) returned 1
[0152.035] GetCurrentProcess () returned 0xffffffff
[0152.035] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38d99c | out: TokenHandle=0x38d99c*=0x290) returned 1
[0152.036] GetTokenInformation (in: TokenHandle=0x28c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x38d9d0 | out: TokenInformation=0x0, ReturnLength=0x38d9d0) returned 0
[0152.036] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x477e88
[0152.036] GetTokenInformation (in: TokenHandle=0x28c, TokenInformationClass=0x1, TokenInformation=0x477e88, TokenInformationLength=0x24, ReturnLength=0x38d9d0 | out: TokenInformation=0x477e88, ReturnLength=0x38d9d0) returned 1
[0152.037] LocalFree (hMem=0x477e88) returned 0x0
[0152.037] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x38d8f8, DesiredAccess=0x800, PolicyHandle=0x38d8b8 | out: PolicyHandle=0x38d8b8) returned 0x0
[0152.037] LsaLookupSids (in: PolicyHandle=0x4670f8, Count=0x1, Sids=0x2844bb8*=0x2844b5c*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), ReferencedDomains=0x38d8d4, Names=0x38d8c8 | out: ReferencedDomains=0x38d8d4, Names=0x38d8c8) returned 0x0
[0152.038] LsaClose (ObjectHandle=0x4670f8) returned 0x0
[0152.039] LsaFreeMemory (Buffer=0x454de8) returned 0x0
[0152.039] LsaFreeMemory (Buffer=0x477e88) returned 0x0
[0152.039] CloseHandle (hObject=0x290) returned 1
[0152.048] CoTaskMemAlloc (cb=0x20c) returned 0x49cda8
[0152.048] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x49cda8 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25
[0152.048] CoTaskMemFree (pv=0x49cda8)
[0152.050] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x38d4e8, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13
[0152.051] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x38d4fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x26
[0152.053] CoTaskMemAlloc (cb=0x20c) returned 0x49cda8
[0152.053] GetTempFileNameW (in: lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x49cda8 | out: lpTempFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmpc3e3.tmp")) returned 0xc3e3
[0152.054] CoTaskMemFree (pv=0x49cda8)
[0152.063] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp", nBufferLength=0x105, lpBuffer=0x38d3ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp", lpFilePart=0x0) returned 0x31
[0152.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38d8c4) returned 1
[0152.063] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmpc3e3.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x290
[0152.064] GetFileType (hFile=0x290) returned 0x1
[0152.064] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38d8c0) returned 1
[0152.064] GetFileType (hFile=0x290) returned 0x1
[0152.066] WriteFile (in: hFile=0x290, lpBuffer=0x2848b14*, nNumberOfBytesToWrite=0x66a, lpNumberOfBytesWritten=0x38d950, lpOverlapped=0x0 | out: lpBuffer=0x2848b14*, lpNumberOfBytesWritten=0x38d950*=0x66a, lpOverlapped=0x0) returned 1
[0152.067] CloseHandle (hObject=0x290) returned 1
[0152.083] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x49a9b8
[0152.083] LocalAlloc (uFlags=0x0, uBytes=0xb0) returned 0x46d440
[0152.085] ShellExecuteExW (in: pExecInfo=0x2849e6c*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\EmVFlIse\" /XML \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2849e6c*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\EmVFlIse\" /XML \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x388)) returned 1
[0160.836] LocalFree (hMem=0x49a9b8) returned 0x0
[0160.836] LocalFree (hMem=0x46d440) returned 0x0
[0160.888] GetCurrentProcess () returned 0xffffffff
[0160.888] GetCurrentProcess () returned 0xffffffff
[0160.889] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x388, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x38d9b4, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x38d9b4*=0x348) returned 1
[0160.891] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x38d9ac*=0x348, lpdwindex=0x38d7d0 | out: lpdwindex=0x38d7d0) returned 0x0
[0161.988] CloseHandle (hObject=0x348) returned 1
[0161.992] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp", nBufferLength=0x105, lpBuffer=0x38d50c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp", lpFilePart=0x0) returned 0x31
[0161.993] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmpc3e3.tmp")) returned 1
[0162.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x38d47c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0162.080] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", cchWideChar=57, lpMultiByteStr=0x38d6d0, cbMultiByte=59, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe\x87Å", lpUsedDefaultChar=0x0) returned 57
[0162.080] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x38d6cc, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="´\x87Å", lpUsedDefaultChar=0x0) returned 0
[0162.082] CreateProcessA (in: lpApplicationName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x38d768*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x38da6c | out: lpCommandLine="", lpProcessInformation=0x38da6c*(hProcess=0x38c, hThread=0x348, dwProcessId=0xeec, dwThreadId=0xef0)) returned 1
[0162.095] CoTaskMemFree (pv=0x0)
[0162.117] GetThreadContext (in: hThread=0x348, lpContext=0x284a22c | out: lpContext=0x284a22c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0xff8356, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0162.117] ReadProcessMemory (in: hProcess=0x38c, lpBaseAddress=0x7efde008, lpBuffer=0x38da5c, nSize=0x4, lpNumberOfBytesRead=0x38daa0 | out: lpBuffer=0x38da5c*, lpNumberOfBytesRead=0x38daa0*=0x4) returned 1
[0162.119] VirtualAllocEx (hProcess=0x38c, lpAddress=0x400000, dwSize=0x3c000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0162.121] WriteProcessMemory (in: hProcess=0x38c, lpBaseAddress=0x400000, lpBuffer=0x38b3900*, nSize=0x200, lpNumberOfBytesWritten=0x38daa0 | out: lpBuffer=0x38b3900*, lpNumberOfBytesWritten=0x38daa0*=0x200) returned 1
[0162.135] WriteProcessMemory (in: hProcess=0x38c, lpBaseAddress=0x402000, lpBuffer=0x38e9d20*, nSize=0x35a00, lpNumberOfBytesWritten=0x38daa0 | out: lpBuffer=0x38e9d20*, lpNumberOfBytesWritten=0x38daa0*=0x35a00) returned 1
[0162.148] WriteProcessMemory (in: hProcess=0x38c, lpBaseAddress=0x438000, lpBuffer=0x284a504*, nSize=0x600, lpNumberOfBytesWritten=0x38daa0 | out: lpBuffer=0x284a504*, lpNumberOfBytesWritten=0x38daa0*=0x600) returned 1
[0162.155] WriteProcessMemory (in: hProcess=0x38c, lpBaseAddress=0x43a000, lpBuffer=0x284ab10*, nSize=0x200, lpNumberOfBytesWritten=0x38daa0 | out: lpBuffer=0x284ab10*, lpNumberOfBytesWritten=0x38daa0*=0x200) returned 1
[0162.163] WriteProcessMemory (in: hProcess=0x38c, lpBaseAddress=0x7efde008, lpBuffer=0x284ad1c*, nSize=0x4, lpNumberOfBytesWritten=0x38daa0 | out: lpBuffer=0x284ad1c*, lpNumberOfBytesWritten=0x38daa0*=0x4) returned 1
[0162.166] SetThreadContext (hThread=0x348, lpContext=0x284a22c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x43783e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0162.170] ResumeThread (hThread=0x348) returned 0x1
[0162.339] CoGetContextToken (in: pToken=0x38de48 | out: pToken=0x38de48) returned 0x0
[0162.339] CObjectContext::QueryInterface () returned 0x0
[0162.339] CObjectContext::GetCurrentThreadType () returned 0x0
[0162.339] Release () returned 0x0
[0162.341] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x3ddf30*=0xac, lpdwindex=0x38dcf4 | out: lpdwindex=0x38dcf4) returned 0x0
Thread:
id = 2
os_tid = 0xe78
Thread:
id = 3
os_tid = 0xe7c
[0073.560] CoGetContextToken (in: pToken=0xe8f8dc | out: pToken=0xe8f8dc) returned 0x800401f0
[0073.560] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0162.349] SetWindowLongW (hWnd=0x8010e, nIndex=-4, dwNewLong=1996957149) returned 82643198
[0162.373] SetClassLongW (hWnd=0x8010e, nIndex=-24, dwNewLong=1996957149) returned 0x4ed08d6
[0162.373] PostMessageW (hWnd=0x8010e, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0162.375] GetModuleHandleW (lpModuleName=0x0) returned 0x12b0000
[0162.376] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", hInstance=0x12b0000) returned 0
[0162.388] LocalFree (hMem=0x458670) returned 0x0
[0162.402] LocalFree (hMem=0x4585e8) returned 0x0
[0162.402] EtwEventUnregister () returned 0x0
[0162.414] CloseHandle (hObject=0x1e8) returned 1
[0162.435] GdipDisposeImage (image=0x5362230) returned 0x0
[0162.443] CloseHandle (hObject=0x24c) returned 1
[0162.443] CloseHandle (hObject=0x388) returned 1
[0162.444] CloseHandle (hObject=0x28c) returned 1
[0162.445] RegCloseKey (hKey=0x80000004) returned 0x0
[0162.446] CloseHandle (hObject=0x1e4) returned 1
Thread:
id = 4
os_tid = 0xe80
Thread:
id = 5
os_tid = 0xea4
Thread:
id = 6
os_tid = 0xea8
Thread:
id = 7
os_tid = 0xec0
Thread:
id = 9
os_tid = 0xee4
Thread:
id = 12
os_tid = 0xef4
[0162.280] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0162.353] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x56cef54 | out: lpLuid=0x56cef54*(LowPart=0x14, HighPart=0)) returned 1
[0162.355] GetCurrentProcess () returned 0xffffffff
[0162.356] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x56cef50 | out: TokenHandle=0x56cef50*=0x3b4) returned 1
[0162.356] AdjustTokenPrivileges (in: TokenHandle=0x3b4, DisableAllPrivileges=0, NewState=0x284b220*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0162.356] CloseHandle (hObject=0x3b4) returned 1
[0162.364] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x391f740, Length=0x20000, ResultLength=0x56cf634 | out: SystemInformation=0x391f740, ResultLength=0x56cf634*=0xcb08) returned 0x0
Thread:
id = 13
os_tid = 0xef8
Process:
id = "2"
image_name = "schtasks.exe"
filename = "c:\\windows\\syswow64\\schtasks.exe"
page_root = "0x39e5f000"
os_pid = "0xec8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0xe68"
cmd_line = "\"C:\\Windows\\System32\\schtasks.exe\" /Create /TN \"Updates\\EmVFlIse\" /XML \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp\""
cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e4d5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 399
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 400
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 401
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 402
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 403
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 404
start_va = 0xf0000
end_va = 0x12ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 405
start_va = 0x1f0000
end_va = 0x22ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 406
start_va = 0xe50000
end_va = 0xe7dfff
monitored = 1
entry_point = 0xe67683
region_type = mapped_file
name = "schtasks.exe"
filename = "\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")
Region:
id = 407
start_va = 0x76e60000
end_va = 0x77008fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 408
start_va = 0x77040000
end_va = 0x771bffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 409
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 410
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 411
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 412
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 413
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 414
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 415
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 416
start_va = 0x420000
end_va = 0x49ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000420000"
filename = ""
Region:
id = 417
start_va = 0x74590000
end_va = 0x74597fff
monitored = 0
entry_point = 0x745920f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 418
start_va = 0x745a0000
end_va = 0x745fbfff
monitored = 0
entry_point = 0x745df798
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 419
start_va = 0x74600000
end_va = 0x7463efff
monitored = 0
entry_point = 0x7462de78
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 420
start_va = 0x76c40000
end_va = 0x76d5efff
monitored = 0
entry_point = 0x76c55ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 421
start_va = 0x766d0000
end_va = 0x767dffff
monitored = 0
entry_point = 0x766e32d3
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 422
start_va = 0x76c40000
end_va = 0x76d5efff
monitored = 0
entry_point = 0x76c55ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 423
start_va = 0x76c40000
end_va = 0x76d5efff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076c40000"
filename = ""
Region:
id = 424
start_va = 0x76d60000
end_va = 0x76e59fff
monitored = 0
entry_point = 0x76d7a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 425
start_va = 0x76d60000
end_va = 0x76e59fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076d60000"
filename = ""
Region:
id = 426
start_va = 0x4a0000
end_va = 0x78ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004a0000"
filename = ""
Region:
id = 427
start_va = 0x766d0000
end_va = 0x767dffff
monitored = 0
entry_point = 0x766e32d3
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 428
start_va = 0x76160000
end_va = 0x761a5fff
monitored = 0
entry_point = 0x76167478
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 429
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 430
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 431
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 433
start_va = 0x20000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 434
start_va = 0x70000
end_va = 0xd6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 435
start_va = 0x76480000
end_va = 0x7652bfff
monitored = 0
entry_point = 0x7648a472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 436
start_va = 0x75c40000
end_va = 0x75d3ffff
monitored = 0
entry_point = 0x75c5b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 437
start_va = 0x761e0000
end_va = 0x7626ffff
monitored = 0
entry_point = 0x761f6343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 438
start_va = 0x766a0000
end_va = 0x766a9fff
monitored = 0
entry_point = 0x766a36a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 439
start_va = 0x75d80000
end_va = 0x75e1cfff
monitored = 0
entry_point = 0x75db3fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 440
start_va = 0x76280000
end_va = 0x7631ffff
monitored = 0
entry_point = 0x762949e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 441
start_va = 0x766b0000
end_va = 0x766c8fff
monitored = 0
entry_point = 0x766b4975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 442
start_va = 0x74d90000
end_va = 0x74e7ffff
monitored = 0
entry_point = 0x74da0569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 443
start_va = 0x74b90000
end_va = 0x74beffff
monitored = 0
entry_point = 0x74baa3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 444
start_va = 0x74b80000
end_va = 0x74b8bfff
monitored = 0
entry_point = 0x74b810e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 445
start_va = 0x76920000
end_va = 0x76a7bfff
monitored = 0
entry_point = 0x7696ba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 446
start_va = 0x76830000
end_va = 0x768befff
monitored = 0
entry_point = 0x76833fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 447
start_va = 0x76320000
end_va = 0x76376fff
monitored = 0
entry_point = 0x76339ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 448
start_va = 0x74a00000
end_va = 0x74a08fff
monitored = 0
entry_point = 0x74a01830
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\SysWOW64\\ktmw32.dll" (normalized: "c:\\windows\\syswow64\\ktmw32.dll")
Region:
id = 452
start_va = 0x230000
end_va = 0x3bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000230000"
filename = ""
Region:
id = 453
start_va = 0x130000
end_va = 0x14dfff
monitored = 0
entry_point = 0x14158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 454
start_va = 0x4a0000
end_va = 0x627fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004a0000"
filename = ""
Region:
id = 455
start_va = 0x690000
end_va = 0x78ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000690000"
filename = ""
Region:
id = 456
start_va = 0x130000
end_va = 0x14dfff
monitored = 0
entry_point = 0x14158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 457
start_va = 0x768c0000
end_va = 0x7691ffff
monitored = 0
entry_point = 0x768d158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 458
start_va = 0x75e20000
end_va = 0x75eebfff
monitored = 0
entry_point = 0x75e2168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 459
start_va = 0x790000
end_va = 0x910fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000790000"
filename = ""
Region:
id = 460
start_va = 0xe80000
end_va = 0x227ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e80000"
filename = ""
Region:
id = 461
start_va = 0x130000
end_va = 0x141fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schtasks.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui")
Region:
id = 462
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 463
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 464
start_va = 0x73a90000
end_va = 0x73a98fff
monitored = 0
entry_point = 0x73a91220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 465
start_va = 0x920000
end_va = 0xbeefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 466
start_va = 0x73870000
end_va = 0x738effff
monitored = 0
entry_point = 0x738837c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 467
start_va = 0x150000
end_va = 0x1effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 468
start_va = 0x230000
end_va = 0x30efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000230000"
filename = ""
Region:
id = 469
start_va = 0x3b0000
end_va = 0x3bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003b0000"
filename = ""
Region:
id = 470
start_va = 0x360000
end_va = 0x39ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 471
start_va = 0x3e0000
end_va = 0x41ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 472
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 473
start_va = 0x150000
end_va = 0x150fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 474
start_va = 0x1b0000
end_va = 0x1effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 475
start_va = 0x75b20000
end_va = 0x75ba2fff
monitored = 0
entry_point = 0x75b223d2
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 476
start_va = 0x160000
end_va = 0x160fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000160000"
filename = ""
Region:
id = 477
start_va = 0x71720000
end_va = 0x7179cfff
monitored = 0
entry_point = 0x7172166a
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\SysWOW64\\taskschd.dll" (normalized: "c:\\windows\\syswow64\\taskschd.dll")
Thread:
id = 8
os_tid = 0xecc
[0161.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12f82c | out: lpSystemTimeAsFileTime=0x12f82c*(dwLowDateTime=0x37fe73e0, dwHighDateTime=0x1d71a55))
[0161.326] GetCurrentProcessId () returned 0xec8
[0161.326] GetCurrentThreadId () returned 0xecc
[0161.326] GetTickCount () returned 0x1a8c836
[0161.326] RtlQueryPerformanceCounter () returned 0x1
[0161.326] GetModuleHandleA (lpModuleName=0x0) returned 0xe50000
[0161.326] __set_app_type (_Type=0x1)
[0161.326] __p__fmode () returned 0x765231f4
[0161.326] __p__commode () returned 0x765231fc
[0161.326] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe67881) returned 0x0
[0161.327] __wgetmainargs (in: _Argc=0xe79e6c, _Argv=0xe79e74, _Env=0xe79e70, _DoWildCard=0, _StartInfo=0xe79e80 | out: _Argc=0xe79e6c, _Argv=0xe79e74, _Env=0xe79e70) returned 0
[0161.327] _onexit (_Func=0xe70fe2) returned 0xe70fe2
[0161.328] _onexit (_Func=0xe70ff3) returned 0xe70ff3
[0161.328] _onexit (_Func=0xe71002) returned 0xe71002
[0161.328] _onexit (_Func=0xe7101e) returned 0xe7101e
[0161.328] _onexit (_Func=0xe7103a) returned 0xe7103a
[0161.328] _onexit (_Func=0xe71056) returned 0xe71056
[0161.328] _onexit (_Func=0xe71072) returned 0xe71072
[0161.328] _onexit (_Func=0xe7108e) returned 0xe7108e
[0161.329] _onexit (_Func=0xe710aa) returned 0xe710aa
[0161.329] _onexit (_Func=0xe710c6) returned 0xe710c6
[0161.329] _onexit (_Func=0xe710e2) returned 0xe710e2
[0161.329] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0161.329] WinSqmIsOptedIn () returned 0x0
[0161.330] GetProcessHeap () returned 0x690000
[0161.330] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x10) returned 0x69ef10
[0161.330] SetLastError (dwErrCode=0x0)
[0161.330] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0161.330] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0161.330] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0161.330] VerifyVersionInfoW (in: lpVersionInformation=0x12f2a4, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x12f2a4) returned 1
[0161.330] GetProcessHeap () returned 0x690000
[0161.330] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x10) returned 0x6a4a00
[0161.330] lstrlenW (lpString="") returned 0
[0161.330] GetProcessHeap () returned 0x690000
[0161.330] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x2) returned 0x6a3c98
[0161.330] GetProcessHeap () returned 0x690000
[0161.330] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a3ca8
[0161.330] GetProcessHeap () returned 0x690000
[0161.330] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x10) returned 0x6a4a18
[0161.330] GetProcessHeap () returned 0x690000
[0161.330] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a4de8
[0161.331] GetProcessHeap () returned 0x690000
[0161.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a4e08
[0161.331] GetProcessHeap () returned 0x690000
[0161.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a4e28
[0161.331] GetProcessHeap () returned 0x690000
[0161.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a4e48
[0161.331] GetProcessHeap () returned 0x690000
[0161.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x10) returned 0x6a4a30
[0161.331] GetProcessHeap () returned 0x690000
[0161.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a4e68
[0161.331] GetProcessHeap () returned 0x690000
[0161.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a4e88
[0161.331] GetProcessHeap () returned 0x690000
[0161.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a4ea8
[0161.331] GetProcessHeap () returned 0x690000
[0161.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a4ec8
[0161.331] GetProcessHeap () returned 0x690000
[0161.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x10) returned 0x6a4a48
[0161.331] GetProcessHeap () returned 0x690000
[0161.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a4ee8
[0161.331] GetProcessHeap () returned 0x690000
[0161.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a4f08
[0161.331] GetProcessHeap () returned 0x690000
[0161.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a4f40
[0161.331] GetProcessHeap () returned 0x690000
[0161.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a4f60
[0161.332] SetThreadUILanguage (LangId=0x0) returned 0x409
[0161.332] SetLastError (dwErrCode=0x0)
[0161.332] GetProcessHeap () returned 0x690000
[0161.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a4f80
[0161.332] GetProcessHeap () returned 0x690000
[0161.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a4fa0
[0161.332] GetProcessHeap () returned 0x690000
[0161.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a4fc0
[0161.332] GetProcessHeap () returned 0x690000
[0161.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a4fe0
[0161.332] GetProcessHeap () returned 0x690000
[0161.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a5000
[0161.332] GetProcessHeap () returned 0x690000
[0161.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x10) returned 0x6a4a60
[0161.333] _memicmp (_Buf1=0x6a4a60, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.333] GetProcessHeap () returned 0x690000
[0161.333] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x208) returned 0x6a58a8
[0161.333] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x6a58a8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0161.333] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x0) returned 0x73a90000
[0161.335] GetProcAddress (hModule=0x73a90000, lpProcName="GetFileVersionInfoSizeW") returned 0x73a919d9
[0161.335] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744
[0161.336] GetProcessHeap () returned 0x690000
[0161.336] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x74e) returned 0x6a5ab8
[0161.336] GetProcAddress (hModule=0x73a90000, lpProcName="GetFileVersionInfoW") returned 0x73a919f4
[0161.336] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x6a5ab8 | out: lpData=0x6a5ab8) returned 1
[0161.336] GetProcAddress (hModule=0x73a90000, lpProcName="VerQueryValueW") returned 0x73a91b51
[0161.336] VerQueryValueW (in: pBlock=0x6a5ab8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12f3ac, puLen=0x12f3b0 | out: lplpBuffer=0x12f3ac*=0x6a5e54, puLen=0x12f3b0) returned 1
[0161.340] _memicmp (_Buf1=0x6a4a60, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.340] _vsnwprintf (in: _Buffer=0x6a58a8, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x12f394 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0161.340] VerQueryValueW (in: pBlock=0x6a5ab8, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x12f3bc, puLen=0x12f3b8 | out: lplpBuffer=0x12f3bc*=0x6a5c80, puLen=0x12f3b8) returned 1
[0161.340] lstrlenW (lpString="schtasks.exe") returned 12
[0161.340] lstrlenW (lpString="schtasks.exe") returned 12
[0161.340] lstrlenW (lpString=".EXE") returned 4
[0161.340] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0161.341] lstrlenW (lpString="schtasks.exe") returned 12
[0161.341] lstrlenW (lpString=".EXE") returned 4
[0161.341] _memicmp (_Buf1=0x6a4a60, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.341] lstrlenW (lpString="schtasks") returned 8
[0161.341] GetProcessHeap () returned 0x690000
[0161.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a5040
[0161.341] GetProcessHeap () returned 0x690000
[0161.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a5060
[0161.341] GetProcessHeap () returned 0x690000
[0161.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a5080
[0161.341] GetProcessHeap () returned 0x690000
[0161.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a50a0
[0161.341] GetProcessHeap () returned 0x690000
[0161.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x10) returned 0x6a4ac0
[0161.341] _memicmp (_Buf1=0x6a4ac0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.341] GetProcessHeap () returned 0x690000
[0161.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0xa0) returned 0x6a6498
[0161.341] GetProcessHeap () returned 0x690000
[0161.342] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a50c0
[0161.342] GetProcessHeap () returned 0x690000
[0161.342] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a50e0
[0161.342] GetProcessHeap () returned 0x690000
[0161.342] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a5100
[0161.342] GetProcessHeap () returned 0x690000
[0161.342] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x10) returned 0x6a4ad8
[0161.342] _memicmp (_Buf1=0x6a4ad8, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.342] GetProcessHeap () returned 0x690000
[0161.342] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x200) returned 0x6a6540
[0161.342] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x6a6540, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0161.342] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0161.342] GetProcessHeap () returned 0x690000
[0161.342] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x30) returned 0x6a6748
[0161.342] _vsnwprintf (in: _Buffer=0x6a6498, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x12f398 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29
[0161.342] GetProcessHeap () returned 0x690000
[0161.342] GetProcessHeap () returned 0x690000
[0161.342] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5ab8) returned 1
[0161.342] GetProcessHeap () returned 0x690000
[0161.342] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5ab8) returned 0x74e
[0161.342] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5ab8 | out: hHeap=0x690000) returned 1
[0161.342] SetLastError (dwErrCode=0x0)
[0161.342] GetThreadLocale () returned 0x409
[0161.342] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.343] lstrlenW (lpString="?") returned 1
[0161.343] GetThreadLocale () returned 0x409
[0161.343] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.343] lstrlenW (lpString="create") returned 6
[0161.343] GetThreadLocale () returned 0x409
[0161.343] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.343] lstrlenW (lpString="delete") returned 6
[0161.343] GetThreadLocale () returned 0x409
[0161.343] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.343] lstrlenW (lpString="query") returned 5
[0161.343] GetThreadLocale () returned 0x409
[0161.343] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.343] lstrlenW (lpString="change") returned 6
[0161.343] GetThreadLocale () returned 0x409
[0161.343] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.343] lstrlenW (lpString="run") returned 3
[0161.343] GetThreadLocale () returned 0x409
[0161.343] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.343] lstrlenW (lpString="end") returned 3
[0161.343] GetThreadLocale () returned 0x409
[0161.343] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.343] lstrlenW (lpString="showsid") returned 7
[0161.343] GetThreadLocale () returned 0x409
[0161.343] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.343] SetLastError (dwErrCode=0x0)
[0161.343] SetLastError (dwErrCode=0x0)
[0161.343] lstrlenW (lpString="/Create") returned 7
[0161.343] lstrlenW (lpString="-/") returned 2
[0161.343] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0161.343] lstrlenW (lpString="?") returned 1
[0161.344] lstrlenW (lpString="?") returned 1
[0161.344] GetProcessHeap () returned 0x690000
[0161.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x10) returned 0x6a4af0
[0161.344] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.344] GetProcessHeap () returned 0x690000
[0161.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0xa) returned 0x6a4b08
[0161.344] lstrlenW (lpString="Create") returned 6
[0161.344] GetProcessHeap () returned 0x690000
[0161.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x10) returned 0x6a4b20
[0161.344] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.344] GetProcessHeap () returned 0x690000
[0161.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a5120
[0161.344] _vsnwprintf (in: _Buffer=0x6a4b08, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|?|") returned 3
[0161.344] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|Create|") returned 8
[0161.344] lstrlenW (lpString="|?|") returned 3
[0161.344] lstrlenW (lpString="|Create|") returned 8
[0161.344] SetLastError (dwErrCode=0x490)
[0161.344] lstrlenW (lpString="create") returned 6
[0161.344] lstrlenW (lpString="create") returned 6
[0161.344] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.344] GetProcessHeap () returned 0x690000
[0161.344] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4b08) returned 1
[0161.344] GetProcessHeap () returned 0x690000
[0161.344] RtlReAllocateHeap (Heap=0x690000, Flags=0xc, Ptr=0x6a4b08, Size=0x14) returned 0x6a5140
[0161.344] lstrlenW (lpString="Create") returned 6
[0161.344] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.345] _vsnwprintf (in: _Buffer=0x6a5140, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|create|") returned 8
[0161.345] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|Create|") returned 8
[0161.345] lstrlenW (lpString="|create|") returned 8
[0161.345] lstrlenW (lpString="|Create|") returned 8
[0161.345] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0161.345] SetLastError (dwErrCode=0x0)
[0161.345] SetLastError (dwErrCode=0x0)
[0161.345] SetLastError (dwErrCode=0x0)
[0161.345] lstrlenW (lpString="/TN") returned 3
[0161.345] lstrlenW (lpString="-/") returned 2
[0161.345] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0161.345] lstrlenW (lpString="?") returned 1
[0161.345] lstrlenW (lpString="?") returned 1
[0161.345] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.345] lstrlenW (lpString="TN") returned 2
[0161.345] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.345] _vsnwprintf (in: _Buffer=0x6a5140, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|?|") returned 3
[0161.345] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|TN|") returned 4
[0161.345] lstrlenW (lpString="|?|") returned 3
[0161.345] lstrlenW (lpString="|TN|") returned 4
[0161.345] SetLastError (dwErrCode=0x490)
[0161.345] lstrlenW (lpString="create") returned 6
[0161.345] lstrlenW (lpString="create") returned 6
[0161.345] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.345] lstrlenW (lpString="TN") returned 2
[0161.345] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.345] _vsnwprintf (in: _Buffer=0x6a5140, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|create|") returned 8
[0161.345] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|TN|") returned 4
[0161.345] lstrlenW (lpString="|create|") returned 8
[0161.346] lstrlenW (lpString="|TN|") returned 4
[0161.346] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0161.346] SetLastError (dwErrCode=0x490)
[0161.346] lstrlenW (lpString="delete") returned 6
[0161.346] lstrlenW (lpString="delete") returned 6
[0161.346] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.346] lstrlenW (lpString="TN") returned 2
[0161.346] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.346] _vsnwprintf (in: _Buffer=0x6a5140, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|delete|") returned 8
[0161.346] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|TN|") returned 4
[0161.346] lstrlenW (lpString="|delete|") returned 8
[0161.346] lstrlenW (lpString="|TN|") returned 4
[0161.346] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0
[0161.346] SetLastError (dwErrCode=0x490)
[0161.346] lstrlenW (lpString="query") returned 5
[0161.346] lstrlenW (lpString="query") returned 5
[0161.346] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.346] lstrlenW (lpString="TN") returned 2
[0161.346] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.346] _vsnwprintf (in: _Buffer=0x6a5140, _BufferCount=0x8, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|query|") returned 7
[0161.346] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|TN|") returned 4
[0161.346] lstrlenW (lpString="|query|") returned 7
[0161.346] lstrlenW (lpString="|TN|") returned 4
[0161.346] StrStrIW (lpFirst="|query|", lpSrch="|TN|") returned 0x0
[0161.346] SetLastError (dwErrCode=0x490)
[0161.347] lstrlenW (lpString="change") returned 6
[0161.347] lstrlenW (lpString="change") returned 6
[0161.347] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.347] lstrlenW (lpString="TN") returned 2
[0161.347] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.347] _vsnwprintf (in: _Buffer=0x6a5140, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|change|") returned 8
[0161.347] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|TN|") returned 4
[0161.347] lstrlenW (lpString="|change|") returned 8
[0161.347] lstrlenW (lpString="|TN|") returned 4
[0161.347] StrStrIW (lpFirst="|change|", lpSrch="|TN|") returned 0x0
[0161.347] SetLastError (dwErrCode=0x490)
[0161.347] lstrlenW (lpString="run") returned 3
[0161.347] lstrlenW (lpString="run") returned 3
[0161.347] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.347] lstrlenW (lpString="TN") returned 2
[0161.347] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.347] _vsnwprintf (in: _Buffer=0x6a5140, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|run|") returned 5
[0161.347] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|TN|") returned 4
[0161.347] lstrlenW (lpString="|run|") returned 5
[0161.347] lstrlenW (lpString="|TN|") returned 4
[0161.347] StrStrIW (lpFirst="|run|", lpSrch="|TN|") returned 0x0
[0161.347] SetLastError (dwErrCode=0x490)
[0161.347] lstrlenW (lpString="end") returned 3
[0161.347] lstrlenW (lpString="end") returned 3
[0161.347] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.347] lstrlenW (lpString="TN") returned 2
[0161.347] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.348] _vsnwprintf (in: _Buffer=0x6a5140, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|end|") returned 5
[0161.348] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|TN|") returned 4
[0161.348] lstrlenW (lpString="|end|") returned 5
[0161.348] lstrlenW (lpString="|TN|") returned 4
[0161.348] StrStrIW (lpFirst="|end|", lpSrch="|TN|") returned 0x0
[0161.348] SetLastError (dwErrCode=0x490)
[0161.348] lstrlenW (lpString="showsid") returned 7
[0161.348] lstrlenW (lpString="showsid") returned 7
[0161.348] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.348] GetProcessHeap () returned 0x690000
[0161.348] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5140) returned 1
[0161.348] GetProcessHeap () returned 0x690000
[0161.348] RtlReAllocateHeap (Heap=0x690000, Flags=0xc, Ptr=0x6a5140, Size=0x16) returned 0x6a5160
[0161.348] lstrlenW (lpString="TN") returned 2
[0161.348] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.348] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0xa, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|showsid|") returned 9
[0161.348] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|TN|") returned 4
[0161.348] lstrlenW (lpString="|showsid|") returned 9
[0161.348] lstrlenW (lpString="|TN|") returned 4
[0161.348] StrStrIW (lpFirst="|showsid|", lpSrch="|TN|") returned 0x0
[0161.348] SetLastError (dwErrCode=0x490)
[0161.348] SetLastError (dwErrCode=0x490)
[0161.348] SetLastError (dwErrCode=0x0)
[0161.348] lstrlenW (lpString="/TN") returned 3
[0161.348] StrChrIW (lpStart="/TN", wMatch=0x3a) returned 0x0
[0161.348] SetLastError (dwErrCode=0x490)
[0161.348] SetLastError (dwErrCode=0x0)
[0161.348] lstrlenW (lpString="/TN") returned 3
[0161.348] GetProcessHeap () returned 0x690000
[0161.348] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x8) returned 0x6a5ab8
[0161.349] GetProcessHeap () returned 0x690000
[0161.349] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a5140
[0161.349] SetLastError (dwErrCode=0x0)
[0161.349] SetLastError (dwErrCode=0x0)
[0161.349] lstrlenW (lpString="Updates\\EmVFlIse") returned 16
[0161.349] lstrlenW (lpString="-/") returned 2
[0161.349] StrChrIW (lpStart="-/", wMatch=0x55) returned 0x0
[0161.349] SetLastError (dwErrCode=0x490)
[0161.349] SetLastError (dwErrCode=0x490)
[0161.349] SetLastError (dwErrCode=0x0)
[0161.349] lstrlenW (lpString="Updates\\EmVFlIse") returned 16
[0161.349] StrChrIW (lpStart="Updates\\EmVFlIse", wMatch=0x3a) returned 0x0
[0161.349] SetLastError (dwErrCode=0x490)
[0161.349] SetLastError (dwErrCode=0x0)
[0161.349] lstrlenW (lpString="Updates\\EmVFlIse") returned 16
[0161.349] GetProcessHeap () returned 0x690000
[0161.349] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x22) returned 0x6a5ac8
[0161.349] GetProcessHeap () returned 0x690000
[0161.349] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a5180
[0161.349] SetLastError (dwErrCode=0x0)
[0161.349] SetLastError (dwErrCode=0x0)
[0161.349] lstrlenW (lpString="/XML") returned 4
[0161.349] lstrlenW (lpString="-/") returned 2
[0161.349] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0161.349] lstrlenW (lpString="?") returned 1
[0161.349] lstrlenW (lpString="?") returned 1
[0161.349] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.349] lstrlenW (lpString="XML") returned 3
[0161.349] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.349] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|?|") returned 3
[0161.349] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|XML|") returned 5
[0161.349] lstrlenW (lpString="|?|") returned 3
[0161.350] lstrlenW (lpString="|XML|") returned 5
[0161.350] SetLastError (dwErrCode=0x490)
[0161.350] lstrlenW (lpString="create") returned 6
[0161.350] lstrlenW (lpString="create") returned 6
[0161.350] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.350] lstrlenW (lpString="XML") returned 3
[0161.350] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.350] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|create|") returned 8
[0161.350] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|XML|") returned 5
[0161.350] lstrlenW (lpString="|create|") returned 8
[0161.350] lstrlenW (lpString="|XML|") returned 5
[0161.350] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0161.350] SetLastError (dwErrCode=0x490)
[0161.350] lstrlenW (lpString="delete") returned 6
[0161.350] lstrlenW (lpString="delete") returned 6
[0161.350] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.350] lstrlenW (lpString="XML") returned 3
[0161.350] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.350] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|delete|") returned 8
[0161.350] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|XML|") returned 5
[0161.350] lstrlenW (lpString="|delete|") returned 8
[0161.350] lstrlenW (lpString="|XML|") returned 5
[0161.350] StrStrIW (lpFirst="|delete|", lpSrch="|XML|") returned 0x0
[0161.350] SetLastError (dwErrCode=0x490)
[0161.350] lstrlenW (lpString="query") returned 5
[0161.350] lstrlenW (lpString="query") returned 5
[0161.351] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.351] lstrlenW (lpString="XML") returned 3
[0161.351] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.351] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x8, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|query|") returned 7
[0161.351] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|XML|") returned 5
[0161.351] lstrlenW (lpString="|query|") returned 7
[0161.351] lstrlenW (lpString="|XML|") returned 5
[0161.351] StrStrIW (lpFirst="|query|", lpSrch="|XML|") returned 0x0
[0161.351] SetLastError (dwErrCode=0x490)
[0161.351] lstrlenW (lpString="change") returned 6
[0161.351] lstrlenW (lpString="change") returned 6
[0161.351] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.351] lstrlenW (lpString="XML") returned 3
[0161.351] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.351] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|change|") returned 8
[0161.351] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|XML|") returned 5
[0161.351] lstrlenW (lpString="|change|") returned 8
[0161.351] lstrlenW (lpString="|XML|") returned 5
[0161.351] StrStrIW (lpFirst="|change|", lpSrch="|XML|") returned 0x0
[0161.351] SetLastError (dwErrCode=0x490)
[0161.351] lstrlenW (lpString="run") returned 3
[0161.351] lstrlenW (lpString="run") returned 3
[0161.351] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.351] lstrlenW (lpString="XML") returned 3
[0161.351] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.352] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|run|") returned 5
[0161.352] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|XML|") returned 5
[0161.352] lstrlenW (lpString="|run|") returned 5
[0161.352] lstrlenW (lpString="|XML|") returned 5
[0161.352] StrStrIW (lpFirst="|run|", lpSrch="|XML|") returned 0x0
[0161.352] SetLastError (dwErrCode=0x490)
[0161.352] lstrlenW (lpString="end") returned 3
[0161.352] lstrlenW (lpString="end") returned 3
[0161.352] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.352] lstrlenW (lpString="XML") returned 3
[0161.352] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.352] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|end|") returned 5
[0161.352] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|XML|") returned 5
[0161.352] lstrlenW (lpString="|end|") returned 5
[0161.352] lstrlenW (lpString="|XML|") returned 5
[0161.352] StrStrIW (lpFirst="|end|", lpSrch="|XML|") returned 0x0
[0161.352] SetLastError (dwErrCode=0x490)
[0161.352] lstrlenW (lpString="showsid") returned 7
[0161.352] lstrlenW (lpString="showsid") returned 7
[0161.352] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.352] lstrlenW (lpString="XML") returned 3
[0161.352] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.352] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0xa, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|showsid|") returned 9
[0161.353] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f380 | out: _Buffer="|XML|") returned 5
[0161.353] lstrlenW (lpString="|showsid|") returned 9
[0161.353] lstrlenW (lpString="|XML|") returned 5
[0161.353] StrStrIW (lpFirst="|showsid|", lpSrch="|XML|") returned 0x0
[0161.353] SetLastError (dwErrCode=0x490)
[0161.353] SetLastError (dwErrCode=0x490)
[0161.353] SetLastError (dwErrCode=0x0)
[0161.353] lstrlenW (lpString="/XML") returned 4
[0161.353] StrChrIW (lpStart="/XML", wMatch=0x3a) returned 0x0
[0161.353] SetLastError (dwErrCode=0x490)
[0161.353] SetLastError (dwErrCode=0x0)
[0161.353] lstrlenW (lpString="/XML") returned 4
[0161.353] GetProcessHeap () returned 0x690000
[0161.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0xa) returned 0x6a4b08
[0161.353] GetProcessHeap () returned 0x690000
[0161.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a51a0
[0161.353] SetLastError (dwErrCode=0x0)
[0161.353] SetLastError (dwErrCode=0x0)
[0161.353] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp") returned 49
[0161.353] lstrlenW (lpString="-/") returned 2
[0161.353] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0
[0161.353] SetLastError (dwErrCode=0x490)
[0161.353] SetLastError (dwErrCode=0x490)
[0161.353] SetLastError (dwErrCode=0x0)
[0161.353] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp") returned 49
[0161.353] StrChrIW (lpStart="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp", wMatch=0x3a) returned=":\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp"
[0161.353] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp") returned 49
[0161.354] GetProcessHeap () returned 0x690000
[0161.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x10) returned 0x6a4b38
[0161.354] _memicmp (_Buf1=0x6a4b38, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.354] GetProcessHeap () returned 0x690000
[0161.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0xc) returned 0x6a4b50
[0161.354] GetProcessHeap () returned 0x690000
[0161.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x10) returned 0x6a4b68
[0161.354] _memicmp (_Buf1=0x6a4b68, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.354] GetProcessHeap () returned 0x690000
[0161.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x68) returned 0x6a5af8
[0161.354] SetLastError (dwErrCode=0x7a)
[0161.354] SetLastError (dwErrCode=0x0)
[0161.354] SetLastError (dwErrCode=0x0)
[0161.354] lstrlenW (lpString="C") returned 1
[0161.354] SetLastError (dwErrCode=0x490)
[0161.354] SetLastError (dwErrCode=0x0)
[0161.354] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp") returned 49
[0161.354] GetProcessHeap () returned 0x690000
[0161.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x64) returned 0x6a5b68
[0161.354] GetProcessHeap () returned 0x690000
[0161.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a51c0
[0161.354] SetLastError (dwErrCode=0x0)
[0161.354] GetProcessHeap () returned 0x690000
[0161.354] GetProcessHeap () returned 0x690000
[0161.354] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5ab8) returned 1
[0161.354] GetProcessHeap () returned 0x690000
[0161.354] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5ab8) returned 0x8
[0161.354] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5ab8 | out: hHeap=0x690000) returned 1
[0161.354] GetProcessHeap () returned 0x690000
[0161.354] GetProcessHeap () returned 0x690000
[0161.354] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5140) returned 1
[0161.354] GetProcessHeap () returned 0x690000
[0161.354] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5140) returned 0x14
[0161.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5140 | out: hHeap=0x690000) returned 1
[0161.355] GetProcessHeap () returned 0x690000
[0161.355] GetProcessHeap () returned 0x690000
[0161.355] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5ac8) returned 1
[0161.355] GetProcessHeap () returned 0x690000
[0161.355] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5ac8) returned 0x22
[0161.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5ac8 | out: hHeap=0x690000) returned 1
[0161.355] GetProcessHeap () returned 0x690000
[0161.355] GetProcessHeap () returned 0x690000
[0161.355] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5180) returned 1
[0161.355] GetProcessHeap () returned 0x690000
[0161.355] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5180) returned 0x14
[0161.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5180 | out: hHeap=0x690000) returned 1
[0161.355] GetProcessHeap () returned 0x690000
[0161.355] GetProcessHeap () returned 0x690000
[0161.355] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4b08) returned 1
[0161.355] GetProcessHeap () returned 0x690000
[0161.355] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4b08) returned 0xa
[0161.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4b08 | out: hHeap=0x690000) returned 1
[0161.355] GetProcessHeap () returned 0x690000
[0161.355] GetProcessHeap () returned 0x690000
[0161.355] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a51a0) returned 1
[0161.355] GetProcessHeap () returned 0x690000
[0161.355] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a51a0) returned 0x14
[0161.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a51a0 | out: hHeap=0x690000) returned 1
[0161.355] GetProcessHeap () returned 0x690000
[0161.355] GetProcessHeap () returned 0x690000
[0161.355] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5b68) returned 1
[0161.355] GetProcessHeap () returned 0x690000
[0161.355] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5b68) returned 0x64
[0161.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5b68 | out: hHeap=0x690000) returned 1
[0161.356] GetProcessHeap () returned 0x690000
[0161.356] GetProcessHeap () returned 0x690000
[0161.356] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a51c0) returned 1
[0161.356] GetProcessHeap () returned 0x690000
[0161.356] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a51c0) returned 0x14
[0161.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a51c0 | out: hHeap=0x690000) returned 1
[0161.356] GetProcessHeap () returned 0x690000
[0161.356] GetProcessHeap () returned 0x690000
[0161.356] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x69ef10) returned 1
[0161.356] GetProcessHeap () returned 0x690000
[0161.356] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x69ef10) returned 0x10
[0161.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69ef10 | out: hHeap=0x690000) returned 1
[0161.356] SetLastError (dwErrCode=0x0)
[0161.356] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0161.356] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0161.356] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0161.356] VerifyVersionInfoW (in: lpVersionInformation=0x12c798, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x12c798) returned 1
[0161.356] SetLastError (dwErrCode=0x0)
[0161.356] lstrlenW (lpString="create") returned 6
[0161.356] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0
[0161.357] SetLastError (dwErrCode=0x490)
[0161.357] SetLastError (dwErrCode=0x0)
[0161.357] lstrlenW (lpString="create") returned 6
[0161.357] GetProcessHeap () returned 0x690000
[0161.357] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a51c0
[0161.357] GetProcessHeap () returned 0x690000
[0161.357] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x10) returned 0x69ef10
[0161.357] _memicmp (_Buf1=0x69ef10, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.357] GetProcessHeap () returned 0x690000
[0161.357] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x16) returned 0x6a51a0
[0161.357] SetLastError (dwErrCode=0x0)
[0161.357] _memicmp (_Buf1=0x6a4a60, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.357] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x6a58a8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0161.357] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744
[0161.357] GetProcessHeap () returned 0x690000
[0161.357] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x74e) returned 0x6a6780
[0161.358] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x6a6780 | out: lpData=0x6a6780) returned 1
[0161.358] VerQueryValueW (in: pBlock=0x6a6780, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12c8a0, puLen=0x12c8a4 | out: lplpBuffer=0x12c8a0*=0x6a6b1c, puLen=0x12c8a4) returned 1
[0161.358] _memicmp (_Buf1=0x6a4a60, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.358] _vsnwprintf (in: _Buffer=0x6a58a8, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x12c888 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0161.358] VerQueryValueW (in: pBlock=0x6a6780, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x12c8b0, puLen=0x12c8ac | out: lplpBuffer=0x12c8b0*=0x6a6948, puLen=0x12c8ac) returned 1
[0161.358] lstrlenW (lpString="schtasks.exe") returned 12
[0161.358] lstrlenW (lpString="schtasks.exe") returned 12
[0161.358] lstrlenW (lpString=".EXE") returned 4
[0161.358] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0161.358] lstrlenW (lpString="schtasks.exe") returned 12
[0161.358] lstrlenW (lpString=".EXE") returned 4
[0161.358] lstrlenW (lpString="schtasks") returned 8
[0161.358] lstrlenW (lpString="/create") returned 7
[0161.358] _memicmp (_Buf1=0x6a4a60, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.358] _vsnwprintf (in: _Buffer=0x6a58a8, _BufferCount=0x19, _Format="%s %s", _ArgList=0x12c888 | out: _Buffer="schtasks /create") returned 16
[0161.358] _memicmp (_Buf1=0x6a4ac0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.358] GetProcessHeap () returned 0x690000
[0161.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a5180
[0161.358] _memicmp (_Buf1=0x6a4ad8, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.358] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x6a6540, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0161.358] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0161.358] GetProcessHeap () returned 0x690000
[0161.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x30) returned 0x6a5ab8
[0161.358] _vsnwprintf (in: _Buffer=0x6a6498, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x12c88c | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37
[0161.359] GetProcessHeap () returned 0x690000
[0161.359] GetProcessHeap () returned 0x690000
[0161.359] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6780) returned 1
[0161.359] GetProcessHeap () returned 0x690000
[0161.359] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a6780) returned 0x74e
[0161.359] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6780 | out: hHeap=0x690000) returned 1
[0161.359] SetLastError (dwErrCode=0x0)
[0161.359] GetThreadLocale () returned 0x409
[0161.359] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.359] lstrlenW (lpString="create") returned 6
[0161.359] GetThreadLocale () returned 0x409
[0161.359] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.359] lstrlenW (lpString="?") returned 1
[0161.359] GetThreadLocale () returned 0x409
[0161.359] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.359] lstrlenW (lpString="s") returned 1
[0161.359] GetThreadLocale () returned 0x409
[0161.359] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.359] lstrlenW (lpString="u") returned 1
[0161.359] GetThreadLocale () returned 0x409
[0161.359] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.359] lstrlenW (lpString="p") returned 1
[0161.359] GetThreadLocale () returned 0x409
[0161.359] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.359] lstrlenW (lpString="ru") returned 2
[0161.359] GetThreadLocale () returned 0x409
[0161.359] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.359] lstrlenW (lpString="rp") returned 2
[0161.359] GetThreadLocale () returned 0x409
[0161.359] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.359] lstrlenW (lpString="sc") returned 2
[0161.359] GetThreadLocale () returned 0x409
[0161.360] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.360] lstrlenW (lpString="mo") returned 2
[0161.360] GetThreadLocale () returned 0x409
[0161.360] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.360] lstrlenW (lpString="d") returned 1
[0161.360] GetThreadLocale () returned 0x409
[0161.360] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.360] lstrlenW (lpString="m") returned 1
[0161.360] GetThreadLocale () returned 0x409
[0161.360] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.360] lstrlenW (lpString="i") returned 1
[0161.360] GetThreadLocale () returned 0x409
[0161.360] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.360] lstrlenW (lpString="tn") returned 2
[0161.360] GetThreadLocale () returned 0x409
[0161.360] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.360] lstrlenW (lpString="tr") returned 2
[0161.360] GetThreadLocale () returned 0x409
[0161.360] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.360] lstrlenW (lpString="st") returned 2
[0161.360] GetThreadLocale () returned 0x409
[0161.360] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.360] lstrlenW (lpString="sd") returned 2
[0161.360] GetThreadLocale () returned 0x409
[0161.360] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.360] lstrlenW (lpString="ed") returned 2
[0161.360] GetThreadLocale () returned 0x409
[0161.360] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.360] lstrlenW (lpString="it") returned 2
[0161.360] GetThreadLocale () returned 0x409
[0161.360] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.360] lstrlenW (lpString="et") returned 2
[0161.360] GetThreadLocale () returned 0x409
[0161.360] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.361] lstrlenW (lpString="k") returned 1
[0161.361] GetThreadLocale () returned 0x409
[0161.361] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.361] lstrlenW (lpString="du") returned 2
[0161.361] GetThreadLocale () returned 0x409
[0161.361] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.361] lstrlenW (lpString="ri") returned 2
[0161.361] GetThreadLocale () returned 0x409
[0161.361] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.361] lstrlenW (lpString="z") returned 1
[0161.361] GetThreadLocale () returned 0x409
[0161.361] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.361] lstrlenW (lpString="f") returned 1
[0161.361] GetThreadLocale () returned 0x409
[0161.361] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.361] lstrlenW (lpString="v1") returned 2
[0161.361] GetThreadLocale () returned 0x409
[0161.361] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.361] lstrlenW (lpString="xml") returned 3
[0161.361] GetThreadLocale () returned 0x409
[0161.361] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.361] lstrlenW (lpString="ec") returned 2
[0161.361] GetThreadLocale () returned 0x409
[0161.361] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.361] lstrlenW (lpString="rl") returned 2
[0161.361] GetThreadLocale () returned 0x409
[0161.361] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.361] lstrlenW (lpString="delay") returned 5
[0161.361] GetThreadLocale () returned 0x409
[0161.361] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0161.361] lstrlenW (lpString="np") returned 2
[0161.361] SetLastError (dwErrCode=0x0)
[0161.361] SetLastError (dwErrCode=0x0)
[0161.361] lstrlenW (lpString="/Create") returned 7
[0161.362] lstrlenW (lpString="-/") returned 2
[0161.362] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0161.362] lstrlenW (lpString="create") returned 6
[0161.362] lstrlenW (lpString="create") returned 6
[0161.362] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.362] lstrlenW (lpString="Create") returned 6
[0161.362] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.362] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|create|") returned 8
[0161.362] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|Create|") returned 8
[0161.362] lstrlenW (lpString="|create|") returned 8
[0161.362] lstrlenW (lpString="|Create|") returned 8
[0161.362] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0161.362] SetLastError (dwErrCode=0x0)
[0161.362] SetLastError (dwErrCode=0x0)
[0161.362] SetLastError (dwErrCode=0x0)
[0161.362] lstrlenW (lpString="/TN") returned 3
[0161.362] lstrlenW (lpString="-/") returned 2
[0161.362] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0161.362] lstrlenW (lpString="create") returned 6
[0161.362] lstrlenW (lpString="create") returned 6
[0161.362] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.362] lstrlenW (lpString="TN") returned 2
[0161.362] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.362] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|create|") returned 8
[0161.362] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|TN|") returned 4
[0161.362] lstrlenW (lpString="|create|") returned 8
[0161.362] lstrlenW (lpString="|TN|") returned 4
[0161.362] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0161.362] SetLastError (dwErrCode=0x490)
[0161.362] lstrlenW (lpString="?") returned 1
[0161.362] lstrlenW (lpString="?") returned 1
[0161.363] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.363] lstrlenW (lpString="TN") returned 2
[0161.363] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.363] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|?|") returned 3
[0161.363] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|TN|") returned 4
[0161.363] lstrlenW (lpString="|?|") returned 3
[0161.363] lstrlenW (lpString="|TN|") returned 4
[0161.363] SetLastError (dwErrCode=0x490)
[0161.363] lstrlenW (lpString="s") returned 1
[0161.363] lstrlenW (lpString="s") returned 1
[0161.363] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.363] lstrlenW (lpString="TN") returned 2
[0161.363] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.363] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|s|") returned 3
[0161.363] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|TN|") returned 4
[0161.363] lstrlenW (lpString="|s|") returned 3
[0161.363] lstrlenW (lpString="|TN|") returned 4
[0161.363] SetLastError (dwErrCode=0x490)
[0161.363] lstrlenW (lpString="u") returned 1
[0161.363] lstrlenW (lpString="u") returned 1
[0161.363] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.363] lstrlenW (lpString="TN") returned 2
[0161.363] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.363] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|u|") returned 3
[0161.363] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|TN|") returned 4
[0161.363] lstrlenW (lpString="|u|") returned 3
[0161.363] lstrlenW (lpString="|TN|") returned 4
[0161.363] SetLastError (dwErrCode=0x490)
[0161.363] lstrlenW (lpString="p") returned 1
[0161.363] lstrlenW (lpString="p") returned 1
[0161.364] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.364] lstrlenW (lpString="TN") returned 2
[0161.364] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.364] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|p|") returned 3
[0161.364] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|TN|") returned 4
[0161.364] lstrlenW (lpString="|p|") returned 3
[0161.364] lstrlenW (lpString="|TN|") returned 4
[0161.364] SetLastError (dwErrCode=0x490)
[0161.364] lstrlenW (lpString="ru") returned 2
[0161.364] lstrlenW (lpString="ru") returned 2
[0161.364] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.364] lstrlenW (lpString="TN") returned 2
[0161.364] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.364] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|ru|") returned 4
[0161.364] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|TN|") returned 4
[0161.364] lstrlenW (lpString="|ru|") returned 4
[0161.364] lstrlenW (lpString="|TN|") returned 4
[0161.364] StrStrIW (lpFirst="|ru|", lpSrch="|TN|") returned 0x0
[0161.364] SetLastError (dwErrCode=0x490)
[0161.364] lstrlenW (lpString="rp") returned 2
[0161.364] lstrlenW (lpString="rp") returned 2
[0161.364] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.364] lstrlenW (lpString="TN") returned 2
[0161.364] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.364] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|rp|") returned 4
[0161.364] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|TN|") returned 4
[0161.364] lstrlenW (lpString="|rp|") returned 4
[0161.364] lstrlenW (lpString="|TN|") returned 4
[0161.364] StrStrIW (lpFirst="|rp|", lpSrch="|TN|") returned 0x0
[0161.365] SetLastError (dwErrCode=0x490)
[0161.365] lstrlenW (lpString="sc") returned 2
[0161.365] lstrlenW (lpString="sc") returned 2
[0161.365] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.365] lstrlenW (lpString="TN") returned 2
[0161.365] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.365] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|sc|") returned 4
[0161.365] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|TN|") returned 4
[0161.365] lstrlenW (lpString="|sc|") returned 4
[0161.365] lstrlenW (lpString="|TN|") returned 4
[0161.365] StrStrIW (lpFirst="|sc|", lpSrch="|TN|") returned 0x0
[0161.365] SetLastError (dwErrCode=0x490)
[0161.365] lstrlenW (lpString="mo") returned 2
[0161.365] lstrlenW (lpString="mo") returned 2
[0161.365] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.365] lstrlenW (lpString="TN") returned 2
[0161.365] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.365] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|mo|") returned 4
[0161.365] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|TN|") returned 4
[0161.365] lstrlenW (lpString="|mo|") returned 4
[0161.365] lstrlenW (lpString="|TN|") returned 4
[0161.365] StrStrIW (lpFirst="|mo|", lpSrch="|TN|") returned 0x0
[0161.365] SetLastError (dwErrCode=0x490)
[0161.365] lstrlenW (lpString="d") returned 1
[0161.365] lstrlenW (lpString="d") returned 1
[0161.365] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.365] lstrlenW (lpString="TN") returned 2
[0161.365] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.365] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|d|") returned 3
[0161.366] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|TN|") returned 4
[0161.366] lstrlenW (lpString="|d|") returned 3
[0161.366] lstrlenW (lpString="|TN|") returned 4
[0161.366] SetLastError (dwErrCode=0x490)
[0161.366] lstrlenW (lpString="m") returned 1
[0161.366] lstrlenW (lpString="m") returned 1
[0161.366] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.366] lstrlenW (lpString="TN") returned 2
[0161.366] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.366] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|m|") returned 3
[0161.366] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|TN|") returned 4
[0161.366] lstrlenW (lpString="|m|") returned 3
[0161.366] lstrlenW (lpString="|TN|") returned 4
[0161.366] SetLastError (dwErrCode=0x490)
[0161.366] lstrlenW (lpString="i") returned 1
[0161.366] lstrlenW (lpString="i") returned 1
[0161.366] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.366] lstrlenW (lpString="TN") returned 2
[0161.366] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.366] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|i|") returned 3
[0161.366] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|TN|") returned 4
[0161.366] lstrlenW (lpString="|i|") returned 3
[0161.366] lstrlenW (lpString="|TN|") returned 4
[0161.366] SetLastError (dwErrCode=0x490)
[0161.366] lstrlenW (lpString="tn") returned 2
[0161.366] lstrlenW (lpString="tn") returned 2
[0161.366] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.366] lstrlenW (lpString="TN") returned 2
[0161.367] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.367] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|tn|") returned 4
[0161.367] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|TN|") returned 4
[0161.367] lstrlenW (lpString="|tn|") returned 4
[0161.367] lstrlenW (lpString="|TN|") returned 4
[0161.367] StrStrIW (lpFirst="|tn|", lpSrch="|TN|") returned="|tn|"
[0161.367] SetLastError (dwErrCode=0x0)
[0161.367] SetLastError (dwErrCode=0x0)
[0161.367] lstrlenW (lpString="Updates\\EmVFlIse") returned 16
[0161.367] lstrlenW (lpString="-/") returned 2
[0161.367] StrChrIW (lpStart="-/", wMatch=0x55) returned 0x0
[0161.367] SetLastError (dwErrCode=0x490)
[0161.367] SetLastError (dwErrCode=0x490)
[0161.367] SetLastError (dwErrCode=0x0)
[0161.367] lstrlenW (lpString="Updates\\EmVFlIse") returned 16
[0161.367] StrChrIW (lpStart="Updates\\EmVFlIse", wMatch=0x3a) returned 0x0
[0161.367] SetLastError (dwErrCode=0x490)
[0161.367] SetLastError (dwErrCode=0x0)
[0161.367] lstrlenW (lpString="Updates\\EmVFlIse") returned 16
[0161.367] SetLastError (dwErrCode=0x0)
[0161.367] SetLastError (dwErrCode=0x0)
[0161.367] lstrlenW (lpString="/XML") returned 4
[0161.367] lstrlenW (lpString="-/") returned 2
[0161.367] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0161.367] lstrlenW (lpString="create") returned 6
[0161.367] lstrlenW (lpString="create") returned 6
[0161.367] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.368] lstrlenW (lpString="XML") returned 3
[0161.368] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.368] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|create|") returned 8
[0161.368] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.368] lstrlenW (lpString="|create|") returned 8
[0161.368] lstrlenW (lpString="|XML|") returned 5
[0161.368] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0161.368] SetLastError (dwErrCode=0x490)
[0161.368] lstrlenW (lpString="?") returned 1
[0161.368] lstrlenW (lpString="?") returned 1
[0161.368] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.368] lstrlenW (lpString="XML") returned 3
[0161.368] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.368] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|?|") returned 3
[0161.368] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.368] lstrlenW (lpString="|?|") returned 3
[0161.368] lstrlenW (lpString="|XML|") returned 5
[0161.368] SetLastError (dwErrCode=0x490)
[0161.368] lstrlenW (lpString="s") returned 1
[0161.368] lstrlenW (lpString="s") returned 1
[0161.368] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.368] lstrlenW (lpString="XML") returned 3
[0161.368] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.368] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|s|") returned 3
[0161.368] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.368] lstrlenW (lpString="|s|") returned 3
[0161.368] lstrlenW (lpString="|XML|") returned 5
[0161.369] SetLastError (dwErrCode=0x490)
[0161.369] lstrlenW (lpString="u") returned 1
[0161.369] lstrlenW (lpString="u") returned 1
[0161.369] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.369] lstrlenW (lpString="XML") returned 3
[0161.369] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.369] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|u|") returned 3
[0161.369] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.369] lstrlenW (lpString="|u|") returned 3
[0161.369] lstrlenW (lpString="|XML|") returned 5
[0161.369] SetLastError (dwErrCode=0x490)
[0161.369] lstrlenW (lpString="p") returned 1
[0161.369] lstrlenW (lpString="p") returned 1
[0161.369] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.369] lstrlenW (lpString="XML") returned 3
[0161.369] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.369] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|p|") returned 3
[0161.369] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.369] lstrlenW (lpString="|p|") returned 3
[0161.369] lstrlenW (lpString="|XML|") returned 5
[0161.369] SetLastError (dwErrCode=0x490)
[0161.369] lstrlenW (lpString="ru") returned 2
[0161.369] lstrlenW (lpString="ru") returned 2
[0161.369] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.370] lstrlenW (lpString="XML") returned 3
[0161.370] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.370] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|ru|") returned 4
[0161.370] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.370] lstrlenW (lpString="|ru|") returned 4
[0161.370] lstrlenW (lpString="|XML|") returned 5
[0161.370] SetLastError (dwErrCode=0x490)
[0161.370] lstrlenW (lpString="rp") returned 2
[0161.370] lstrlenW (lpString="rp") returned 2
[0161.370] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.370] lstrlenW (lpString="XML") returned 3
[0161.370] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.370] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|rp|") returned 4
[0161.370] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.370] lstrlenW (lpString="|rp|") returned 4
[0161.370] lstrlenW (lpString="|XML|") returned 5
[0161.370] SetLastError (dwErrCode=0x490)
[0161.370] lstrlenW (lpString="sc") returned 2
[0161.370] lstrlenW (lpString="sc") returned 2
[0161.370] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.370] lstrlenW (lpString="XML") returned 3
[0161.370] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.371] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|sc|") returned 4
[0161.371] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.371] lstrlenW (lpString="|sc|") returned 4
[0161.371] lstrlenW (lpString="|XML|") returned 5
[0161.371] SetLastError (dwErrCode=0x490)
[0161.371] lstrlenW (lpString="mo") returned 2
[0161.371] lstrlenW (lpString="mo") returned 2
[0161.371] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.371] lstrlenW (lpString="XML") returned 3
[0161.371] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.371] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|mo|") returned 4
[0161.371] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.371] lstrlenW (lpString="|mo|") returned 4
[0161.371] lstrlenW (lpString="|XML|") returned 5
[0161.371] SetLastError (dwErrCode=0x490)
[0161.371] lstrlenW (lpString="d") returned 1
[0161.371] lstrlenW (lpString="d") returned 1
[0161.371] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.371] lstrlenW (lpString="XML") returned 3
[0161.371] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.371] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|d|") returned 3
[0161.372] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.372] lstrlenW (lpString="|d|") returned 3
[0161.372] lstrlenW (lpString="|XML|") returned 5
[0161.372] SetLastError (dwErrCode=0x490)
[0161.372] lstrlenW (lpString="m") returned 1
[0161.372] lstrlenW (lpString="m") returned 1
[0161.372] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.372] lstrlenW (lpString="XML") returned 3
[0161.372] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.372] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|m|") returned 3
[0161.372] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.372] lstrlenW (lpString="|m|") returned 3
[0161.372] lstrlenW (lpString="|XML|") returned 5
[0161.372] SetLastError (dwErrCode=0x490)
[0161.372] lstrlenW (lpString="i") returned 1
[0161.372] lstrlenW (lpString="i") returned 1
[0161.372] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.372] lstrlenW (lpString="XML") returned 3
[0161.372] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.372] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|i|") returned 3
[0161.372] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.372] lstrlenW (lpString="|i|") returned 3
[0161.372] lstrlenW (lpString="|XML|") returned 5
[0161.372] SetLastError (dwErrCode=0x490)
[0161.372] lstrlenW (lpString="tn") returned 2
[0161.372] lstrlenW (lpString="tn") returned 2
[0161.372] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.372] lstrlenW (lpString="XML") returned 3
[0161.372] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.373] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|tn|") returned 4
[0161.373] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.373] lstrlenW (lpString="|tn|") returned 4
[0161.373] lstrlenW (lpString="|XML|") returned 5
[0161.373] SetLastError (dwErrCode=0x490)
[0161.373] lstrlenW (lpString="tr") returned 2
[0161.373] lstrlenW (lpString="tr") returned 2
[0161.373] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.373] lstrlenW (lpString="XML") returned 3
[0161.373] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.373] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|tr|") returned 4
[0161.373] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.373] lstrlenW (lpString="|tr|") returned 4
[0161.373] lstrlenW (lpString="|XML|") returned 5
[0161.373] SetLastError (dwErrCode=0x490)
[0161.373] lstrlenW (lpString="st") returned 2
[0161.373] lstrlenW (lpString="st") returned 2
[0161.373] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.373] lstrlenW (lpString="XML") returned 3
[0161.373] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.373] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|st|") returned 4
[0161.373] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.373] lstrlenW (lpString="|st|") returned 4
[0161.373] lstrlenW (lpString="|XML|") returned 5
[0161.373] SetLastError (dwErrCode=0x490)
[0161.373] lstrlenW (lpString="sd") returned 2
[0161.373] lstrlenW (lpString="sd") returned 2
[0161.373] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.373] lstrlenW (lpString="XML") returned 3
[0161.373] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.374] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|sd|") returned 4
[0161.374] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.374] lstrlenW (lpString="|sd|") returned 4
[0161.374] lstrlenW (lpString="|XML|") returned 5
[0161.374] SetLastError (dwErrCode=0x490)
[0161.374] lstrlenW (lpString="ed") returned 2
[0161.374] lstrlenW (lpString="ed") returned 2
[0161.374] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.374] lstrlenW (lpString="XML") returned 3
[0161.374] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.374] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|ed|") returned 4
[0161.374] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.374] lstrlenW (lpString="|ed|") returned 4
[0161.374] lstrlenW (lpString="|XML|") returned 5
[0161.374] SetLastError (dwErrCode=0x490)
[0161.374] lstrlenW (lpString="it") returned 2
[0161.374] lstrlenW (lpString="it") returned 2
[0161.374] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.374] lstrlenW (lpString="XML") returned 3
[0161.374] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.374] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|it|") returned 4
[0161.374] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.374] lstrlenW (lpString="|it|") returned 4
[0161.374] lstrlenW (lpString="|XML|") returned 5
[0161.374] SetLastError (dwErrCode=0x490)
[0161.374] lstrlenW (lpString="et") returned 2
[0161.374] lstrlenW (lpString="et") returned 2
[0161.374] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.375] lstrlenW (lpString="XML") returned 3
[0161.375] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.375] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|et|") returned 4
[0161.375] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.375] lstrlenW (lpString="|et|") returned 4
[0161.375] lstrlenW (lpString="|XML|") returned 5
[0161.375] SetLastError (dwErrCode=0x490)
[0161.375] lstrlenW (lpString="k") returned 1
[0161.375] lstrlenW (lpString="k") returned 1
[0161.375] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.375] lstrlenW (lpString="XML") returned 3
[0161.375] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.375] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|k|") returned 3
[0161.375] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.375] lstrlenW (lpString="|k|") returned 3
[0161.375] lstrlenW (lpString="|XML|") returned 5
[0161.375] SetLastError (dwErrCode=0x490)
[0161.375] lstrlenW (lpString="du") returned 2
[0161.375] lstrlenW (lpString="du") returned 2
[0161.375] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.375] lstrlenW (lpString="XML") returned 3
[0161.375] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.375] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|du|") returned 4
[0161.375] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.375] lstrlenW (lpString="|du|") returned 4
[0161.375] lstrlenW (lpString="|XML|") returned 5
[0161.375] SetLastError (dwErrCode=0x490)
[0161.375] lstrlenW (lpString="ri") returned 2
[0161.376] lstrlenW (lpString="ri") returned 2
[0161.376] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.376] lstrlenW (lpString="XML") returned 3
[0161.376] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.376] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|ri|") returned 4
[0161.376] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.376] lstrlenW (lpString="|ri|") returned 4
[0161.376] lstrlenW (lpString="|XML|") returned 5
[0161.376] SetLastError (dwErrCode=0x490)
[0161.376] lstrlenW (lpString="z") returned 1
[0161.376] lstrlenW (lpString="z") returned 1
[0161.376] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.376] lstrlenW (lpString="XML") returned 3
[0161.376] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.376] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|z|") returned 3
[0161.376] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.376] lstrlenW (lpString="|z|") returned 3
[0161.376] lstrlenW (lpString="|XML|") returned 5
[0161.376] SetLastError (dwErrCode=0x490)
[0161.376] lstrlenW (lpString="f") returned 1
[0161.376] lstrlenW (lpString="f") returned 1
[0161.376] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.376] lstrlenW (lpString="XML") returned 3
[0161.376] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.376] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|f|") returned 3
[0161.376] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.376] lstrlenW (lpString="|f|") returned 3
[0161.377] lstrlenW (lpString="|XML|") returned 5
[0161.377] SetLastError (dwErrCode=0x490)
[0161.377] lstrlenW (lpString="v1") returned 2
[0161.377] lstrlenW (lpString="v1") returned 2
[0161.377] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.377] lstrlenW (lpString="XML") returned 3
[0161.377] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.377] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|v1|") returned 4
[0161.377] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.377] lstrlenW (lpString="|v1|") returned 4
[0161.377] lstrlenW (lpString="|XML|") returned 5
[0161.377] SetLastError (dwErrCode=0x490)
[0161.377] lstrlenW (lpString="xml") returned 3
[0161.377] lstrlenW (lpString="xml") returned 3
[0161.377] _memicmp (_Buf1=0x6a4af0, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.377] lstrlenW (lpString="XML") returned 3
[0161.377] _memicmp (_Buf1=0x6a4b20, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.377] _vsnwprintf (in: _Buffer=0x6a5160, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|xml|") returned 5
[0161.377] _vsnwprintf (in: _Buffer=0x6a5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c874 | out: _Buffer="|XML|") returned 5
[0161.377] lstrlenW (lpString="|xml|") returned 5
[0161.377] lstrlenW (lpString="|XML|") returned 5
[0161.377] StrStrIW (lpFirst="|xml|", lpSrch="|XML|") returned="|xml|"
[0161.377] SetLastError (dwErrCode=0x0)
[0161.377] SetLastError (dwErrCode=0x0)
[0161.377] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp") returned 49
[0161.378] lstrlenW (lpString="-/") returned 2
[0161.378] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0
[0161.378] SetLastError (dwErrCode=0x490)
[0161.378] SetLastError (dwErrCode=0x490)
[0161.378] SetLastError (dwErrCode=0x0)
[0161.378] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp") returned 49
[0161.378] StrChrIW (lpStart="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp", wMatch=0x3a) returned=":\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp"
[0161.378] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp") returned 49
[0161.378] _memicmp (_Buf1=0x6a4b38, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.378] _memicmp (_Buf1=0x6a4b68, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.378] SetLastError (dwErrCode=0x7a)
[0161.378] SetLastError (dwErrCode=0x0)
[0161.378] SetLastError (dwErrCode=0x0)
[0161.378] lstrlenW (lpString="C") returned 1
[0161.378] SetLastError (dwErrCode=0x490)
[0161.378] SetLastError (dwErrCode=0x0)
[0161.378] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp") returned 49
[0161.378] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp") returned 49
[0161.378] GetProcessHeap () returned 0x690000
[0161.378] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x64) returned 0x6a5b68
[0161.378] SetLastError (dwErrCode=0x0)
[0161.378] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp") returned 49
[0161.378] SetLastError (dwErrCode=0x0)
[0161.379] GetProcessHeap () returned 0x690000
[0161.379] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x1fc) returned 0x6a5bd8
[0161.379] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0161.391] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
[0161.402] CoCreateInstance (in: rclsid=0xe5230c*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0xe520fc*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x12cca4 | out: ppv=0x12cca4*=0x3b3cb8) returned 0x0
[0161.737] TaskScheduler:ITaskService:Connect (This=0x3b3cb8, serverName=0x12cc14*(varType=0x8, wReserved1=0x0, wReserved2=0xcc88, wReserved3=0x12, varVal1=0x0, varVal2=0x12d560), user=0x12cc24*(varType=0x0, wReserved1=0x12, wReserved2=0xccac, wReserved3=0x12, varVal1=0x76489cde, varVal2=0x12d560), domain=0x12cc34*(varType=0x0, wReserved1=0x0, wReserved2=0x1f0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), password=0x12cc44*(varType=0x0, wReserved1=0x0, wReserved2=0x9c39, wReserved3=0x7648, varVal1=0x70, varVal2=0x12d6e0)) returned 0x0
[0161.742] TaskScheduler:IUnknown:AddRef (This=0x3b3cb8) returned 0x2
[0161.742] TaskScheduler:ITaskService:GetFolder (in: This=0x3b3cb8, Path=0x0, ppFolder=0x12cd48 | out: ppFolder=0x12cd48*=0x3b1368) returned 0x0
[0161.744] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmpc3e3.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0x10c
[0161.744] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x12c638 | out: lpFileSize=0x12c638*=1642) returned 1
[0161.744] ReadFile (in: hFile=0x10c, lpBuffer=0x12c640, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0x12c648, lpOverlapped=0x0 | out: lpBuffer=0x12c640*, lpNumberOfBytesRead=0x12c648*=0x2, lpOverlapped=0x0) returned 1
[0161.745] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
[0161.745] malloc (_Size=0x66b) returned 0x3b2638
[0161.745] ReadFile (in: hFile=0x10c, lpBuffer=0x3b2638, nNumberOfBytesToRead=0x66b, lpNumberOfBytesRead=0x12c648, lpOverlapped=0x0 | out: lpBuffer=0x3b2638*, lpNumberOfBytesRead=0x12c648*=0x66a, lpOverlapped=0x0) returned 1
[0161.745] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x3b2638, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1643
[0161.745] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x3b2638, cbMultiByte=-1, lpWideCharStr=0x6b55fc, cchWideChar=1643 | out: lpWideCharStr="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n Q9IATRKPRH\\kEecfMwgj\r\n \r\n \r\n \r\n true\r\n Q9IATRKPRH\\kEecfMwgj\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n Q9IATRKPRH\\kEecfMwgj\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe\r\n \r\n \r\n") returned 1643
[0161.745] SysStringLen (param_1="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n Q9IATRKPRH\\kEecfMwgj\r\n \r\n \r\n \r\n true\r\n Q9IATRKPRH\\kEecfMwgj\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n Q9IATRKPRH\\kEecfMwgj\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe\r\n \r\n \r\n") returned 0x66a
[0161.745] VarBstrCat (in: bstrLeft=0x0, bstrRight="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n Q9IATRKPRH\\kEecfMwgj\r\n \r\n \r\n \r\n true\r\n Q9IATRKPRH\\kEecfMwgj\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n Q9IATRKPRH\\kEecfMwgj\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe\r\n \r\n \r\n", pbstrResult=0x12c5e8 | out: pbstrResult=0x12c5e8) returned 0x0
[0161.746] free (_Block=0x3b2638)
[0161.746] CloseHandle (hObject=0x10c) returned 1
[0161.746] lstrlenW (lpString="") returned 0
[0161.746] malloc (_Size=0xc) returned 0x3b3d40
[0161.746] SysStringLen (param_1="") returned 0x0
[0161.746] free (_Block=0x3b3d40)
[0161.747] lstrlenW (lpString="") returned 0
[0161.747] ITaskFolder:RegisterTask (in: This=0x3b1368, Path="Updates\\EmVFlIse", XmlText="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n Q9IATRKPRH\\kEecfMwgj\r\n \r\n \r\n \r\n true\r\n Q9IATRKPRH\\kEecfMwgj\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n Q9IATRKPRH\\kEecfMwgj\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe\r\n \r\n \r\n", flags=2, UserId=0x12c624*(varType=0x8, wReserved1=0x0, wReserved2=0x3ff0, wReserved3=0x6b, varVal1="", varVal2=0x6b3ff0), password=0x12c634*(varType=0x0, wReserved1=0x6b, wReserved2=0x0, wReserved3=0x0, varVal1=0x12c6bc, varVal2=0x74da7526), LogonType=0, sddl=0x12c648*(varType=0x0, wReserved1=0x6b, wReserved2=0x3ff0, wReserved3=0x6b, varVal1=0x0, varVal2=0x0), ppTask=0x12c6a8 | out: ppTask=0x12c6a8*=0x3b3d70) returned 0x0
[0161.847] GetProcessHeap () returned 0x690000
[0161.847] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x14) returned 0x6a5560
[0161.847] _memicmp (_Buf1=0x6a4ad8, _Buf2=0xe51ed8, _Size=0x7) returned 0
[0161.847] LoadStringW (in: hInstance=0x0, uID=0x12e, lpBuffer=0x6a6540, cchBufferMax=256 | out: lpBuffer="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 0x40
[0161.847] lstrlenW (lpString="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 64
[0161.847] GetProcessHeap () returned 0x690000
[0161.847] RtlAllocateHeap (HeapHandle=0x690000, Flags=0xc, Size=0x82) returned 0x6b4b80
[0161.847] _vsnwprintf (in: _Buffer=0x12c6b4, _BufferCount=0x1fb, _Format="SUCCESS: The scheduled task \"%s\" has successfully been created.\n", _ArgList=0x12c658 | out: _Buffer="SUCCESS: The scheduled task \"Updates\\EmVFlIse\" has successfully been created.\n") returned 78
[0161.847] _fileno (_File=0x76522920) returned 1
[0161.847] _errno () returned 0x3b07d8
[0161.848] _get_osfhandle (_FileHandle=1) returned 0x7
[0161.848] _errno () returned 0x3b07d8
[0161.848] GetFileType (hFile=0x7) returned 0x2
[0161.848] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0161.848] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x12c61c | out: lpMode=0x12c61c) returned 1
[0161.849] __iob_func () returned 0x76522900
[0161.849] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0161.849] lstrlenW (lpString="SUCCESS: The scheduled task \"Updates\\EmVFlIse\" has successfully been created.\n") returned 78
[0161.849] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x12c6b4*, nNumberOfCharsToWrite=0x4e, lpNumberOfCharsWritten=0x12c644, lpReserved=0x0 | out: lpBuffer=0x12c6b4*, lpNumberOfCharsWritten=0x12c644*=0x4e) returned 1
[0161.850] IUnknown:Release (This=0x3b3d70) returned 0x0
[0161.850] TaskScheduler:IUnknown:Release (This=0x3b1368) returned 0x0
[0161.850] TaskScheduler:IUnknown:Release (This=0x3b3cb8) returned 0x1
[0161.850] lstrlenW (lpString="") returned 0
[0161.850] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp") returned 49
[0161.850] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC3E3.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50
[0161.850] GetProcessHeap () returned 0x690000
[0161.850] GetProcessHeap () returned 0x690000
[0161.851] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5bd8) returned 1
[0161.851] GetProcessHeap () returned 0x690000
[0161.851] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5bd8) returned 0x1fc
[0161.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5bd8 | out: hHeap=0x690000) returned 1
[0161.851] GetProcessHeap () returned 0x690000
[0161.851] GetProcessHeap () returned 0x690000
[0161.851] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5b68) returned 1
[0161.851] GetProcessHeap () returned 0x690000
[0161.851] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5b68) returned 0x64
[0161.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5b68 | out: hHeap=0x690000) returned 1
[0161.851] GetProcessHeap () returned 0x690000
[0161.851] GetProcessHeap () returned 0x690000
[0161.851] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a51a0) returned 1
[0161.851] GetProcessHeap () returned 0x690000
[0161.851] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a51a0) returned 0x16
[0161.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a51a0 | out: hHeap=0x690000) returned 1
[0161.851] GetProcessHeap () returned 0x690000
[0161.851] GetProcessHeap () returned 0x690000
[0161.851] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x69ef10) returned 1
[0161.851] GetProcessHeap () returned 0x690000
[0161.851] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x69ef10) returned 0x10
[0161.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69ef10 | out: hHeap=0x690000) returned 1
[0161.851] GetProcessHeap () returned 0x690000
[0161.851] GetProcessHeap () returned 0x690000
[0161.851] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a51c0) returned 1
[0161.851] GetProcessHeap () returned 0x690000
[0161.851] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a51c0) returned 0x14
[0161.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a51c0 | out: hHeap=0x690000) returned 1
[0161.852] GetProcessHeap () returned 0x690000
[0161.852] GetProcessHeap () returned 0x690000
[0161.852] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6498) returned 1
[0161.852] GetProcessHeap () returned 0x690000
[0161.852] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a6498) returned 0xa0
[0161.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6498 | out: hHeap=0x690000) returned 1
[0161.852] GetProcessHeap () returned 0x690000
[0161.852] GetProcessHeap () returned 0x690000
[0161.852] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4ac0) returned 1
[0161.852] GetProcessHeap () returned 0x690000
[0161.852] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4ac0) returned 0x10
[0161.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4ac0 | out: hHeap=0x690000) returned 1
[0161.852] GetProcessHeap () returned 0x690000
[0161.852] GetProcessHeap () returned 0x690000
[0161.852] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a50a0) returned 1
[0161.852] GetProcessHeap () returned 0x690000
[0161.852] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a50a0) returned 0x14
[0161.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a50a0 | out: hHeap=0x690000) returned 1
[0161.852] GetProcessHeap () returned 0x690000
[0161.852] GetProcessHeap () returned 0x690000
[0161.852] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5af8) returned 1
[0161.852] GetProcessHeap () returned 0x690000
[0161.852] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5af8) returned 0x68
[0161.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5af8 | out: hHeap=0x690000) returned 1
[0161.852] GetProcessHeap () returned 0x690000
[0161.852] GetProcessHeap () returned 0x690000
[0161.852] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4b68) returned 1
[0161.853] GetProcessHeap () returned 0x690000
[0161.853] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4b68) returned 0x10
[0161.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4b68 | out: hHeap=0x690000) returned 1
[0161.853] GetProcessHeap () returned 0x690000
[0161.853] GetProcessHeap () returned 0x690000
[0161.853] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5060) returned 1
[0161.853] GetProcessHeap () returned 0x690000
[0161.853] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5060) returned 0x14
[0161.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5060 | out: hHeap=0x690000) returned 1
[0161.853] GetProcessHeap () returned 0x690000
[0161.853] GetProcessHeap () returned 0x690000
[0161.853] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4b50) returned 1
[0161.853] GetProcessHeap () returned 0x690000
[0161.853] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4b50) returned 0xc
[0161.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4b50 | out: hHeap=0x690000) returned 1
[0161.853] GetProcessHeap () returned 0x690000
[0161.853] GetProcessHeap () returned 0x690000
[0161.853] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4b38) returned 1
[0161.853] GetProcessHeap () returned 0x690000
[0161.853] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4b38) returned 0x10
[0161.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4b38 | out: hHeap=0x690000) returned 1
[0161.853] GetProcessHeap () returned 0x690000
[0161.853] GetProcessHeap () returned 0x690000
[0161.853] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5040) returned 1
[0161.853] GetProcessHeap () returned 0x690000
[0161.853] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5040) returned 0x14
[0161.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5040 | out: hHeap=0x690000) returned 1
[0161.853] GetProcessHeap () returned 0x690000
[0161.853] GetProcessHeap () returned 0x690000
[0161.854] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a58a8) returned 1
[0161.854] GetProcessHeap () returned 0x690000
[0161.854] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a58a8) returned 0x208
[0161.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a58a8 | out: hHeap=0x690000) returned 1
[0161.854] GetProcessHeap () returned 0x690000
[0161.854] GetProcessHeap () returned 0x690000
[0161.854] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4a60) returned 1
[0161.854] GetProcessHeap () returned 0x690000
[0161.854] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4a60) returned 0x10
[0161.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4a60 | out: hHeap=0x690000) returned 1
[0161.854] GetProcessHeap () returned 0x690000
[0161.854] GetProcessHeap () returned 0x690000
[0161.854] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5000) returned 1
[0161.854] GetProcessHeap () returned 0x690000
[0161.854] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5000) returned 0x14
[0161.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5000 | out: hHeap=0x690000) returned 1
[0161.854] GetProcessHeap () returned 0x690000
[0161.854] GetProcessHeap () returned 0x690000
[0161.854] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6540) returned 1
[0161.854] GetProcessHeap () returned 0x690000
[0161.854] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a6540) returned 0x200
[0161.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6540 | out: hHeap=0x690000) returned 1
[0161.854] GetProcessHeap () returned 0x690000
[0161.855] GetProcessHeap () returned 0x690000
[0161.855] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4ad8) returned 1
[0161.855] GetProcessHeap () returned 0x690000
[0161.855] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4ad8) returned 0x10
[0161.855] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4ad8 | out: hHeap=0x690000) returned 1
[0161.855] GetProcessHeap () returned 0x690000
[0161.855] GetProcessHeap () returned 0x690000
[0161.855] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fa0) returned 1
[0161.855] GetProcessHeap () returned 0x690000
[0161.855] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4fa0) returned 0x14
[0161.855] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fa0 | out: hHeap=0x690000) returned 1
[0161.855] GetProcessHeap () returned 0x690000
[0161.855] GetProcessHeap () returned 0x690000
[0161.855] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5120) returned 1
[0161.855] GetProcessHeap () returned 0x690000
[0161.855] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5120) returned 0x14
[0161.855] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5120 | out: hHeap=0x690000) returned 1
[0161.855] GetProcessHeap () returned 0x690000
[0161.855] GetProcessHeap () returned 0x690000
[0161.855] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4b20) returned 1
[0161.855] GetProcessHeap () returned 0x690000
[0161.855] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4b20) returned 0x10
[0161.855] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4b20 | out: hHeap=0x690000) returned 1
[0161.855] GetProcessHeap () returned 0x690000
[0161.856] GetProcessHeap () returned 0x690000
[0161.856] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4f08) returned 1
[0161.856] GetProcessHeap () returned 0x690000
[0161.856] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4f08) returned 0x14
[0161.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4f08 | out: hHeap=0x690000) returned 1
[0161.856] GetProcessHeap () returned 0x690000
[0161.856] GetProcessHeap () returned 0x690000
[0161.856] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5160) returned 1
[0161.856] GetProcessHeap () returned 0x690000
[0161.856] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5160) returned 0x16
[0161.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5160 | out: hHeap=0x690000) returned 1
[0161.856] GetProcessHeap () returned 0x690000
[0161.856] GetProcessHeap () returned 0x690000
[0161.856] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4af0) returned 1
[0161.856] GetProcessHeap () returned 0x690000
[0161.856] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4af0) returned 0x10
[0161.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4af0 | out: hHeap=0x690000) returned 1
[0161.856] GetProcessHeap () returned 0x690000
[0161.856] GetProcessHeap () returned 0x690000
[0161.856] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4ee8) returned 1
[0161.856] GetProcessHeap () returned 0x690000
[0161.856] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4ee8) returned 0x14
[0161.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4ee8 | out: hHeap=0x690000) returned 1
[0161.856] GetProcessHeap () returned 0x690000
[0161.856] GetProcessHeap () returned 0x690000
[0161.856] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3c98) returned 1
[0161.856] GetProcessHeap () returned 0x690000
[0161.856] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a3c98) returned 0x2
[0161.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3c98 | out: hHeap=0x690000) returned 1
[0161.856] GetProcessHeap () returned 0x690000
[0161.857] GetProcessHeap () returned 0x690000
[0161.857] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3ca8) returned 1
[0161.857] GetProcessHeap () returned 0x690000
[0161.857] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a3ca8) returned 0x14
[0161.857] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3ca8 | out: hHeap=0x690000) returned 1
[0161.857] GetProcessHeap () returned 0x690000
[0161.857] GetProcessHeap () returned 0x690000
[0161.857] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4de8) returned 1
[0161.857] GetProcessHeap () returned 0x690000
[0161.857] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4de8) returned 0x14
[0161.857] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4de8 | out: hHeap=0x690000) returned 1
[0161.857] GetProcessHeap () returned 0x690000
[0161.857] GetProcessHeap () returned 0x690000
[0161.857] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4e08) returned 1
[0161.857] GetProcessHeap () returned 0x690000
[0161.857] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4e08) returned 0x14
[0161.857] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4e08 | out: hHeap=0x690000) returned 1
[0161.857] GetProcessHeap () returned 0x690000
[0161.857] GetProcessHeap () returned 0x690000
[0161.857] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4e28) returned 1
[0161.857] GetProcessHeap () returned 0x690000
[0161.857] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4e28) returned 0x14
[0161.857] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4e28 | out: hHeap=0x690000) returned 1
[0161.857] GetProcessHeap () returned 0x690000
[0161.857] GetProcessHeap () returned 0x690000
[0161.857] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a50c0) returned 1
[0161.857] GetProcessHeap () returned 0x690000
[0161.858] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a50c0) returned 0x14
[0161.858] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a50c0 | out: hHeap=0x690000) returned 1
[0161.858] GetProcessHeap () returned 0x690000
[0161.858] GetProcessHeap () returned 0x690000
[0161.858] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a50e0) returned 1
[0161.858] GetProcessHeap () returned 0x690000
[0161.858] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a50e0) returned 0x14
[0161.858] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a50e0 | out: hHeap=0x690000) returned 1
[0161.858] GetProcessHeap () returned 0x690000
[0161.858] GetProcessHeap () returned 0x690000
[0161.858] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6748) returned 1
[0161.858] GetProcessHeap () returned 0x690000
[0161.858] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a6748) returned 0x30
[0161.858] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6748 | out: hHeap=0x690000) returned 1
[0161.858] GetProcessHeap () returned 0x690000
[0161.858] GetProcessHeap () returned 0x690000
[0161.858] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5100) returned 1
[0161.858] GetProcessHeap () returned 0x690000
[0161.858] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5100) returned 0x14
[0161.858] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5100 | out: hHeap=0x690000) returned 1
[0161.858] GetProcessHeap () returned 0x690000
[0161.858] GetProcessHeap () returned 0x690000
[0161.858] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5ab8) returned 1
[0161.858] GetProcessHeap () returned 0x690000
[0161.858] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5ab8) returned 0x30
[0161.858] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5ab8 | out: hHeap=0x690000) returned 1
[0161.858] GetProcessHeap () returned 0x690000
[0161.859] GetProcessHeap () returned 0x690000
[0161.859] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5180) returned 1
[0161.859] GetProcessHeap () returned 0x690000
[0161.859] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5180) returned 0x14
[0161.859] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5180 | out: hHeap=0x690000) returned 1
[0161.859] GetProcessHeap () returned 0x690000
[0161.859] GetProcessHeap () returned 0x690000
[0161.859] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6b4b80) returned 1
[0161.859] GetProcessHeap () returned 0x690000
[0161.859] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6b4b80) returned 0x82
[0161.859] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b4b80 | out: hHeap=0x690000) returned 1
[0161.859] GetProcessHeap () returned 0x690000
[0161.859] GetProcessHeap () returned 0x690000
[0161.859] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5560) returned 1
[0161.859] GetProcessHeap () returned 0x690000
[0161.859] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5560) returned 0x14
[0161.859] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5560 | out: hHeap=0x690000) returned 1
[0161.859] GetProcessHeap () returned 0x690000
[0161.859] GetProcessHeap () returned 0x690000
[0161.859] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4a18) returned 1
[0161.859] GetProcessHeap () returned 0x690000
[0161.859] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4a18) returned 0x10
[0161.859] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4a18 | out: hHeap=0x690000) returned 1
[0161.859] GetProcessHeap () returned 0x690000
[0161.859] GetProcessHeap () returned 0x690000
[0161.859] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4e48) returned 1
[0161.859] GetProcessHeap () returned 0x690000
[0161.859] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4e48) returned 0x14
[0161.860] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4e48 | out: hHeap=0x690000) returned 1
[0161.860] GetProcessHeap () returned 0x690000
[0161.860] GetProcessHeap () returned 0x690000
[0161.860] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4e68) returned 1
[0161.860] GetProcessHeap () returned 0x690000
[0161.860] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4e68) returned 0x14
[0161.860] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4e68 | out: hHeap=0x690000) returned 1
[0161.860] GetProcessHeap () returned 0x690000
[0161.860] GetProcessHeap () returned 0x690000
[0161.860] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4e88) returned 1
[0161.860] GetProcessHeap () returned 0x690000
[0161.860] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4e88) returned 0x14
[0161.860] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4e88 | out: hHeap=0x690000) returned 1
[0161.860] GetProcessHeap () returned 0x690000
[0161.860] GetProcessHeap () returned 0x690000
[0161.860] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4ea8) returned 1
[0161.860] GetProcessHeap () returned 0x690000
[0161.860] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4ea8) returned 0x14
[0161.860] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4ea8 | out: hHeap=0x690000) returned 1
[0161.860] GetProcessHeap () returned 0x690000
[0161.860] GetProcessHeap () returned 0x690000
[0161.860] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4a30) returned 1
[0161.860] GetProcessHeap () returned 0x690000
[0161.860] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4a30) returned 0x10
[0161.860] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4a30 | out: hHeap=0x690000) returned 1
[0161.860] GetProcessHeap () returned 0x690000
[0161.860] GetProcessHeap () returned 0x690000
[0161.860] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4ec8) returned 1
[0161.860] GetProcessHeap () returned 0x690000
[0161.861] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4ec8) returned 0x14
[0161.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4ec8 | out: hHeap=0x690000) returned 1
[0161.861] GetProcessHeap () returned 0x690000
[0161.861] GetProcessHeap () returned 0x690000
[0161.861] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4f40) returned 1
[0161.861] GetProcessHeap () returned 0x690000
[0161.861] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4f40) returned 0x14
[0161.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4f40 | out: hHeap=0x690000) returned 1
[0161.861] GetProcessHeap () returned 0x690000
[0161.861] GetProcessHeap () returned 0x690000
[0161.861] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4f80) returned 1
[0161.861] GetProcessHeap () returned 0x690000
[0161.861] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4f80) returned 0x14
[0161.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4f80 | out: hHeap=0x690000) returned 1
[0161.861] GetProcessHeap () returned 0x690000
[0161.861] GetProcessHeap () returned 0x690000
[0161.861] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc0) returned 1
[0161.861] GetProcessHeap () returned 0x690000
[0161.861] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4fc0) returned 0x14
[0161.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc0 | out: hHeap=0x690000) returned 1
[0161.861] GetProcessHeap () returned 0x690000
[0161.861] GetProcessHeap () returned 0x690000
[0161.861] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fe0) returned 1
[0161.861] GetProcessHeap () returned 0x690000
[0161.861] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4fe0) returned 0x14
[0161.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fe0 | out: hHeap=0x690000) returned 1
[0161.861] GetProcessHeap () returned 0x690000
[0161.861] GetProcessHeap () returned 0x690000
[0161.862] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5080) returned 1
[0161.862] GetProcessHeap () returned 0x690000
[0161.862] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a5080) returned 0x14
[0161.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5080 | out: hHeap=0x690000) returned 1
[0161.862] GetProcessHeap () returned 0x690000
[0161.862] GetProcessHeap () returned 0x690000
[0161.862] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4a48) returned 1
[0161.862] GetProcessHeap () returned 0x690000
[0161.862] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4a48) returned 0x10
[0161.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4a48 | out: hHeap=0x690000) returned 1
[0161.862] GetProcessHeap () returned 0x690000
[0161.862] GetProcessHeap () returned 0x690000
[0161.862] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4f60) returned 1
[0161.862] GetProcessHeap () returned 0x690000
[0161.862] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4f60) returned 0x14
[0161.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4f60 | out: hHeap=0x690000) returned 1
[0161.862] GetProcessHeap () returned 0x690000
[0161.862] GetProcessHeap () returned 0x690000
[0161.862] HeapValidate (hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4a00) returned 1
[0161.862] GetProcessHeap () returned 0x690000
[0161.862] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4a00) returned 0x10
[0161.863] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4a00 | out: hHeap=0x690000) returned 1
[0161.863] exit (_Code=0)
Thread:
id = 10
os_tid = 0xee8
Process:
id = "3"
image_name = "regsvcs.exe"
filename = "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe"
page_root = "0x3a9ba000"
os_pid = "0xeec"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0xe68"
cmd_line = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe\""
cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e4d5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 481
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 482
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 483
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 484
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 485
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 486
start_va = 0x130000
end_va = 0x16ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000130000"
filename = ""
Region:
id = 487
start_va = 0x2d0000
end_va = 0x3cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002d0000"
filename = ""
Region:
id = 488
start_va = 0xff0000
end_va = 0xffdfff
monitored = 0
entry_point = 0xff8356
region_type = mapped_file
name = "regsvcs.exe"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")
Region:
id = 489
start_va = 0x76e60000
end_va = 0x77008fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 490
start_va = 0x77040000
end_va = 0x771bffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 491
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 492
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 493
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 494
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 495
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 496
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 497
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 498
start_va = 0x400000
end_va = 0x43bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 499
start_va = 0x1d0000
end_va = 0x24ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 500
start_va = 0x74590000
end_va = 0x74597fff
monitored = 0
entry_point = 0x745920f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 501
start_va = 0x745a0000
end_va = 0x745fbfff
monitored = 0
entry_point = 0x745df798
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 502
start_va = 0x74600000
end_va = 0x7463efff
monitored = 0
entry_point = 0x7462de78
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 503
start_va = 0x76c40000
end_va = 0x76d5efff
monitored = 0
entry_point = 0x76c55ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 504
start_va = 0x766d0000
end_va = 0x767dffff
monitored = 0
entry_point = 0x766e32d3
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 505
start_va = 0x76c40000
end_va = 0x76d5efff
monitored = 0
entry_point = 0x76c55ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 506
start_va = 0x76c40000
end_va = 0x76d5efff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076c40000"
filename = ""
Region:
id = 507
start_va = 0x76d60000
end_va = 0x76e59fff
monitored = 0
entry_point = 0x76d7a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 508
start_va = 0x76d60000
end_va = 0x76e59fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076d60000"
filename = ""
Region:
id = 509
start_va = 0x440000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 510
start_va = 0x749b0000
end_va = 0x749f9fff
monitored = 1
entry_point = 0x749b2e54
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 511
start_va = 0x766d0000
end_va = 0x767dffff
monitored = 0
entry_point = 0x766e32d3
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 512
start_va = 0x76160000
end_va = 0x761a5fff
monitored = 0
entry_point = 0x76167478
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 513
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 514
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 515
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 516
start_va = 0x70000
end_va = 0xd6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 517
start_va = 0x5a0000
end_va = 0x72ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 518
start_va = 0x5a0000
end_va = 0x69ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 519
start_va = 0x720000
end_va = 0x72ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000720000"
filename = ""
Region:
id = 520
start_va = 0x76280000
end_va = 0x7631ffff
monitored = 0
entry_point = 0x762949e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 521
start_va = 0x76480000
end_va = 0x7652bfff
monitored = 0
entry_point = 0x7648a472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 522
start_va = 0x766b0000
end_va = 0x766c8fff
monitored = 0
entry_point = 0x766b4975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 523
start_va = 0x74d90000
end_va = 0x74e7ffff
monitored = 0
entry_point = 0x74da0569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 524
start_va = 0x74b90000
end_va = 0x74beffff
monitored = 0
entry_point = 0x74baa3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 525
start_va = 0x74b80000
end_va = 0x74b8bfff
monitored = 0
entry_point = 0x74b810e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 526
start_va = 0x5a0000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 527
start_va = 0x660000
end_va = 0x69ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000660000"
filename = ""
Region:
id = 528
start_va = 0x74920000
end_va = 0x749acfff
monitored = 1
entry_point = 0x74932860
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 529
start_va = 0x72930000
end_va = 0x72932fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 534
start_va = 0x76320000
end_va = 0x76376fff
monitored = 0
entry_point = 0x76339ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 535
start_va = 0x761e0000
end_va = 0x7626ffff
monitored = 0
entry_point = 0x761f6343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 536
start_va = 0x75c40000
end_va = 0x75d3ffff
monitored = 0
entry_point = 0x75c5b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 537
start_va = 0x766a0000
end_va = 0x766a9fff
monitored = 0
entry_point = 0x766a36a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 538
start_va = 0x75d80000
end_va = 0x75e1cfff
monitored = 0
entry_point = 0x75db3fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 539
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 540
start_va = 0x730000
end_va = 0x8b7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000730000"
filename = ""
Region:
id = 541
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 542
start_va = 0x768c0000
end_va = 0x7691ffff
monitored = 0
entry_point = 0x768d158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 543
start_va = 0x75e20000
end_va = 0x75eebfff
monitored = 0
entry_point = 0x75e2168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 547
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 548
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 549
start_va = 0x8c0000
end_va = 0xa40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008c0000"
filename = ""
Region:
id = 550
start_va = 0x1000000
end_va = 0x23fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001000000"
filename = ""
Region:
id = 551
start_va = 0x73a90000
end_va = 0x73a98fff
monitored = 0
entry_point = 0x73a91220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 552
start_va = 0x71830000
end_va = 0x71fdefff
monitored = 1
entry_point = 0x7184d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 553
start_va = 0x71830000
end_va = 0x71fdefff
monitored = 1
entry_point = 0x7184d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 554
start_va = 0x71830000
end_va = 0x71fdefff
monitored = 1
entry_point = 0x7184d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 555
start_va = 0x74a30000
end_va = 0x74a43fff
monitored = 0
entry_point = 0x74a3ac00
region_type = mapped_file
name = "vcruntime140_clr0400.dll"
filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")
Region:
id = 556
start_va = 0x74870000
end_va = 0x7491afff
monitored = 0
entry_point = 0x74905f20
region_type = mapped_file
name = "ucrtbase_clr0400.dll"
filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")
Region:
id = 557
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 558
start_va = 0xf0000
end_va = 0xfffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 559
start_va = 0x100000
end_va = 0x10ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 560
start_va = 0x110000
end_va = 0x11ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 561
start_va = 0x120000
end_va = 0x12ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000120000"
filename = ""
Region:
id = 562
start_va = 0x170000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 563
start_va = 0x180000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 564
start_va = 0x190000
end_va = 0x190fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 565
start_va = 0x1a0000
end_va = 0x1a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 566
start_va = 0xa50000
end_va = 0xb4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a50000"
filename = ""
Region:
id = 567
start_va = 0xa50000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a50000"
filename = ""
Region:
id = 568
start_va = 0xb10000
end_va = 0xb4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 569
start_va = 0xb50000
end_va = 0xb8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b50000"
filename = ""
Region:
id = 570
start_va = 0xc30000
end_va = 0xd2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c30000"
filename = ""
Region:
id = 571
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 572
start_va = 0x1b0000
end_va = 0x1bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 573
start_va = 0x2400000
end_va = 0x43fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002400000"
filename = ""
Region:
id = 574
start_va = 0xb90000
end_va = 0xc2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b90000"
filename = ""
Region:
id = 575
start_va = 0x5a0000
end_va = 0x5dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 576
start_va = 0x630000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 577
start_va = 0xe70000
end_va = 0xf6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e70000"
filename = ""
Region:
id = 578
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 579
start_va = 0x290000
end_va = 0x2cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 580
start_va = 0x4430000
end_va = 0x452ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004430000"
filename = ""
Region:
id = 581
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 582
start_va = 0x4530000
end_va = 0x47fefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 583
start_va = 0x70410000
end_va = 0x7181afff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")
Region:
id = 584
start_va = 0x76920000
end_va = 0x76a7bfff
monitored = 0
entry_point = 0x7696ba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 585
start_va = 0x73870000
end_va = 0x738effff
monitored = 0
entry_point = 0x738837c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 586
start_va = 0x4800000
end_va = 0x494ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004800000"
filename = ""
Region:
id = 587
start_va = 0xd30000
end_va = 0xe0efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d30000"
filename = ""
Region:
id = 588
start_va = 0x1b0000
end_va = 0x1bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 589
start_va = 0x1c0000
end_va = 0x1cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 590
start_va = 0x747e0000
end_va = 0x74868fff
monitored = 1
entry_point = 0x747e1130
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 591
start_va = 0x76830000
end_va = 0x768befff
monitored = 0
entry_point = 0x76833fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 592
start_va = 0x250000
end_va = 0x25ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000250000"
filename = ""
Region:
id = 593
start_va = 0x6f9b0000
end_va = 0x70404fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")
Region:
id = 594
start_va = 0x260000
end_va = 0x26ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 595
start_va = 0x6f800000
end_va = 0x6f9a2fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")
Region:
id = 596
start_va = 0x6e990000
end_va = 0x6f7f5fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")
Region:
id = 597
start_va = 0x260000
end_va = 0x26ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 598
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 599
start_va = 0x260000
end_va = 0x26ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 600
start_va = 0x260000
end_va = 0x26ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 601
start_va = 0x260000
end_va = 0x26ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 602
start_va = 0x260000
end_va = 0x26ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 603
start_va = 0x260000
end_va = 0x26ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 604
start_va = 0x260000
end_va = 0x26ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 605
start_va = 0x260000
end_va = 0x26ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 606
start_va = 0x6e170000
end_va = 0x6e987fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")
Region:
id = 607
start_va = 0x746d0000
end_va = 0x747d4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.configuration.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")
Region:
id = 608
start_va = 0x6d9f0000
end_va = 0x6e163fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")
Region:
id = 609
start_va = 0x746b0000
end_va = 0x746c2fff
monitored = 1
entry_point = 0x746bd900
region_type = mapped_file
name = "nlssorting.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")
Region:
id = 610
start_va = 0x4950000
end_va = 0x4c21fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nlp"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp")
Region:
id = 611
start_va = 0x74e80000
end_va = 0x75ac9fff
monitored = 0
entry_point = 0x74f01601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 612
start_va = 0x260000
end_va = 0x260fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000260000"
filename = ""
Region:
id = 613
start_va = 0x73860000
end_va = 0x7386afff
monitored = 0
entry_point = 0x73861992
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 614
start_va = 0x4c30000
end_va = 0x4e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c30000"
filename = ""
Region:
id = 615
start_va = 0x74a10000
end_va = 0x74a26fff
monitored = 0
entry_point = 0x74a135fa
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 616
start_va = 0x73610000
end_va = 0x73626fff
monitored = 0
entry_point = 0x73613573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 617
start_va = 0x440000
end_va = 0x47bfff
monitored = 0
entry_point = 0x44128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 618
start_va = 0x4a0000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004a0000"
filename = ""
Region:
id = 619
start_va = 0x440000
end_va = 0x47bfff
monitored = 0
entry_point = 0x44128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 620
start_va = 0x440000
end_va = 0x47bfff
monitored = 0
entry_point = 0x44128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 621
start_va = 0x440000
end_va = 0x47bfff
monitored = 0
entry_point = 0x44128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 622
start_va = 0x440000
end_va = 0x47bfff
monitored = 0
entry_point = 0x44128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 623
start_va = 0x735d0000
end_va = 0x7360afff
monitored = 0
entry_point = 0x735d128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 624
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 625
start_va = 0x280000
end_va = 0x28ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 626
start_va = 0x73520000
end_va = 0x73532fff
monitored = 0
entry_point = 0x73521d3f
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 627
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 628
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 629
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 630
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 631
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 632
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 633
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 634
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 635
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 636
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 637
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 638
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 639
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 640
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 641
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 642
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 643
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 644
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 645
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 646
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 647
start_va = 0x6d800000
end_va = 0x6d9e1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.visualbasic.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")
Region:
id = 648
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 649
start_va = 0x280000
end_va = 0x28ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 650
start_va = 0x77010000
end_va = 0x77014fff
monitored = 0
entry_point = 0x77011438
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 651
start_va = 0xa50000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a50000"
filename = ""
Region:
id = 652
start_va = 0xad0000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ad0000"
filename = ""
Region:
id = 653
start_va = 0x4ec0000
end_va = 0x4fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ec0000"
filename = ""
Region:
id = 654
start_va = 0x73560000
end_va = 0x7356dfff
monitored = 0
entry_point = 0x73561235
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")
Region:
id = 655
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 656
start_va = 0x270000
end_va = 0x270fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000270000"
filename = ""
Region:
id = 657
start_va = 0xf70000
end_va = 0xfaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f70000"
filename = ""
Region:
id = 658
start_va = 0x4810000
end_va = 0x484ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004810000"
filename = ""
Region:
id = 659
start_va = 0x4910000
end_va = 0x494ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 660
start_va = 0x5090000
end_va = 0x518ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005090000"
filename = ""
Region:
id = 661
start_va = 0x51c0000
end_va = 0x52bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000051c0000"
filename = ""
Region:
id = 662
start_va = 0x7efa4000
end_va = 0x7efa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa4000"
filename = ""
Region:
id = 663
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 664
start_va = 0x75b20000
end_va = 0x75ba2fff
monitored = 0
entry_point = 0x75b223d2
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 665
start_va = 0x280000
end_va = 0x280fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000280000"
filename = ""
Region:
id = 666
start_va = 0x74670000
end_va = 0x746a0fff
monitored = 1
entry_point = 0x746712d7
region_type = mapped_file
name = "wbemdisp.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.dll")
Region:
id = 667
start_va = 0x6d7a0000
end_va = 0x6d7fbfff
monitored = 0
entry_point = 0x6d7c2b48
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll")
Region:
id = 668
start_va = 0x75d40000
end_va = 0x75d74fff
monitored = 0
entry_point = 0x75d4145d
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 669
start_va = 0x76270000
end_va = 0x76275fff
monitored = 0
entry_point = 0x76271782
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")
Region:
id = 670
start_va = 0x4c30000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c30000"
filename = ""
Region:
id = 671
start_va = 0x4e10000
end_va = 0x4e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e10000"
filename = ""
Region:
id = 672
start_va = 0x440000
end_va = 0x49ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 673
start_va = 0x74b50000
end_va = 0x74b59fff
monitored = 0
entry_point = 0x74b5149a
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll")
Region:
id = 674
start_va = 0x74650000
end_va = 0x74666fff
monitored = 0
entry_point = 0x746576c5
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll")
Region:
id = 1016
start_va = 0x74a00000
end_va = 0x74a0efff
monitored = 0
entry_point = 0x74a021a0
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll")
Region:
id = 1017
start_va = 0x4d10000
end_va = 0x4e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d10000"
filename = ""
Region:
id = 1018
start_va = 0x6d700000
end_va = 0x6d795fff
monitored = 0
entry_point = 0x6d71f8b9
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll")
Region:
id = 1019
start_va = 0x6d6e0000
end_va = 0x6d6f7fff
monitored = 0
entry_point = 0x6d6e1335
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\SysWOW64\\ntdsapi.dll" (normalized: "c:\\windows\\syswow64\\ntdsapi.dll")
Region:
id = 1020
start_va = 0x721e0000
end_va = 0x7223efff
monitored = 0
entry_point = 0x721e2134
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll")
Region:
id = 1021
start_va = 0x3d0000
end_va = 0x3defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wbemdisp.tlb"
filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.tlb" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.tlb")
Region:
id = 1223
start_va = 0x4850000
end_va = 0x490ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui")
Region:
id = 1329
start_va = 0x6d6a0000
end_va = 0x6d6d4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "custommarshalers.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\CustomMarshalers\\0df8ec76525d72c37f86b6d2ab717e84\\CustomMarshalers.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\custommarshalers\\0df8ec76525d72c37f86b6d2ab717e84\\custommarshalers.ni.dll")
Region:
id = 1330
start_va = 0x6d680000
end_va = 0x6d697fff
monitored = 1
entry_point = 0x6d6858de
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 1331
start_va = 0x3e0000
end_va = 0x3f8fff
monitored = 1
entry_point = 0x3e58de
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 1332
start_va = 0x3e0000
end_va = 0x3f8fff
monitored = 1
entry_point = 0x3e58de
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 1333
start_va = 0x3e0000
end_va = 0x3f8fff
monitored = 1
entry_point = 0x3e58de
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 1334
start_va = 0x3e0000
end_va = 0x3f8fff
monitored = 1
entry_point = 0x3e58de
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 1335
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1336
start_va = 0x3f0000
end_va = 0x3f3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb")
Region:
id = 1337
start_va = 0x6d550000
end_va = 0x6d67ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\e114780fd3ea5727401c06ea4f22ef35\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\e114780fd3ea5727401c06ea4f22ef35\\system.management.ni.dll")
Region:
id = 1338
start_va = 0x6c0000
end_va = 0x6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006c0000"
filename = ""
Region:
id = 1339
start_va = 0x52e0000
end_va = 0x53dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000052e0000"
filename = ""
Region:
id = 1340
start_va = 0x7efa1000
end_va = 0x7efa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa1000"
filename = ""
Region:
id = 1341
start_va = 0x7ef50000
end_va = 0x7ef9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef50000"
filename = ""
Region:
id = 1342
start_va = 0x7ef40000
end_va = 0x7ef4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef40000"
filename = ""
Region:
id = 1343
start_va = 0x5020000
end_va = 0x505ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005020000"
filename = ""
Region:
id = 1344
start_va = 0x5560000
end_va = 0x565ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005560000"
filename = ""
Region:
id = 1345
start_va = 0x7ef3d000
end_va = 0x7ef3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3d000"
filename = ""
Region:
id = 1346
start_va = 0x6d520000
end_va = 0x6d540fff
monitored = 1
entry_point = 0x6d5298e0
region_type = mapped_file
name = "wminet_utils.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll")
Region:
id = 1347
start_va = 0x440000
end_va = 0x44ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 1348
start_va = 0x460000
end_va = 0x49ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 1349
start_va = 0x450000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000450000"
filename = ""
Region:
id = 1350
start_va = 0x450000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000450000"
filename = ""
Region:
id = 1351
start_va = 0x4c40000
end_va = 0x4c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c40000"
filename = ""
Region:
id = 1352
start_va = 0x4cd0000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 1353
start_va = 0x56f0000
end_va = 0x57effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000056f0000"
filename = ""
Region:
id = 1354
start_va = 0x7ef3a000
end_va = 0x7ef3cfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3a000"
filename = ""
Region:
id = 1355
start_va = 0x4e50000
end_va = 0x4e8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e50000"
filename = ""
Region:
id = 1356
start_va = 0x5440000
end_va = 0x553ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005440000"
filename = ""
Region:
id = 1357
start_va = 0x7ef3d000
end_va = 0x7ef3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3d000"
filename = ""
Region:
id = 1358
start_va = 0x5570000
end_va = 0x55affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005570000"
filename = ""
Region:
id = 1359
start_va = 0x55d0000
end_va = 0x56cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000055d0000"
filename = ""
Region:
id = 1360
start_va = 0x7ef3a000
end_va = 0x7ef3cfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3a000"
filename = ""
Region:
id = 1361
start_va = 0x450000
end_va = 0x454fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000450000"
filename = ""
Region:
id = 1464
start_va = 0x4c30000
end_va = 0x4caffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c30000"
filename = ""
Thread:
id = 11
os_tid = 0xef0
[0163.258] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0164.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config", nBufferLength=0x105, lpBuffer=0x3cd12c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config", lpFilePart=0x0) returned 0x40
[0164.037] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cce28 | out: phkResult=0x3cce28*=0x0) returned 0x2
[0164.037] RegCloseKey (hKey=0x80000002) returned 0x0
[0164.146] GetCurrentProcess () returned 0xffffffff
[0164.146] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cd464 | out: TokenHandle=0x3cd464*=0x40) returned 1
[0164.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x3ccf1c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0164.173] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x3cd45c | out: lpFileInformation=0x3cd45c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0164.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x3ccee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0164.176] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x3cd464 | out: lpFileInformation=0x3cd464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0164.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x3cce84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0164.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cd39c) returned 1
[0164.179] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f0
[0164.180] GetFileType (hFile=0x1f0) returned 0x1
[0164.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3cd398) returned 1
[0164.180] GetFileType (hFile=0x1f0) returned 0x1
[0164.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x3cc6d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0164.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x3cc73c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0164.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cc97c) returned 1
[0164.201] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x3ccc40 | out: lpFileInformation=0x3ccc40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0164.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3cc978) returned 1
[0164.277] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x3ccb0c | out: pfEnabled=0x3ccb0c) returned 0x0
[0164.330] GetFileSize (in: hFile=0x1f0, lpFileSizeHigh=0x3cd458 | out: lpFileSizeHigh=0x3cd458*=0x0) returned 0x8c8e
[0164.330] ReadFile (in: hFile=0x1f0, lpBuffer=0x2432e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cd414, lpOverlapped=0x0 | out: lpBuffer=0x2432e2c*, lpNumberOfBytesRead=0x3cd414*=0x1000, lpOverlapped=0x0) returned 1
[0164.347] ReadFile (in: hFile=0x1f0, lpBuffer=0x2432e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cd2c4, lpOverlapped=0x0 | out: lpBuffer=0x2432e2c*, lpNumberOfBytesRead=0x3cd2c4*=0x1000, lpOverlapped=0x0) returned 1
[0164.349] ReadFile (in: hFile=0x1f0, lpBuffer=0x2432e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cd178, lpOverlapped=0x0 | out: lpBuffer=0x2432e2c*, lpNumberOfBytesRead=0x3cd178*=0x1000, lpOverlapped=0x0) returned 1
[0164.350] ReadFile (in: hFile=0x1f0, lpBuffer=0x2432e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cd178, lpOverlapped=0x0 | out: lpBuffer=0x2432e2c*, lpNumberOfBytesRead=0x3cd178*=0x1000, lpOverlapped=0x0) returned 1
[0164.352] ReadFile (in: hFile=0x1f0, lpBuffer=0x2432e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cd178, lpOverlapped=0x0 | out: lpBuffer=0x2432e2c*, lpNumberOfBytesRead=0x3cd178*=0x1000, lpOverlapped=0x0) returned 1
[0164.353] ReadFile (in: hFile=0x1f0, lpBuffer=0x2432e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cd0b0, lpOverlapped=0x0 | out: lpBuffer=0x2432e2c*, lpNumberOfBytesRead=0x3cd0b0*=0x1000, lpOverlapped=0x0) returned 1
[0164.359] ReadFile (in: hFile=0x1f0, lpBuffer=0x2432e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cd21c, lpOverlapped=0x0 | out: lpBuffer=0x2432e2c*, lpNumberOfBytesRead=0x3cd21c*=0x1000, lpOverlapped=0x0) returned 1
[0164.362] ReadFile (in: hFile=0x1f0, lpBuffer=0x2432e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cd110, lpOverlapped=0x0 | out: lpBuffer=0x2432e2c*, lpNumberOfBytesRead=0x3cd110*=0x1000, lpOverlapped=0x0) returned 1
[0164.362] ReadFile (in: hFile=0x1f0, lpBuffer=0x2432e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cd110, lpOverlapped=0x0 | out: lpBuffer=0x2432e2c*, lpNumberOfBytesRead=0x3cd110*=0xc8e, lpOverlapped=0x0) returned 1
[0164.362] ReadFile (in: hFile=0x1f0, lpBuffer=0x2432e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cd1d4, lpOverlapped=0x0 | out: lpBuffer=0x2432e2c*, lpNumberOfBytesRead=0x3cd1d4*=0x0, lpOverlapped=0x0) returned 1
[0164.363] CloseHandle (hObject=0x1f0) returned 1
[0164.363] CloseHandle (hObject=0x40) returned 1
[0164.364] GetCurrentProcess () returned 0xffffffff
[0164.364] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cd5b0 | out: TokenHandle=0x3cd5b0*=0x40) returned 1
[0164.365] CloseHandle (hObject=0x40) returned 1
[0164.365] GetCurrentProcess () returned 0xffffffff
[0164.365] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cd5b0 | out: TokenHandle=0x3cd5b0*=0x40) returned 1
[0164.366] CloseHandle (hObject=0x40) returned 1
[0164.374] GetCurrentProcess () returned 0xffffffff
[0164.375] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cd464 | out: TokenHandle=0x3cd464*=0x40) returned 1
[0164.375] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x3cd45c | out: lpFileInformation=0x3cd45c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc39c5900, ftCreationTime.dwHighDateTime=0x1cac64f, ftLastAccessTime.dwLowDateTime=0xfa159150, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0xc39c5900, ftLastWriteTime.dwHighDateTime=0x1cac64f, nFileSizeHigh=0x0, nFileSizeLow=0xdf)) returned 1
[0164.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config", nBufferLength=0x105, lpBuffer=0x3ccee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config", lpFilePart=0x0) returned 0x40
[0164.376] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x3cd464 | out: lpFileInformation=0x3cd464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc39c5900, ftCreationTime.dwHighDateTime=0x1cac64f, ftLastAccessTime.dwLowDateTime=0xfa159150, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0xc39c5900, ftLastWriteTime.dwHighDateTime=0x1cac64f, nFileSizeHigh=0x0, nFileSizeLow=0xdf)) returned 1
[0164.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config", nBufferLength=0x105, lpBuffer=0x3cce84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config", lpFilePart=0x0) returned 0x40
[0164.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cd39c) returned 1
[0164.376] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f0
[0164.376] GetFileType (hFile=0x1f0) returned 0x1
[0164.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3cd398) returned 1
[0164.377] GetFileType (hFile=0x1f0) returned 0x1
[0164.377] GetFileSize (in: hFile=0x1f0, lpFileSizeHigh=0x3cd458 | out: lpFileSizeHigh=0x3cd458*=0x0) returned 0xdf
[0164.377] ReadFile (in: hFile=0x1f0, lpBuffer=0x244b524, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cd414, lpOverlapped=0x0 | out: lpBuffer=0x244b524*, lpNumberOfBytesRead=0x3cd414*=0xdf, lpOverlapped=0x0) returned 1
[0164.379] ReadFile (in: hFile=0x1f0, lpBuffer=0x244b524, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cd2d8, lpOverlapped=0x0 | out: lpBuffer=0x244b524*, lpNumberOfBytesRead=0x3cd2d8*=0x0, lpOverlapped=0x0) returned 1
[0164.379] CloseHandle (hObject=0x1f0) returned 1
[0164.379] CloseHandle (hObject=0x40) returned 1
[0164.379] GetCurrentProcess () returned 0xffffffff
[0164.380] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cd5b0 | out: TokenHandle=0x3cd5b0*=0x40) returned 1
[0164.381] CloseHandle (hObject=0x40) returned 1
[0164.382] GetCurrentProcess () returned 0xffffffff
[0164.382] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cd5b0 | out: TokenHandle=0x3cd5b0*=0x40) returned 1
[0164.382] CloseHandle (hObject=0x40) returned 1
[0164.393] GetCurrentProcess () returned 0xffffffff
[0164.393] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cd3c8 | out: TokenHandle=0x3cd3c8*=0x40) returned 1
[0164.399] CloseHandle (hObject=0x40) returned 1
[0164.400] GetCurrentProcess () returned 0xffffffff
[0164.400] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cd3e0 | out: TokenHandle=0x3cd3e0*=0x40) returned 1
[0164.406] CloseHandle (hObject=0x40) returned 1
[0164.416] GetModuleHandleW (lpModuleName="user32.dll") returned 0x75c40000
[0164.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x3cd62c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW»n)\x82̲Dþ\x83q4Ù<", lpUsedDefaultChar=0x0) returned 14
[0164.417] GetProcAddress (hModule=0x75c40000, lpProcName="DefWindowProcW") returned 0x770725dd
[0164.417] GetStockObject (i=5) returned 0x1900015
[0164.421] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0164.425] CoTaskMemAlloc (cb=0x5c) returned 0x50aad8
[0164.425] RegisterClassW (lpWndClass=0x3cd61c) returned 0xc059
[0164.427] CoTaskMemFree (pv=0x50aad8)
[0164.427] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0164.429] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.34f5582_r14_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0xe009c
[0164.430] SetWindowLongW (hWnd=0xe009c, nIndex=-4, dwNewLong=1996957149) returned 81856726
[0164.431] GetWindowLongW (hWnd=0xe009c, nIndex=-4) returned 1996957149
[0164.434] GetCurrentProcess () returned 0xffffffff
[0164.434] GetCurrentThread () returned 0xfffffffe
[0164.434] GetCurrentProcess () returned 0xffffffff
[0164.435] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x3ccfac, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3ccfac*=0x40) returned 1
[0164.438] GetCurrentThreadId () returned 0xef0
[0164.443] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ccf30 | out: phkResult=0x3ccf30*=0x1f0) returned 0x0
[0164.444] RegQueryValueExW (in: hKey=0x1f0, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x3ccf50, lpData=0x0, lpcbData=0x3ccf4c*=0x0 | out: lpType=0x3ccf50*=0x0, lpData=0x0, lpcbData=0x3ccf4c*=0x0) returned 0x2
[0164.444] RegQueryValueExW (in: hKey=0x1f0, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x3ccf50, lpData=0x0, lpcbData=0x3ccf4c*=0x0 | out: lpType=0x3ccf50*=0x0, lpData=0x0, lpcbData=0x3ccf4c*=0x0) returned 0x2
[0164.444] RegCloseKey (hKey=0x1f0) returned 0x0
[0164.446] SetWindowLongW (hWnd=0xe009c, nIndex=-4, dwNewLong=81856766) returned 1996957149
[0164.446] GetWindowLongW (hWnd=0xe009c, nIndex=-4) returned 81856766
[0164.446] GetWindowLongW (hWnd=0xe009c, nIndex=-16) returned 79691776
[0164.486] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x24, wParam=0x0, lParam=0x3cd208) returned 0x0
[0164.486] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc108
[0164.487] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x81, wParam=0x0, lParam=0x3cd1fc) returned 0x1
[0164.490] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x83, wParam=0x0, lParam=0x3cd1e8) returned 0x0
[0164.678] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x1, wParam=0x0, lParam=0x3cd1fc) returned 0x0
[0164.956] GetCurrentProcessId () returned 0xeec
[0164.961] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x3ce7d4 | out: lpLuid=0x3ce7d4*(LowPart=0x14, HighPart=0)) returned 1
[0164.963] GetCurrentProcess () returned 0xffffffff
[0164.963] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x3ce7d0 | out: TokenHandle=0x3ce7d0*=0x238) returned 1
[0164.963] AdjustTokenPrivileges (in: TokenHandle=0x238, DisableAllPrivileges=0, NewState=0x244fa20*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0164.964] CloseHandle (hObject=0x238) returned 1
[0164.972] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3409540, Length=0x20000, ResultLength=0x3ceeb4 | out: SystemInformation=0x3409540, ResultLength=0x3ceeb4*=0xc800) returned 0x0
[0164.984] GetCurrentProcessId () returned 0xeec
[0164.985] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3409540, Length=0x20000, ResultLength=0x3ceea4 | out: SystemInformation=0x3409540, ResultLength=0x3ceea4*=0xc800) returned 0x0
[0171.086] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x238
[0171.086] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x23c
[0171.096] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ce06c | out: phkResult=0x3ce06c*=0x240) returned 0x0
[0171.097] RegQueryValueExW (in: hKey=0x240, lpValueName="InstallationType", lpReserved=0x0, lpType=0x3ce08c, lpData=0x0, lpcbData=0x3ce088*=0x0 | out: lpType=0x3ce08c*=0x1, lpData=0x0, lpcbData=0x3ce088*=0xe) returned 0x0
[0171.097] RegQueryValueExW (in: hKey=0x240, lpValueName="InstallationType", lpReserved=0x0, lpType=0x3ce08c, lpData=0x247301c, lpcbData=0x3ce088*=0xe | out: lpType=0x3ce08c*=0x1, lpData="Client", lpcbData=0x3ce088*=0xe) returned 0x0
[0171.098] RegCloseKey (hKey=0x240) returned 0x0
[0171.118] GetCurrentProcess () returned 0xffffffff
[0171.119] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cdcc0 | out: TokenHandle=0x3cdcc0*=0x240) returned 1
[0171.133] CloseHandle (hObject=0x240) returned 1
[0171.133] GetCurrentProcess () returned 0xffffffff
[0171.133] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cdcd8 | out: TokenHandle=0x3cdcd8*=0x240) returned 1
[0171.133] CloseHandle (hObject=0x240) returned 1
[0171.143] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee34 | out: phkResult=0x3cee34*=0x240) returned 0x0
[0171.143] RegQueryValueExW (in: hKey=0x240, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x3cee50, lpData=0x0, lpcbData=0x3cee4c*=0x0 | out: lpType=0x3cee50*=0x0, lpData=0x0, lpcbData=0x3cee4c*=0x0) returned 0x2
[0171.143] RegCloseKey (hKey=0x240) returned 0x0
[0171.145] GetCurrentProcessId () returned 0xeec
[0171.147] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xeec) returned 0x240
[0171.155] EnumProcessModules (in: hProcess=0x240, lphModule=0x2476f0c, cb=0x100, lpcbNeeded=0x3cee40 | out: lphModule=0x2476f0c, lpcbNeeded=0x3cee40) returned 1
[0171.157] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x247704c, cb=0xc | out: lpmodinfo=0x247704c*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x43783e)) returned 1
[0171.158] CoTaskMemAlloc (cb=0x804) returned 0x526be8
[0171.159] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x526be8, nSize=0x800 | out: lpBaseName="RegSvcs.exe") returned 0xb
[0171.159] CoTaskMemFree (pv=0x526be8)
[0171.160] CoTaskMemAlloc (cb=0x804) returned 0x526be8
[0171.160] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x526be8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")) returned 0x39
[0171.160] CoTaskMemFree (pv=0x526be8)
[0171.160] CloseHandle (hObject=0x240) returned 1
[0171.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x3ce968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0171.161] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee38 | out: phkResult=0x3cee38*=0x0) returned 0x2
[0171.161] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee38 | out: phkResult=0x3cee38*=0x240) returned 0x0
[0171.161] RegQueryValueExW (in: hKey=0x240, lpValueName="UseHttpPipeliningAndBufferPooling", lpReserved=0x0, lpType=0x3cee54, lpData=0x0, lpcbData=0x3cee50*=0x0 | out: lpType=0x3cee54*=0x0, lpData=0x0, lpcbData=0x3cee50*=0x0) returned 0x2
[0171.161] RegCloseKey (hKey=0x240) returned 0x0
[0171.162] GetCurrentProcessId () returned 0xeec
[0171.162] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xeec) returned 0x240
[0171.162] EnumProcessModules (in: hProcess=0x240, lphModule=0x2479ab8, cb=0x100, lpcbNeeded=0x3cee40 | out: lphModule=0x2479ab8, lpcbNeeded=0x3cee40) returned 1
[0171.163] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x2479bf8, cb=0xc | out: lpmodinfo=0x2479bf8*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x43783e)) returned 1
[0171.163] CoTaskMemAlloc (cb=0x804) returned 0x526be8
[0171.163] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x526be8, nSize=0x800 | out: lpBaseName="RegSvcs.exe") returned 0xb
[0171.163] CoTaskMemFree (pv=0x526be8)
[0171.163] CoTaskMemAlloc (cb=0x804) returned 0x526be8
[0171.163] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x526be8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")) returned 0x39
[0171.163] CoTaskMemFree (pv=0x526be8)
[0171.163] CloseHandle (hObject=0x240) returned 1
[0171.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x3ce968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0171.164] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee38 | out: phkResult=0x3cee38*=0x0) returned 0x2
[0171.164] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee38 | out: phkResult=0x3cee38*=0x240) returned 0x0
[0171.164] RegQueryValueExW (in: hKey=0x240, lpValueName="UseSafeSynchronousClose", lpReserved=0x0, lpType=0x3cee54, lpData=0x0, lpcbData=0x3cee50*=0x0 | out: lpType=0x3cee54*=0x0, lpData=0x0, lpcbData=0x3cee50*=0x0) returned 0x2
[0171.164] RegCloseKey (hKey=0x240) returned 0x0
[0171.165] GetCurrentProcessId () returned 0xeec
[0171.165] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xeec) returned 0x240
[0171.165] EnumProcessModules (in: hProcess=0x240, lphModule=0x247c690, cb=0x100, lpcbNeeded=0x3cee40 | out: lphModule=0x247c690, lpcbNeeded=0x3cee40) returned 1
[0171.165] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x247c7d0, cb=0xc | out: lpmodinfo=0x247c7d0*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x43783e)) returned 1
[0171.166] CoTaskMemAlloc (cb=0x804) returned 0x526be8
[0171.166] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x526be8, nSize=0x800 | out: lpBaseName="RegSvcs.exe") returned 0xb
[0171.166] CoTaskMemFree (pv=0x526be8)
[0171.166] CoTaskMemAlloc (cb=0x804) returned 0x526be8
[0171.166] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x526be8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")) returned 0x39
[0171.166] CoTaskMemFree (pv=0x526be8)
[0171.166] CloseHandle (hObject=0x240) returned 1
[0171.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x3ce968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0171.167] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee38 | out: phkResult=0x3cee38*=0x0) returned 0x2
[0171.167] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee38 | out: phkResult=0x3cee38*=0x240) returned 0x0
[0171.167] RegQueryValueExW (in: hKey=0x240, lpValueName="UseStrictRfcInterimResponseHandling", lpReserved=0x0, lpType=0x3cee54, lpData=0x0, lpcbData=0x3cee50*=0x0 | out: lpType=0x3cee54*=0x0, lpData=0x0, lpcbData=0x3cee50*=0x0) returned 0x2
[0171.167] RegCloseKey (hKey=0x240) returned 0x0
[0171.167] GetCurrentProcessId () returned 0xeec
[0171.167] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xeec) returned 0x240
[0171.167] EnumProcessModules (in: hProcess=0x240, lphModule=0x247f2f8, cb=0x100, lpcbNeeded=0x3cee40 | out: lphModule=0x247f2f8, lpcbNeeded=0x3cee40) returned 1
[0171.169] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x247f438, cb=0xc | out: lpmodinfo=0x247f438*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x43783e)) returned 1
[0171.169] CoTaskMemAlloc (cb=0x804) returned 0x526be8
[0171.169] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x526be8, nSize=0x800 | out: lpBaseName="RegSvcs.exe") returned 0xb
[0171.169] CoTaskMemFree (pv=0x526be8)
[0171.169] CoTaskMemAlloc (cb=0x804) returned 0x526be8
[0171.169] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x526be8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")) returned 0x39
[0171.169] CoTaskMemFree (pv=0x526be8)
[0171.169] CloseHandle (hObject=0x240) returned 1
[0171.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x3ce968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0171.170] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee38 | out: phkResult=0x3cee38*=0x0) returned 0x2
[0171.170] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee38 | out: phkResult=0x3cee38*=0x240) returned 0x0
[0171.170] RegQueryValueExW (in: hKey=0x240, lpValueName="AllowDangerousUnicodeDecompositions", lpReserved=0x0, lpType=0x3cee54, lpData=0x0, lpcbData=0x3cee50*=0x0 | out: lpType=0x3cee54*=0x0, lpData=0x0, lpcbData=0x3cee50*=0x0) returned 0x2
[0171.170] RegCloseKey (hKey=0x240) returned 0x0
[0171.170] GetCurrentProcessId () returned 0xeec
[0171.170] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xeec) returned 0x240
[0171.170] EnumProcessModules (in: hProcess=0x240, lphModule=0x2481d24, cb=0x100, lpcbNeeded=0x3cee40 | out: lphModule=0x2481d24, lpcbNeeded=0x3cee40) returned 1
[0171.171] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x2481e64, cb=0xc | out: lpmodinfo=0x2481e64*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x43783e)) returned 1
[0171.172] CoTaskMemAlloc (cb=0x804) returned 0x526be8
[0171.172] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x526be8, nSize=0x800 | out: lpBaseName="RegSvcs.exe") returned 0xb
[0171.172] CoTaskMemFree (pv=0x526be8)
[0171.172] CoTaskMemAlloc (cb=0x804) returned 0x526be8
[0171.172] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x526be8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")) returned 0x39
[0171.173] CoTaskMemFree (pv=0x526be8)
[0171.173] CloseHandle (hObject=0x240) returned 1
[0171.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x3ce968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0171.173] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee38 | out: phkResult=0x3cee38*=0x0) returned 0x2
[0171.173] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee38 | out: phkResult=0x3cee38*=0x240) returned 0x0
[0171.173] RegQueryValueExW (in: hKey=0x240, lpValueName="UseStrictIPv6AddressParsing", lpReserved=0x0, lpType=0x3cee54, lpData=0x0, lpcbData=0x3cee50*=0x0 | out: lpType=0x3cee54*=0x0, lpData=0x0, lpcbData=0x3cee50*=0x0) returned 0x2
[0171.173] RegCloseKey (hKey=0x240) returned 0x0
[0171.174] GetCurrentProcessId () returned 0xeec
[0171.174] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xeec) returned 0x240
[0171.174] EnumProcessModules (in: hProcess=0x240, lphModule=0x2484740, cb=0x100, lpcbNeeded=0x3cee40 | out: lphModule=0x2484740, lpcbNeeded=0x3cee40) returned 1
[0171.175] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x2484880, cb=0xc | out: lpmodinfo=0x2484880*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x43783e)) returned 1
[0171.175] CoTaskMemAlloc (cb=0x804) returned 0x526be8
[0171.175] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x526be8, nSize=0x800 | out: lpBaseName="RegSvcs.exe") returned 0xb
[0171.175] CoTaskMemFree (pv=0x526be8)
[0171.175] CoTaskMemAlloc (cb=0x804) returned 0x526be8
[0171.175] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x526be8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")) returned 0x39
[0171.176] CoTaskMemFree (pv=0x526be8)
[0171.176] CloseHandle (hObject=0x240) returned 1
[0171.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x3ce968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0171.176] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee38 | out: phkResult=0x3cee38*=0x0) returned 0x2
[0171.176] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee38 | out: phkResult=0x3cee38*=0x240) returned 0x0
[0171.176] RegQueryValueExW (in: hKey=0x240, lpValueName="AllowAllUriEncodingExpansion", lpReserved=0x0, lpType=0x3cee54, lpData=0x0, lpcbData=0x3cee50*=0x0 | out: lpType=0x3cee54*=0x0, lpData=0x0, lpcbData=0x3cee50*=0x0) returned 0x2
[0171.177] RegCloseKey (hKey=0x240) returned 0x0
[0171.184] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee38 | out: phkResult=0x3cee38*=0x240) returned 0x0
[0171.184] RegQueryValueExW (in: hKey=0x240, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x3cee54, lpData=0x0, lpcbData=0x3cee50*=0x0 | out: lpType=0x3cee54*=0x0, lpData=0x0, lpcbData=0x3cee50*=0x0) returned 0x2
[0171.184] RegCloseKey (hKey=0x240) returned 0x0
[0171.184] GetCurrentProcessId () returned 0xeec
[0171.185] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xeec) returned 0x240
[0171.185] EnumProcessModules (in: hProcess=0x240, lphModule=0x2488068, cb=0x100, lpcbNeeded=0x3cee3c | out: lphModule=0x2488068, lpcbNeeded=0x3cee3c) returned 1
[0171.186] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x24881a8, cb=0xc | out: lpmodinfo=0x24881a8*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x43783e)) returned 1
[0171.186] CoTaskMemAlloc (cb=0x804) returned 0x526be8
[0171.186] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x526be8, nSize=0x800 | out: lpBaseName="RegSvcs.exe") returned 0xb
[0171.186] CoTaskMemFree (pv=0x526be8)
[0171.186] CoTaskMemAlloc (cb=0x804) returned 0x526be8
[0171.186] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x526be8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")) returned 0x39
[0171.186] CoTaskMemFree (pv=0x526be8)
[0171.186] CloseHandle (hObject=0x240) returned 1
[0171.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x3ce964, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0171.187] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee34 | out: phkResult=0x3cee34*=0x0) returned 0x2
[0171.187] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee34 | out: phkResult=0x3cee34*=0x240) returned 0x0
[0171.187] RegQueryValueExW (in: hKey=0x240, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x3cee50, lpData=0x0, lpcbData=0x3cee4c*=0x0 | out: lpType=0x3cee50*=0x0, lpData=0x0, lpcbData=0x3cee4c*=0x0) returned 0x2
[0171.187] RegCloseKey (hKey=0x240) returned 0x0
[0171.188] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee38 | out: phkResult=0x3cee38*=0x240) returned 0x0
[0171.188] RegQueryValueExW (in: hKey=0x240, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x3cee54, lpData=0x0, lpcbData=0x3cee50*=0x0 | out: lpType=0x3cee54*=0x0, lpData=0x0, lpcbData=0x3cee50*=0x0) returned 0x2
[0171.188] RegCloseKey (hKey=0x240) returned 0x0
[0171.188] GetCurrentProcessId () returned 0xeec
[0171.188] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xeec) returned 0x240
[0171.188] EnumProcessModules (in: hProcess=0x240, lphModule=0x248ae5c, cb=0x100, lpcbNeeded=0x3cee3c | out: lphModule=0x248ae5c, lpcbNeeded=0x3cee3c) returned 1
[0171.189] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x248af9c, cb=0xc | out: lpmodinfo=0x248af9c*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x43783e)) returned 1
[0171.189] CoTaskMemAlloc (cb=0x804) returned 0x526be8
[0171.189] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x526be8, nSize=0x800 | out: lpBaseName="RegSvcs.exe") returned 0xb
[0171.190] CoTaskMemFree (pv=0x526be8)
[0171.190] CoTaskMemAlloc (cb=0x804) returned 0x526be8
[0171.190] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x526be8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")) returned 0x39
[0171.190] CoTaskMemFree (pv=0x526be8)
[0171.190] CloseHandle (hObject=0x240) returned 1
[0171.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x3ce964, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0171.190] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee34 | out: phkResult=0x3cee34*=0x0) returned 0x2
[0171.190] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cee34 | out: phkResult=0x3cee34*=0x240) returned 0x0
[0171.190] RegQueryValueExW (in: hKey=0x240, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x3cee50, lpData=0x0, lpcbData=0x3cee4c*=0x0 | out: lpType=0x3cee50*=0x0, lpData=0x0, lpcbData=0x3cee4c*=0x0) returned 0x2
[0171.191] RegCloseKey (hKey=0x240) returned 0x0
[0171.229] CreateBindCtx (in: reserved=0x0, ppbc=0x3cee94 | out: ppbc=0x3cee94*=0x4e4ab0) returned 0x0
[0171.229] IUnknown:QueryInterface (in: This=0x4e4ab0, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce950 | out: ppvObject=0x3ce950*=0x4e4ab0) returned 0x0
[0171.233] IUnknown:QueryInterface (in: This=0x4e4ab0, riid=0x71941b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce904 | out: ppvObject=0x3ce904*=0x0) returned 0x80004002
[0171.233] IUnknown:QueryInterface (in: This=0x4e4ab0, riid=0x71941e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce72c | out: ppvObject=0x3ce72c*=0x0) returned 0x80004002
[0171.234] IUnknown:AddRef (This=0x4e4ab0) returned 0x3
[0171.234] IUnknown:QueryInterface (in: This=0x4e4ab0, riid=0x7194182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3ce260 | out: ppvObject=0x3ce260*=0x0) returned 0x80004002
[0171.234] IUnknown:QueryInterface (in: This=0x4e4ab0, riid=0x71941764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3ce210 | out: ppvObject=0x3ce210*=0x0) returned 0x80004002
[0171.234] IUnknown:QueryInterface (in: This=0x4e4ab0, riid=0x71871388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce21c | out: ppvObject=0x3ce21c*=0x0) returned 0x80004002
[0171.234] CoGetContextToken (in: pToken=0x3ce27c | out: pToken=0x3ce27c) returned 0x0
[0171.234] CObjectContext::QueryInterface () returned 0x0
[0171.234] CObjectContext::GetCurrentApartmentType () returned 0x0
[0171.234] Release () returned 0x0
[0171.235] CoGetObjectContext (in: riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x51d394 | out: ppv=0x51d394*=0x4f12a8) returned 0x0
[0171.254] CoGetContextToken (in: pToken=0x3ce68c | out: pToken=0x3ce68c) returned 0x0
[0171.254] IUnknown:QueryInterface (in: This=0x4e4ab0, riid=0x71941aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce710 | out: ppvObject=0x3ce710*=0x0) returned 0x80004002
[0171.254] IUnknown:Release (This=0x4e4ab0) returned 0x2
[0171.254] CoGetContextToken (in: pToken=0x3cec5c | out: pToken=0x3cec5c) returned 0x0
[0171.254] CoGetContextToken (in: pToken=0x3cebbc | out: pToken=0x3cebbc) returned 0x0
[0171.254] IUnknown:QueryInterface (in: This=0x4e4ab0, riid=0x3cec8c*(Data1=0xe, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cec88 | out: ppvObject=0x3cec88*=0x4e4ab0) returned 0x0
[0171.255] IUnknown:AddRef (This=0x4e4ab0) returned 0x4
[0171.255] IUnknown:Release (This=0x4e4ab0) returned 0x3
[0171.255] IUnknown:Release (This=0x4e4ab0) returned 0x2
[0171.255] CoGetContextToken (in: pToken=0x3cece4 | out: pToken=0x3cece4) returned 0x0
[0171.255] IUnknown:AddRef (This=0x4e4ab0) returned 0x3
[0171.255] MkParseDisplayName (in: pbc=0x4e4ab0, szUserName="WinMgmts:", pchEaten=0x3ceec8, ppmk=0x3cee80 | out: pchEaten=0x3ceec8, ppmk=0x3cee80*=0x5323e0) returned 0x0
[0172.106] malloc (_Size=0x80) returned 0x632e50
[0172.110] DllGetClassObject (in: rclsid=0x535a04*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x3ceac0*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce178 | out: ppv=0x3ce178*=0x0) returned 0x80004002
[0172.110] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460810
[0172.110] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0172.110] DllGetClassObject (in: rclsid=0x535a04*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x7696ee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cec74 | out: ppv=0x3cec74*=0x460810) returned 0x0
[0172.110] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460810
[0172.111] WinMGMTS:IClassFactory:CreateInstance (in: This=0x460810, pUnkOuter=0x0, riid=0x7696f084*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cec20 | out: ppvObject=0x3cec20*=0x460850) returned 0x0
[0172.111] GetVersionExW (in: lpVersionInformation=0x3cea6c*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x7f, dwMinorVersion=0x36b7, dwBuildNumber=0x3, dwPlatformId=0x3cead0, szCSDVersion="塩癮\x08쀕") | out: lpVersionInformation=0x3cea6c*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0172.111] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x3cea60 | out: phkResult=0x3cea60*=0x284) returned 0x0
[0172.111] RegQueryValueExW (in: hKey=0x284, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0x3cea68, lpcbData=0x3cea64*=0x4 | out: lpType=0x0, lpData=0x3cea68*=0x3, lpcbData=0x3cea64*=0x4) returned 0x0
[0172.111] RegCloseKey (hKey=0x284) returned 0x0
[0172.112] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460828
[0172.112] GetSystemDirectoryW (in: lpBuffer=0x460828, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0172.112] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x76280000
[0172.115] GetProcAddress (hModule=0x76280000, lpProcName="DuplicateTokenEx") returned 0x7628ca24
[0172.115] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0172.115] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460828
[0172.115] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460850
[0172.115] WinMGMTS:IUnknown:Release (This=0x460810) returned 0x0
[0172.115] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0172.115] WinMGMTS:IParseDisplayName:ParseDisplayName (in: This=0x460850, pbc=0x4e4ab0, pszDisplayName="WinMgmts:", pchEaten=0x3cee38, ppmkOut=0x3cee3c | out: pchEaten=0x3cee38*=0x9, ppmkOut=0x3cee3c*=0x5323e0) returned 0x0
[0172.115] _wcsnicmp (_String1="WinMgmts:", _String2="WINMGMTS:", _MaxCount=0x9) returned 0
[0172.116] IBindCtx:GetObjectParam (in: This=0x4e4ab0, pszKey="WmiObject", ppunk=0x3ced40 | out: ppunk=0x3ced40*=0x0) returned 0x80004005
[0172.117] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460860
[0172.117] _wcsnicmp (_String1="", _String2="{", _MaxCount=0x1) returned -123
[0172.117] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460880
[0172.117] CoCreateInstance (in: rclsid=0x746742b0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x746742a0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x460898 | out: ppv=0x460898*=0x4608e8) returned 0x0
[0172.524] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4608f8
[0172.524] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460960
[0172.524] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4609c0
[0172.524] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0172.524] GetCurrentThreadId () returned 0xef0
[0172.524] _wcsnicmp (_String1="", _String2="[", _MaxCount=0x1) returned -91
[0172.524] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0172.524] GetCurrentThreadId () returned 0xef0
[0172.524] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x3cec28 | out: phkResult=0x3cec28*=0x28c) returned 0x0
[0172.524] RegQueryValueExW (in: hKey=0x28c, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x3cec30*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x3cec30*=0x16) returned 0x0
[0172.525] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4609e0
[0172.525] RegQueryValueExW (in: hKey=0x28c, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x4609e0, lpcbData=0x3cec30*=0x16 | out: lpType=0x0, lpData=0x4609e0*=0x72, lpcbData=0x3cec30*=0x16) returned 0x0
[0172.525] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460a00
[0172.525] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0172.525] RegCloseKey (hKey=0x28c) returned 0x0
[0172.525] CoCreateInstance (in: rclsid=0x746753b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x746750dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x3cec5c | out: ppv=0x3cec5c*=0x460a20) returned 0x0
[0172.777] SysStringLen (param_1=".") returned 0x1
[0172.777] WbemDefPath:IWbemPath:SetServer (This=0x460a20, Name=".") returned 0x0
[0172.777] CoCreateInstance (in: rclsid=0x746753b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x746750dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x3cec14 | out: ppv=0x3cec14*=0x460ab8) returned 0x0
[0172.777] CoCreateInstance (in: rclsid=0x746753b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x746750dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x3cebb8 | out: ppv=0x3cebb8*=0x460b50) returned 0x0
[0172.777] WbemDefPath:IWbemPath:SetText (This=0x460b50, uMode=0x4, pszPath="root\\cimv2") returned 0x0
[0172.777] WbemDefPath:IUnknown:Release (This=0x460b50) returned 0x0
[0172.777] SysStringLen (param_1="root\\cimv2") returned 0xa
[0172.777] WbemDefPath:IWbemPath:SetText (This=0x460ab8, uMode=0xc, pszPath="root\\cimv2") returned 0x0
[0172.777] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x460ab8, puCount=0x3cec24 | out: puCount=0x3cec24*=0x2) returned 0x0
[0172.777] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x460a20) returned 0x0
[0172.777] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x460ab8, uIndex=0x0, puNameBufLength=0x3cebec*=0x0, pName=0x0 | out: puNameBufLength=0x3cebec*=0x5, pName=0x0) returned 0x0
[0172.778] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460b50
[0172.778] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x460ab8, uIndex=0x0, puNameBufLength=0x3cebec*=0x5, pName="ಀFÄF" | out: puNameBufLength=0x3cebec*=0x5, pName="root") returned 0x0
[0172.778] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0172.778] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x460a20, uIndex=0x0, pszName="root") returned 0x0
[0172.778] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x460ab8, uIndex=0x1, puNameBufLength=0x3cebec*=0x0, pName=0x0 | out: puNameBufLength=0x3cebec*=0x6, pName=0x0) returned 0x0
[0172.778] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460ce8
[0172.778] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x460ab8, uIndex=0x1, puNameBufLength=0x3cebec*=0x6, pName="ÄFÄF2" | out: puNameBufLength=0x3cebec*=0x6, pName="cimv2") returned 0x0
[0172.778] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0172.778] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x460a20, uIndex=0x1, pszName="cimv2") returned 0x0
[0172.778] WbemDefPath:IUnknown:Release (This=0x460ab8) returned 0x0
[0172.778] WbemDefPath:IWbemPath:GetText (in: This=0x460a20, lFlags=4, puBuffLength=0x3cec40*=0x0, pszText=0x0 | out: puBuffLength=0x3cec40*=0xf, pszText=0x0) returned 0x0
[0172.779] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460ab8
[0172.779] WbemDefPath:IWbemPath:GetText (in: This=0x460a20, lFlags=4, puBuffLength=0x3cec40*=0xf, pszText="୰FৠF2" | out: puBuffLength=0x3cec40*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0172.779] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0172.779] WbemDefPath:IUnknown:Release (This=0x460a20) returned 0x0
[0172.779] WbemLocator:IWbemLocator:ConnectServer (in: This=0x4608e8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x3cecc8 | out: ppNamespace=0x3cecc8*=0x46d174) returned 0x0
[0179.293] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46c878
[0179.293] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46d188
[0179.293] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46d1e8
[0179.293] WbemLocator:IUnknown:QueryInterface (in: This=0x46d174, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceb98 | out: ppvObject=0x3ceb98*=0x53bc3c) returned 0x0
[0179.294] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x53bc3c, pProxy=0x46d174, pAuthnSvc=0x3ceb88, pAuthzSvc=0x3ceb8c, pServerPrincName=0x0, pAuthnLevel=0x3cebb4, pImpLevel=0x3cebb0, pAuthInfo=0x0, pCapabilites=0x3ceba0 | out: pAuthnSvc=0x3ceb88*=0xa, pAuthzSvc=0x3ceb8c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x3cebb4*=0x6, pImpLevel=0x3cebb0*=0x2, pAuthInfo=0x0, pCapabilites=0x3ceba0*=0x1) returned 0x0
[0179.294] WbemLocator:IUnknown:Release (This=0x53bc3c) returned 0x1
[0179.294] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0179.294] GetCurrentThreadId () returned 0xef0
[0179.294] WbemLocator:IUnknown:QueryInterface (in: This=0x46d174, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cebc8 | out: ppvObject=0x3cebc8*=0x53bc3c) returned 0x0
[0179.294] WbemLocator:IClientSecurity:CopyProxy (in: This=0x53bc3c, pProxy=0x46d174, ppCopy=0x3cebcc | out: ppCopy=0x3cebcc*=0x46d2e4) returned 0x0
[0179.294] WbemLocator:IUnknown:QueryInterface (in: This=0x46d2e4, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceae4 | out: ppvObject=0x3ceae4*=0x53bc3c) returned 0x0
[0179.294] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x53bc3c, pProxy=0x46d2e4, pAuthnSvc=0x3ceb08, pAuthzSvc=0x3ceaf8, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x3ceb08*=0xa, pAuthzSvc=0x3ceaf8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0
[0179.294] WbemLocator:IUnknown:Release (This=0x53bc3c) returned 0x3
[0179.295] WbemLocator:IUnknown:QueryInterface (in: This=0x46d2e4, riid=0x746734f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceabc | out: ppvObject=0x3ceabc*=0x53bc5c) returned 0x0
[0179.295] WbemLocator:IUnknown:QueryInterface (in: This=0x46d2e4, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceac0 | out: ppvObject=0x3ceac0*=0x53bc3c) returned 0x0
[0179.295] WbemLocator:IClientSecurity:SetBlanket (This=0x53bc3c, pProxy=0x46d2e4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0179.295] WbemLocator:IUnknown:Release (This=0x53bc3c) returned 0x4
[0179.295] WbemLocator:IUnknown:Release (This=0x53bc5c) returned 0x3
[0179.295] WbemLocator:IUnknown:Release (This=0x53bc3c) returned 0x2
[0179.295] WbemLocator:IUnknown:AddRef (This=0x46d2e4) returned 0x3
[0179.295] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46d2f8
[0179.295] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46c948
[0179.295] WbemLocator:IUnknown:Release (This=0x46d174) returned 0x2
[0179.295] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0179.296] GetCurrentThreadId () returned 0xef0
[0179.296] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0179.296] GetCurrentThreadId () returned 0xef0
[0179.297] WbemLocator:IUnknown:QueryInterface (in: This=0x46d2e4, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cec8c | out: ppvObject=0x3cec8c*=0x53bc3c) returned 0x0
[0179.297] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x53bc3c, pProxy=0x46d2e4, pAuthnSvc=0x3cec7c, pAuthzSvc=0x3cec80, pServerPrincName=0x0, pAuthnLevel=0x3cecac, pImpLevel=0x3cecb0, pAuthInfo=0x0, pCapabilites=0x3cec94 | out: pAuthnSvc=0x3cec7c*=0xa, pAuthzSvc=0x3cec80*=0x0, pServerPrincName=0x0, pAuthnLevel=0x3cecac*=0x6, pImpLevel=0x3cecb0*=0x3, pAuthInfo=0x0, pCapabilites=0x3cec94*=0x20) returned 0x0
[0179.297] WbemLocator:IUnknown:Release (This=0x53bc3c) returned 0x2
[0179.297] CreatePointerMoniker (in: punk=0x46c878, ppmk=0x3cee3c | out: ppmk=0x3cee3c*=0x5323e0) returned 0x0
[0179.297] IUnknown:AddRef (This=0x46c878) returned 0x2
[0179.297] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0179.297] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0179.298] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0179.298] WbemLocator:IUnknown:Release (This=0x4608e8) returned 0x0
[0179.298] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0179.298] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0179.298] WinMGMTS:IUnknown:Release (This=0x460850) returned 0x0
[0179.298] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0179.301] IUnknown:QueryInterface (in: This=0x5323e0, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce944 | out: ppvObject=0x3ce944*=0x5323e0) returned 0x0
[0179.301] IUnknown:QueryInterface (in: This=0x5323e0, riid=0x71941b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce8f8 | out: ppvObject=0x3ce8f8*=0x0) returned 0x80004002
[0179.301] IUnknown:QueryInterface (in: This=0x5323e0, riid=0x71941e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce720 | out: ppvObject=0x3ce720*=0x0) returned 0x80004002
[0179.301] IUnknown:AddRef (This=0x5323e0) returned 0x3
[0179.302] IUnknown:QueryInterface (in: This=0x5323e0, riid=0x7194182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3ce254 | out: ppvObject=0x3ce254*=0x0) returned 0x80004002
[0179.302] IUnknown:QueryInterface (in: This=0x5323e0, riid=0x71941764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3ce204 | out: ppvObject=0x3ce204*=0x0) returned 0x80004002
[0179.302] IUnknown:QueryInterface (in: This=0x5323e0, riid=0x71871388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce210 | out: ppvObject=0x3ce210*=0x5323f4) returned 0x0
[0179.302] IMarshal:GetUnmarshalClass (in: This=0x5323f4, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3ce218 | out: pCid=0x3ce218*(Data1=0x306, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0179.302] IUnknown:Release (This=0x5323f4) returned 0x3
[0179.302] CoGetContextToken (in: pToken=0x3ce270 | out: pToken=0x3ce270) returned 0x0
[0179.302] CoGetContextToken (in: pToken=0x3ce684 | out: pToken=0x3ce684) returned 0x0
[0179.302] IUnknown:QueryInterface (in: This=0x5323e0, riid=0x71941aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce704 | out: ppvObject=0x3ce704*=0x0) returned 0x80004002
[0179.302] IUnknown:Release (This=0x5323e0) returned 0x2
[0179.302] CoGetContextToken (in: pToken=0x3cec54 | out: pToken=0x3cec54) returned 0x0
[0179.302] CoGetContextToken (in: pToken=0x3cebb4 | out: pToken=0x3cebb4) returned 0x0
[0179.302] IUnknown:QueryInterface (in: This=0x5323e0, riid=0x3cec84*(Data1=0xf, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cec80 | out: ppvObject=0x3cec80*=0x5323e0) returned 0x0
[0179.302] IUnknown:AddRef (This=0x5323e0) returned 0x4
[0179.302] IUnknown:Release (This=0x5323e0) returned 0x3
[0179.303] IUnknown:Release (This=0x4e4ab0) returned 0x2
[0179.303] IUnknown:Release (This=0x5323e0) returned 0x2
[0179.303] CoGetContextToken (in: pToken=0x3cecec | out: pToken=0x3cecec) returned 0x0
[0179.303] IUnknown:AddRef (This=0x5323e0) returned 0x3
[0179.303] BindMoniker (in: pmk=0x5323e0, grfOpt=0x0, iidResult=0x244e55c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvResult=0x3cee84 | out: ppvResult=0x3cee84*=0x46c878) returned 0x0
[0179.303] IUnknown:QueryInterface (in: This=0x46c878, riid=0x244e55c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cee84 | out: ppvObject=0x3cee84*=0x46c878) returned 0x0
[0179.322] LoadRegTypeLib (in: rguid=0x7467364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x3ce6f0*=0x0 | out: pptlib=0x3ce6f0*=0x53ed60) returned 0x0
[0179.999] ITypeLib:GetTypeInfoOfGuid (in: This=0x53ed60, GUID=0x46c8bc*(Data1=0x62e522dc, Data2=0x8cf3, Data3=0x40a8, Data4=([0]=0x8b, [1]=0x2e, [2]=0x37, [3]=0xd5, [4]=0x95, [5]=0x65, [6]=0x1e, [7]=0x40)), ppTInfo=0x46c8a4 | out: ppTInfo=0x46c8a4*=0x5407b4) returned 0x0
[0179.999] IUnknown:Release (This=0x53ed60) returned 0x1
[0179.999] IUnknown:AddRef (This=0x5407b4) returned 0x2
[0179.999] ITypeInfo:RemoteGetTypeAttr (in: This=0x5407b4, ppTypeAttr=0x3ce720, pDummy=0xb358a9f7 | out: ppTypeAttr=0x3ce720, pDummy=0xb358a9f7) returned 0x0
[0180.047] ITypeInfo:LocalReleaseTypeAttr (This=0x5407b4) returned 0x533eb8
[0180.048] IUnknown:Release (This=0x5407b4) returned 0x1
[0180.048] CoGetContextToken (in: pToken=0x3ce274 | out: pToken=0x3ce274) returned 0x0
[0180.048] CoGetContextToken (in: pToken=0x3ce684 | out: pToken=0x3ce684) returned 0x0
[0180.048] IUnknown:Release (This=0x5323e0) returned 0x2
[0180.095] CoGetContextToken (in: pToken=0x3ce954 | out: pToken=0x3ce954) returned 0x0
[0180.095] LoadRegTypeLib (in: rguid=0x7467364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x3ce964*=0x0 | out: pptlib=0x3ce964*=0x53ed60) returned 0x0
[0180.097] ITypeLib:GetTypeInfoOfGuid (in: This=0x53ed60, GUID=0x46c8ac*(Data1=0xd2f68443, Data2=0x85dc, Data3=0x427e, Data4=([0]=0x91, [1]=0xd8, [2]=0x36, [3]=0x65, [4]=0x54, [5]=0xcc, [6]=0x75, [7]=0x4c)), ppTInfo=0x46c8a0 | out: ppTInfo=0x46c8a0*=0x5407e0) returned 0x0
[0180.097] IUnknown:Release (This=0x53ed60) returned 0x2
[0180.097] IUnknown:AddRef (This=0x5407e0) returned 0x2
[0180.097] DispGetIDsOfNames (in: ptinfo=0x5407e0, rgszNames=0x3ce9c0*="InstancesOf", cNames=0x1, rgdispid=0x3ce9b0 | out: rgdispid=0x3ce9b0*=5) returned 0x0
[0180.099] IUnknown:Release (This=0x5407e0) returned 0x1
[0180.108] IUnknown:AddRef (This=0x5407e0) returned 0x2
[0180.109] ITypeInfo:LocalInvoke (This=0x5407e0) returned 0x0
[0180.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.109] GetCurrentThreadId () returned 0xef0
[0180.109] WbemLocator:IUnknown:AddRef (This=0x46d2e4) returned 0x3
[0180.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.109] GetCurrentThreadId () returned 0xef0
[0180.109] IWbemServices:CreateInstanceEnum (in: This=0x46d2e4, strFilter="Win32_BaseBoard", lFlags=16, pCtx=0x0, ppEnum=0x3ce604 | out: ppEnum=0x3ce604*=0x4608dc) returned 0x0
[0180.125] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460918
[0180.125] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460978
[0180.125] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46d358
[0180.125] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46c988
[0180.125] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46d3b8
[0180.125] IUnknown:QueryInterface (in: This=0x4608dc, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce51c | out: ppvObject=0x3ce51c*=0x4608e0) returned 0x0
[0180.125] IClientSecurity:QueryBlanket (in: This=0x4608e0, pProxy=0x4608dc, pAuthnSvc=0x3ce50c, pAuthzSvc=0x3ce510, pServerPrincName=0x0, pAuthnLevel=0x3ce538, pImpLevel=0x3ce534, pAuthInfo=0x0, pCapabilites=0x3ce524 | out: pAuthnSvc=0x3ce50c*=0xa, pAuthzSvc=0x3ce510*=0x0, pServerPrincName=0x0, pAuthnLevel=0x3ce538*=0x6, pImpLevel=0x3ce534*=0x2, pAuthInfo=0x0, pCapabilites=0x3ce524*=0x1) returned 0x0
[0180.125] IUnknown:Release (This=0x4608e0) returned 0x1
[0180.126] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.126] GetCurrentThreadId () returned 0xef0
[0180.126] WbemLocator:IUnknown:QueryInterface (in: This=0x46d2e4, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce500 | out: ppvObject=0x3ce500*=0x53bc3c) returned 0x0
[0180.126] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x53bc3c, pProxy=0x46d2e4, pAuthnSvc=0x3ce4f0, pAuthzSvc=0x3ce4f4, pServerPrincName=0x0, pAuthnLevel=0x3ce520, pImpLevel=0x3ce524, pAuthInfo=0x0, pCapabilites=0x3ce508 | out: pAuthnSvc=0x3ce4f0*=0xa, pAuthzSvc=0x3ce4f4*=0x0, pServerPrincName=0x0, pAuthnLevel=0x3ce520*=0x6, pImpLevel=0x3ce524*=0x3, pAuthInfo=0x0, pCapabilites=0x3ce508*=0x20) returned 0x0
[0180.126] WbemLocator:IUnknown:Release (This=0x53bc3c) returned 0x3
[0180.126] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.126] GetCurrentThreadId () returned 0xef0
[0180.126] WbemLocator:IUnknown:QueryInterface (in: This=0x46d2e4, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce500 | out: ppvObject=0x3ce500*=0x53bc3c) returned 0x0
[0180.127] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x53bc3c, pProxy=0x46d2e4, pAuthnSvc=0x3ce4f0, pAuthzSvc=0x3ce4f4, pServerPrincName=0x0, pAuthnLevel=0x3ce524, pImpLevel=0x3ce520, pAuthInfo=0x0, pCapabilites=0x3ce508 | out: pAuthnSvc=0x3ce4f0*=0xa, pAuthzSvc=0x3ce4f4*=0x0, pServerPrincName=0x0, pAuthnLevel=0x3ce524*=0x6, pImpLevel=0x3ce520*=0x3, pAuthInfo=0x0, pCapabilites=0x3ce508*=0x20) returned 0x0
[0180.127] WbemLocator:IUnknown:Release (This=0x53bc3c) returned 0x3
[0180.127] IUnknown:QueryInterface (in: This=0x4608dc, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce54c | out: ppvObject=0x3ce54c*=0x4608e0) returned 0x0
[0180.128] IClientSecurity:CopyProxy (in: This=0x4608e0, pProxy=0x4608dc, ppCopy=0x3ce550 | out: ppCopy=0x3ce550*=0x46d4fc) returned 0x0
[0180.128] IUnknown:QueryInterface (in: This=0x46d4fc, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce468 | out: ppvObject=0x3ce468*=0x46d500) returned 0x0
[0180.128] IClientSecurity:QueryBlanket (in: This=0x46d500, pProxy=0x46d4fc, pAuthnSvc=0x3ce48c, pAuthzSvc=0x3ce47c, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x3ce48c*=0xa, pAuthzSvc=0x3ce47c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0
[0180.129] IUnknown:Release (This=0x46d500) returned 0x3
[0180.129] IUnknown:QueryInterface (in: This=0x46d4fc, riid=0x746734f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce440 | out: ppvObject=0x3ce440*=0x5414c4) returned 0x0
[0180.129] IUnknown:QueryInterface (in: This=0x46d4fc, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce444 | out: ppvObject=0x3ce444*=0x46d500) returned 0x0
[0180.129] IClientSecurity:SetBlanket (This=0x46d500, pProxy=0x46d4fc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0180.446] IUnknown:Release (This=0x46d500) returned 0x4
[0180.447] WbemLocator:IUnknown:Release (This=0x5414c4) returned 0x3
[0180.447] IUnknown:Release (This=0x4608e0) returned 0x2
[0180.447] IUnknown:AddRef (This=0x46d4fc) returned 0x3
[0180.447] IUnknown:Release (This=0x4608dc) returned 0x2
[0180.447] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x3ce5bc | out: pperrinfo=0x3ce5bc*=0x0) returned 0x1
[0180.448] WbemLocator:IUnknown:Release (This=0x46d2e4) returned 0x2
[0180.448] IUnknown:Release (This=0x5407e0) returned 0x1
[0180.449] LoadRegTypeLib (in: rguid=0x7467364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x3ce1ac*=0x0 | out: pptlib=0x3ce1ac*=0x53ed60) returned 0x0
[0180.451] ITypeLib:GetTypeInfoOfGuid (in: This=0x53ed60, GUID=0x460950*(Data1=0x4b83d61, Data2=0x21ae, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x33, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x460938 | out: ppTInfo=0x460938*=0x5408e8) returned 0x0
[0180.451] IUnknown:Release (This=0x53ed60) returned 0x3
[0180.451] IUnknown:AddRef (This=0x5408e8) returned 0x2
[0180.451] ITypeInfo:RemoteGetTypeAttr (in: This=0x5408e8, ppTypeAttr=0x3ce1dc, pDummy=0xb358acb3 | out: ppTypeAttr=0x3ce1dc, pDummy=0xb358acb3) returned 0x0
[0180.453] ITypeInfo:LocalReleaseTypeAttr (This=0x5408e8) returned 0x533eb8
[0180.453] IUnknown:Release (This=0x5408e8) returned 0x1
[0180.454] CoGetContextToken (in: pToken=0x3cdd30 | out: pToken=0x3cdd30) returned 0x0
[0180.454] CoGetContextToken (in: pToken=0x3ce144 | out: pToken=0x3ce144) returned 0x0
[0180.455] CoGetContextToken (in: pToken=0x3ced2c | out: pToken=0x3ced2c) returned 0x0
[0180.455] CoGetContextToken (in: pToken=0x3cec8c | out: pToken=0x3cec8c) returned 0x0
[0180.458] CoGetContextToken (in: pToken=0x3cecac | out: pToken=0x3cecac) returned 0x0
[0180.459] LoadRegTypeLib (in: rguid=0x7467364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x400, pptlib=0x3cecc0*=0x0 | out: pptlib=0x3cecc0*=0x53ed60) returned 0x0
[0180.460] ITypeLib:GetTypeInfoOfGuid (in: This=0x53ed60, GUID=0x460940*(Data1=0x76a6415f, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x460934 | out: ppTInfo=0x460934*=0x540890) returned 0x0
[0180.460] IUnknown:Release (This=0x53ed60) returned 0x4
[0180.461] IUnknown:AddRef (This=0x540890) returned 0x2
[0180.461] ITypeInfo:LocalInvoke (This=0x540890) returned 0x0
[0180.461] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.461] GetCurrentThreadId () returned 0xef0
[0180.461] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460810
[0180.462] IUnknown:Release (This=0x540890) returned 0x1
[0180.462] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0180.753] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x5117d0
[0180.755] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x511858
[0180.773] CoGetContextToken (in: pToken=0x3ce9f4 | out: pToken=0x3ce9f4) returned 0x0
[0180.778] CoGetContextToken (in: pToken=0x3ce50c | out: pToken=0x3ce50c) returned 0x0
[0180.779] IUnknown:AddRef (This=0x540890) returned 0x2
[0180.779] ITypeInfo:LocalInvoke (This=0x540890) returned 0x0
[0180.779] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.779] GetCurrentThreadId () returned 0xef0
[0180.779] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.779] GetCurrentThreadId () returned 0xef0
[0180.779] IUnknown:AddRef (This=0x46d4fc) returned 0x3
[0180.779] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.779] GetCurrentThreadId () returned 0xef0
[0180.779] IEnumWbemClassObject:Clone (in: This=0x46d4fc, ppEnum=0x3ce760 | out: ppEnum=0x3ce760*=0x46d5c4) returned 0x0
[0180.781] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46d600
[0180.781] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46d660
[0180.781] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46d6c0
[0180.781] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46c968
[0180.782] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46d720
[0180.782] IUnknown:QueryInterface (in: This=0x46d5c4, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce678 | out: ppvObject=0x3ce678*=0x46d5c8) returned 0x0
[0180.782] IClientSecurity:QueryBlanket (in: This=0x46d5c8, pProxy=0x46d5c4, pAuthnSvc=0x3ce668, pAuthzSvc=0x3ce66c, pServerPrincName=0x0, pAuthnLevel=0x3ce694, pImpLevel=0x3ce690, pAuthInfo=0x0, pCapabilites=0x3ce680 | out: pAuthnSvc=0x3ce668*=0xa, pAuthzSvc=0x3ce66c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x3ce694*=0x6, pImpLevel=0x3ce690*=0x2, pAuthInfo=0x0, pCapabilites=0x3ce680*=0x1) returned 0x0
[0180.782] IUnknown:Release (This=0x46d5c8) returned 0x1
[0180.782] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.782] GetCurrentThreadId () returned 0xef0
[0180.782] IUnknown:QueryInterface (in: This=0x46d4fc, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce65c | out: ppvObject=0x3ce65c*=0x46d500) returned 0x0
[0180.782] IClientSecurity:QueryBlanket (in: This=0x46d500, pProxy=0x46d4fc, pAuthnSvc=0x3ce64c, pAuthzSvc=0x3ce650, pServerPrincName=0x0, pAuthnLevel=0x3ce67c, pImpLevel=0x3ce680, pAuthInfo=0x0, pCapabilites=0x3ce664 | out: pAuthnSvc=0x3ce64c*=0xa, pAuthzSvc=0x3ce650*=0x0, pServerPrincName=0x0, pAuthnLevel=0x3ce67c*=0x6, pImpLevel=0x3ce680*=0x3, pAuthInfo=0x0, pCapabilites=0x3ce664*=0x20) returned 0x0
[0180.782] IUnknown:Release (This=0x46d500) returned 0x3
[0180.782] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.782] GetCurrentThreadId () returned 0xef0
[0180.783] IUnknown:QueryInterface (in: This=0x46d4fc, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce65c | out: ppvObject=0x3ce65c*=0x46d500) returned 0x0
[0180.783] IClientSecurity:QueryBlanket (in: This=0x46d500, pProxy=0x46d4fc, pAuthnSvc=0x3ce64c, pAuthzSvc=0x3ce650, pServerPrincName=0x0, pAuthnLevel=0x3ce680, pImpLevel=0x3ce67c, pAuthInfo=0x0, pCapabilites=0x3ce664 | out: pAuthnSvc=0x3ce64c*=0xa, pAuthzSvc=0x3ce650*=0x0, pServerPrincName=0x0, pAuthnLevel=0x3ce680*=0x6, pImpLevel=0x3ce67c*=0x3, pAuthInfo=0x0, pCapabilites=0x3ce664*=0x20) returned 0x0
[0180.783] IUnknown:Release (This=0x46d500) returned 0x3
[0180.783] IUnknown:QueryInterface (in: This=0x46d5c4, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce6a8 | out: ppvObject=0x3ce6a8*=0x46d5c8) returned 0x0
[0180.783] IClientSecurity:CopyProxy (in: This=0x46d5c8, pProxy=0x46d5c4, ppCopy=0x3ce6ac | out: ppCopy=0x3ce6ac*=0x46d864) returned 0x0
[0180.783] IUnknown:QueryInterface (in: This=0x46d864, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce5c4 | out: ppvObject=0x3ce5c4*=0x46d868) returned 0x0
[0180.783] IClientSecurity:QueryBlanket (in: This=0x46d868, pProxy=0x46d864, pAuthnSvc=0x3ce5e8, pAuthzSvc=0x3ce5d8, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x3ce5e8*=0xa, pAuthzSvc=0x3ce5d8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0
[0180.783] IUnknown:Release (This=0x46d868) returned 0x3
[0180.783] IUnknown:QueryInterface (in: This=0x46d864, riid=0x746734f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce59c | out: ppvObject=0x3ce59c*=0x4f5b3c) returned 0x0
[0180.783] IUnknown:QueryInterface (in: This=0x46d864, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce5a0 | out: ppvObject=0x3ce5a0*=0x46d868) returned 0x0
[0180.783] IClientSecurity:SetBlanket (This=0x46d868, pProxy=0x46d864, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0180.786] IUnknown:Release (This=0x46d868) returned 0x4
[0180.786] WbemLocator:IUnknown:Release (This=0x4f5b3c) returned 0x3
[0180.786] IUnknown:Release (This=0x46d5c8) returned 0x2
[0180.786] IUnknown:AddRef (This=0x46d864) returned 0x3
[0180.786] IUnknown:Release (This=0x46d5c4) returned 0x2
[0180.786] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x3ce718 | out: pperrinfo=0x3ce718*=0x0) returned 0x1
[0180.787] IUnknown:Release (This=0x46d4fc) returned 0x2
[0180.787] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.787] GetCurrentThreadId () returned 0xef0
[0180.787] IUnknown:AddRef (This=0x46d864) returned 0x3
[0180.787] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.787] GetCurrentThreadId () returned 0xef0
[0180.787] IEnumWbemClassObject:Reset (This=0x46d864) returned 0x0
[0180.788] IUnknown:Release (This=0x46d864) returned 0x2
[0180.788] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460810
[0180.788] IUnknown:Release (This=0x540890) returned 0x1
[0180.789] CoGetContextToken (in: pToken=0x3cdcd8 | out: pToken=0x3cdcd8) returned 0x0
[0180.789] CoGetContextToken (in: pToken=0x3ce0ec | out: pToken=0x3ce0ec) returned 0x0
[0180.800] CoGetContextToken (in: pToken=0x3ceacc | out: pToken=0x3ceacc) returned 0x0
[0180.800] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.800] GetCurrentThreadId () returned 0xef0
[0180.800] IUnknown:AddRef (This=0x46d864) returned 0x3
[0180.800] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.801] GetCurrentThreadId () returned 0xef0
[0180.801] IEnumWbemClassObject:Next (in: This=0x46d864, lTimeout=-1, uCount=0x1, apObjects=0x3cee50, puReturned=0x3cee48 | out: apObjects=0x3cee50*=0x46d8a0, puReturned=0x3cee48*=0x1) returned 0x0
[0180.805] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46c8e8
[0180.805] IUnknown:AddRef (This=0x46d8a0) returned 0x2
[0180.805] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46fbb8
[0180.805] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46fc28
[0180.805] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46fc88
[0180.805] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46c9a8
[0180.805] WbemLocator:IUnknown:AddRef (This=0x46d2e4) returned 0x3
[0180.805] IUnknown:AddRef (This=0x46d864) returned 0x4
[0180.805] IUnknown:QueryInterface (in: This=0x46d864, riid=0x746731fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cedb0 | out: ppvObject=0x3cedb0*=0x46d868) returned 0x0
[0180.806] IClientSecurity:QueryBlanket (in: This=0x46d868, pProxy=0x46d864, pAuthnSvc=0x3ceda0, pAuthzSvc=0x3ceda4, pServerPrincName=0x0, pAuthnLevel=0x3cedc0, pImpLevel=0x3cedcc, pAuthInfo=0x0, pCapabilites=0x3cedb8 | out: pAuthnSvc=0x3ceda0*=0xa, pAuthzSvc=0x3ceda4*=0x0, pServerPrincName=0x0, pAuthnLevel=0x3cedc0*=0x6, pImpLevel=0x3cedcc*=0x3, pAuthInfo=0x0, pCapabilites=0x3cedb8*=0x20) returned 0x0
[0180.806] IUnknown:Release (This=0x46d868) returned 0x4
[0180.806] WbemLocator:IUnknown:Release (This=0x46d2e4) returned 0x2
[0180.806] WbemLocator:IUnknown:AddRef (This=0x46d2e4) returned 0x3
[0180.806] IUnknown:Release (This=0x46d864) returned 0x3
[0180.806] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe
[0180.806] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46bd28
[0180.806] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x46c9c8
[0180.806] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4609d8
[0180.806] IUnknown:AddRef (This=0x46d8a0) returned 0x3
[0180.806] IUnknown:Release (This=0x46d8a0) returned 0x2
[0180.806] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x3cee04 | out: pperrinfo=0x3cee04*=0x0) returned 0x1
[0180.807] IUnknown:Release (This=0x46d864) returned 0x2
[0180.807] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x3cee48 | out: pperrinfo=0x3cee48*=0x0) returned 0x1
[0180.808] LoadRegTypeLib (in: rguid=0x7467364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x3ce614*=0x0 | out: pptlib=0x3ce614*=0x53ed60) returned 0x0
[0180.810] ITypeLib:GetTypeInfoOfGuid (in: This=0x53ed60, GUID=0x746870c4*(Data1=0xd6bdafb2, Data2=0x9435, Data3=0x491f, Data4=([0]=0xbb, [1]=0x87, [2]=0x6a, [3]=0xa0, [4]=0xf0, [5]=0xbc, [6]=0x31, [7]=0xa2)), ppTInfo=0x46bd44 | out: ppTInfo=0x46bd44*=0x540914) returned 0x0
[0180.810] IUnknown:Release (This=0x53ed60) returned 0x5
[0180.810] IUnknown:AddRef (This=0x540914) returned 0x2
[0180.810] ITypeInfo:RemoteGetTypeAttr (in: This=0x540914, ppTypeAttr=0x3ce654, pDummy=0xb358a8cb | out: ppTypeAttr=0x3ce654, pDummy=0xb358a8cb) returned 0x0
[0180.811] ITypeInfo:LocalReleaseTypeAttr (This=0x540914) returned 0x533eb8
[0180.812] IUnknown:Release (This=0x540914) returned 0x1
[0180.812] CoGetContextToken (in: pToken=0x3ce1a8 | out: pToken=0x3ce1a8) returned 0x0
[0180.812] CoGetContextToken (in: pToken=0x3ce5bc | out: pToken=0x3ce5bc) returned 0x0
[0180.815] CoGetContextToken (in: pToken=0x3ce974 | out: pToken=0x3ce974) returned 0x0
[0180.815] LoadRegTypeLib (in: rguid=0x7467364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x3ce968*=0x0 | out: pptlib=0x3ce968*=0x53ed60) returned 0x0
[0180.817] ITypeLib:GetTypeInfoOfGuid (in: This=0x53ed60, GUID=0x746755e4*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0x46bd40 | out: ppTInfo=0x46bd40*=0x540940) returned 0x0
[0180.817] IUnknown:Release (This=0x53ed60) returned 0x6
[0180.817] IUnknown:AddRef (This=0x540940) returned 0x2
[0180.817] DispGetIDsOfNames (in: ptinfo=0x540940, rgszNames=0x3ce9e0*="SerialNumber", cNames=0x1, rgdispid=0x3ce9d0 | out: rgdispid=0x3ce9d0*=-1) returned 0x80020006
[0180.838] IUnknown:AddRef (This=0x46d8a0) returned 0x3
[0180.838] IWbemClassObject:Get (in: This=0x46d8a0, wszName="SerialNumber", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0x3ce8f0*=0 | out: pVal=0x0, pType=0x0, plFlavor=0x3ce8f0*=0) returned 0x0
[0180.838] IUnknown:Release (This=0x46d8a0) returned 0x2
[0180.838] SysStringLen (param_1="SerialNumber") returned 0xc
[0180.838] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x460a48
[0180.838] SysStringLen (param_1="SerialNumber") returned 0xc
[0180.838] IUnknown:Release (This=0x540940) returned 0x1
[0180.838] IUnknown:AddRef (This=0x540940) returned 0x2
[0180.839] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.839] GetCurrentThreadId () returned 0xef0
[0180.839] SysStringLen (param_1="SerialNumber") returned 0xc
[0180.839] IWbemClassObject:Get (in: This=0x46d8a0, wszName="SerialNumber", lFlags=0, pVal=0x3ce770*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3ce7a8, varVal2=0x74672d81), pType=0x3ce780*=1952918918, plFlavor=0x0 | out: pVal=0x3ce770*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"..CN747510BO0504.\"", varVal2=0x74672d81), pType=0x3ce780*=8, plFlavor=0x0) returned 0x0
[0180.839] IUnknown:Release (This=0x540940) returned 0x1
[0180.841] SysStringByteLen (bstr="\"..CN747510BO0504.\"") returned 0x26
[0180.841] SysStringByteLen (bstr="\"..CN747510BO0504.\"") returned 0x26
[0180.842] CoGetContextToken (in: pToken=0x3ceacc | out: pToken=0x3ceacc) returned 0x0
[0180.842] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.843] GetCurrentThreadId () returned 0xef0
[0180.843] IUnknown:AddRef (This=0x46d864) returned 0x3
[0180.843] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0180.843] GetCurrentThreadId () returned 0xef0
[0180.843] IEnumWbemClassObject:Next (in: This=0x46d864, lTimeout=-1, uCount=0x1, apObjects=0x3cee50, puReturned=0x3cee48 | out: apObjects=0x3cee50*=0x0, puReturned=0x3cee48*=0x0) returned 0x1
[0180.844] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x3cee04 | out: pperrinfo=0x3cee04*=0x0) returned 0x1
[0180.844] IUnknown:Release (This=0x46d864) returned 0x2
[0180.845] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x3cee48 | out: pperrinfo=0x3cee48*=0x0) returned 0x1
[0180.987] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b4
[0180.988] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b8
[0181.001] SetEvent (hEvent=0x2b8) returned 1
[0181.028] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x3cee38*=0x2b4, lpdwindex=0x3cec5c | out: lpdwindex=0x3cec5c) returned 0x0
[0181.031] CoGetContextToken (in: pToken=0x3ced0c | out: pToken=0x3ced0c) returned 0x0
[0181.031] CoGetContextToken (in: pToken=0x3cec6c | out: pToken=0x3cec6c) returned 0x0
[0181.032] WbemDefPath:IUnknown:QueryInterface (in: This=0x46fcf8, riid=0x3ced3c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3ced38 | out: ppvObject=0x3ced38*=0x46fcf8) returned 0x0
[0181.032] WbemDefPath:IUnknown:AddRef (This=0x46fcf8) returned 0x3
[0181.032] WbemDefPath:IUnknown:Release (This=0x46fcf8) returned 0x2
[0181.035] WbemDefPath:IWbemPath:SetText (This=0x46fcf8, uMode=0x4, pszPath="win32_processor") returned 0x0
[0181.038] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x46fcf8, puCount=0x3ceeb8 | out: puCount=0x3ceeb8*=0x0) returned 0x0
[0181.038] WbemDefPath:IWbemPath:GetText (in: This=0x46fcf8, lFlags=2, puBuffLength=0x3ceeb4*=0x0, pszText=0x0 | out: puBuffLength=0x3ceeb4*=0x10, pszText=0x0) returned 0x0
[0181.038] WbemDefPath:IWbemPath:GetText (in: This=0x46fcf8, lFlags=2, puBuffLength=0x3ceeb4*=0x10, pszText="000000000000000" | out: puBuffLength=0x3ceeb4*=0x10, pszText="win32_processor") returned 0x0
[0181.039] WbemDefPath:IWbemPath:GetInfo (in: This=0x46fcf8, uRequestedInfo=0x0, puResponse=0x3ceec0 | out: puResponse=0x3ceec0*=0xc15) returned 0x0
[0181.039] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x46fcf8, puCount=0x3ceeb8 | out: puCount=0x3ceeb8*=0x0) returned 0x0
[0181.039] WbemDefPath:IWbemPath:GetInfo (in: This=0x46fcf8, uRequestedInfo=0x0, puResponse=0x3ceec0 | out: puResponse=0x3ceec0*=0xc15) returned 0x0
[0181.040] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x46fcf8, puCount=0x3ceea8 | out: puCount=0x3ceea8*=0x0) returned 0x0
[0181.040] WbemDefPath:IWbemPath:GetText (in: This=0x46fcf8, lFlags=2, puBuffLength=0x3ceea4*=0x0, pszText=0x0 | out: puBuffLength=0x3ceea4*=0x10, pszText=0x0) returned 0x0
[0181.040] WbemDefPath:IWbemPath:GetText (in: This=0x46fcf8, lFlags=2, puBuffLength=0x3ceea4*=0x10, pszText="000000000000000" | out: puBuffLength=0x3ceea4*=0x10, pszText="win32_processor") returned 0x0
[0181.040] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x46fcf8, puCount=0x3ceea8 | out: puCount=0x3ceea8*=0x0) returned 0x0
[0181.040] WbemDefPath:IWbemPath:GetText (in: This=0x46fcf8, lFlags=2, puBuffLength=0x3ceea4*=0x0, pszText=0x0 | out: puBuffLength=0x3ceea4*=0x10, pszText=0x0) returned 0x0
[0181.040] WbemDefPath:IWbemPath:GetText (in: This=0x46fcf8, lFlags=2, puBuffLength=0x3ceea4*=0x10, pszText="000000000000000" | out: puBuffLength=0x3ceea4*=0x10, pszText="win32_processor") returned 0x0
[0181.040] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x46fcf8, puCount=0x3cee38 | out: puCount=0x3cee38*=0x0) returned 0x0
[0181.041] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e8
[0181.041] SetEvent (hEvent=0x2b8) returned 1
[0181.041] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x3ce694*=0x2e8, lpdwindex=0x3ce4b8 | out: lpdwindex=0x3ce4b8) returned 0x0
[0181.044] CoGetContextToken (in: pToken=0x3ce56c | out: pToken=0x3ce56c) returned 0x0
[0181.044] CoGetContextToken (in: pToken=0x3ce4cc | out: pToken=0x3ce4cc) returned 0x0
[0181.044] WbemDefPath:IUnknown:QueryInterface (in: This=0x46fe30, riid=0x3ce59c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3ce598 | out: ppvObject=0x3ce598*=0x46fe30) returned 0x0
[0181.044] WbemDefPath:IUnknown:AddRef (This=0x46fe30) returned 0x3
[0181.044] WbemDefPath:IUnknown:Release (This=0x46fe30) returned 0x2
[0181.044] WbemDefPath:IWbemPath:SetText (This=0x46fe30, uMode=0x4, pszPath="//./root/cimv2") returned 0x0
[0181.045] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x46fe30, puCount=0x3cee24 | out: puCount=0x3cee24*=0x2) returned 0x0
[0181.045] WbemDefPath:IWbemPath:GetText (in: This=0x46fe30, lFlags=4, puBuffLength=0x3cee20*=0x0, pszText=0x0 | out: puBuffLength=0x3cee20*=0xf, pszText=0x0) returned 0x0
[0181.045] WbemDefPath:IWbemPath:GetText (in: This=0x46fe30, lFlags=4, puBuffLength=0x3cee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0181.045] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2ec
[0181.045] SetEvent (hEvent=0x2b8) returned 1
[0181.045] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x3ced80*=0x2ec, lpdwindex=0x3ceba4 | out: lpdwindex=0x3ceba4) returned 0x0
[0181.048] CoGetContextToken (in: pToken=0x3cec54 | out: pToken=0x3cec54) returned 0x0
[0181.048] CoGetContextToken (in: pToken=0x3cebb4 | out: pToken=0x3cebb4) returned 0x0
[0181.048] WbemDefPath:IUnknown:QueryInterface (in: This=0x46da38, riid=0x3cec84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cec80 | out: ppvObject=0x3cec80*=0x46da38) returned 0x0
[0181.048] WbemDefPath:IUnknown:AddRef (This=0x46da38) returned 0x3
[0181.048] WbemDefPath:IUnknown:Release (This=0x46da38) returned 0x2
[0181.048] WbemDefPath:IWbemPath:SetText (This=0x46da38, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0
[0181.048] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x46da38, puCount=0x3cedfc | out: puCount=0x3cedfc*=0x2) returned 0x0
[0181.048] WbemDefPath:IWbemPath:GetText (in: This=0x46da38, lFlags=4, puBuffLength=0x3cedf8*=0x0, pszText=0x0 | out: puBuffLength=0x3cedf8*=0xf, pszText=0x0) returned 0x0
[0181.048] WbemDefPath:IWbemPath:GetText (in: This=0x46da38, lFlags=4, puBuffLength=0x3cedf8*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cedf8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0181.064] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x3ced1c*=0x300, lpdwindex=0x3cebd4 | out: lpdwindex=0x3cebd4) returned 0x0
[0181.786] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x46da38, puCount=0x3cee20 | out: puCount=0x3cee20*=0x2) returned 0x0
[0181.786] WbemDefPath:IWbemPath:GetText (in: This=0x46da38, lFlags=4, puBuffLength=0x3cee1c*=0x0, pszText=0x0 | out: puBuffLength=0x3cee1c*=0xf, pszText=0x0) returned 0x0
[0181.786] WbemDefPath:IWbemPath:GetText (in: This=0x46da38, lFlags=4, puBuffLength=0x3cee1c*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cee1c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0181.786] WbemDefPath:IWbemPath:GetText (in: This=0x46fcf8, lFlags=2, puBuffLength=0x3cee24*=0x0, pszText=0x0 | out: puBuffLength=0x3cee24*=0x10, pszText=0x0) returned 0x0
[0181.786] WbemDefPath:IWbemPath:GetText (in: This=0x46fcf8, lFlags=2, puBuffLength=0x3cee24*=0x10, pszText="000000000000000" | out: puBuffLength=0x3cee24*=0x10, pszText="win32_processor") returned 0x0
[0181.797] CoGetContextToken (in: pToken=0x3cebc4 | out: pToken=0x3cebc4) returned 0x0
[0181.900] CoGetContextToken (in: pToken=0x3ceb24 | out: pToken=0x3ceb24) returned 0x0
[0181.900] CoGetContextToken (in: pToken=0x3ceb24 | out: pToken=0x3ceb24) returned 0x0
[0181.901] CoGetContextToken (in: pToken=0x3ceac4 | out: pToken=0x3ceac4) returned 0x0
[0181.901] IUnknown:QueryInterface (in: This=0x4f1418, riid=0x719f8ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea9c | out: ppvObject=0x3cea9c*=0x4f1428) returned 0x0
[0181.901] CObjectContext::ContextCallback () returned 0x0
[0181.913] IUnknown:Release (This=0x4f1428) returned 0x1
[0181.914] CoUnmarshalInterface (in: pStm=0x529360, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb18 | out: ppv=0x3ceb18*=0x57ccd4) returned 0x0
[0181.915] CoMarshalInterface (pStm=0x529360, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x57ccd4, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0181.915] WbemLocator:IUnknown:QueryInterface (in: This=0x57ccd4, riid=0x3cebf4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x3cebf0 | out: ppvObject=0x3cebf0*=0x46dc64) returned 0x0
[0181.933] WbemLocator:IUnknown:Release (This=0x57ccd4) returned 0x1
[0181.933] IWbemServices:GetObject (in: This=0x46dc64, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x3cedd8*=0x0, ppCallResult=0x0 | out: ppObject=0x3cedd8*=0x474708, ppCallResult=0x0) returned 0x0
[0181.940] WbemLocator:IUnknown:Release (This=0x46dc64) returned 0x0
[0181.940] IWbemClassObject:Get (in: This=0x474708, wszName="__PATH", lFlags=0, pVal=0x3cedc0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cee68*=0, plFlavor=0x3cee64*=0 | out: pVal=0x3cedc0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_Processor", varVal2=0x0), pType=0x3cee68*=8, plFlavor=0x3cee64*=64) returned 0x0
[0181.941] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_Processor") returned 0x4e
[0181.941] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_Processor") returned 0x4e
[0181.952] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x340
[0181.953] SetEvent (hEvent=0x2b8) returned 1
[0181.953] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x3ced7c*=0x340, lpdwindex=0x3ceba0 | out: lpdwindex=0x3ceba0) returned 0x0
[0181.974] CoGetContextToken (in: pToken=0x3cec54 | out: pToken=0x3cec54) returned 0x0
[0181.974] CoGetContextToken (in: pToken=0x3cebb4 | out: pToken=0x3cebb4) returned 0x0
[0181.974] WbemDefPath:IUnknown:QueryInterface (in: This=0x46dc20, riid=0x3cec84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cec80 | out: ppvObject=0x3cec80*=0x46dc20) returned 0x0
[0181.974] WbemDefPath:IUnknown:AddRef (This=0x46dc20) returned 0x3
[0181.974] WbemDefPath:IUnknown:Release (This=0x46dc20) returned 0x2
[0181.974] WbemDefPath:IWbemPath:SetText (This=0x46dc20, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_Processor") returned 0x0
[0181.975] IWbemClassObject:Get (in: This=0x474708, wszName="__CLASS", lFlags=0, pVal=0x3cee30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3ceeb0*=0, plFlavor=0x3ceeac*=0 | out: pVal=0x3cee30*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Processor", varVal2=0x0), pType=0x3ceeb0*=8, plFlavor=0x3ceeac*=64) returned 0x0
[0181.975] SysStringByteLen (bstr="Win32_Processor") returned 0x1e
[0181.975] SysStringByteLen (bstr="Win32_Processor") returned 0x1e
[0181.975] CoGetContextToken (in: pToken=0x3cec54 | out: pToken=0x3cec54) returned 0x0
[0181.975] CoGetContextToken (in: pToken=0x3cebb4 | out: pToken=0x3cebb4) returned 0x0
[0181.976] CoGetContextToken (in: pToken=0x3cebb4 | out: pToken=0x3cebb4) returned 0x0
[0181.976] CoUnmarshalInterface (in: pStm=0x529360, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceba8 | out: ppv=0x3ceba8*=0x57ccd4) returned 0x0
[0181.976] CoMarshalInterface (pStm=0x529360, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x57ccd4, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0181.977] WbemLocator:IUnknown:QueryInterface (in: This=0x57ccd4, riid=0x3cec84*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x3cec80 | out: ppvObject=0x3cec80*=0x474abc) returned 0x0
[0181.977] WbemLocator:IUnknown:Release (This=0x57ccd4) returned 0x1
[0181.977] IWbemServices:CreateInstanceEnum (in: This=0x474abc, strFilter="Win32_Processor", lFlags=17, pCtx=0x0, ppEnum=0x3cee2c | out: ppEnum=0x3cee2c*=0x474b5c) returned 0x0
[0181.994] IUnknown:QueryInterface (in: This=0x474b5c, riid=0x6d5235b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cecb8 | out: ppvObject=0x3cecb8*=0x474b60) returned 0x0
[0181.994] IClientSecurity:QueryBlanket (in: This=0x474b60, pProxy=0x474b5c, pAuthnSvc=0x3ced08, pAuthzSvc=0x3ced04, pServerPrincName=0x3cecfc, pAuthnLevel=0x3ced00, pImpLevel=0x3cecf0, pAuthInfo=0x3cecf4, pCapabilites=0x3cecf8 | out: pAuthnSvc=0x3ced08*=0xa, pAuthzSvc=0x3ced04*=0x0, pServerPrincName=0x3cecfc, pAuthnLevel=0x3ced00*=0x6, pImpLevel=0x3cecf0*=0x2, pAuthInfo=0x3cecf4, pCapabilites=0x3cecf8*=0x1) returned 0x0
[0181.995] IUnknown:Release (This=0x474b60) returned 0x1
[0181.995] IUnknown:QueryInterface (in: This=0x474b5c, riid=0x6d5235a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cecac | out: ppvObject=0x3cecac*=0x57cdc4) returned 0x0
[0181.995] IUnknown:QueryInterface (in: This=0x474b5c, riid=0x6d5235b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cec98 | out: ppvObject=0x3cec98*=0x474b60) returned 0x0
[0181.995] IClientSecurity:SetBlanket (This=0x474b60, pProxy=0x474b5c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0182.095] IUnknown:Release (This=0x474b60) returned 0x2
[0182.095] WbemLocator:IUnknown:Release (This=0x57cdc4) returned 0x1
[0182.096] CoTaskMemFree (pv=0x582868)
[0182.096] IUnknown:AddRef (This=0x474b5c) returned 0x2
[0182.096] CoGetContextToken (in: pToken=0x3ce1d4 | out: pToken=0x3ce1d4) returned 0x0
[0182.096] CoGetContextToken (in: pToken=0x3ce5e4 | out: pToken=0x3ce5e4) returned 0x0
[0182.096] IUnknown:QueryInterface (in: This=0x474b5c, riid=0x71941aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce580 | out: ppvObject=0x3ce580*=0x57cdac) returned 0x0
[0182.096] WbemLocator:IRpcOptions:Query (in: This=0x57cdac, pPrx=0x5737d8, dwProperty=2, pdwValue=0x3ce674 | out: pdwValue=0x3ce674) returned 0x80004002
[0182.097] WbemLocator:IUnknown:Release (This=0x57cdac) returned 0x2
[0182.097] CoGetContextToken (in: pToken=0x3cebb4 | out: pToken=0x3cebb4) returned 0x0
[0182.097] CoGetContextToken (in: pToken=0x3ceb14 | out: pToken=0x3ceb14) returned 0x0
[0182.097] IUnknown:QueryInterface (in: This=0x474b5c, riid=0x3cebe4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ceab0 | out: ppvObject=0x3ceab0*=0x474b5c) returned 0x0
[0182.097] IUnknown:Release (This=0x474b5c) returned 0x2
[0182.097] WbemLocator:IUnknown:Release (This=0x474abc) returned 0x0
[0182.097] SysStringLen (param_1=0x0) returned 0x0
[0182.098] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x46da38, puCount=0x3cee68 | out: puCount=0x3cee68*=0x2) returned 0x0
[0182.098] WbemDefPath:IWbemPath:GetText (in: This=0x46da38, lFlags=4, puBuffLength=0x3cee64*=0x0, pszText=0x0 | out: puBuffLength=0x3cee64*=0xf, pszText=0x0) returned 0x0
[0182.098] WbemDefPath:IWbemPath:GetText (in: This=0x46da38, lFlags=4, puBuffLength=0x3cee64*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cee64*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0182.098] CoGetContextToken (in: pToken=0x3cecb4 | out: pToken=0x3cecb4) returned 0x0
[0182.098] IEnumWbemClassObject:Clone (in: This=0x474b5c, ppEnum=0x3cee68 | out: ppEnum=0x3cee68*=0x474c24) returned 0x0
[0182.199] IUnknown:QueryInterface (in: This=0x474c24, riid=0x6d5235b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ced24 | out: ppvObject=0x3ced24*=0x474c28) returned 0x0
[0182.199] IClientSecurity:QueryBlanket (in: This=0x474c28, pProxy=0x474c24, pAuthnSvc=0x3ced74, pAuthzSvc=0x3ced70, pServerPrincName=0x3ced68, pAuthnLevel=0x3ced6c, pImpLevel=0x3ced5c, pAuthInfo=0x3ced60, pCapabilites=0x3ced64 | out: pAuthnSvc=0x3ced74*=0xa, pAuthzSvc=0x3ced70*=0x0, pServerPrincName=0x3ced68, pAuthnLevel=0x3ced6c*=0x6, pImpLevel=0x3ced5c*=0x2, pAuthInfo=0x3ced60, pCapabilites=0x3ced64*=0x1) returned 0x0
[0182.199] IUnknown:Release (This=0x474c28) returned 0x1
[0182.199] IUnknown:QueryInterface (in: This=0x474c24, riid=0x6d5235a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ced18 | out: ppvObject=0x3ced18*=0x57ccd4) returned 0x0
[0182.199] IUnknown:QueryInterface (in: This=0x474c24, riid=0x6d5235b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ced04 | out: ppvObject=0x3ced04*=0x474c28) returned 0x0
[0182.199] IClientSecurity:SetBlanket (This=0x474c28, pProxy=0x474c24, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0183.390] IUnknown:Release (This=0x474c28) returned 0x2
[0183.390] WbemLocator:IUnknown:Release (This=0x57ccd4) returned 0x1
[0183.390] CoTaskMemFree (pv=0x582868)
[0183.391] IUnknown:AddRef (This=0x474c24) returned 0x2
[0183.391] CoGetContextToken (in: pToken=0x3ce234 | out: pToken=0x3ce234) returned 0x0
[0183.391] CoGetContextToken (in: pToken=0x3ce644 | out: pToken=0x3ce644) returned 0x0
[0183.391] IUnknown:QueryInterface (in: This=0x474c24, riid=0x71941aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce5e0 | out: ppvObject=0x3ce5e0*=0x57ccbc) returned 0x0
[0183.392] WbemLocator:IRpcOptions:Query (in: This=0x57ccbc, pPrx=0x573a90, dwProperty=2, pdwValue=0x3ce6d4 | out: pdwValue=0x3ce6d4) returned 0x80004002
[0183.392] WbemLocator:IUnknown:Release (This=0x57ccbc) returned 0x2
[0183.392] CoGetContextToken (in: pToken=0x3cec14 | out: pToken=0x3cec14) returned 0x0
[0183.392] CoGetContextToken (in: pToken=0x3ceb74 | out: pToken=0x3ceb74) returned 0x0
[0183.392] IUnknown:QueryInterface (in: This=0x474c24, riid=0x3cec44*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ceb10 | out: ppvObject=0x3ceb10*=0x474c24) returned 0x0
[0183.392] IUnknown:Release (This=0x474c24) returned 0x2
[0183.392] SysStringLen (param_1=0x0) returned 0x0
[0183.393] IEnumWbemClassObject:Reset (This=0x474c24) returned 0x0
[0184.135] CoTaskMemAlloc (cb=0x4) returned 0x5625e0
[0184.135] IEnumWbemClassObject:Next (This=0x474c24, lTimeout=-1, uCount=0x1, apObjects=0x5625e0, puReturned=0x248fa5c)
[0187.966] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x3b, wParam=0x50e, lParam=0x0) returned 0x1
[0187.966] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x11, wParam=0x0, lParam=0x0) returned 0x1
[0187.967] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x46, wParam=0x0, lParam=0x3ce574) returned 0x0
[0187.968] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x47, wParam=0x0, lParam=0x3ce574) returned 0x0
[0187.968] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0xd, wParam=0x104, lParam=0x491c5e0) returned 0x0
[0187.970] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x83, wParam=0x1, lParam=0x3ce158) returned 0x0
[0187.970] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x1c, wParam=0x1, lParam=0x428) returned 0x0
[0187.970] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x86, wParam=0x1, lParam=0x0) returned 0x1
[0187.970] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0xd, wParam=0x104, lParam=0x491c5e0) returned 0x0
[0187.971] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0xd, wParam=0x104, lParam=0x491c5e0) returned 0x0
[0187.972] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x6, wParam=0x1, lParam=0x0) returned 0x0
[0187.976] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0
[0187.979] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0
[0187.979] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0
[0187.979] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x3b, wParam=0x50c, lParam=0x0) returned 0x2
[0187.979] CallWindowProcW (lpPrevWndFunc=0x770725dd, hWnd=0xe009c, Msg=0x16, wParam=0x1, lParam=0x0) returned 0x0
Thread:
id = 14
os_tid = 0xf00
Thread:
id = 15
os_tid = 0xf04
[0163.300] CoGetContextToken (in: pToken=0xf6f6cc | out: pToken=0xf6f6cc) returned 0x800401f0
[0163.300] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
Thread:
id = 16
os_tid = 0xf08
Thread:
id = 17
os_tid = 0xf10
Thread:
id = 18
os_tid = 0xf14
Thread:
id = 19
os_tid = 0xf18
Thread:
id = 83
os_tid = 0xf38
[0181.000] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0181.025] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x53df0ec | out: lpiid=0x53df0ec) returned 0x0
[0181.027] CoGetClassObject (in: rclsid=0x5394e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x719a6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x53dee08 | out: ppv=0x53dee08*=0x46fce8) returned 0x0
[0181.028] WbemDefPath:IUnknown:QueryInterface (in: This=0x46fce8, riid=0x7196dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x53df020 | out: ppvObject=0x53df020*=0x0) returned 0x80004002
[0181.028] WbemDefPath:IClassFactory:CreateInstance (in: This=0x46fce8, pUnkOuter=0x0, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53df02c | out: ppvObject=0x53df02c*=0x46fcf8) returned 0x0
[0181.029] WbemDefPath:IUnknown:Release (This=0x46fce8) returned 0x0
[0181.029] WbemDefPath:IUnknown:QueryInterface (in: This=0x46fcf8, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53dec4c | out: ppvObject=0x53dec4c*=0x46fcf8) returned 0x0
[0181.029] WbemDefPath:IUnknown:QueryInterface (in: This=0x46fcf8, riid=0x71941b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x53dec00 | out: ppvObject=0x53dec00*=0x0) returned 0x80004002
[0181.029] WbemDefPath:IUnknown:AddRef (This=0x46fcf8) returned 0x3
[0181.029] WbemDefPath:IUnknown:QueryInterface (in: This=0x46fcf8, riid=0x7194182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x53de55c | out: ppvObject=0x53de55c*=0x0) returned 0x80004002
[0181.029] WbemDefPath:IUnknown:QueryInterface (in: This=0x46fcf8, riid=0x71941764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x53de50c | out: ppvObject=0x53de50c*=0x0) returned 0x80004002
[0181.029] WbemDefPath:IUnknown:QueryInterface (in: This=0x46fcf8, riid=0x71871388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53de518 | out: ppvObject=0x53de518*=0x562370) returned 0x0
[0181.030] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x562370, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x53de520 | out: pCid=0x53de520*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0181.030] WbemDefPath:IUnknown:Release (This=0x562370) returned 0x3
[0181.030] CoGetContextToken (in: pToken=0x53de578 | out: pToken=0x53de578) returned 0x0
[0181.031] CoGetContextToken (in: pToken=0x53de98c | out: pToken=0x53de98c) returned 0x0
[0181.031] WbemDefPath:IUnknown:QueryInterface (in: This=0x46fcf8, riid=0x71941aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53dea0c | out: ppvObject=0x53dea0c*=0x0) returned 0x80004002
[0181.031] WbemDefPath:IUnknown:Release (This=0x46fcf8) returned 0x2
[0181.031] WbemDefPath:IUnknown:Release (This=0x46fcf8) returned 0x1
[0181.031] SetEvent (hEvent=0x2b4) returned 1
[0181.042] CoGetClassObject (in: rclsid=0x5394e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x719a6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x53dee08 | out: ppv=0x53dee08*=0x46fdb8) returned 0x0
[0181.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x46fdb8, riid=0x7196dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x53df020 | out: ppvObject=0x53df020*=0x0) returned 0x80004002
[0181.043] WbemDefPath:IClassFactory:CreateInstance (in: This=0x46fdb8, pUnkOuter=0x0, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53df02c | out: ppvObject=0x53df02c*=0x46fe30) returned 0x0
[0181.043] WbemDefPath:IUnknown:Release (This=0x46fdb8) returned 0x0
[0181.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x46fe30, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53dec4c | out: ppvObject=0x53dec4c*=0x46fe30) returned 0x0
[0181.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x46fe30, riid=0x71941b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x53dec00 | out: ppvObject=0x53dec00*=0x0) returned 0x80004002
[0181.043] WbemDefPath:IUnknown:AddRef (This=0x46fe30) returned 0x3
[0181.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x46fe30, riid=0x7194182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x53de55c | out: ppvObject=0x53de55c*=0x0) returned 0x80004002
[0181.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x46fe30, riid=0x71941764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x53de50c | out: ppvObject=0x53de50c*=0x0) returned 0x80004002
[0181.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x46fe30, riid=0x71871388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53de518 | out: ppvObject=0x53de518*=0x562480) returned 0x0
[0181.043] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x562480, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x53de520 | out: pCid=0x53de520*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0181.043] WbemDefPath:IUnknown:Release (This=0x562480) returned 0x3
[0181.043] CoGetContextToken (in: pToken=0x53de578 | out: pToken=0x53de578) returned 0x0
[0181.044] CoGetContextToken (in: pToken=0x53de98c | out: pToken=0x53de98c) returned 0x0
[0181.044] WbemDefPath:IUnknown:QueryInterface (in: This=0x46fe30, riid=0x71941aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53dea0c | out: ppvObject=0x53dea0c*=0x0) returned 0x80004002
[0181.044] WbemDefPath:IUnknown:Release (This=0x46fe30) returned 0x2
[0181.044] WbemDefPath:IUnknown:Release (This=0x46fe30) returned 0x1
[0181.044] SetEvent (hEvent=0x2e8) returned 1
[0181.046] CoGetClassObject (in: rclsid=0x5394e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x719a6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x53dee08 | out: ppv=0x53dee08*=0x46ffd8) returned 0x0
[0181.046] WbemDefPath:IUnknown:QueryInterface (in: This=0x46ffd8, riid=0x7196dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x53df020 | out: ppvObject=0x53df020*=0x0) returned 0x80004002
[0181.046] WbemDefPath:IClassFactory:CreateInstance (in: This=0x46ffd8, pUnkOuter=0x0, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53df02c | out: ppvObject=0x53df02c*=0x46da38) returned 0x0
[0181.047] WbemDefPath:IUnknown:Release (This=0x46ffd8) returned 0x0
[0181.047] WbemDefPath:IUnknown:QueryInterface (in: This=0x46da38, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53dec4c | out: ppvObject=0x53dec4c*=0x46da38) returned 0x0
[0181.047] WbemDefPath:IUnknown:QueryInterface (in: This=0x46da38, riid=0x71941b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x53dec00 | out: ppvObject=0x53dec00*=0x0) returned 0x80004002
[0181.047] WbemDefPath:IUnknown:AddRef (This=0x46da38) returned 0x3
[0181.047] WbemDefPath:IUnknown:QueryInterface (in: This=0x46da38, riid=0x7194182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x53de55c | out: ppvObject=0x53de55c*=0x0) returned 0x80004002
[0181.047] WbemDefPath:IUnknown:QueryInterface (in: This=0x46da38, riid=0x71941764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x53de50c | out: ppvObject=0x53de50c*=0x0) returned 0x80004002
[0181.047] WbemDefPath:IUnknown:QueryInterface (in: This=0x46da38, riid=0x71871388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53de518 | out: ppvObject=0x53de518*=0x5624b0) returned 0x0
[0181.047] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5624b0, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x53de520 | out: pCid=0x53de520*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0181.047] WbemDefPath:IUnknown:Release (This=0x5624b0) returned 0x3
[0181.047] CoGetContextToken (in: pToken=0x53de578 | out: pToken=0x53de578) returned 0x0
[0181.047] CoGetContextToken (in: pToken=0x53de98c | out: pToken=0x53de98c) returned 0x0
[0181.047] WbemDefPath:IUnknown:QueryInterface (in: This=0x46da38, riid=0x71941aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53dea0c | out: ppvObject=0x53dea0c*=0x0) returned 0x80004002
[0181.047] WbemDefPath:IUnknown:Release (This=0x46da38) returned 0x2
[0181.047] WbemDefPath:IUnknown:Release (This=0x46da38) returned 0x1
[0181.047] SetEvent (hEvent=0x2ec) returned 1
[0181.968] CoGetClassObject (in: rclsid=0x5394e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x719a6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x53dee08 | out: ppv=0x53dee08*=0x46dbf8) returned 0x0
[0181.969] WbemDefPath:IUnknown:QueryInterface (in: This=0x46dbf8, riid=0x7196dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x53df020 | out: ppvObject=0x53df020*=0x0) returned 0x80004002
[0181.969] WbemDefPath:IClassFactory:CreateInstance (in: This=0x46dbf8, pUnkOuter=0x0, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53df02c | out: ppvObject=0x53df02c*=0x46dc20) returned 0x0
[0181.969] WbemDefPath:IUnknown:Release (This=0x46dbf8) returned 0x0
[0181.969] WbemDefPath:IUnknown:QueryInterface (in: This=0x46dc20, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53dec4c | out: ppvObject=0x53dec4c*=0x46dc20) returned 0x0
[0181.969] WbemDefPath:IUnknown:QueryInterface (in: This=0x46dc20, riid=0x71941b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x53dec00 | out: ppvObject=0x53dec00*=0x0) returned 0x80004002
[0181.969] WbemDefPath:IUnknown:AddRef (This=0x46dc20) returned 0x3
[0181.969] WbemDefPath:IUnknown:QueryInterface (in: This=0x46dc20, riid=0x7194182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x53de55c | out: ppvObject=0x53de55c*=0x0) returned 0x80004002
[0181.969] WbemDefPath:IUnknown:QueryInterface (in: This=0x46dc20, riid=0x71941764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x53de50c | out: ppvObject=0x53de50c*=0x0) returned 0x80004002
[0181.969] WbemDefPath:IUnknown:QueryInterface (in: This=0x46dc20, riid=0x71871388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53de518 | out: ppvObject=0x53de518*=0x562540) returned 0x0
[0181.969] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x562540, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x53de520 | out: pCid=0x53de520*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0181.969] WbemDefPath:IUnknown:Release (This=0x562540) returned 0x3
[0181.970] CoGetContextToken (in: pToken=0x53de578 | out: pToken=0x53de578) returned 0x0
[0181.970] CoGetContextToken (in: pToken=0x53de98c | out: pToken=0x53de98c) returned 0x0
[0181.970] WbemDefPath:IUnknown:QueryInterface (in: This=0x46dc20, riid=0x71941aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53dea0c | out: ppvObject=0x53dea0c*=0x0) returned 0x80004002
[0181.970] WbemDefPath:IUnknown:Release (This=0x46dc20) returned 0x2
[0181.970] WbemDefPath:IUnknown:Release (This=0x46dc20) returned 0x1
[0181.970] SetEvent (hEvent=0x340) returned 1
Thread:
id = 84
os_tid = 0xf3c
[0181.058] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0181.059] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x565f474 | out: lpiid=0x565f474) returned 0x0
[0181.060] CoGetClassObject (in: rclsid=0x539574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x719a6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x565f190 | out: ppv=0x565f190*=0x46dbf8) returned 0x0
[0181.061] WbemLocator:IUnknown:QueryInterface (in: This=0x46dbf8, riid=0x7196dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x565f3a8 | out: ppvObject=0x565f3a8*=0x0) returned 0x80004002
[0181.061] WbemLocator:IClassFactory:CreateInstance (in: This=0x46dbf8, pUnkOuter=0x0, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x565f3b4 | out: ppvObject=0x565f3b4*=0x46dc10) returned 0x0
[0181.061] WbemLocator:IUnknown:Release (This=0x46dbf8) returned 0x0
[0181.061] WbemLocator:IUnknown:QueryInterface (in: This=0x46dc10, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x565efd4 | out: ppvObject=0x565efd4*=0x46dc10) returned 0x0
[0181.061] WbemLocator:IUnknown:QueryInterface (in: This=0x46dc10, riid=0x71941b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x565ef88 | out: ppvObject=0x565ef88*=0x0) returned 0x80004002
[0181.062] WbemLocator:IUnknown:AddRef (This=0x46dc10) returned 0x3
[0181.062] WbemLocator:IUnknown:QueryInterface (in: This=0x46dc10, riid=0x7194182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x565e8e4 | out: ppvObject=0x565e8e4*=0x0) returned 0x80004002
[0181.062] WbemLocator:IUnknown:QueryInterface (in: This=0x46dc10, riid=0x71941764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x565e894 | out: ppvObject=0x565e894*=0x0) returned 0x80004002
[0181.062] WbemLocator:IUnknown:QueryInterface (in: This=0x46dc10, riid=0x71871388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x565e8a0 | out: ppvObject=0x565e8a0*=0x0) returned 0x80004002
[0181.062] CoGetContextToken (in: pToken=0x565e900 | out: pToken=0x565e900) returned 0x0
[0181.062] CoGetObjectContext (in: riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x573794 | out: ppv=0x573794*=0x4f1418) returned 0x0
[0181.065] CoGetContextToken (in: pToken=0x565ed14 | out: pToken=0x565ed14) returned 0x0
[0181.065] WbemLocator:IUnknown:QueryInterface (in: This=0x46dc10, riid=0x71941aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x565ed94 | out: ppvObject=0x565ed94*=0x0) returned 0x80004002
[0181.065] WbemLocator:IUnknown:Release (This=0x46dc10) returned 0x2
[0181.065] WbemLocator:IUnknown:Release (This=0x46dc10) returned 0x1
[0181.065] CoGetContextToken (in: pToken=0x565f38c | out: pToken=0x565f38c) returned 0x0
[0181.065] CoGetContextToken (in: pToken=0x565f2ec | out: pToken=0x565f2ec) returned 0x0
[0181.065] WbemLocator:IUnknown:QueryInterface (in: This=0x46dc10, riid=0x565f3bc*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x565f3b8 | out: ppvObject=0x565f3b8*=0x46dc10) returned 0x0
[0181.065] WbemLocator:IUnknown:AddRef (This=0x46dc10) returned 0x3
[0181.065] WbemLocator:IUnknown:Release (This=0x46dc10) returned 0x2
[0181.069] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x46da38, puCount=0x565f54c | out: puCount=0x565f54c*=0x2) returned 0x0
[0181.069] WbemDefPath:IWbemPath:GetText (in: This=0x46da38, lFlags=8, puBuffLength=0x565f548*=0x0, pszText=0x0 | out: puBuffLength=0x565f548*=0xf, pszText=0x0) returned 0x0
[0181.069] WbemDefPath:IWbemPath:GetText (in: This=0x46da38, lFlags=8, puBuffLength=0x565f548*=0xf, pszText="00000000000000" | out: puBuffLength=0x565f548*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0181.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x565e770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0181.079] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x565ec98, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63
[0181.079] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x6d520000
[0181.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x565eccc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecuritymam)\x82̲Dþ\x83q¨ïe\x05\x01", lpUsedDefaultChar=0x0) returned 13
[0181.262] GetProcAddress (hModule=0x6d520000, lpProcName="ResetSecurity") returned 0x6d527dd0
[0181.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x565eccc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11
[0181.274] GetProcAddress (hModule=0x6d520000, lpProcName="SetSecurity") returned 0x6d527e20
[0181.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x565ecc8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 18
[0181.285] GetProcAddress (hModule=0x6d520000, lpProcName="BlessIWbemServices") returned 0x6d526e70
[0181.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x565ecc0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObject»mam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 24
[0181.315] GetProcAddress (hModule=0x6d520000, lpProcName="BlessIWbemServicesObject") returned 0x6d526ed0
[0181.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x565ecc8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandlemam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 17
[0181.342] GetProcAddress (hModule=0x6d520000, lpProcName="GetPropertyHandle") returned 0x6d527820
[0181.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x565ecc8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValueam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 18
[0181.358] GetProcAddress (hModule=0x6d520000, lpProcName="WritePropertyValue") returned 0x6d527fa0
[0181.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x565ecd4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clonemam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 5
[0181.370] GetProcAddress (hModule=0x6d520000, lpProcName="Clone") returned 0x6d526f30
[0181.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x565ecc8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15
[0181.378] GetProcAddress (hModule=0x6d520000, lpProcName="VerifyClientKey") returned 0x6d527f20
[0181.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x565ecc8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15
[0181.384] GetProcAddress (hModule=0x6d520000, lpProcName="GetQualifierSet") returned 0x6d5278e0
[0181.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x565ecd4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3
[0181.387] GetProcAddress (hModule=0x6d520000, lpProcName="Get") returned 0x6d5275c0
[0181.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x565ecd4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3
[0181.407] GetProcAddress (hModule=0x6d520000, lpProcName="Put") returned 0x6d527a00
[0181.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x565ecd4, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Deleteam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 6
[0181.426] GetProcAddress (hModule=0x6d520000, lpProcName="Delete") returned 0x6d527300
[0181.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x565ecd0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNames»mam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 8
[0181.439] GetProcAddress (hModule=0x6d520000, lpProcName="GetNames") returned 0x6d5277c0
[0181.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x565ecc8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumeration»mam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 16
[0181.461] GetProcAddress (hModule=0x6d520000, lpProcName="BeginEnumeration") returned 0x6d526e30
[0181.472] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x565ecd4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Next»mam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 4
[0181.472] GetProcAddress (hModule=0x6d520000, lpProcName="Next") returned 0x6d5279a0
[0181.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x565eccc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumerationam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 14
[0181.499] GetProcAddress (hModule=0x6d520000, lpProcName="EndEnumeration") returned 0x6d5273c0
[0181.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x565ecc0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23
[0181.509] GetProcAddress (hModule=0x6d520000, lpProcName="GetPropertyQualifierSet") returned 0x6d5278b0
[0181.522] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x565ecd4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clonemam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 5
[0181.523] GetProcAddress (hModule=0x6d520000, lpProcName="Clone") returned 0x6d526f30
[0181.523] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x565eccc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectTextmam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 13
[0181.524] GetProcAddress (hModule=0x6d520000, lpProcName="GetObjectText") returned 0x6d5277f0
[0181.537] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x565ecc8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClassmam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 17
[0181.538] GetProcAddress (hModule=0x6d520000, lpProcName="SpawnDerivedClass") returned 0x6d527e80
[0181.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x565eccc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstancemam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 13
[0181.552] GetProcAddress (hModule=0x6d520000, lpProcName="SpawnInstance") returned 0x6d527eb0
[0181.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x565ecd0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTomam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 9
[0181.555] GetProcAddress (hModule=0x6d520000, lpProcName="CompareTo") returned 0x6d527020
[0181.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x565ecc8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOriginmam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 17
[0181.566] GetProcAddress (hModule=0x6d520000, lpProcName="GetPropertyOrigin") returned 0x6d527880
[0181.585] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x565eccc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFrom»mam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 12
[0181.585] GetProcAddress (hModule=0x6d520000, lpProcName="InheritsFrom") returned 0x6d527900
[0181.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x565ecd0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodmam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 9
[0181.587] GetProcAddress (hModule=0x6d520000, lpProcName="GetMethod") returned 0x6d527730
[0181.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x565ecd0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethodmam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 9
[0181.604] GetProcAddress (hModule=0x6d520000, lpProcName="PutMethod") returned 0x6d527bf0
[0181.616] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x565eccc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethod»mam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 12
[0181.617] GetProcAddress (hModule=0x6d520000, lpProcName="DeleteMethod") returned 0x6d527320
[0181.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x565ecc4, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumerationam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 22
[0181.618] GetProcAddress (hModule=0x6d520000, lpProcName="BeginMethodEnumeration") returned 0x6d526e50
[0181.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x565ecd0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethodam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 10
[0181.620] GetProcAddress (hModule=0x6d520000, lpProcName="NextMethod") returned 0x6d5279d0
[0181.625] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x565ecc4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumeration»mam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 20
[0181.626] GetProcAddress (hModule=0x6d520000, lpProcName="EndMethodEnumeration") returned 0x6d5273e0
[0181.626] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x565ecc4, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSetmam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 21
[0181.627] GetProcAddress (hModule=0x6d520000, lpProcName="GetMethodQualifierSet") returned 0x6d527790
[0181.628] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x565ecc8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15
[0181.628] GetProcAddress (hModule=0x6d520000, lpProcName="GetMethodOrigin") returned 0x6d527760
[0181.629] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x565ecc8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Get»mam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 16
[0181.629] GetProcAddress (hModule=0x6d520000, lpProcName="QualifierSet_Get") returned 0x6d527c80
[0181.633] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x565ecc8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Put»mam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 16
[0181.634] GetProcAddress (hModule=0x6d520000, lpProcName="QualifierSet_Put") returned 0x6d527d10
[0181.692] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x565ecc8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmiam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 18
[0181.692] GetProcAddress (hModule=0x6d520000, lpProcName="CreateClassEnumWmi") returned 0x6d527160
[0181.694] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x565eccc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmi»mam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 12
[0181.694] GetProcAddress (hModule=0x6d520000, lpProcName="ExecQueryWmi") returned 0x6d5274e0
[0181.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x565ecc0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmi»mam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 24
[0181.729] GetProcAddress (hModule=0x6d520000, lpProcName="ExecNotificationQueryWmi") returned 0x6d527400
[0181.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x565eccc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmiam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 14
[0181.731] GetProcAddress (hModule=0x6d520000, lpProcName="PutInstanceWmi") returned 0x6d527b10
[0181.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x565eccc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi", lpUsedDefaultChar=0x0) returned 11
[0181.741] GetProcAddress (hModule=0x6d520000, lpProcName="PutClassWmi") returned 0x6d527a30
[0181.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x565ecc0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObject»mam)\x82̲Dþ\x83q¨ïe\x05", lpUsedDefaultChar=0x0) returned 24
[0181.743] GetProcAddress (hModule=0x6d520000, lpProcName="CloneEnumWbemClassObject") returned 0x6d526f50
[0181.752] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x565ec80 | out: phkResult=0x565ec80*=0x314) returned 0x0
[0181.752] RegQueryValueExW (in: hKey=0x314, lpValueName="WMIDisableCOMSecurity", lpReserved=0x0, lpType=0x565ec9c, lpData=0x0, lpcbData=0x565ec98*=0x0 | out: lpType=0x565ec9c*=0x0, lpData=0x0, lpcbData=0x565ec98*=0x0) returned 0x2
[0181.752] RegCloseKey (hKey=0x314) returned 0x0
[0181.753] CoCreateInstance (in: rclsid=0x6d523734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d523794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x565f3f8 | out: ppv=0x565f3f8*=0x46dc20) returned 0x0
[0181.753] WbemLocator:IWbemLocator:ConnectServer (in: This=0x46dc20, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x565f498 | out: ppNamespace=0x565f498*=0x46dd1c) returned 0x0
[0181.768] WbemLocator:IUnknown:QueryInterface (in: This=0x46dd1c, riid=0x6d5235b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x565f31c | out: ppvObject=0x565f31c*=0x57891c) returned 0x0
[0181.768] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x57891c, pProxy=0x46dd1c, pAuthnSvc=0x565f36c, pAuthzSvc=0x565f368, pServerPrincName=0x565f360, pAuthnLevel=0x565f364, pImpLevel=0x565f354, pAuthInfo=0x565f358, pCapabilites=0x565f35c | out: pAuthnSvc=0x565f36c*=0xa, pAuthzSvc=0x565f368*=0x0, pServerPrincName=0x565f360, pAuthnLevel=0x565f364*=0x6, pImpLevel=0x565f354*=0x2, pAuthInfo=0x565f358, pCapabilites=0x565f35c*=0x1) returned 0x0
[0181.768] WbemLocator:IUnknown:Release (This=0x57891c) returned 0x1
[0181.769] WbemLocator:IUnknown:QueryInterface (in: This=0x46dd1c, riid=0x6d5235a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x565f310 | out: ppvObject=0x565f310*=0x57893c) returned 0x0
[0181.769] WbemLocator:IUnknown:QueryInterface (in: This=0x46dd1c, riid=0x6d5235b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x565f2fc | out: ppvObject=0x565f2fc*=0x57891c) returned 0x0
[0181.769] WbemLocator:IClientSecurity:SetBlanket (This=0x57891c, pProxy=0x46dd1c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0181.769] WbemLocator:IUnknown:Release (This=0x57891c) returned 0x2
[0181.769] WbemLocator:IUnknown:Release (This=0x57893c) returned 0x1
[0181.769] CoTaskMemFree (pv=0x539628)
[0181.770] WbemLocator:IUnknown:AddRef (This=0x46dd1c) returned 0x2
[0181.770] WbemLocator:IUnknown:Release (This=0x46dc20) returned 0x0
[0181.770] CoGetContextToken (in: pToken=0x565e850 | out: pToken=0x565e850) returned 0x0
[0181.770] CoGetContextToken (in: pToken=0x565ec64 | out: pToken=0x565ec64) returned 0x0
[0181.770] WbemLocator:IUnknown:QueryInterface (in: This=0x46dd1c, riid=0x71941aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x565ebfc | out: ppvObject=0x565ebfc*=0x578924) returned 0x0
[0181.771] WbemLocator:IRpcOptions:Query (in: This=0x578924, pPrx=0x573910, dwProperty=2, pdwValue=0x565ecf0 | out: pdwValue=0x565ecf0) returned 0x80004002
[0181.771] WbemLocator:IUnknown:Release (This=0x578924) returned 0x2
[0181.771] CoGetContextToken (in: pToken=0x565f234 | out: pToken=0x565f234) returned 0x0
[0181.771] CoGetContextToken (in: pToken=0x565f194 | out: pToken=0x565f194) returned 0x0
[0181.771] WbemLocator:IUnknown:QueryInterface (in: This=0x46dd1c, riid=0x565f264*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x565f130 | out: ppvObject=0x565f130*=0x46dd1c) returned 0x0
[0181.772] WbemLocator:IUnknown:Release (This=0x46dd1c) returned 0x2
[0181.779] SysStringLen (param_1=0x0) returned 0x0
[0181.781] CoUninitialize ()
Thread:
id = 85
os_tid = 0xf40
Thread:
id = 86
os_tid = 0xf44
[0181.910] CoGetContextToken (in: pToken=0x553f440 | out: pToken=0x553f440) returned 0x0
[0181.910] CoGetContextToken (in: pToken=0x553f42c | out: pToken=0x553f42c) returned 0x0
[0181.911] CoGetMarshalSizeMax (in: pulSize=0x553f3e8, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x573910, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x553f3e8) returned 0x0
[0181.913] CoMarshalInterface (pStm=0x529360, riid=0x71852a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x573910, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
Thread:
id = 87
os_tid = 0xf48
[0181.930] WbemLocator:IUnknown:QueryInterface (in: This=0x46dd1c, riid=0x52b3f8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x56cf4c0 | out: ppvObject=0x56cf4c0*=0x46dd1c) returned 0x0
[0181.932] WbemLocator:IUnknown:QueryInterface (in: This=0x46dd1c, riid=0x6d719fa8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x56cf470 | out: ppvObject=0x56cf470*=0x46dd1c) returned 0x0
[0181.932] WbemLocator:IUnknown:QueryInterface (in: This=0x46dd1c, riid=0x6d719fa8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x56cf428 | out: ppvObject=0x56cf428*=0x46dd1c) returned 0x0
[0181.934] IWbemServices:GetObject (in: This=0x46dd1c, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x56cf5e8*=0x0, ppCallResult=0x0 | out: ppObject=0x56cf5e8*=0x474708, ppCallResult=0x0) returned 0x0
Process:
id = "4"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0xe70e000"
os_pid = "0x330"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "rpc_server"
parent_id = "3"
os_parent_pid = "0x1c8"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b190" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 675
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 676
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 677
start_va = 0x30000
end_va = 0xaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 678
start_va = 0xb0000
end_va = 0xb3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000b0000"
filename = ""
Region:
id = 679
start_va = 0xc0000
end_va = 0xc0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 680
start_va = 0xd0000
end_va = 0x136fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 681
start_va = 0x140000
end_va = 0x140fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 682
start_va = 0x150000
end_va = 0x150fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 683
start_va = 0x160000
end_va = 0x16ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 684
start_va = 0x170000
end_va = 0x22ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000170000"
filename = ""
Region:
id = 685
start_va = 0x230000
end_va = 0x32ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000230000"
filename = ""
Region:
id = 686
start_va = 0x330000
end_va = 0x42ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000330000"
filename = ""
Region:
id = 687
start_va = 0x430000
end_va = 0x5b7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000430000"
filename = ""
Region:
id = 688
start_va = 0x5c0000
end_va = 0x740fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005c0000"
filename = ""
Region:
id = 689
start_va = 0x750000
end_va = 0x750fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000750000"
filename = ""
Region:
id = 690
start_va = 0x760000
end_va = 0x760fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000760000"
filename = ""
Region:
id = 691
start_va = 0x770000
end_va = 0x7effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000770000"
filename = ""
Region:
id = 692
start_va = 0x7f0000
end_va = 0x7f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007f0000"
filename = ""
Region:
id = 693
start_va = 0x800000
end_va = 0x80afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui")
Region:
id = 694
start_va = 0x810000
end_va = 0x81cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 695
start_va = 0x820000
end_va = 0x823fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taskcomp.dll.mui"
filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui")
Region:
id = 696
start_va = 0x830000
end_va = 0x839fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schedsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui")
Region:
id = 697
start_va = 0x840000
end_va = 0x840fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000840000"
filename = ""
Region:
id = 698
start_va = 0x850000
end_va = 0x851fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000850000"
filename = ""
Region:
id = 699
start_va = 0x860000
end_va = 0x863fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 700
start_va = 0x870000
end_va = 0x871fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000870000"
filename = ""
Region:
id = 701
start_va = 0x880000
end_va = 0x883fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 702
start_va = 0x890000
end_va = 0x890fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000890000"
filename = ""
Region:
id = 703
start_va = 0x8a0000
end_va = 0x8a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wshtcpip.dll.mui"
filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui")
Region:
id = 704
start_va = 0x8b0000
end_va = 0x8b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wship6.dll.mui"
filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui")
Region:
id = 705
start_va = 0x8c0000
end_va = 0x8c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008c0000"
filename = ""
Region:
id = 706
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008d0000"
filename = ""
Region:
id = 707
start_va = 0x8e0000
end_va = 0x8f9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008e0000"
filename = ""
Region:
id = 708
start_va = 0x900000
end_va = 0x900fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 709
start_va = 0x910000
end_va = 0x93ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db")
Region:
id = 710
start_va = 0x940000
end_va = 0x94dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui")
Region:
id = 711
start_va = 0x9d0000
end_va = 0x9d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vsstrace.dll.mui"
filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui")
Region:
id = 712
start_va = 0x9e0000
end_va = 0xa5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 713
start_va = 0xa60000
end_va = 0xa60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a60000"
filename = ""
Region:
id = 714
start_va = 0xa70000
end_va = 0xa70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a70000"
filename = ""
Region:
id = 715
start_va = 0xa80000
end_va = 0xafffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 716
start_va = 0xb00000
end_va = 0xb00fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b00000"
filename = ""
Region:
id = 717
start_va = 0xb10000
end_va = 0xb8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 718
start_va = 0xb90000
end_va = 0xe5efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 719
start_va = 0xe60000
end_va = 0xe67fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e60000"
filename = ""
Region:
id = 720
start_va = 0xe70000
end_va = 0xeeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e70000"
filename = ""
Region:
id = 721
start_va = 0xef0000
end_va = 0xf0bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "firewallapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui")
Region:
id = 722
start_va = 0xf10000
end_va = 0xf1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f10000"
filename = ""
Region:
id = 723
start_va = 0xf20000
end_va = 0xf2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f20000"
filename = ""
Region:
id = 724
start_va = 0xf30000
end_va = 0xf3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f30000"
filename = ""
Region:
id = 725
start_va = 0xf40000
end_va = 0xf40fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f40000"
filename = ""
Region:
id = 726
start_va = 0xfd0000
end_va = 0x104ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fd0000"
filename = ""
Region:
id = 727
start_va = 0x1050000
end_va = 0x1051fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001050000"
filename = ""
Region:
id = 728
start_va = 0x1060000
end_va = 0x1060fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001060000"
filename = ""
Region:
id = 729
start_va = 0x1070000
end_va = 0x107ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 730
start_va = 0x1080000
end_va = 0x108ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001080000"
filename = ""
Region:
id = 731
start_va = 0x1090000
end_va = 0x10f5fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 732
start_va = 0x1100000
end_va = 0x1107fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001100000"
filename = ""
Region:
id = 733
start_va = 0x1110000
end_va = 0x111ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001110000"
filename = ""
Region:
id = 734
start_va = 0x1120000
end_va = 0x112ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001120000"
filename = ""
Region:
id = 735
start_va = 0x1130000
end_va = 0x1137fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001130000"
filename = ""
Region:
id = 736
start_va = 0x1140000
end_va = 0x114ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 737
start_va = 0x1150000
end_va = 0x11cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001150000"
filename = ""
Region:
id = 738
start_va = 0x11d0000
end_va = 0x11dffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 739
start_va = 0x11e0000
end_va = 0x11effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011e0000"
filename = ""
Region:
id = 740
start_va = 0x11f0000
end_va = 0x126ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011f0000"
filename = ""
Region:
id = 741
start_va = 0x1270000
end_va = 0x127ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001270000"
filename = ""
Region:
id = 742
start_va = 0x1280000
end_va = 0x128ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001280000"
filename = ""
Region:
id = 743
start_va = 0x1310000
end_va = 0x1317fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001310000"
filename = ""
Region:
id = 744
start_va = 0x1320000
end_va = 0x139ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001320000"
filename = ""
Region:
id = 745
start_va = 0x13a0000
end_va = 0x13affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013a0000"
filename = ""
Region:
id = 746
start_va = 0x13c0000
end_va = 0x143ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 747
start_va = 0x1460000
end_va = 0x1460fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msxml3r.dll"
filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll")
Region:
id = 748
start_va = 0x1480000
end_va = 0x14fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 749
start_va = 0x1500000
end_va = 0x150ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001500000"
filename = ""
Region:
id = 750
start_va = 0x1510000
end_va = 0x151ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001510000"
filename = ""
Region:
id = 751
start_va = 0x1520000
end_va = 0x152ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001520000"
filename = ""
Region:
id = 752
start_va = 0x1530000
end_va = 0x153ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001530000"
filename = ""
Region:
id = 753
start_va = 0x1540000
end_va = 0x154ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001540000"
filename = ""
Region:
id = 754
start_va = 0x1550000
end_va = 0x155ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001550000"
filename = ""
Region:
id = 755
start_va = 0x1560000
end_va = 0x1562fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wuaueng.dll.mui"
filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui")
Region:
id = 756
start_va = 0x1570000
end_va = 0x157ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 757
start_va = 0x1580000
end_va = 0x159ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001580000"
filename = ""
Region:
id = 758
start_va = 0x15a0000
end_va = 0x161ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000015a0000"
filename = ""
Region:
id = 759
start_va = 0x1620000
end_va = 0x162ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001620000"
filename = ""
Region:
id = 760
start_va = 0x1630000
end_va = 0x163ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001630000"
filename = ""
Region:
id = 761
start_va = 0x1640000
end_va = 0x164ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001640000"
filename = ""
Region:
id = 762
start_va = 0x1650000
end_va = 0x165ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001650000"
filename = ""
Region:
id = 763
start_va = 0x1660000
end_va = 0x166ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001660000"
filename = ""
Region:
id = 764
start_va = 0x1670000
end_va = 0x167ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001670000"
filename = ""
Region:
id = 765
start_va = 0x1680000
end_va = 0x16fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001680000"
filename = ""
Region:
id = 766
start_va = 0x1790000
end_va = 0x180ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001790000"
filename = ""
Region:
id = 767
start_va = 0x1810000
end_va = 0x190ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001810000"
filename = ""
Region:
id = 768
start_va = 0x1920000
end_va = 0x199ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001920000"
filename = ""
Region:
id = 769
start_va = 0x19b0000
end_va = 0x1a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000019b0000"
filename = ""
Region:
id = 770
start_va = 0x1a30000
end_va = 0x1a6ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001a30000"
filename = ""
Region:
id = 771
start_va = 0x1a70000
end_va = 0x1aaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001a70000"
filename = ""
Region:
id = 772
start_va = 0x1ab0000
end_va = 0x1ab0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ab0000"
filename = ""
Region:
id = 773
start_va = 0x1ac0000
end_va = 0x1b3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ac0000"
filename = ""
Region:
id = 774
start_va = 0x1b40000
end_va = 0x1bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b40000"
filename = ""
Region:
id = 775
start_va = 0x1bf0000
end_va = 0x1ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001bf0000"
filename = ""
Region:
id = 776
start_va = 0x1d30000
end_va = 0x1d37fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d30000"
filename = ""
Region:
id = 777
start_va = 0x1d50000
end_va = 0x1dcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d50000"
filename = ""
Region:
id = 778
start_va = 0x1dd0000
end_va = 0x1e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001dd0000"
filename = ""
Region:
id = 779
start_va = 0x1e60000
end_va = 0x1e6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e60000"
filename = ""
Region:
id = 780
start_va = 0x1e70000
end_va = 0x1eeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e70000"
filename = ""
Region:
id = 781
start_va = 0x1f40000
end_va = 0x1fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f40000"
filename = ""
Region:
id = 782
start_va = 0x1fc0000
end_va = 0x203ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001fc0000"
filename = ""
Region:
id = 783
start_va = 0x2100000
end_va = 0x217ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002100000"
filename = ""
Region:
id = 784
start_va = 0x2180000
end_va = 0x21fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 785
start_va = 0x2210000
end_va = 0x228ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002210000"
filename = ""
Region:
id = 786
start_va = 0x23a0000
end_va = 0x241ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023a0000"
filename = ""
Region:
id = 787
start_va = 0x2420000
end_va = 0x249ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002420000"
filename = ""
Region:
id = 788
start_va = 0x25f0000
end_va = 0x266ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 789
start_va = 0x2670000
end_va = 0x276ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002670000"
filename = ""
Region:
id = 790
start_va = 0x2770000
end_va = 0x27effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 791
start_va = 0x2880000
end_va = 0x293ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 792
start_va = 0x2950000
end_va = 0x29cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002950000"
filename = ""
Region:
id = 793
start_va = 0x29d0000
end_va = 0x2acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000029d0000"
filename = ""
Region:
id = 794
start_va = 0x2ae0000
end_va = 0x2aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ae0000"
filename = ""
Region:
id = 795
start_va = 0x2af0000
end_va = 0x2beffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002af0000"
filename = ""
Region:
id = 796
start_va = 0x2c60000
end_va = 0x2c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c60000"
filename = ""
Region:
id = 797
start_va = 0x2c70000
end_va = 0x2d6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c70000"
filename = ""
Region:
id = 798
start_va = 0x2e20000
end_va = 0x2e9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002e20000"
filename = ""
Region:
id = 799
start_va = 0x2ee0000
end_va = 0x2f5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ee0000"
filename = ""
Region:
id = 800
start_va = 0x3120000
end_va = 0x321ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003120000"
filename = ""
Region:
id = 801
start_va = 0x3270000
end_va = 0x32effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003270000"
filename = ""
Region:
id = 802
start_va = 0x3370000
end_va = 0x356ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003370000"
filename = ""
Region:
id = 803
start_va = 0x3770000
end_va = 0x396ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003770000"
filename = ""
Region:
id = 804
start_va = 0x3b00000
end_va = 0x3bfffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003b00000"
filename = ""
Region:
id = 805
start_va = 0x3c60000
end_va = 0x3cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c60000"
filename = ""
Region:
id = 806
start_va = 0x3ce0000
end_va = 0x3d5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ce0000"
filename = ""
Region:
id = 807
start_va = 0x3db0000
end_va = 0x3e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003db0000"
filename = ""
Region:
id = 808
start_va = 0x3ee0000
end_va = 0x3f5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ee0000"
filename = ""
Region:
id = 809
start_va = 0x4020000
end_va = 0x421ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004020000"
filename = ""
Region:
id = 810
start_va = 0x4220000
end_va = 0x461ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004220000"
filename = ""
Region:
id = 811
start_va = 0x4630000
end_va = 0x46affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004630000"
filename = ""
Region:
id = 812
start_va = 0x46e0000
end_va = 0x475ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046e0000"
filename = ""
Region:
id = 813
start_va = 0x4760000
end_va = 0x47dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004760000"
filename = ""
Region:
id = 814
start_va = 0x4800000
end_va = 0x487ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004800000"
filename = ""
Region:
id = 815
start_va = 0x4880000
end_va = 0x497ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004880000"
filename = ""
Region:
id = 816
start_va = 0x4980000
end_va = 0x4a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004980000"
filename = ""
Region:
id = 817
start_va = 0x4a80000
end_va = 0x4b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a80000"
filename = ""
Region:
id = 818
start_va = 0x4b80000
end_va = 0x4c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b80000"
filename = ""
Region:
id = 819
start_va = 0x4c80000
end_va = 0x4d7ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004c80000"
filename = ""
Region:
id = 820
start_va = 0x4d80000
end_va = 0x4e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d80000"
filename = ""
Region:
id = 821
start_va = 0x4e80000
end_va = 0x5e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e80000"
filename = ""
Region:
id = 822
start_va = 0x5f30000
end_va = 0x5faffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005f30000"
filename = ""
Region:
id = 823
start_va = 0x6040000
end_va = 0x60bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006040000"
filename = ""
Region:
id = 824
start_va = 0x60e0000
end_va = 0x615ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000060e0000"
filename = ""
Region:
id = 825
start_va = 0x6290000
end_va = 0x630ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006290000"
filename = ""
Region:
id = 826
start_va = 0x64f0000
end_va = 0x656ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000064f0000"
filename = ""
Region:
id = 827
start_va = 0x6570000
end_va = 0x696ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006570000"
filename = ""
Region:
id = 828
start_va = 0x6af0000
end_va = 0x6b6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006af0000"
filename = ""
Region:
id = 829
start_va = 0x76c40000
end_va = 0x76d5efff
monitored = 0
entry_point = 0x76c55ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 830
start_va = 0x76d60000
end_va = 0x76e59fff
monitored = 0
entry_point = 0x76d7a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 831
start_va = 0x76e60000
end_va = 0x77008fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 832
start_va = 0x77020000
end_va = 0x77026fff
monitored = 0
entry_point = 0x7702106c
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 833
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 834
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 835
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 836
start_va = 0xff630000
end_va = 0xff63afff
monitored = 0
entry_point = 0xff63246c
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 837
start_va = 0x7feef620000
end_va = 0x7feef7f3fff
monitored = 0
entry_point = 0x7feef656b00
region_type = mapped_file
name = "msxml3.dll"
filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll")
Region:
id = 838
start_va = 0x7feefb10000
end_va = 0x7feefd62fff
monitored = 0
entry_point = 0x7feefb1236c
region_type = mapped_file
name = "wuaueng.dll"
filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll")
Region:
id = 839
start_va = 0x7fef0c50000
end_va = 0x7fef0c94fff
monitored = 0
entry_point = 0x7fef0c83644
region_type = mapped_file
name = "upnp.dll"
filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll")
Region:
id = 840
start_va = 0x7fef0ca0000
end_va = 0x7fef0cb1fff
monitored = 0
entry_point = 0x7fef0ca90bc
region_type = mapped_file
name = "bitsigd.dll"
filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll")
Region:
id = 841
start_va = 0x7fef1470000
end_va = 0x7fef1479fff
monitored = 0
entry_point = 0x7fef1473994
region_type = mapped_file
name = "bitsperf.dll"
filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")
Region:
id = 842
start_va = 0x7fef1a10000
end_va = 0x7fef1a2cfff
monitored = 0
entry_point = 0x7fef1a12f18
region_type = mapped_file
name = "mmcss.dll"
filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll")
Region:
id = 843
start_va = 0x7fef1a30000
end_va = 0x7fef1a61fff
monitored = 0
entry_point = 0x7fef1a31060
region_type = mapped_file
name = "dssenh.dll"
filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll")
Region:
id = 844
start_va = 0x7fef1d70000
end_va = 0x7fef1fe9fff
monitored = 0
entry_point = 0x7fef1da2200
region_type = mapped_file
name = "esent.dll"
filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll")
Region:
id = 845
start_va = 0x7fef3740000
end_va = 0x7fef375bfff
monitored = 0
entry_point = 0x7fef37411a0
region_type = mapped_file
name = "rasman.dll"
filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")
Region:
id = 846
start_va = 0x7fef3760000
end_va = 0x7fef37c1fff
monitored = 0
entry_point = 0x7fef3761198
region_type = mapped_file
name = "rasapi32.dll"
filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")
Region:
id = 847
start_va = 0x7fef37d0000
end_va = 0x7fef3809fff
monitored = 0
entry_point = 0x7fef37d1010
region_type = mapped_file
name = "mprapi.dll"
filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll")
Region:
id = 848
start_va = 0x7fef3eb0000
end_va = 0x7fef3f20fff
monitored = 0
entry_point = 0x7fef3eeecc4
region_type = mapped_file
name = "winspool.drv"
filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv")
Region:
id = 849
start_va = 0x7fef41c0000
end_va = 0x7fef41cbfff
monitored = 0
entry_point = 0x7fef41c602c
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 850
start_va = 0x7fef4450000
end_va = 0x7fef4457fff
monitored = 0
entry_point = 0x7fef4451414
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 851
start_va = 0x7fef4460000
end_va = 0x7fef44ddfff
monitored = 0
entry_point = 0x7fef44b1310
region_type = mapped_file
name = "wbemess.dll"
filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")
Region:
id = 852
start_va = 0x7fef44e0000
end_va = 0x7fef44f5fff
monitored = 0
entry_point = 0x7fef44e1070
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 853
start_va = 0x7fef4500000
end_va = 0x7fef45bbfff
monitored = 0
entry_point = 0x7fef45211dc
region_type = mapped_file
name = "wmiprvsd.dll"
filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")
Region:
id = 854
start_va = 0x7fef45c0000
end_va = 0x7fef4632fff
monitored = 0
entry_point = 0x7fef45ce480
region_type = mapped_file
name = "repdrvfs.dll"
filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")
Region:
id = 855
start_va = 0x7fef4640000
end_va = 0x7fef4665fff
monitored = 0
entry_point = 0x7fef4647948
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 856
start_va = 0x7fef4670000
end_va = 0x7fef4688fff
monitored = 0
entry_point = 0x7fef4671104
region_type = mapped_file
name = "resutils.dll"
filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")
Region:
id = 857
start_va = 0x7fef4690000
end_va = 0x7fef46dffff
monitored = 0
entry_point = 0x7fef4691190
region_type = mapped_file
name = "clusapi.dll"
filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")
Region:
id = 858
start_va = 0x7fef46e0000
end_va = 0x7fef474afff
monitored = 0
entry_point = 0x7fef4724344
region_type = mapped_file
name = "hnetcfg.dll"
filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")
Region:
id = 859
start_va = 0x7fef4750000
end_va = 0x7fef4763fff
monitored = 0
entry_point = 0x7fef4751070
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 860
start_va = 0x7fef4770000
end_va = 0x7fef47defff
monitored = 0
entry_point = 0x7fef477bf5c
region_type = mapped_file
name = "esscli.dll"
filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")
Region:
id = 861
start_va = 0x7fef47e0000
end_va = 0x7fef490efff
monitored = 0
entry_point = 0x7fef47e1080
region_type = mapped_file
name = "wbemcore.dll"
filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")
Region:
id = 862
start_va = 0x7fef4910000
end_va = 0x7fef4993fff
monitored = 0
entry_point = 0x7fef4961118
region_type = mapped_file
name = "netcfgx.dll"
filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll")
Region:
id = 863
start_va = 0x7fef49a0000
end_va = 0x7fef49c4fff
monitored = 0
entry_point = 0x7fef49b8c54
region_type = mapped_file
name = "browser.dll"
filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll")
Region:
id = 864
start_va = 0x7fef49d0000
end_va = 0x7fef4a0cfff
monitored = 0
entry_point = 0x7fef49d1070
region_type = mapped_file
name = "srvsvc.dll"
filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")
Region:
id = 865
start_va = 0x7fef4a10000
end_va = 0x7fef4a36fff
monitored = 0
entry_point = 0x7fef4a111a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 866
start_va = 0x7fef4a40000
end_va = 0x7fef4b21fff
monitored = 0
entry_point = 0x7fef4a63814
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 867
start_va = 0x7fef4b70000
end_va = 0x7fef4bb6fff
monitored = 0
entry_point = 0x7fef4b71040
region_type = mapped_file
name = "wdscore.dll"
filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")
Region:
id = 868
start_va = 0x7fef4bc0000
end_va = 0x7fef4c01fff
monitored = 0
entry_point = 0x7fef4bc17e4
region_type = mapped_file
name = "sqmapi.dll"
filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")
Region:
id = 869
start_va = 0x7fef5520000
end_va = 0x7fef5530fff
monitored = 0
entry_point = 0x7fef5529e7c
region_type = mapped_file
name = "ssdpapi.dll"
filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")
Region:
id = 870
start_va = 0x7fef5560000
end_va = 0x7fef55c3fff
monitored = 0
entry_point = 0x7fef5561254
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")
Region:
id = 871
start_va = 0x7fef55d0000
end_va = 0x7fef5640fff
monitored = 0
entry_point = 0x7fef55d1010
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 872
start_va = 0x7fef56e0000
end_va = 0x7fef56f6fff
monitored = 0
entry_point = 0x7fef56e1060
region_type = mapped_file
name = "vsstrace.dll"
filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll")
Region:
id = 873
start_va = 0x7fef5700000
end_va = 0x7fef58affff
monitored = 0
entry_point = 0x7fef5701010
region_type = mapped_file
name = "vssapi.dll"
filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll")
Region:
id = 874
start_va = 0x7fef6240000
end_va = 0x7fef62b3fff
monitored = 0
entry_point = 0x7fef62466f0
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 875
start_va = 0x7fef7350000
end_va = 0x7fef736afff
monitored = 0
entry_point = 0x7fef7351198
region_type = mapped_file
name = "cabinet.dll"
filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")
Region:
id = 876
start_va = 0x7fef7700000
end_va = 0x7fef77d1fff
monitored = 0
entry_point = 0x7fef7791a10
region_type = mapped_file
name = "qmgr.dll"
filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll")
Region:
id = 877
start_va = 0x7fef77e0000
end_va = 0x7fef77f4fff
monitored = 0
entry_point = 0x7fef77e1020
region_type = mapped_file
name = "appinfo.dll"
filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll")
Region:
id = 878
start_va = 0x7fef7820000
end_va = 0x7fef782efff
monitored = 0
entry_point = 0x7fef7829a48
region_type = mapped_file
name = "mspatcha.dll"
filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll")
Region:
id = 879
start_va = 0x7fef79e0000
end_va = 0x7fef79e8fff
monitored = 0
entry_point = 0x7fef79e11a0
region_type = mapped_file
name = "tschannel.dll"
filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll")
Region:
id = 880
start_va = 0x7fef7f90000
end_va = 0x7fef800bfff
monitored = 0
entry_point = 0x7fef7f911d4
region_type = mapped_file
name = "wer.dll"
filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")
Region:
id = 881
start_va = 0x7fef83d0000
end_va = 0x7fef84bdfff
monitored = 0
entry_point = 0x7fef83d12a0
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 882
start_va = 0x7fef8550000
end_va = 0x7fef8565fff
monitored = 0
entry_point = 0x7fef855ba1c
region_type = mapped_file
name = "ncprov.dll"
filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll")
Region:
id = 883
start_va = 0x7fef8790000
end_va = 0x7fef87d1fff
monitored = 0
entry_point = 0x7fef87c0048
region_type = mapped_file
name = "tcpipcfg.dll"
filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll")
Region:
id = 884
start_va = 0x7fef87e0000
end_va = 0x7fef87f9fff
monitored = 0
entry_point = 0x7fef87f1ae4
region_type = mapped_file
name = "rascfg.dll"
filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll")
Region:
id = 885
start_va = 0x7fef8820000
end_va = 0x7fef882efff
monitored = 0
entry_point = 0x7fef8826894
region_type = mapped_file
name = "ndiscapcfg.dll"
filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll")
Region:
id = 886
start_va = 0x7fef88c0000
end_va = 0x7fef8936fff
monitored = 0
entry_point = 0x7fef88cafd0
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 887
start_va = 0x7fefa3b0000
end_va = 0x7fefa3b9fff
monitored = 0
entry_point = 0x7fefa3b260c
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")
Region:
id = 888
start_va = 0x7fefa3c0000
end_va = 0x7fefa4d1fff
monitored = 0
entry_point = 0x7fefa3df354
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 889
start_va = 0x7fefa4e0000
end_va = 0x7fefa4eefff
monitored = 0
entry_point = 0x7fefa4e7e80
region_type = mapped_file
name = "wiarpc.dll"
filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll")
Region:
id = 890
start_va = 0x7fefa4f0000
end_va = 0x7fefa4f8fff
monitored = 0
entry_point = 0x7fefa4f3668
region_type = mapped_file
name = "fvecerts.dll"
filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll")
Region:
id = 891
start_va = 0x7fefa500000
end_va = 0x7fefa508fff
monitored = 0
entry_point = 0x7fefa501020
region_type = mapped_file
name = "tbs.dll"
filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll")
Region:
id = 892
start_va = 0x7fefa510000
end_va = 0x7fefa565fff
monitored = 0
entry_point = 0x7fefa511040
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 893
start_va = 0x7fefa570000
end_va = 0x7fefa5cdfff
monitored = 0
entry_point = 0x7fefa579024
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 894
start_va = 0x7fefa5d0000
end_va = 0x7fefa5e7fff
monitored = 0
entry_point = 0x7fefa5d1bf8
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 895
start_va = 0x7fefa5f0000
end_va = 0x7fefa600fff
monitored = 0
entry_point = 0x7fefa5f16ac
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 896
start_va = 0x7fefa660000
end_va = 0x7fefa6b2fff
monitored = 0
entry_point = 0x7fefa662b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 897
start_va = 0x7fefa870000
end_va = 0x7fefa87afff
monitored = 0
entry_point = 0x7fefa871198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 898
start_va = 0x7fefa880000
end_va = 0x7fefa8a6fff
monitored = 0
entry_point = 0x7fefa8898bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 899
start_va = 0x7fefa8b0000
end_va = 0x7fefa8c3fff
monitored = 0
entry_point = 0x7fefa8b3e64
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 900
start_va = 0x7fefa8e0000
end_va = 0x7fefa946fff
monitored = 0
entry_point = 0x7fefa8f6060
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 901
start_va = 0x7fefa950000
end_va = 0x7fefa969fff
monitored = 0
entry_point = 0x7fefa963fbc
region_type = mapped_file
name = "nci.dll"
filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll")
Region:
id = 902
start_va = 0x7fefa970000
end_va = 0x7fefaa01fff
monitored = 0
entry_point = 0x7fefa9e51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 903
start_va = 0x7fefaa10000
end_va = 0x7fefaa95fff
monitored = 0
entry_point = 0x7fefaa1ffd0
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 904
start_va = 0x7fefaaa0000
end_va = 0x7fefaab3fff
monitored = 0
entry_point = 0x7fefaaa16b4
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 905
start_va = 0x7fefaac0000
end_va = 0x7fefaad4fff
monitored = 0
entry_point = 0x7fefaac1050
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 906
start_va = 0x7fefaae0000
end_va = 0x7fefaaebfff
monitored = 0
entry_point = 0x7fefaae18a4
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 907
start_va = 0x7fefaaf0000
end_va = 0x7fefab05fff
monitored = 0
entry_point = 0x7fefaaf11a0
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 908
start_va = 0x7fefab10000
end_va = 0x7fefab17fff
monitored = 0
entry_point = 0x7fefab11020
region_type = mapped_file
name = "sscore.dll"
filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll")
Region:
id = 909
start_va = 0x7fefab20000
end_va = 0x7fefab2efff
monitored = 0
entry_point = 0x7fefab211d0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 910
start_va = 0x7fefab30000
end_va = 0x7fefab40fff
monitored = 0
entry_point = 0x7fefab314c0
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 911
start_va = 0x7fefab50000
end_va = 0x7fefab8ffff
monitored = 0
entry_point = 0x7fefab52f10
region_type = mapped_file
name = "wmisvc.dll"
filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")
Region:
id = 912
start_va = 0x7fefad60000
end_va = 0x7fefad94fff
monitored = 0
entry_point = 0x7fefad61064
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 913
start_va = 0x7fefb180000
end_va = 0x7fefb1d5fff
monitored = 0
entry_point = 0x7fefb18bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 914
start_va = 0x7fefb1e0000
end_va = 0x7fefb1fcfff
monitored = 0
entry_point = 0x7fefb1e1ef4
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 915
start_va = 0x7fefb520000
end_va = 0x7fefb530fff
monitored = 0
entry_point = 0x7fefb521070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 916
start_va = 0x7fefb540000
end_va = 0x7fefb54afff
monitored = 0
entry_point = 0x7fefb544f8c
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 917
start_va = 0x7fefb550000
end_va = 0x7fefb55bfff
monitored = 0
entry_point = 0x7fefb5515d8
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 918
start_va = 0x7fefb560000
end_va = 0x7fefb56ffff
monitored = 0
entry_point = 0x7fefb56835c
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 919
start_va = 0x7fefb570000
end_va = 0x7fefb588fff
monitored = 0
entry_point = 0x7fefb5711a8
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 920
start_va = 0x7fefb590000
end_va = 0x7fefb5c6fff
monitored = 0
entry_point = 0x7fefb598424
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 921
start_va = 0x7fefb5d0000
end_va = 0x7fefb5e4fff
monitored = 0
entry_point = 0x7fefb5d60d8
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 922
start_va = 0x7fefb5f0000
end_va = 0x7fefb6b1fff
monitored = 0
entry_point = 0x7fefb5f101c
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 923
start_va = 0x7fefb6c0000
end_va = 0x7fefb8b3fff
monitored = 0
entry_point = 0x7fefb84c924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 924
start_va = 0x7fefbb30000
end_va = 0x7fefbb38fff
monitored = 0
entry_point = 0x7fefbb31010
region_type = mapped_file
name = "avrt.dll"
filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")
Region:
id = 925
start_va = 0x7fefbb40000
end_va = 0x7fefbc6bfff
monitored = 0
entry_point = 0x7fefbb494bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 926
start_va = 0x7fefbda0000
end_va = 0x7fefbdccfff
monitored = 0
entry_point = 0x7fefbda1010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 927
start_va = 0x7fefbf70000
end_va = 0x7fefbf7bfff
monitored = 0
entry_point = 0x7fefbf71064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 928
start_va = 0x7fefbf80000
end_va = 0x7fefc03afff
monitored = 0
entry_point = 0x7fefbf86de0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 929
start_va = 0x7fefc040000
end_va = 0x7fefc046fff
monitored = 0
entry_point = 0x7fefc0414b0
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 930
start_va = 0x7fefc130000
end_va = 0x7fefc14afff
monitored = 0
entry_point = 0x7fefc132068
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 931
start_va = 0x7fefc150000
end_va = 0x7fefc16dfff
monitored = 0
entry_point = 0x7fefc1513b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 932
start_va = 0x7fefc170000
end_va = 0x7fefc181fff
monitored = 0
entry_point = 0x7fefc171060
region_type = mapped_file
name = "devrtl.dll"
filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")
Region:
id = 933
start_va = 0x7fefc190000
end_va = 0x7fefc1aefff
monitored = 0
entry_point = 0x7fefc195c68
region_type = mapped_file
name = "spinf.dll"
filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll")
Region:
id = 934
start_va = 0x7fefc260000
end_va = 0x7fefc298fff
monitored = 0
entry_point = 0x7fefc26c0f0
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 935
start_va = 0x7fefc2a0000
end_va = 0x7fefc2a9fff
monitored = 0
entry_point = 0x7fefc2a3cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 936
start_va = 0x7fefc2b0000
end_va = 0x7fefc2bcfff
monitored = 0
entry_point = 0x7fefc2b1348
region_type = mapped_file
name = "pcwum.dll"
filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")
Region:
id = 937
start_va = 0x7fefc3a0000
end_va = 0x7fefc3e6fff
monitored = 0
entry_point = 0x7fefc3a1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 938
start_va = 0x7fefc490000
end_va = 0x7fefc4bffff
monitored = 0
entry_point = 0x7fefc49194c
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 939
start_va = 0x7fefc4c0000
end_va = 0x7fefc51afff
monitored = 0
entry_point = 0x7fefc4c6940
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 940
start_va = 0x7fefc630000
end_va = 0x7fefc636fff
monitored = 0
entry_point = 0x7fefc63142c
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 941
start_va = 0x7fefc640000
end_va = 0x7fefc694fff
monitored = 0
entry_point = 0x7fefc641054
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 942
start_va = 0x7fefc6a0000
end_va = 0x7fefc6b7fff
monitored = 0
entry_point = 0x7fefc6a3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 943
start_va = 0x7fefc7b0000
end_va = 0x7fefc7e1fff
monitored = 0
entry_point = 0x7fefc7b144c
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 944
start_va = 0x7fefc7f0000
end_va = 0x7fefc7f7fff
monitored = 0
entry_point = 0x7fefc7f2a6c
region_type = mapped_file
name = "wmsgapi.dll"
filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll")
Region:
id = 945
start_va = 0x7fefc800000
end_va = 0x7fefc809fff
monitored = 0
entry_point = 0x7fefc803b40
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 946
start_va = 0x7fefc890000
end_va = 0x7fefc8befff
monitored = 0
entry_point = 0x7fefc891064
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 947
start_va = 0x7fefc8d0000
end_va = 0x7fefc93cfff
monitored = 0
entry_point = 0x7fefc8d1010
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 948
start_va = 0x7fefc940000
end_va = 0x7fefc953fff
monitored = 0
entry_point = 0x7fefc944160
region_type = mapped_file
name = "cryptdll.dll"
filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")
Region:
id = 949
start_va = 0x7fefcba0000
end_va = 0x7fefcbc2fff
monitored = 0
entry_point = 0x7fefcba1198
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 950
start_va = 0x7fefcc40000
end_va = 0x7fefcc4afff
monitored = 0
entry_point = 0x7fefcc41030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 951
start_va = 0x7fefcc70000
end_va = 0x7fefcc94fff
monitored = 0
entry_point = 0x7fefcc79658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 952
start_va = 0x7fefcca0000
end_va = 0x7fefccaefff
monitored = 0
entry_point = 0x7fefcca1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 953
start_va = 0x7fefccb0000
end_va = 0x7fefcd40fff
monitored = 0
entry_point = 0x7fefccb1440
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 954
start_va = 0x7fefcd50000
end_va = 0x7fefcd8cfff
monitored = 0
entry_point = 0x7fefcd518f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 955
start_va = 0x7fefcd90000
end_va = 0x7fefcda3fff
monitored = 0
entry_point = 0x7fefcd910e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 956
start_va = 0x7fefcdb0000
end_va = 0x7fefcdbefff
monitored = 0
entry_point = 0x7fefcdb19b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 957
start_va = 0x7fefce50000
end_va = 0x7fefce5efff
monitored = 0
entry_point = 0x7fefce51020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 958
start_va = 0x7fefce60000
end_va = 0x7fefce9afff
monitored = 0
entry_point = 0x7fefce61324
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 959
start_va = 0x7fefcea0000
end_va = 0x7fefceb9fff
monitored = 0
entry_point = 0x7fefcea1558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 960
start_va = 0x7fefcf60000
end_va = 0x7fefcf95fff
monitored = 0
entry_point = 0x7fefcf61474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 961
start_va = 0x7fefcfa0000
end_va = 0x7fefd00afff
monitored = 0
entry_point = 0x7fefcfa30e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 962
start_va = 0x7fefd010000
end_va = 0x7fefd17cfff
monitored = 0
entry_point = 0x7fefd0110b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 963
start_va = 0x7fefd180000
end_va = 0x7fefdf07fff
monitored = 0
entry_point = 0x7fefd1fcebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 964
start_va = 0x7fefdf10000
end_va = 0x7fefdfd8fff
monitored = 0
entry_point = 0x7fefdf8a874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 965
start_va = 0x7fefdfe0000
end_va = 0x7fefe031fff
monitored = 0
entry_point = 0x7fefdfe10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 966
start_va = 0x7fefe0e0000
end_va = 0x7fefe1b6fff
monitored = 0
entry_point = 0x7fefe0e3274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 967
start_va = 0x7fefe240000
end_va = 0x7fefe416fff
monitored = 0
entry_point = 0x7fefe241010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 968
start_va = 0x7fefe420000
end_va = 0x7fefe486fff
monitored = 0
entry_point = 0x7fefe42b03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 969
start_va = 0x7fefe4b0000
end_va = 0x7fefe4ddfff
monitored = 0
entry_point = 0x7fefe4b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 970
start_va = 0x7fefe4e0000
end_va = 0x7fefe4e7fff
monitored = 0
entry_point = 0x7fefe4e1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 971
start_va = 0x7fefe4f0000
end_va = 0x7fefe50efff
monitored = 0
entry_point = 0x7fefe4f60e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 972
start_va = 0x7fefe510000
end_va = 0x7fefe580fff
monitored = 0
entry_point = 0x7fefe521e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 973
start_va = 0x7fefe590000
end_va = 0x7fefe62efff
monitored = 0
entry_point = 0x7fefe5925a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 974
start_va = 0x7fefe7b0000
end_va = 0x7fefe848fff
monitored = 0
entry_point = 0x7fefe7b1c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 975
start_va = 0x7fefe980000
end_va = 0x7fefe9ccfff
monitored = 0
entry_point = 0x7fefe981070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 976
start_va = 0x7fefec30000
end_va = 0x7fefed5cfff
monitored = 0
entry_point = 0x7fefec7ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 977
start_va = 0x7fefed60000
end_va = 0x7fefed6dfff
monitored = 0
entry_point = 0x7fefed61080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 978
start_va = 0x7fefed70000
end_va = 0x7fefee78fff
monitored = 0
entry_point = 0x7fefed71064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 979
start_va = 0x7fefee80000
end_va = 0x7feff082fff
monitored = 0
entry_point = 0x7fefeea3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 980
start_va = 0x7feff090000
end_va = 0x7feff16afff
monitored = 0
entry_point = 0x7feff0b0760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 981
start_va = 0x7feff180000
end_va = 0x7feff180fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 982
start_va = 0x7fffff56000
end_va = 0x7fffff57fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff56000"
filename = ""
Region:
id = 983
start_va = 0x7fffff58000
end_va = 0x7fffff59fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff58000"
filename = ""
Region:
id = 984
start_va = 0x7fffff5a000
end_va = 0x7fffff5bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff5a000"
filename = ""
Region:
id = 985
start_va = 0x7fffff62000
end_va = 0x7fffff63fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff62000"
filename = ""
Region:
id = 986
start_va = 0x7fffff66000
end_va = 0x7fffff67fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff66000"
filename = ""
Region:
id = 987
start_va = 0x7fffff68000
end_va = 0x7fffff69fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff68000"
filename = ""
Region:
id = 988
start_va = 0x7fffff6a000
end_va = 0x7fffff6bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6a000"
filename = ""
Region:
id = 989
start_va = 0x7fffff72000
end_va = 0x7fffff73fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff72000"
filename = ""
Region:
id = 990
start_va = 0x7fffff7a000
end_va = 0x7fffff7bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7a000"
filename = ""
Region:
id = 991
start_va = 0x7fffff80000
end_va = 0x7fffff81fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff80000"
filename = ""
Region:
id = 992
start_va = 0x7fffff82000
end_va = 0x7fffff83fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff82000"
filename = ""
Region:
id = 993
start_va = 0x7fffff84000
end_va = 0x7fffff85fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff84000"
filename = ""
Region:
id = 994
start_va = 0x7fffff88000
end_va = 0x7fffff89fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff88000"
filename = ""
Region:
id = 995
start_va = 0x7fffff8a000
end_va = 0x7fffff8bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8a000"
filename = ""
Region:
id = 996
start_va = 0x7fffff8e000
end_va = 0x7fffff8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8e000"
filename = ""
Region:
id = 997
start_va = 0x7fffff90000
end_va = 0x7fffff91fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff90000"
filename = ""
Region:
id = 998
start_va = 0x7fffff92000
end_va = 0x7fffff93fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff92000"
filename = ""
Region:
id = 999
start_va = 0x7fffff94000
end_va = 0x7fffff95fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff94000"
filename = ""
Region:
id = 1000
start_va = 0x7fffff96000
end_va = 0x7fffff97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff96000"
filename = ""
Region:
id = 1001
start_va = 0x7fffff98000
end_va = 0x7fffff99fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff98000"
filename = ""
Region:
id = 1002
start_va = 0x7fffff9a000
end_va = 0x7fffff9bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9a000"
filename = ""
Region:
id = 1003
start_va = 0x7fffff9c000
end_va = 0x7fffff9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9c000"
filename = ""
Region:
id = 1004
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 1005
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 1006
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 1007
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 1008
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 1009
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 1010
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 1011
start_va = 0x7fffffd3000
end_va = 0x7fffffd3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 1012
start_va = 0x7fffffd4000
end_va = 0x7fffffd5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Region:
id = 1013
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 1014
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 1015
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 2175
start_va = 0x1710000
end_va = 0x178ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001710000"
filename = ""
Region:
id = 2176
start_va = 0x2050000
end_va = 0x20cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002050000"
filename = ""
Region:
id = 2177
start_va = 0x2310000
end_va = 0x238ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002310000"
filename = ""
Region:
id = 2178
start_va = 0x24a0000
end_va = 0x251ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024a0000"
filename = ""
Region:
id = 2179
start_va = 0x2520000
end_va = 0x259ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002520000"
filename = ""
Region:
id = 2180
start_va = 0x27f0000
end_va = 0x286ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 2181
start_va = 0x2d70000
end_va = 0x2deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d70000"
filename = ""
Region:
id = 2182
start_va = 0x2f80000
end_va = 0x2ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002f80000"
filename = ""
Region:
id = 2183
start_va = 0x3040000
end_va = 0x30bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003040000"
filename = ""
Region:
id = 2184
start_va = 0x3680000
end_va = 0x36fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003680000"
filename = ""
Region:
id = 2185
start_va = 0x7fefbb10000
end_va = 0x7fefbb24fff
monitored = 0
entry_point = 0x7fefbb11010
region_type = mapped_file
name = "aelupsvc.dll"
filename = "\\Windows\\System32\\aelupsvc.dll" (normalized: "c:\\windows\\system32\\aelupsvc.dll")
Region:
id = 2186
start_va = 0x7fffff78000
end_va = 0x7fffff79fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff78000"
filename = ""
Region:
id = 2187
start_va = 0x7fffff7c000
end_va = 0x7fffff7dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7c000"
filename = ""
Region:
id = 2188
start_va = 0x7fffff7e000
end_va = 0x7fffff7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7e000"
filename = ""
Region:
id = 2189
start_va = 0x7fffff86000
end_va = 0x7fffff87fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff86000"
filename = ""
Region:
id = 2190
start_va = 0x7fffff8c000
end_va = 0x7fffff8dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8c000"
filename = ""
Region:
id = 2191
start_va = 0x7fffff9e000
end_va = 0x7fffff9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9e000"
filename = ""
Region:
id = 2192
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 2193
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 2194
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 2195
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 2196
start_va = 0x3970000
end_va = 0x3aaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003970000"
filename = ""
Region:
id = 2197
start_va = 0x35c0000
end_va = 0x363ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000035c0000"
filename = ""
Region:
id = 2198
start_va = 0x3970000
end_va = 0x3a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003970000"
filename = ""
Region:
id = 2199
start_va = 0x3aa0000
end_va = 0x3aaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003aa0000"
filename = ""
Region:
id = 2200
start_va = 0x3e40000
end_va = 0x3ebffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e40000"
filename = ""
Region:
id = 2201
start_va = 0x7fffff74000
end_va = 0x7fffff75fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff74000"
filename = ""
Region:
id = 2202
start_va = 0x7fffff76000
end_va = 0x7fffff77fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff76000"
filename = ""
Region:
id = 2203
start_va = 0x7fef3700000
end_va = 0x7fef373efff
monitored = 0
entry_point = 0x7fef37012c0
region_type = mapped_file
name = "cscobj.dll"
filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll")
Region:
id = 2393
start_va = 0x950000
end_va = 0x957fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000950000"
filename = ""
Region:
id = 2394
start_va = 0x950000
end_va = 0x950fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000950000"
filename = ""
Region:
id = 2395
start_va = 0x950000
end_va = 0x950fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000950000"
filename = ""
Thread:
id = 20
os_tid = 0xea0
Thread:
id = 21
os_tid = 0xe18
Thread:
id = 22
os_tid = 0xe14
Thread:
id = 23
os_tid = 0xc64
Thread:
id = 24
os_tid = 0xc5c
Thread:
id = 25
os_tid = 0xc40
Thread:
id = 26
os_tid = 0x7a4
Thread:
id = 27
os_tid = 0x13c
Thread:
id = 28
os_tid = 0x744
Thread:
id = 29
os_tid = 0x5d8
Thread:
id = 30
os_tid = 0x718
Thread:
id = 31
os_tid = 0x248
Thread:
id = 32
os_tid = 0x3e4
Thread:
id = 33
os_tid = 0x318
Thread:
id = 34
os_tid = 0x404
Thread:
id = 35
os_tid = 0x1d4
Thread:
id = 36
os_tid = 0x778
Thread:
id = 37
os_tid = 0x70c
Thread:
id = 38
os_tid = 0x6d4
Thread:
id = 39
os_tid = 0x6b8
Thread:
id = 40
os_tid = 0x6a8
Thread:
id = 41
os_tid = 0x694
Thread:
id = 42
os_tid = 0x470
Thread:
id = 43
os_tid = 0x468
Thread:
id = 44
os_tid = 0x440
Thread:
id = 45
os_tid = 0x43c
Thread:
id = 46
os_tid = 0x420
Thread:
id = 47
os_tid = 0x3cc
Thread:
id = 48
os_tid = 0x3b8
Thread:
id = 49
os_tid = 0x3ac
Thread:
id = 50
os_tid = 0x350
Thread:
id = 51
os_tid = 0x33c
Thread:
id = 52
os_tid = 0x334
Thread:
id = 76
os_tid = 0xf1c
Thread:
id = 77
os_tid = 0xf20
Thread:
id = 78
os_tid = 0xf24
Thread:
id = 79
os_tid = 0xf28
Thread:
id = 80
os_tid = 0xf2c
Thread:
id = 81
os_tid = 0xf30
Thread:
id = 88
os_tid = 0xf74
Thread:
id = 89
os_tid = 0xf78
Thread:
id = 112
os_tid = 0xfc4
Thread:
id = 114
os_tid = 0x680
Thread:
id = 115
os_tid = 0x674
Thread:
id = 116
os_tid = 0x4fc
Thread:
id = 137
os_tid = 0x8a0
Thread:
id = 138
os_tid = 0x6b4
Process:
id = "5"
image_name = "wmiprvse.exe"
filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
page_root = "0x4bdc0000"
os_pid = "0xc78"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "4"
os_parent_pid = "0x24c"
cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Network Service"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0005a13e" [0xc000000f]
Region:
id = 1224
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1225
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1226
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1227
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1228
start_va = 0x50000
end_va = 0xb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1229
start_va = 0xc0000
end_va = 0xc0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 1230
start_va = 0xd0000
end_va = 0xd4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 1231
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 1232
start_va = 0xf0000
end_va = 0xf0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 1233
start_va = 0x100000
end_va = 0x100fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 1234
start_va = 0x110000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 1235
start_va = 0x190000
end_va = 0x19cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 1236
start_va = 0x1c0000
end_va = 0x1c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cimwin32.dll.mui"
filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui")
Region:
id = 1237
start_va = 0x1f0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 1238
start_va = 0x200000
end_va = 0x2fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1239
start_va = 0x340000
end_va = 0x43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000340000"
filename = ""
Region:
id = 1240
start_va = 0x440000
end_va = 0x5c7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000440000"
filename = ""
Region:
id = 1241
start_va = 0x5d0000
end_va = 0x750fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005d0000"
filename = ""
Region:
id = 1242
start_va = 0x760000
end_va = 0x81ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000760000"
filename = ""
Region:
id = 1243
start_va = 0x820000
end_va = 0x91ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000820000"
filename = ""
Region:
id = 1244
start_va = 0x9a0000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1245
start_va = 0xa20000
end_va = 0xceefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1246
start_va = 0xd60000
end_va = 0xddffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d60000"
filename = ""
Region:
id = 1247
start_va = 0xe60000
end_va = 0xedffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e60000"
filename = ""
Region:
id = 1248
start_va = 0xfc0000
end_va = 0x103ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fc0000"
filename = ""
Region:
id = 1249
start_va = 0x1130000
end_va = 0x11affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001130000"
filename = ""
Region:
id = 1250
start_va = 0x11b0000
end_va = 0x122ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011b0000"
filename = ""
Region:
id = 1251
start_va = 0x12a0000
end_va = 0x131ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000012a0000"
filename = ""
Region:
id = 1252
start_va = 0x1320000
end_va = 0x141ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001320000"
filename = ""
Region:
id = 1253
start_va = 0x14b0000
end_va = 0x152ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014b0000"
filename = ""
Region:
id = 1254
start_va = 0x71820000
end_va = 0x71822fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "security.dll"
filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll")
Region:
id = 1255
start_va = 0x71fe0000
end_va = 0x71fe2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wmi.dll"
filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll")
Region:
id = 1256
start_va = 0x76c40000
end_va = 0x76d5efff
monitored = 0
entry_point = 0x76c55ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1257
start_va = 0x76d60000
end_va = 0x76e59fff
monitored = 0
entry_point = 0x76d7a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1258
start_va = 0x76e60000
end_va = 0x77008fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1259
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1260
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1261
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1262
start_va = 0xff690000
end_va = 0xff6eefff
monitored = 0
entry_point = 0xff69a9b4
region_type = mapped_file
name = "wmiprvse.exe"
filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")
Region:
id = 1263
start_va = 0x7feeffa0000
end_va = 0x7feeffb1fff
monitored = 0
entry_point = 0x7feeffaaab8
region_type = mapped_file
name = "browcli.dll"
filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll")
Region:
id = 1264
start_va = 0x7fef0780000
end_va = 0x7fef0979fff
monitored = 0
entry_point = 0x7fef0794c9c
region_type = mapped_file
name = "cimwin32.dll"
filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll")
Region:
id = 1265
start_va = 0x7fef3fd0000
end_va = 0x7fef3ffbfff
monitored = 0
entry_point = 0x7fef3fe8194
region_type = mapped_file
name = "wmipcima.dll"
filename = "\\Windows\\System32\\wbem\\wmipcima.dll" (normalized: "c:\\windows\\system32\\wbem\\wmipcima.dll")
Region:
id = 1266
start_va = 0x7fef44e0000
end_va = 0x7fef44f5fff
monitored = 0
entry_point = 0x7fef44e1070
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 1267
start_va = 0x7fef4640000
end_va = 0x7fef4665fff
monitored = 0
entry_point = 0x7fef4647948
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 1268
start_va = 0x7fef4750000
end_va = 0x7fef4763fff
monitored = 0
entry_point = 0x7fef4751070
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 1269
start_va = 0x7fef4a10000
end_va = 0x7fef4a36fff
monitored = 0
entry_point = 0x7fef4a111a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 1270
start_va = 0x7fef4a40000
end_va = 0x7fef4b21fff
monitored = 0
entry_point = 0x7fef4a63814
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 1271
start_va = 0x7fef7800000
end_va = 0x7fef7807fff
monitored = 0
entry_point = 0x7fef78011a0
region_type = mapped_file
name = "winbrand.dll"
filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll")
Region:
id = 1272
start_va = 0x7fef7810000
end_va = 0x7fef7819fff
monitored = 0
entry_point = 0x7fef78131c8
region_type = mapped_file
name = "schedcli.dll"
filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll")
Region:
id = 1273
start_va = 0x7fef85a0000
end_va = 0x7fef85ebfff
monitored = 0
entry_point = 0x7fef85a1064
region_type = mapped_file
name = "framedynos.dll"
filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")
Region:
id = 1274
start_va = 0x7fef8940000
end_va = 0x7fef894efff
monitored = 0
entry_point = 0x7fef8941040
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 1275
start_va = 0x7fefaa10000
end_va = 0x7fefaa95fff
monitored = 0
entry_point = 0x7fefaa1ffd0
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1276
start_va = 0x7fefaaa0000
end_va = 0x7fefaab3fff
monitored = 0
entry_point = 0x7fefaaa16b4
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 1277
start_va = 0x7fefaac0000
end_va = 0x7fefaad4fff
monitored = 0
entry_point = 0x7fefaac1050
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 1278
start_va = 0x7fefaae0000
end_va = 0x7fefaaebfff
monitored = 0
entry_point = 0x7fefaae18a4
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1279
start_va = 0x7fefaaf0000
end_va = 0x7fefab05fff
monitored = 0
entry_point = 0x7fefaaf11a0
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 1280
start_va = 0x7fefab20000
end_va = 0x7fefab2efff
monitored = 0
entry_point = 0x7fefab211d0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 1281
start_va = 0x7fefb520000
end_va = 0x7fefb530fff
monitored = 0
entry_point = 0x7fefb521070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 1282
start_va = 0x7fefb550000
end_va = 0x7fefb55bfff
monitored = 0
entry_point = 0x7fefb5515d8
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 1283
start_va = 0x7fefbcc0000
end_va = 0x7fefbcebfff
monitored = 0
entry_point = 0x7fefbcc15c4
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1284
start_va = 0x7fefbda0000
end_va = 0x7fefbdccfff
monitored = 0
entry_point = 0x7fefbda1010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1285
start_va = 0x7fefc2a0000
end_va = 0x7fefc2a9fff
monitored = 0
entry_point = 0x7fefc2a3cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 1286
start_va = 0x7fefc3a0000
end_va = 0x7fefc3e6fff
monitored = 0
entry_point = 0x7fefc3a1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1287
start_va = 0x7fefc430000
end_va = 0x7fefc486fff
monitored = 0
entry_point = 0x7fefc435e38
region_type = mapped_file
name = "schannel.dll"
filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")
Region:
id = 1288
start_va = 0x7fefc490000
end_va = 0x7fefc4bffff
monitored = 0
entry_point = 0x7fefc49194c
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 1289
start_va = 0x7fefc6a0000
end_va = 0x7fefc6b7fff
monitored = 0
entry_point = 0x7fefc6a3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1290
start_va = 0x7fefcba0000
end_va = 0x7fefcbc2fff
monitored = 0
entry_point = 0x7fefcba1198
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 1291
start_va = 0x7fefcc40000
end_va = 0x7fefcc4afff
monitored = 0
entry_point = 0x7fefcc41030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1292
start_va = 0x7fefcc70000
end_va = 0x7fefcc94fff
monitored = 0
entry_point = 0x7fefcc79658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1293
start_va = 0x7fefcca0000
end_va = 0x7fefccaefff
monitored = 0
entry_point = 0x7fefcca1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1294
start_va = 0x7fefcd50000
end_va = 0x7fefcd8cfff
monitored = 0
entry_point = 0x7fefcd518f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1295
start_va = 0x7fefcd90000
end_va = 0x7fefcda3fff
monitored = 0
entry_point = 0x7fefcd910e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1296
start_va = 0x7fefce50000
end_va = 0x7fefce5efff
monitored = 0
entry_point = 0x7fefce51020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1297
start_va = 0x7fefce60000
end_va = 0x7fefce9afff
monitored = 0
entry_point = 0x7fefce61324
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 1298
start_va = 0x7fefcea0000
end_va = 0x7fefceb9fff
monitored = 0
entry_point = 0x7fefcea1558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1299
start_va = 0x7fefcf60000
end_va = 0x7fefcf95fff
monitored = 0
entry_point = 0x7fefcf61474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1300
start_va = 0x7fefcfa0000
end_va = 0x7fefd00afff
monitored = 0
entry_point = 0x7fefcfa30e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1301
start_va = 0x7fefd010000
end_va = 0x7fefd17cfff
monitored = 0
entry_point = 0x7fefd0110b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1302
start_va = 0x7fefdf10000
end_va = 0x7fefdfd8fff
monitored = 0
entry_point = 0x7fefdf8a874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1303
start_va = 0x7fefdfe0000
end_va = 0x7fefe031fff
monitored = 0
entry_point = 0x7fefdfe10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1304
start_va = 0x7fefe0e0000
end_va = 0x7fefe1b6fff
monitored = 0
entry_point = 0x7fefe0e3274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1305
start_va = 0x7fefe240000
end_va = 0x7fefe416fff
monitored = 0
entry_point = 0x7fefe241010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 1306
start_va = 0x7fefe420000
end_va = 0x7fefe486fff
monitored = 0
entry_point = 0x7fefe42b03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1307
start_va = 0x7fefe4b0000
end_va = 0x7fefe4ddfff
monitored = 0
entry_point = 0x7fefe4b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1308
start_va = 0x7fefe4e0000
end_va = 0x7fefe4e7fff
monitored = 0
entry_point = 0x7fefe4e1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1309
start_va = 0x7fefe4f0000
end_va = 0x7fefe50efff
monitored = 0
entry_point = 0x7fefe4f60e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1310
start_va = 0x7fefe590000
end_va = 0x7fefe62efff
monitored = 0
entry_point = 0x7fefe5925a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1311
start_va = 0x7fefe7b0000
end_va = 0x7fefe848fff
monitored = 0
entry_point = 0x7fefe7b1c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1312
start_va = 0x7fefe980000
end_va = 0x7fefe9ccfff
monitored = 0
entry_point = 0x7fefe981070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1313
start_va = 0x7fefec30000
end_va = 0x7fefed5cfff
monitored = 0
entry_point = 0x7fefec7ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1314
start_va = 0x7fefed60000
end_va = 0x7fefed6dfff
monitored = 0
entry_point = 0x7fefed61080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1315
start_va = 0x7fefed70000
end_va = 0x7fefee78fff
monitored = 0
entry_point = 0x7fefed71064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1316
start_va = 0x7fefee80000
end_va = 0x7feff082fff
monitored = 0
entry_point = 0x7fefeea3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1317
start_va = 0x7feff090000
end_va = 0x7feff16afff
monitored = 0
entry_point = 0x7feff0b0760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1318
start_va = 0x7feff180000
end_va = 0x7feff180fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1319
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 1320
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 1321
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 1322
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 1323
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 1324
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 1325
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 1326
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 1327
start_va = 0x7fffffdc000
end_va = 0x7fffffdcfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 1328
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 1362
start_va = 0x1a0000
end_va = 0x1a1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 1363
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 1364
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 1365
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 1366
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 1367
start_va = 0x920000
end_va = 0x973fff
monitored = 0
entry_point = 0x933450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 1368
start_va = 0x1b0000
end_va = 0x1b1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 1369
start_va = 0x920000
end_va = 0x973fff
monitored = 0
entry_point = 0x933450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 1370
start_va = 0x1b0000
end_va = 0x1b1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 1371
start_va = 0x300000
end_va = 0x320fff
monitored = 0
entry_point = 0x31a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1372
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1373
start_va = 0x300000
end_va = 0x320fff
monitored = 0
entry_point = 0x31a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1374
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1375
start_va = 0x300000
end_va = 0x320fff
monitored = 0
entry_point = 0x31a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1376
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1377
start_va = 0x300000
end_va = 0x320fff
monitored = 0
entry_point = 0x31a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1378
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1379
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1380
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1381
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1382
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1383
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1384
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1385
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1386
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1387
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1388
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1389
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1390
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1391
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1392
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1393
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1394
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1395
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x9668c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 1396
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 1397
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x9668c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 1398
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 1399
start_va = 0xee0000
end_va = 0xfbbfff
monitored = 0
entry_point = 0xf55ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 1400
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 1401
start_va = 0xee0000
end_va = 0xfbbfff
monitored = 0
entry_point = 0xf55ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 1402
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 1403
start_va = 0x1040000
end_va = 0x1121fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 1404
start_va = 0x300000
end_va = 0x328fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 1405
start_va = 0x1040000
end_va = 0x1121fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 1406
start_va = 0x300000
end_va = 0x328fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 1407
start_va = 0xee0000
end_va = 0xf88fff
monitored = 0
entry_point = 0xef18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 1408
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 1409
start_va = 0xee0000
end_va = 0xf88fff
monitored = 0
entry_point = 0xef18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 1410
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 1411
start_va = 0xee0000
end_va = 0xf88fff
monitored = 0
entry_point = 0xef18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 1412
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 1413
start_va = 0xee0000
end_va = 0xf88fff
monitored = 0
entry_point = 0xef18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 1414
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 1415
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1416
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1417
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1418
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1419
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1420
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1421
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1422
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1423
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1424
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1425
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1426
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1427
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1428
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1429
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1430
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1431
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1432
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1433
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1434
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1435
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1436
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1437
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1438
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1439
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1440
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1441
start_va = 0x920000
end_va = 0x96ffff
monitored = 0
entry_point = 0x922b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1442
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1443
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1444
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1445
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1446
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1447
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1448
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1449
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1450
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1451
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1452
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1453
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1454
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1455
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1456
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1457
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1458
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1459
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1460
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1461
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1462
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1463
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1465
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1466
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1467
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1468
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1469
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1470
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1471
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1472
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1473
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1474
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1475
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1476
start_va = 0x300000
end_va = 0x327fff
monitored = 0
entry_point = 0x301860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 1477
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 1478
start_va = 0x300000
end_va = 0x327fff
monitored = 0
entry_point = 0x301860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 1479
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 1480
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1481
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1482
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1483
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1484
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1485
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1486
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1487
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1488
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1489
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1490
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1491
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1492
start_va = 0x1530000
end_va = 0x2324fff
monitored = 0
entry_point = 0x1613268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 1493
start_va = 0x1530000
end_va = 0x2324fff
monitored = 0
entry_point = 0x1613268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 1494
start_va = 0xee0000
end_va = 0xf89fff
monitored = 0
entry_point = 0xef4100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 1495
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 1496
start_va = 0xee0000
end_va = 0xf89fff
monitored = 0
entry_point = 0xef4100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 1497
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 1498
start_va = 0x920000
end_va = 0x967fff
monitored = 0
entry_point = 0x95fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 1666
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 1667
start_va = 0x920000
end_va = 0x967fff
monitored = 0
entry_point = 0x95fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 1668
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 1669
start_va = 0x1040000
end_va = 0x1128fff
monitored = 0
entry_point = 0x111906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1670
start_va = 0x1b0000
end_va = 0x1b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1671
start_va = 0x1040000
end_va = 0x1128fff
monitored = 0
entry_point = 0x111906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1672
start_va = 0x1b0000
end_va = 0x1b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1673
start_va = 0x1040000
end_va = 0x1128fff
monitored = 0
entry_point = 0x111906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1674
start_va = 0x1b0000
end_va = 0x1b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1675
start_va = 0x1040000
end_va = 0x1128fff
monitored = 0
entry_point = 0x111906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1676
start_va = 0x1b0000
end_va = 0x1b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1677
start_va = 0x920000
end_va = 0x971fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32.dll.mui")
Region:
id = 1678
start_va = 0x1530000
end_va = 0x167cfff
monitored = 0
entry_point = 0x1632a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 1679
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 1680
start_va = 0x1530000
end_va = 0x167cfff
monitored = 0
entry_point = 0x1632a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 1681
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 1682
start_va = 0x1b0000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 1683
start_va = 0xcf0000
end_va = 0xd3dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 1684
start_va = 0x1b0000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 1685
start_va = 0xcf0000
end_va = 0xd3dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 1686
start_va = 0x1b0000
end_va = 0x1bffff
monitored = 0
entry_point = 0x1ba33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 1687
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 1688
start_va = 0x1b0000
end_va = 0x1bffff
monitored = 0
entry_point = 0x1ba33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 1689
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 1690
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 1691
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 1692
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 1693
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 1694
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 1695
start_va = 0xcf0000
end_va = 0xd43fff
monitored = 0
entry_point = 0xd03450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 1696
start_va = 0x1b0000
end_va = 0x1b1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 1697
start_va = 0xcf0000
end_va = 0xd43fff
monitored = 0
entry_point = 0xd03450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 1698
start_va = 0x1b0000
end_va = 0x1b1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 1699
start_va = 0x300000
end_va = 0x320fff
monitored = 0
entry_point = 0x31a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1700
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1701
start_va = 0x300000
end_va = 0x320fff
monitored = 0
entry_point = 0x31a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1702
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1703
start_va = 0x300000
end_va = 0x320fff
monitored = 0
entry_point = 0x31a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1704
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1705
start_va = 0x300000
end_va = 0x320fff
monitored = 0
entry_point = 0x31a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1706
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1707
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1708
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1709
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1710
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1711
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1712
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1713
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1714
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1715
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1716
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1717
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1718
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1719
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1720
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1721
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1722
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1723
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1724
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1725
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xd368c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 1726
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 1727
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xd368c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 1728
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 1729
start_va = 0xee0000
end_va = 0xfbbfff
monitored = 0
entry_point = 0xf55ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 1730
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 1731
start_va = 0xee0000
end_va = 0xfbbfff
monitored = 0
entry_point = 0xf55ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 1732
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 1733
start_va = 0x1040000
end_va = 0x1121fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 1734
start_va = 0x300000
end_va = 0x328fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 1735
start_va = 0x1040000
end_va = 0x1121fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 1736
start_va = 0x300000
end_va = 0x328fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 1737
start_va = 0xee0000
end_va = 0xf88fff
monitored = 0
entry_point = 0xef18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 1738
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 1739
start_va = 0xee0000
end_va = 0xf88fff
monitored = 0
entry_point = 0xef18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 1740
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 1741
start_va = 0xee0000
end_va = 0xf88fff
monitored = 0
entry_point = 0xef18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 1742
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 1743
start_va = 0xee0000
end_va = 0xf88fff
monitored = 0
entry_point = 0xef18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 1744
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 1745
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1746
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1747
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1748
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1749
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1750
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1751
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1752
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1753
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1754
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1755
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1756
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1757
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1758
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1759
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1760
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1761
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1762
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1763
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1764
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1765
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1766
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1767
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1768
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1769
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1770
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1771
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1772
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1773
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1774
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1775
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1776
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1777
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1778
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1779
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1780
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1781
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1782
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1783
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1784
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1785
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1786
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1787
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1788
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1789
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1790
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1791
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1792
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1793
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1794
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1795
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1796
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1797
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1798
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1799
start_va = 0x1530000
end_va = 0x162ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001530000"
filename = ""
Region:
id = 1800
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1801
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1802
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1803
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1804
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1805
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1806
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1807
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1808
start_va = 0x300000
end_va = 0x327fff
monitored = 0
entry_point = 0x301860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 1809
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 1810
start_va = 0x300000
end_va = 0x327fff
monitored = 0
entry_point = 0x301860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 1811
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 1812
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1813
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1814
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1815
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1816
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1817
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1818
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1819
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1820
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1821
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1822
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1823
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1824
start_va = 0x1630000
end_va = 0x2424fff
monitored = 0
entry_point = 0x1713268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 1825
start_va = 0x1630000
end_va = 0x2424fff
monitored = 0
entry_point = 0x1713268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 1826
start_va = 0xee0000
end_va = 0xf89fff
monitored = 0
entry_point = 0xef4100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 1827
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 1828
start_va = 0xee0000
end_va = 0xf89fff
monitored = 0
entry_point = 0xef4100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 1829
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 1830
start_va = 0xcf0000
end_va = 0xd37fff
monitored = 0
entry_point = 0xd2fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 1831
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 1832
start_va = 0xcf0000
end_va = 0xd37fff
monitored = 0
entry_point = 0xd2fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 1833
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 1834
start_va = 0x1040000
end_va = 0x1128fff
monitored = 0
entry_point = 0x111906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1835
start_va = 0x1b0000
end_va = 0x1b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1836
start_va = 0x1040000
end_va = 0x1128fff
monitored = 0
entry_point = 0x111906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1837
start_va = 0x1b0000
end_va = 0x1b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1838
start_va = 0x1040000
end_va = 0x1128fff
monitored = 0
entry_point = 0x111906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1839
start_va = 0x1b0000
end_va = 0x1b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1840
start_va = 0x1040000
end_va = 0x1128fff
monitored = 0
entry_point = 0x111906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1841
start_va = 0x1b0000
end_va = 0x1b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1842
start_va = 0x1630000
end_va = 0x177cfff
monitored = 0
entry_point = 0x1732a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 1843
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 1844
start_va = 0x1630000
end_va = 0x177cfff
monitored = 0
entry_point = 0x1732a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 1845
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 1846
start_va = 0x1b0000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 1847
start_va = 0xcf0000
end_va = 0xd3dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 1848
start_va = 0x1b0000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 1849
start_va = 0xcf0000
end_va = 0xd3dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 1850
start_va = 0x1b0000
end_va = 0x1bffff
monitored = 0
entry_point = 0x1ba33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 1851
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 1852
start_va = 0x1b0000
end_va = 0x1bffff
monitored = 0
entry_point = 0x1ba33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 1853
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 1854
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 1855
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 1856
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 1857
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 1858
start_va = 0xcf0000
end_va = 0xd43fff
monitored = 0
entry_point = 0xd03450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 1859
start_va = 0x1b0000
end_va = 0x1b1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 1860
start_va = 0xcf0000
end_va = 0xd43fff
monitored = 0
entry_point = 0xd03450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 1861
start_va = 0x1b0000
end_va = 0x1b1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 1862
start_va = 0x300000
end_va = 0x320fff
monitored = 0
entry_point = 0x31a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1863
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1864
start_va = 0x300000
end_va = 0x320fff
monitored = 0
entry_point = 0x31a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1865
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1866
start_va = 0x300000
end_va = 0x320fff
monitored = 0
entry_point = 0x31a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1867
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1868
start_va = 0x300000
end_va = 0x320fff
monitored = 0
entry_point = 0x31a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1869
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1870
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1871
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1872
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1873
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1874
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1875
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1876
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1877
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1878
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1879
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1880
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1881
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1882
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1883
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1884
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1885
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1886
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xd368c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 1887
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 1888
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xd368c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 1889
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 1890
start_va = 0xee0000
end_va = 0xfbbfff
monitored = 0
entry_point = 0xf55ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 1891
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 1892
start_va = 0xee0000
end_va = 0xfbbfff
monitored = 0
entry_point = 0xf55ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 1893
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 1894
start_va = 0x1040000
end_va = 0x1121fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 1895
start_va = 0x300000
end_va = 0x328fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 1896
start_va = 0x1040000
end_va = 0x1121fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 1897
start_va = 0x300000
end_va = 0x328fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 1898
start_va = 0xee0000
end_va = 0xf88fff
monitored = 0
entry_point = 0xef18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 1899
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 1900
start_va = 0xee0000
end_va = 0xf88fff
monitored = 0
entry_point = 0xef18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 1901
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 1902
start_va = 0xee0000
end_va = 0xf88fff
monitored = 0
entry_point = 0xef18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 1903
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 1904
start_va = 0xee0000
end_va = 0xf88fff
monitored = 0
entry_point = 0xef18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 1905
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 1906
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1907
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1908
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1909
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1910
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1911
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1912
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1913
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1914
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1915
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1916
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1917
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1918
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1919
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1920
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1921
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1922
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1923
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1924
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1925
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1926
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1927
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1928
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1929
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1930
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1931
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1932
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1933
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1934
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1935
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1936
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1937
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1938
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1939
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1940
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1941
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1942
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1943
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1944
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1945
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1946
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1947
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1948
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1949
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1950
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1951
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1952
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1953
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1954
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1955
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1956
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1957
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1958
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1959
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1960
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1961
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1962
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1963
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1964
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1965
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1966
start_va = 0x300000
end_va = 0x327fff
monitored = 0
entry_point = 0x301860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 1967
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 1968
start_va = 0x300000
end_va = 0x327fff
monitored = 0
entry_point = 0x301860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 1969
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 1970
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1971
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1972
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1973
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1974
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1975
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1976
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1977
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1978
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1979
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1980
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 1981
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 1982
start_va = 0x1630000
end_va = 0x2424fff
monitored = 0
entry_point = 0x1713268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 1983
start_va = 0x1630000
end_va = 0x2424fff
monitored = 0
entry_point = 0x1713268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 1984
start_va = 0xee0000
end_va = 0xf89fff
monitored = 0
entry_point = 0xef4100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 1985
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 1986
start_va = 0xee0000
end_va = 0xf89fff
monitored = 0
entry_point = 0xef4100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 1987
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 1988
start_va = 0xcf0000
end_va = 0xd37fff
monitored = 0
entry_point = 0xd2fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 1989
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 1990
start_va = 0xcf0000
end_va = 0xd37fff
monitored = 0
entry_point = 0xd2fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 1991
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 1992
start_va = 0x1040000
end_va = 0x1128fff
monitored = 0
entry_point = 0x111906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1993
start_va = 0x1b0000
end_va = 0x1b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1994
start_va = 0x1040000
end_va = 0x1128fff
monitored = 0
entry_point = 0x111906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1995
start_va = 0x1b0000
end_va = 0x1b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1996
start_va = 0x1040000
end_va = 0x1128fff
monitored = 0
entry_point = 0x111906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1997
start_va = 0x1b0000
end_va = 0x1b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1998
start_va = 0x1040000
end_va = 0x1128fff
monitored = 0
entry_point = 0x111906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1999
start_va = 0x1b0000
end_va = 0x1b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2000
start_va = 0x1630000
end_va = 0x177cfff
monitored = 0
entry_point = 0x1732a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 2001
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 2002
start_va = 0x1630000
end_va = 0x177cfff
monitored = 0
entry_point = 0x1732a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 2003
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 2004
start_va = 0x1b0000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 2005
start_va = 0xcf0000
end_va = 0xd3dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 2006
start_va = 0x1b0000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 2007
start_va = 0xcf0000
end_va = 0xd3dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 2008
start_va = 0x1b0000
end_va = 0x1bffff
monitored = 0
entry_point = 0x1ba33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 2009
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 2010
start_va = 0x1b0000
end_va = 0x1bffff
monitored = 0
entry_point = 0x1ba33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 2011
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 2012
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 2013
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 2014
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 2015
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 2016
start_va = 0xcf0000
end_va = 0xd43fff
monitored = 0
entry_point = 0xd03450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 2017
start_va = 0x1b0000
end_va = 0x1b1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 2018
start_va = 0xcf0000
end_va = 0xd43fff
monitored = 0
entry_point = 0xd03450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 2019
start_va = 0x1b0000
end_va = 0x1b1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 2020
start_va = 0x300000
end_va = 0x320fff
monitored = 0
entry_point = 0x31a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 2021
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 2022
start_va = 0x300000
end_va = 0x320fff
monitored = 0
entry_point = 0x31a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 2023
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 2024
start_va = 0x300000
end_va = 0x320fff
monitored = 0
entry_point = 0x31a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 2025
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 2026
start_va = 0x300000
end_va = 0x320fff
monitored = 0
entry_point = 0x31a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 2027
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 2028
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2029
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2030
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2031
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2032
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2033
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2034
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2035
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2036
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2037
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2038
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2039
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2040
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2041
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2042
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2043
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2044
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xd368c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 2045
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 2046
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xd368c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 2047
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 2048
start_va = 0xee0000
end_va = 0xfbbfff
monitored = 0
entry_point = 0xf55ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 2049
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 2050
start_va = 0xee0000
end_va = 0xfbbfff
monitored = 0
entry_point = 0xf55ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 2051
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 2052
start_va = 0x1040000
end_va = 0x1121fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 2053
start_va = 0x300000
end_va = 0x328fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 2054
start_va = 0x1040000
end_va = 0x1121fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 2055
start_va = 0x300000
end_va = 0x328fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 2056
start_va = 0xee0000
end_va = 0xf88fff
monitored = 0
entry_point = 0xef18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 2057
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 2058
start_va = 0xee0000
end_va = 0xf88fff
monitored = 0
entry_point = 0xef18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 2059
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 2060
start_va = 0xee0000
end_va = 0xf88fff
monitored = 0
entry_point = 0xef18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 2061
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 2062
start_va = 0xee0000
end_va = 0xf88fff
monitored = 0
entry_point = 0xef18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 2063
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 2064
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2065
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2066
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2067
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2068
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2069
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2070
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2071
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2072
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2073
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2074
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2075
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2076
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2077
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2078
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2079
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2080
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2081
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2082
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2083
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2084
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2085
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2086
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2087
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2088
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2089
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2090
start_va = 0xcf0000
end_va = 0xd3ffff
monitored = 0
entry_point = 0xcf2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2091
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2092
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2093
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2094
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2095
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2096
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2097
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2098
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2099
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2100
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2101
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2102
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2103
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2104
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2105
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2106
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2107
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2108
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2109
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2110
start_va = 0xee0000
end_va = 0xf6afff
monitored = 0
entry_point = 0xf551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2111
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2112
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 2113
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 2114
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 2115
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 2116
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 2117
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 2118
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 2119
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 2120
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 2121
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 2122
start_va = 0x1d0000
end_va = 0x1e9fff
monitored = 1
entry_point = 0x1d1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 2123
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 2124
start_va = 0x300000
end_va = 0x327fff
monitored = 0
entry_point = 0x301860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 2125
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 2126
start_va = 0x300000
end_va = 0x327fff
monitored = 0
entry_point = 0x301860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 2127
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 2128
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 2129
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 2130
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 2131
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 2132
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 2133
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 2134
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 2135
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 2136
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 2137
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 2138
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 2139
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 2140
start_va = 0x1630000
end_va = 0x2424fff
monitored = 0
entry_point = 0x1713268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 2141
start_va = 0x1630000
end_va = 0x2424fff
monitored = 0
entry_point = 0x1713268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 2142
start_va = 0xee0000
end_va = 0xf89fff
monitored = 0
entry_point = 0xef4100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 2143
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 2144
start_va = 0xee0000
end_va = 0xf89fff
monitored = 0
entry_point = 0xef4100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 2145
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 2146
start_va = 0xcf0000
end_va = 0xd37fff
monitored = 0
entry_point = 0xd2fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 2147
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 2148
start_va = 0xcf0000
end_va = 0xd37fff
monitored = 0
entry_point = 0xd2fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 2149
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 2150
start_va = 0x1040000
end_va = 0x1128fff
monitored = 0
entry_point = 0x111906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2151
start_va = 0x1b0000
end_va = 0x1b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2152
start_va = 0x1040000
end_va = 0x1128fff
monitored = 0
entry_point = 0x111906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2153
start_va = 0x1b0000
end_va = 0x1b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2154
start_va = 0x1040000
end_va = 0x1128fff
monitored = 0
entry_point = 0x111906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2155
start_va = 0x1b0000
end_va = 0x1b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2156
start_va = 0x1040000
end_va = 0x1128fff
monitored = 0
entry_point = 0x111906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2157
start_va = 0x1b0000
end_va = 0x1b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2158
start_va = 0x1630000
end_va = 0x177cfff
monitored = 0
entry_point = 0x1732a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 2159
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 2160
start_va = 0x1630000
end_va = 0x177cfff
monitored = 0
entry_point = 0x1732a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 2161
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 2162
start_va = 0x1b0000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 2163
start_va = 0xcf0000
end_va = 0xd3dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 2164
start_va = 0x1b0000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 2165
start_va = 0xcf0000
end_va = 0xd3dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 2166
start_va = 0x1b0000
end_va = 0x1bffff
monitored = 0
entry_point = 0x1ba33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 2167
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 2168
start_va = 0x1b0000
end_va = 0x1bffff
monitored = 0
entry_point = 0x1ba33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 2169
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 2170
start_va = 0x7feeff90000
end_va = 0x7feeff9afff
monitored = 0
entry_point = 0x7feeff946ec
region_type = mapped_file
name = "perfos.dll"
filename = "\\Windows\\System32\\perfos.dll" (normalized: "c:\\windows\\system32\\perfos.dll")
Region:
id = 2171
start_va = 0xcf0000
end_va = 0xd5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000cf0000"
filename = ""
Region:
id = 2172
start_va = 0x1630000
end_va = 0x172ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001630000"
filename = ""
Region:
id = 2173
start_va = 0x17b0000
end_va = 0x182ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000017b0000"
filename = ""
Region:
id = 2174
start_va = 0x7fffffd4000
end_va = 0x7fffffd5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Region:
id = 2391
start_va = 0x1a0000
end_va = 0x1a2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Thread:
id = 53
os_tid = 0xc9c
Thread:
id = 54
os_tid = 0xc98
Thread:
id = 55
os_tid = 0xc94
Thread:
id = 56
os_tid = 0xc90
Thread:
id = 57
os_tid = 0xc8c
Thread:
id = 58
os_tid = 0xc88
Thread:
id = 59
os_tid = 0xc84
Thread:
id = 60
os_tid = 0xc80
Thread:
id = 61
os_tid = 0xc7c
Thread:
id = 82
os_tid = 0xf34
Thread:
id = 113
os_tid = 0xfe8
Thread:
id = 142
os_tid = 0xd00
Process:
id = "6"
image_name = "wmiprvse.exe"
filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
page_root = "0x67f9a000"
os_pid = "0xf4"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "rpc_server"
parent_id = "4"
os_parent_pid = "0x24c"
cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b190" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 1022
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1023
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1024
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1025
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1026
start_va = 0x50000
end_va = 0xb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1027
start_va = 0xc0000
end_va = 0xc0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 1028
start_va = 0xd0000
end_va = 0x14ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 1029
start_va = 0x150000
end_va = 0x20ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 1030
start_va = 0x210000
end_va = 0x30ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 1031
start_va = 0x310000
end_va = 0x40ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000310000"
filename = ""
Region:
id = 1032
start_va = 0x410000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 1033
start_va = 0x420000
end_va = 0x420fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000420000"
filename = ""
Region:
id = 1034
start_va = 0x430000
end_va = 0x430fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000430000"
filename = ""
Region:
id = 1035
start_va = 0x440000
end_va = 0x440fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000440000"
filename = ""
Region:
id = 1036
start_va = 0x450000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000450000"
filename = ""
Region:
id = 1037
start_va = 0x4d0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 1038
start_va = 0x4e0000
end_va = 0x667fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004e0000"
filename = ""
Region:
id = 1039
start_va = 0x670000
end_va = 0x7f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000670000"
filename = ""
Region:
id = 1040
start_va = 0x800000
end_va = 0x8fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 1041
start_va = 0x900000
end_va = 0x900fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000900000"
filename = ""
Region:
id = 1042
start_va = 0x910000
end_va = 0x910fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000910000"
filename = ""
Region:
id = 1043
start_va = 0x920000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000920000"
filename = ""
Region:
id = 1044
start_va = 0x930000
end_va = 0x93ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 1045
start_va = 0x940000
end_va = 0x941fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000940000"
filename = ""
Region:
id = 1046
start_va = 0x950000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000950000"
filename = ""
Region:
id = 1047
start_va = 0x9d0000
end_va = 0xc9efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1048
start_va = 0xca0000
end_va = 0xd1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ca0000"
filename = ""
Region:
id = 1049
start_va = 0xd20000
end_va = 0xd71fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32.dll.mui")
Region:
id = 1050
start_va = 0xd80000
end_va = 0xdfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d80000"
filename = ""
Region:
id = 1051
start_va = 0xe00000
end_va = 0xe7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e00000"
filename = ""
Region:
id = 1052
start_va = 0xe80000
end_va = 0xe80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e80000"
filename = ""
Region:
id = 1053
start_va = 0xe90000
end_va = 0xf0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e90000"
filename = ""
Region:
id = 1054
start_va = 0xf10000
end_va = 0xf11fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 1055
start_va = 0xf20000
end_va = 0xf2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f20000"
filename = ""
Region:
id = 1056
start_va = 0xf30000
end_va = 0xf3cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 1057
start_va = 0xf40000
end_va = 0xf40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f40000"
filename = ""
Region:
id = 1058
start_va = 0xf50000
end_va = 0xfcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f50000"
filename = ""
Region:
id = 1059
start_va = 0x1000000
end_va = 0x100ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001000000"
filename = ""
Region:
id = 1060
start_va = 0x1020000
end_va = 0x109ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001020000"
filename = ""
Region:
id = 1061
start_va = 0x10d0000
end_va = 0x114ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010d0000"
filename = ""
Region:
id = 1062
start_va = 0x1150000
end_va = 0x1255fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001150000"
filename = ""
Region:
id = 1063
start_va = 0x1260000
end_va = 0x135ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001260000"
filename = ""
Region:
id = 1064
start_va = 0x1360000
end_va = 0x145ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001360000"
filename = ""
Region:
id = 1065
start_va = 0x14e0000
end_va = 0x14effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 1066
start_va = 0x1500000
end_va = 0x150ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001500000"
filename = ""
Region:
id = 1067
start_va = 0x1590000
end_va = 0x160ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001590000"
filename = ""
Region:
id = 1068
start_va = 0x1610000
end_va = 0x170ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001610000"
filename = ""
Region:
id = 1069
start_va = 0x1790000
end_va = 0x180ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001790000"
filename = ""
Region:
id = 1070
start_va = 0x1840000
end_va = 0x18bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001840000"
filename = ""
Region:
id = 1071
start_va = 0x18e0000
end_va = 0x195ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000018e0000"
filename = ""
Region:
id = 1072
start_va = 0x19e0000
end_va = 0x1a5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000019e0000"
filename = ""
Region:
id = 1073
start_va = 0x1a80000
end_va = 0x1afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a80000"
filename = ""
Region:
id = 1074
start_va = 0x1b00000
end_va = 0x1b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b00000"
filename = ""
Region:
id = 1075
start_va = 0x1c00000
end_va = 0x1c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c00000"
filename = ""
Region:
id = 1076
start_va = 0x1c40000
end_va = 0x1cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c40000"
filename = ""
Region:
id = 1077
start_va = 0x1cc0000
end_va = 0x1d3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001cc0000"
filename = ""
Region:
id = 1078
start_va = 0x1d40000
end_va = 0x1dbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d40000"
filename = ""
Region:
id = 1079
start_va = 0x1e20000
end_va = 0x1e9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e20000"
filename = ""
Region:
id = 1080
start_va = 0x1f50000
end_va = 0x1fcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f50000"
filename = ""
Region:
id = 1081
start_va = 0x1fe0000
end_va = 0x205ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001fe0000"
filename = ""
Region:
id = 1082
start_va = 0x2070000
end_va = 0x20effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002070000"
filename = ""
Region:
id = 1083
start_va = 0x20f0000
end_va = 0x216ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020f0000"
filename = ""
Region:
id = 1084
start_va = 0x2220000
end_va = 0x229ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002220000"
filename = ""
Region:
id = 1085
start_va = 0x22f0000
end_va = 0x236ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022f0000"
filename = ""
Region:
id = 1086
start_va = 0x23f0000
end_va = 0x246ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023f0000"
filename = ""
Region:
id = 1087
start_va = 0x2560000
end_va = 0x25dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002560000"
filename = ""
Region:
id = 1088
start_va = 0x25f0000
end_va = 0x266ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 1089
start_va = 0x2670000
end_va = 0x276ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002670000"
filename = ""
Region:
id = 1090
start_va = 0x2780000
end_va = 0x27fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 1091
start_va = 0x2830000
end_va = 0x28affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 1092
start_va = 0x28b0000
end_va = 0x29affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000028b0000"
filename = ""
Region:
id = 1093
start_va = 0x29b0000
end_va = 0x2a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000029b0000"
filename = ""
Region:
id = 1094
start_va = 0x2a30000
end_va = 0x2a3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a30000"
filename = ""
Region:
id = 1095
start_va = 0x2a60000
end_va = 0x2adffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a60000"
filename = ""
Region:
id = 1096
start_va = 0x2ae0000
end_va = 0x2bdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ae0000"
filename = ""
Region:
id = 1097
start_va = 0x2c90000
end_va = 0x2c9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c90000"
filename = ""
Region:
id = 1098
start_va = 0x2ca0000
end_va = 0x2d9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ca0000"
filename = ""
Region:
id = 1099
start_va = 0x2e20000
end_va = 0x2e9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002e20000"
filename = ""
Region:
id = 1100
start_va = 0x2ea0000
end_va = 0x2f9ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002ea0000"
filename = ""
Region:
id = 1101
start_va = 0x2fa0000
end_va = 0x309ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002fa0000"
filename = ""
Region:
id = 1102
start_va = 0x30a0000
end_va = 0x319ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030a0000"
filename = ""
Region:
id = 1103
start_va = 0x31a0000
end_va = 0x32a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000031a0000"
filename = ""
Region:
id = 1104
start_va = 0x32b0000
end_va = 0x34affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000032b0000"
filename = ""
Region:
id = 1105
start_va = 0x34b0000
end_va = 0x35affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000034b0000"
filename = ""
Region:
id = 1106
start_va = 0x35b0000
end_va = 0x37affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000035b0000"
filename = ""
Region:
id = 1107
start_va = 0x37b0000
end_va = 0x3baffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037b0000"
filename = ""
Region:
id = 1108
start_va = 0x3bb0000
end_va = 0x43affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003bb0000"
filename = ""
Region:
id = 1109
start_va = 0x76c40000
end_va = 0x76d5efff
monitored = 0
entry_point = 0x76c55ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1110
start_va = 0x76d60000
end_va = 0x76e59fff
monitored = 0
entry_point = 0x76d7a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1111
start_va = 0x76e60000
end_va = 0x77008fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1112
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1113
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1114
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1115
start_va = 0xff690000
end_va = 0xff6eefff
monitored = 0
entry_point = 0xff69a9b4
region_type = mapped_file
name = "wmiprvse.exe"
filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")
Region:
id = 1116
start_va = 0x7feef8d0000
end_va = 0x7feefb07fff
monitored = 0
entry_point = 0x7feef8d2940
region_type = mapped_file
name = "tquery.dll"
filename = "\\Windows\\System32\\tquery.dll" (normalized: "c:\\windows\\system32\\tquery.dll")
Region:
id = 1117
start_va = 0x7feefea0000
end_va = 0x7feefec5fff
monitored = 0
entry_point = 0x7feefeb5434
region_type = mapped_file
name = "wmiaprpl.dll"
filename = "\\Windows\\System32\\wbem\\WmiApRpl.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiaprpl.dll")
Region:
id = 1118
start_va = 0x7feeff10000
end_va = 0x7feeff16fff
monitored = 0
entry_point = 0x7feeff12230
region_type = mapped_file
name = "usbperf.dll"
filename = "\\Windows\\System32\\usbperf.dll" (normalized: "c:\\windows\\system32\\usbperf.dll")
Region:
id = 1119
start_va = 0x7feeff20000
end_va = 0x7feeff36fff
monitored = 0
entry_point = 0x7feeff26574
region_type = mapped_file
name = "utildll.dll"
filename = "\\Windows\\System32\\utildll.dll" (normalized: "c:\\windows\\system32\\utildll.dll")
Region:
id = 1120
start_va = 0x7feeff40000
end_va = 0x7feeff48fff
monitored = 0
entry_point = 0x7feeff42c40
region_type = mapped_file
name = "perfts.dll"
filename = "\\Windows\\System32\\perfts.dll" (normalized: "c:\\windows\\system32\\perfts.dll")
Region:
id = 1121
start_va = 0x7feeff50000
end_va = 0x7feeff5ffff
monitored = 0
entry_point = 0x7feeff56184
region_type = mapped_file
name = "perfctrs.dll"
filename = "\\Windows\\System32\\perfctrs.dll" (normalized: "c:\\windows\\system32\\perfctrs.dll")
Region:
id = 1122
start_va = 0x7feeff60000
end_va = 0x7feeff66fff
monitored = 0
entry_point = 0x7feeff61c18
region_type = mapped_file
name = "tapiperf.dll"
filename = "\\Windows\\System32\\tapiperf.dll" (normalized: "c:\\windows\\system32\\tapiperf.dll")
Region:
id = 1123
start_va = 0x7feeff70000
end_va = 0x7feeff77fff
monitored = 0
entry_point = 0x7feeff72d08
region_type = mapped_file
name = "rasctrs.dll"
filename = "\\Windows\\System32\\rasctrs.dll" (normalized: "c:\\windows\\system32\\rasctrs.dll")
Region:
id = 1124
start_va = 0x7feeff80000
end_va = 0x7feeff8dfff
monitored = 0
entry_point = 0x7feeff86088
region_type = mapped_file
name = "perfproc.dll"
filename = "\\Windows\\System32\\perfproc.dll" (normalized: "c:\\windows\\system32\\perfproc.dll")
Region:
id = 1125
start_va = 0x7feeff90000
end_va = 0x7feeff9afff
monitored = 0
entry_point = 0x7feeff946ec
region_type = mapped_file
name = "perfos.dll"
filename = "\\Windows\\System32\\perfos.dll" (normalized: "c:\\windows\\system32\\perfos.dll")
Region:
id = 1126
start_va = 0x7feeffa0000
end_va = 0x7feeffb1fff
monitored = 0
entry_point = 0x7feeffaaab8
region_type = mapped_file
name = "browcli.dll"
filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll")
Region:
id = 1127
start_va = 0x7feeffc0000
end_va = 0x7feeffc9fff
monitored = 0
entry_point = 0x7feeffc33d4
region_type = mapped_file
name = "perfnet.dll"
filename = "\\Windows\\System32\\perfnet.dll" (normalized: "c:\\windows\\system32\\perfnet.dll")
Region:
id = 1128
start_va = 0x7feeffd0000
end_va = 0x7feeffdcfff
monitored = 0
entry_point = 0x7feeffd62e8
region_type = mapped_file
name = "perfdisk.dll"
filename = "\\Windows\\System32\\perfdisk.dll" (normalized: "c:\\windows\\system32\\perfdisk.dll")
Region:
id = 1129
start_va = 0x7feeffe0000
end_va = 0x7feefff5fff
monitored = 0
entry_point = 0x7feeffedec4
region_type = mapped_file
name = "msscntrs.dll"
filename = "\\Windows\\System32\\msscntrs.dll" (normalized: "c:\\windows\\system32\\msscntrs.dll")
Region:
id = 1130
start_va = 0x7fef0000000
end_va = 0x7fef005ffff
monitored = 0
entry_point = 0x7fef000127c
region_type = mapped_file
name = "mtxclu.dll"
filename = "\\Windows\\System32\\mtxclu.dll" (normalized: "c:\\windows\\system32\\mtxclu.dll")
Region:
id = 1131
start_va = 0x7fef0060000
end_va = 0x7fef011bfff
monitored = 0
entry_point = 0x7fef00616e0
region_type = mapped_file
name = "msdtcprx.dll"
filename = "\\Windows\\System32\\msdtcprx.dll" (normalized: "c:\\windows\\system32\\msdtcprx.dll")
Region:
id = 1132
start_va = 0x7fef0120000
end_va = 0x7fef016ffff
monitored = 0
entry_point = 0x7fef0121524
region_type = mapped_file
name = "msdtcuiu.dll"
filename = "\\Windows\\System32\\msdtcuiu.dll" (normalized: "c:\\windows\\system32\\msdtcuiu.dll")
Region:
id = 1133
start_va = 0x7fef0170000
end_va = 0x7fef0181fff
monitored = 0
entry_point = 0x7fef0172f00
region_type = mapped_file
name = "esentprf.dll"
filename = "\\Windows\\System32\\esentprf.dll" (normalized: "c:\\windows\\system32\\esentprf.dll")
Region:
id = 1134
start_va = 0x7fef0190000
end_va = 0x7fef024cfff
monitored = 0
entry_point = 0x7fef0217db0
region_type = mapped_file
name = "ucrtbase_clr0400.dll"
filename = "\\Windows\\System32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\system32\\ucrtbase_clr0400.dll")
Region:
id = 1135
start_va = 0x7fef0250000
end_va = 0x7fef0265fff
monitored = 0
entry_point = 0x7fef025c000
region_type = mapped_file
name = "vcruntime140_clr0400.dll"
filename = "\\Windows\\System32\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\system32\\vcruntime140_clr0400.dll")
Region:
id = 1136
start_va = 0x7fef0270000
end_va = 0x7fef0296fff
monitored = 1
entry_point = 0x7fef027e2a0
region_type = mapped_file
name = "corperfmonext.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\CORPerfMonExt.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\corperfmonext.dll")
Region:
id = 1137
start_va = 0x7fef02a0000
end_va = 0x7fef02e1fff
monitored = 1
entry_point = 0x7fef02ae230
region_type = mapped_file
name = "perfcounter.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\PerfCounter.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\perfcounter.dll")
Region:
id = 1138
start_va = 0x7fef02f0000
end_va = 0x7fef0398fff
monitored = 1
entry_point = 0x7fef02f1010
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")
Region:
id = 1139
start_va = 0x7fef03a0000
end_va = 0x7fef040efff
monitored = 1
entry_point = 0x7fef03a1134
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll")
Region:
id = 1140
start_va = 0x7fef0480000
end_va = 0x7fef04cdfff
monitored = 0
entry_point = 0x7fef0481198
region_type = mapped_file
name = "pdh.dll"
filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll")
Region:
id = 1141
start_va = 0x7fef0a90000
end_va = 0x7fef0ab4fff
monitored = 0
entry_point = 0x7fef0aa8d6c
region_type = mapped_file
name = "wmiperfclass.dll"
filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll")
Region:
id = 1142
start_va = 0x7fef0de0000
end_va = 0x7fef0dedfff
monitored = 1
entry_point = 0x7fef0de42f0
region_type = mapped_file
name = "aspnet_perf.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Aspnet_perf.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\aspnet_perf.dll")
Region:
id = 1143
start_va = 0x7fef0e50000
end_va = 0x7fef0e58fff
monitored = 0
entry_point = 0x7fef0e51fe0
region_type = mapped_file
name = "aspnet_counters.dll"
filename = "\\Windows\\System32\\aspnet_counters.dll" (normalized: "c:\\windows\\system32\\aspnet_counters.dll")
Region:
id = 1144
start_va = 0x7fef0e60000
end_va = 0x7fef0e6ffff
monitored = 0
entry_point = 0x7fef0e61560
region_type = mapped_file
name = "netfxperf.dll"
filename = "\\Windows\\System32\\netfxperf.dll" (normalized: "c:\\windows\\system32\\netfxperf.dll")
Region:
id = 1145
start_va = 0x7fef1470000
end_va = 0x7fef1479fff
monitored = 0
entry_point = 0x7fef1473994
region_type = mapped_file
name = "bitsperf.dll"
filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")
Region:
id = 1146
start_va = 0x7fef3740000
end_va = 0x7fef375bfff
monitored = 0
entry_point = 0x7fef37411a0
region_type = mapped_file
name = "rasman.dll"
filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")
Region:
id = 1147
start_va = 0x7fef3eb0000
end_va = 0x7fef3f20fff
monitored = 0
entry_point = 0x7fef3eeecc4
region_type = mapped_file
name = "winspool.drv"
filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv")
Region:
id = 1148
start_va = 0x7fef44e0000
end_va = 0x7fef44f5fff
monitored = 0
entry_point = 0x7fef44e1070
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 1149
start_va = 0x7fef4640000
end_va = 0x7fef4665fff
monitored = 0
entry_point = 0x7fef4647948
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 1150
start_va = 0x7fef4670000
end_va = 0x7fef4688fff
monitored = 0
entry_point = 0x7fef4671104
region_type = mapped_file
name = "resutils.dll"
filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")
Region:
id = 1151
start_va = 0x7fef4690000
end_va = 0x7fef46dffff
monitored = 0
entry_point = 0x7fef4691190
region_type = mapped_file
name = "clusapi.dll"
filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")
Region:
id = 1152
start_va = 0x7fef4750000
end_va = 0x7fef4763fff
monitored = 0
entry_point = 0x7fef4751070
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 1153
start_va = 0x7fef4a10000
end_va = 0x7fef4a36fff
monitored = 0
entry_point = 0x7fef4a111a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 1154
start_va = 0x7fef4a40000
end_va = 0x7fef4b21fff
monitored = 0
entry_point = 0x7fef4a63814
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 1155
start_va = 0x7fef4c10000
end_va = 0x7fef4dbdfff
monitored = 0
entry_point = 0x7fef4c3a148
region_type = mapped_file
name = "sysmain.dll"
filename = "\\Windows\\System32\\sysmain.dll" (normalized: "c:\\windows\\system32\\sysmain.dll")
Region:
id = 1156
start_va = 0x7fef7940000
end_va = 0x7fef797bfff
monitored = 0
entry_point = 0x7fef7965aa8
region_type = mapped_file
name = "wmiprov.dll"
filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll")
Region:
id = 1157
start_va = 0x7fef7980000
end_va = 0x7fef79a6fff
monitored = 0
entry_point = 0x7fef799b69c
region_type = mapped_file
name = "loadperf.dll"
filename = "\\Windows\\System32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll")
Region:
id = 1158
start_va = 0x7fef98f0000
end_va = 0x7fef98f2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 1159
start_va = 0x7fefa3b0000
end_va = 0x7fefa3b9fff
monitored = 0
entry_point = 0x7fefa3b260c
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")
Region:
id = 1160
start_va = 0x7fefa870000
end_va = 0x7fefa87afff
monitored = 0
entry_point = 0x7fefa871198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 1161
start_va = 0x7fefa880000
end_va = 0x7fefa8a6fff
monitored = 0
entry_point = 0x7fefa8898bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 1162
start_va = 0x7fefaa10000
end_va = 0x7fefaa95fff
monitored = 0
entry_point = 0x7fefaa1ffd0
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1163
start_va = 0x7fefaaa0000
end_va = 0x7fefaab3fff
monitored = 0
entry_point = 0x7fefaaa16b4
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 1164
start_va = 0x7fefaac0000
end_va = 0x7fefaad4fff
monitored = 0
entry_point = 0x7fefaac1050
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 1165
start_va = 0x7fefaae0000
end_va = 0x7fefaaebfff
monitored = 0
entry_point = 0x7fefaae18a4
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1166
start_va = 0x7fefaaf0000
end_va = 0x7fefab05fff
monitored = 0
entry_point = 0x7fefaaf11a0
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 1167
start_va = 0x7fefab20000
end_va = 0x7fefab2efff
monitored = 0
entry_point = 0x7fefab211d0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 1168
start_va = 0x7fefb520000
end_va = 0x7fefb530fff
monitored = 0
entry_point = 0x7fefb521070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 1169
start_va = 0x7fefb570000
end_va = 0x7fefb588fff
monitored = 0
entry_point = 0x7fefb5711a8
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 1170
start_va = 0x7fefbda0000
end_va = 0x7fefbdccfff
monitored = 0
entry_point = 0x7fefbda1010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1171
start_va = 0x7fefbf70000
end_va = 0x7fefbf7bfff
monitored = 0
entry_point = 0x7fefbf71064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1172
start_va = 0x7fefc2b0000
end_va = 0x7fefc2bcfff
monitored = 0
entry_point = 0x7fefc2b1348
region_type = mapped_file
name = "pcwum.dll"
filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")
Region:
id = 1173
start_va = 0x7fefc3a0000
end_va = 0x7fefc3e6fff
monitored = 0
entry_point = 0x7fefc3a1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1174
start_va = 0x7fefc490000
end_va = 0x7fefc4bffff
monitored = 0
entry_point = 0x7fefc49194c
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 1175
start_va = 0x7fefc4c0000
end_va = 0x7fefc51afff
monitored = 0
entry_point = 0x7fefc4c6940
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 1176
start_va = 0x7fefc6a0000
end_va = 0x7fefc6b7fff
monitored = 0
entry_point = 0x7fefc6a3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1177
start_va = 0x7fefc810000
end_va = 0x7fefc831fff
monitored = 0
entry_point = 0x7fefc815d30
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1178
start_va = 0x7fefc8d0000
end_va = 0x7fefc93cfff
monitored = 0
entry_point = 0x7fefc8d1010
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 1179
start_va = 0x7fefc940000
end_va = 0x7fefc953fff
monitored = 0
entry_point = 0x7fefc944160
region_type = mapped_file
name = "cryptdll.dll"
filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")
Region:
id = 1180
start_va = 0x7fefcba0000
end_va = 0x7fefcbc2fff
monitored = 0
entry_point = 0x7fefcba1198
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 1181
start_va = 0x7fefcc40000
end_va = 0x7fefcc4afff
monitored = 0
entry_point = 0x7fefcc41030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1182
start_va = 0x7fefcca0000
end_va = 0x7fefccaefff
monitored = 0
entry_point = 0x7fefcca1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1183
start_va = 0x7fefcd50000
end_va = 0x7fefcd8cfff
monitored = 0
entry_point = 0x7fefcd518f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1184
start_va = 0x7fefcd90000
end_va = 0x7fefcda3fff
monitored = 0
entry_point = 0x7fefcd910e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1185
start_va = 0x7fefcea0000
end_va = 0x7fefceb9fff
monitored = 0
entry_point = 0x7fefcea1558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1186
start_va = 0x7fefcf60000
end_va = 0x7fefcf95fff
monitored = 0
entry_point = 0x7fefcf61474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1187
start_va = 0x7fefcfa0000
end_va = 0x7fefd00afff
monitored = 0
entry_point = 0x7fefcfa30e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1188
start_va = 0x7fefd180000
end_va = 0x7fefdf07fff
monitored = 0
entry_point = 0x7fefd1fcebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1189
start_va = 0x7fefdf10000
end_va = 0x7fefdfd8fff
monitored = 0
entry_point = 0x7fefdf8a874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1190
start_va = 0x7fefdfe0000
end_va = 0x7fefe031fff
monitored = 0
entry_point = 0x7fefdfe10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1191
start_va = 0x7fefe0e0000
end_va = 0x7fefe1b6fff
monitored = 0
entry_point = 0x7fefe0e3274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1192
start_va = 0x7fefe240000
end_va = 0x7fefe416fff
monitored = 0
entry_point = 0x7fefe241010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 1193
start_va = 0x7fefe420000
end_va = 0x7fefe486fff
monitored = 0
entry_point = 0x7fefe42b03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1194
start_va = 0x7fefe4b0000
end_va = 0x7fefe4ddfff
monitored = 0
entry_point = 0x7fefe4b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1195
start_va = 0x7fefe4e0000
end_va = 0x7fefe4e7fff
monitored = 0
entry_point = 0x7fefe4e1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1196
start_va = 0x7fefe4f0000
end_va = 0x7fefe50efff
monitored = 0
entry_point = 0x7fefe4f60e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1197
start_va = 0x7fefe510000
end_va = 0x7fefe580fff
monitored = 0
entry_point = 0x7fefe521e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1198
start_va = 0x7fefe590000
end_va = 0x7fefe62efff
monitored = 0
entry_point = 0x7fefe5925a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1199
start_va = 0x7fefe7b0000
end_va = 0x7fefe848fff
monitored = 0
entry_point = 0x7fefe7b1c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1200
start_va = 0x7fefe980000
end_va = 0x7fefe9ccfff
monitored = 0
entry_point = 0x7fefe981070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1201
start_va = 0x7fefec30000
end_va = 0x7fefed5cfff
monitored = 0
entry_point = 0x7fefec7ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1202
start_va = 0x7fefed60000
end_va = 0x7fefed6dfff
monitored = 0
entry_point = 0x7fefed61080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1203
start_va = 0x7fefed70000
end_va = 0x7fefee78fff
monitored = 0
entry_point = 0x7fefed71064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1204
start_va = 0x7fefee80000
end_va = 0x7feff082fff
monitored = 0
entry_point = 0x7fefeea3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1205
start_va = 0x7feff090000
end_va = 0x7feff16afff
monitored = 0
entry_point = 0x7feff0b0760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1206
start_va = 0x7feff180000
end_va = 0x7feff180fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1207
start_va = 0x7fffff9e000
end_va = 0x7fffff9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9e000"
filename = ""
Region:
id = 1208
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 1209
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 1210
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 1211
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 1212
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 1213
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 1214
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 1215
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 1216
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 1217
start_va = 0x7fffffd5000
end_va = 0x7fffffd6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 1218
start_va = 0x7fffffd7000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 1219
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 1220
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 1221
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 1222
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 2396
start_va = 0x1eb0000
end_va = 0x1f2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001eb0000"
filename = ""
Region:
id = 2397
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Thread:
id = 62
os_tid = 0xf0c
Thread:
id = 63
os_tid = 0xc6c
Thread:
id = 64
os_tid = 0xaec
Thread:
id = 65
os_tid = 0xae8
Thread:
id = 66
os_tid = 0xae0
Thread:
id = 67
os_tid = 0xadc
Thread:
id = 68
os_tid = 0xad8
Thread:
id = 69
os_tid = 0x4ac
Thread:
id = 70
os_tid = 0x578
Thread:
id = 71
os_tid = 0x518
Thread:
id = 72
os_tid = 0x378
Thread:
id = 73
os_tid = 0x6c0
Thread:
id = 74
os_tid = 0x350
Thread:
id = 75
os_tid = 0x35c
Thread:
id = 141
os_tid = 0xcec
Thread:
id = 143
os_tid = 0xd64
Process:
id = "7"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x61000000"
os_pid = "0x2bc"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "4"
os_parent_pid = "0x1c8"
cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Local Service"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000a994" [0xc000000f], "LOCAL" [0x7]
Region:
id = 1499
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1500
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 1501
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1502
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1503
start_va = 0x50000
end_va = 0xb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1504
start_va = 0xc0000
end_va = 0xc0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 1505
start_va = 0xd0000
end_va = 0xd0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 1506
start_va = 0xe0000
end_va = 0xecfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 1507
start_va = 0xf0000
end_va = 0x16ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1508
start_va = 0x170000
end_va = 0x170fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000170000"
filename = ""
Region:
id = 1509
start_va = 0x180000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 1510
start_va = 0x280000
end_va = 0x37ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 1511
start_va = 0x380000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 1512
start_va = 0x400000
end_va = 0x41ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1513
start_va = 0x420000
end_va = 0x420fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000420000"
filename = ""
Region:
id = 1514
start_va = 0x430000
end_va = 0x43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000430000"
filename = ""
Region:
id = 1515
start_va = 0x440000
end_va = 0x5c7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000440000"
filename = ""
Region:
id = 1516
start_va = 0x5d0000
end_va = 0x750fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005d0000"
filename = ""
Region:
id = 1517
start_va = 0x760000
end_va = 0x81ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000760000"
filename = ""
Region:
id = 1518
start_va = 0x820000
end_va = 0x85ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000820000"
filename = ""
Region:
id = 1519
start_va = 0x860000
end_va = 0x8dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 1520
start_va = 0x8e0000
end_va = 0x8fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008e0000"
filename = ""
Region:
id = 1521
start_va = 0x900000
end_va = 0x901fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 1522
start_va = 0x910000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000910000"
filename = ""
Region:
id = 1523
start_va = 0x930000
end_va = 0x932fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winmgmtr.dll"
filename = "\\Windows\\System32\\wbem\\WinMgmtR.dll" (normalized: "c:\\windows\\system32\\wbem\\winmgmtr.dll")
Region:
id = 1524
start_va = 0x940000
end_va = 0x940fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000940000"
filename = ""
Region:
id = 1525
start_va = 0x950000
end_va = 0x951fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000950000"
filename = ""
Region:
id = 1526
start_va = 0x960000
end_va = 0x960fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000960000"
filename = ""
Region:
id = 1527
start_va = 0x970000
end_va = 0x970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000970000"
filename = ""
Region:
id = 1528
start_va = 0x9a0000
end_va = 0x9a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1529
start_va = 0x9b0000
end_va = 0x9b7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009b0000"
filename = ""
Region:
id = 1530
start_va = 0x9c0000
end_va = 0x9c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 1531
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009d0000"
filename = ""
Region:
id = 1532
start_va = 0xa20000
end_va = 0xa9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a20000"
filename = ""
Region:
id = 1533
start_va = 0xb00000
end_va = 0xb7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 1534
start_va = 0xb90000
end_va = 0xe5efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1535
start_va = 0xe60000
end_va = 0xf5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e60000"
filename = ""
Region:
id = 1536
start_va = 0xf60000
end_va = 0xfc1fff
monitored = 0
entry_point = 0xf708d8
region_type = mapped_file
name = "winlogon.exe"
filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe")
Region:
id = 1537
start_va = 0x1020000
end_va = 0x109ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001020000"
filename = ""
Region:
id = 1538
start_va = 0x1170000
end_va = 0x11effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001170000"
filename = ""
Region:
id = 1539
start_va = 0x12e0000
end_va = 0x135ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000012e0000"
filename = ""
Region:
id = 1540
start_va = 0x1360000
end_va = 0x13dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001360000"
filename = ""
Region:
id = 1541
start_va = 0x13f0000
end_va = 0x14effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013f0000"
filename = ""
Region:
id = 1542
start_va = 0x14f0000
end_va = 0x156ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014f0000"
filename = ""
Region:
id = 1543
start_va = 0x1610000
end_va = 0x168ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001610000"
filename = ""
Region:
id = 1544
start_va = 0x1690000
end_va = 0x170ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001690000"
filename = ""
Region:
id = 1545
start_va = 0x1790000
end_va = 0x180ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001790000"
filename = ""
Region:
id = 1546
start_va = 0x1840000
end_va = 0x18bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001840000"
filename = ""
Region:
id = 1547
start_va = 0x18e0000
end_va = 0x195ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000018e0000"
filename = ""
Region:
id = 1548
start_va = 0x1970000
end_va = 0x19effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001970000"
filename = ""
Region:
id = 1549
start_va = 0x19f0000
end_va = 0x1beffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000019f0000"
filename = ""
Region:
id = 1550
start_va = 0x1cb0000
end_va = 0x20affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001cb0000"
filename = ""
Region:
id = 1551
start_va = 0x20f0000
end_va = 0x216ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020f0000"
filename = ""
Region:
id = 1552
start_va = 0x21b0000
end_va = 0x222ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021b0000"
filename = ""
Region:
id = 1553
start_va = 0x2270000
end_va = 0x22effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002270000"
filename = ""
Region:
id = 1554
start_va = 0x2320000
end_va = 0x2722fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002320000"
filename = ""
Region:
id = 1555
start_va = 0x2790000
end_va = 0x280ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 1556
start_va = 0x2870000
end_va = 0x28effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 1557
start_va = 0x2970000
end_va = 0x29effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002970000"
filename = ""
Region:
id = 1558
start_va = 0x2a00000
end_va = 0x2a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a00000"
filename = ""
Region:
id = 1559
start_va = 0x2ad0000
end_va = 0x2b4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ad0000"
filename = ""
Region:
id = 1560
start_va = 0x2c20000
end_va = 0x2c9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c20000"
filename = ""
Region:
id = 1561
start_va = 0x2ca0000
end_va = 0x2d9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ca0000"
filename = ""
Region:
id = 1562
start_va = 0x2da0000
end_va = 0x359ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002da0000"
filename = ""
Region:
id = 1563
start_va = 0x74b40000
end_va = 0x74b42fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winmgmtr.dll"
filename = "\\Windows\\System32\\wbem\\WinMgmtR.dll" (normalized: "c:\\windows\\system32\\wbem\\winmgmtr.dll")
Region:
id = 1564
start_va = 0x76c40000
end_va = 0x76d5efff
monitored = 0
entry_point = 0x76c55ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1565
start_va = 0x76d60000
end_va = 0x76e59fff
monitored = 0
entry_point = 0x76d7a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1566
start_va = 0x76e60000
end_va = 0x77008fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1567
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1568
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1569
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1570
start_va = 0xff630000
end_va = 0xff63afff
monitored = 0
entry_point = 0xff63246c
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 1571
start_va = 0xffc50000
end_va = 0xffca2fff
monitored = 0
entry_point = 0xffc63310
region_type = mapped_file
name = "services.exe"
filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe")
Region:
id = 1572
start_va = 0xffd60000
end_va = 0xffdc1fff
monitored = 0
entry_point = 0xffd708d8
region_type = mapped_file
name = "winlogon.exe"
filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe")
Region:
id = 1573
start_va = 0x7feefd70000
end_va = 0x7feefe94fff
monitored = 0
entry_point = 0x7feefdc1570
region_type = mapped_file
name = "dbghelp.dll"
filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll")
Region:
id = 1574
start_va = 0x7fef0d30000
end_va = 0x7fef0dddfff
monitored = 0
entry_point = 0x7fef0d34104
region_type = mapped_file
name = "wuapi.dll"
filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")
Region:
id = 1575
start_va = 0x7fef4750000
end_va = 0x7fef4763fff
monitored = 0
entry_point = 0x7fef4751070
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 1576
start_va = 0x7fef4a10000
end_va = 0x7fef4a36fff
monitored = 0
entry_point = 0x7fef4a111a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 1577
start_va = 0x7fef4a40000
end_va = 0x7fef4b21fff
monitored = 0
entry_point = 0x7fef4a63814
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 1578
start_va = 0x7fef7350000
end_va = 0x7fef736afff
monitored = 0
entry_point = 0x7fef7351198
region_type = mapped_file
name = "cabinet.dll"
filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")
Region:
id = 1579
start_va = 0x7fef7830000
end_va = 0x7fef784bfff
monitored = 0
entry_point = 0x7fef7831060
region_type = mapped_file
name = "wscsvc.dll"
filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll")
Region:
id = 1580
start_va = 0x7fef7b00000
end_va = 0x7fef7b4efff
monitored = 0
entry_point = 0x7fef7b02760
region_type = mapped_file
name = "audioses.dll"
filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll")
Region:
id = 1581
start_va = 0x7fefa5d0000
end_va = 0x7fefa5e7fff
monitored = 0
entry_point = 0x7fefa5d1bf8
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 1582
start_va = 0x7fefa5f0000
end_va = 0x7fefa600fff
monitored = 0
entry_point = 0x7fefa5f16ac
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 1583
start_va = 0x7fefa6f0000
end_va = 0x7fefa72afff
monitored = 0
entry_point = 0x7fefa6f4520
region_type = mapped_file
name = "dhcpcore6.dll"
filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll")
Region:
id = 1584
start_va = 0x7fefa730000
end_va = 0x7fefa780fff
monitored = 0
entry_point = 0x7fefa73f6c0
region_type = mapped_file
name = "dhcpcore.dll"
filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll")
Region:
id = 1585
start_va = 0x7fefa840000
end_va = 0x7fefa847fff
monitored = 0
entry_point = 0x7fefa84284c
region_type = mapped_file
name = "nrpsrv.dll"
filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll")
Region:
id = 1586
start_va = 0x7fefa850000
end_va = 0x7fefa859fff
monitored = 0
entry_point = 0x7fefa851adc
region_type = mapped_file
name = "lmhsvc.dll"
filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll")
Region:
id = 1587
start_va = 0x7fefa870000
end_va = 0x7fefa87afff
monitored = 0
entry_point = 0x7fefa871198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 1588
start_va = 0x7fefa880000
end_va = 0x7fefa8a6fff
monitored = 0
entry_point = 0x7fefa8898bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 1589
start_va = 0x7fefaa10000
end_va = 0x7fefaa95fff
monitored = 0
entry_point = 0x7fefaa1ffd0
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1590
start_va = 0x7fefaac0000
end_va = 0x7fefaad4fff
monitored = 0
entry_point = 0x7fefaac1050
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 1591
start_va = 0x7fefaae0000
end_va = 0x7fefaaebfff
monitored = 0
entry_point = 0x7fefaae18a4
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1592
start_va = 0x7fefab20000
end_va = 0x7fefab2efff
monitored = 0
entry_point = 0x7fefab211d0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 1593
start_va = 0x7fefbb30000
end_va = 0x7fefbb38fff
monitored = 0
entry_point = 0x7fefbb31010
region_type = mapped_file
name = "avrt.dll"
filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")
Region:
id = 1594
start_va = 0x7fefbb40000
end_va = 0x7fefbc6bfff
monitored = 0
entry_point = 0x7fefbb494bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1595
start_va = 0x7fefbc70000
end_va = 0x7fefbcbafff
monitored = 0
entry_point = 0x7fefbc7efcc
region_type = mapped_file
name = "mmdevapi.dll"
filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")
Region:
id = 1596
start_va = 0x7fefbcc0000
end_va = 0x7fefbcebfff
monitored = 0
entry_point = 0x7fefbcc15c4
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1597
start_va = 0x7fefbcf0000
end_va = 0x7fefbd9bfff
monitored = 0
entry_point = 0x7fefbd06acc
region_type = mapped_file
name = "audiosrv.dll"
filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll")
Region:
id = 1598
start_va = 0x7fefbda0000
end_va = 0x7fefbdccfff
monitored = 0
entry_point = 0x7fefbda1010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1599
start_va = 0x7fefbdd0000
end_va = 0x7fefbf65fff
monitored = 0
entry_point = 0x7fefbdd78e4
region_type = mapped_file
name = "wevtsvc.dll"
filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll")
Region:
id = 1600
start_va = 0x7fefbf70000
end_va = 0x7fefbf7bfff
monitored = 0
entry_point = 0x7fefbf71064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1601
start_va = 0x7fefbf80000
end_va = 0x7fefc03afff
monitored = 0
entry_point = 0x7fefbf86de0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 1602
start_va = 0x7fefc040000
end_va = 0x7fefc046fff
monitored = 0
entry_point = 0x7fefc0414b0
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 1603
start_va = 0x7fefc130000
end_va = 0x7fefc14afff
monitored = 0
entry_point = 0x7fefc132068
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 1604
start_va = 0x7fefc150000
end_va = 0x7fefc16dfff
monitored = 0
entry_point = 0x7fefc1513b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1605
start_va = 0x7fefc2a0000
end_va = 0x7fefc2a9fff
monitored = 0
entry_point = 0x7fefc2a3cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 1606
start_va = 0x7fefc3a0000
end_va = 0x7fefc3e6fff
monitored = 0
entry_point = 0x7fefc3a1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1607
start_va = 0x7fefc4c0000
end_va = 0x7fefc51afff
monitored = 0
entry_point = 0x7fefc4c6940
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 1608
start_va = 0x7fefc630000
end_va = 0x7fefc636fff
monitored = 0
entry_point = 0x7fefc63142c
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 1609
start_va = 0x7fefc640000
end_va = 0x7fefc694fff
monitored = 0
entry_point = 0x7fefc641054
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 1610
start_va = 0x7fefc6a0000
end_va = 0x7fefc6b7fff
monitored = 0
entry_point = 0x7fefc6a3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1611
start_va = 0x7fefc8d0000
end_va = 0x7fefc93cfff
monitored = 0
entry_point = 0x7fefc8d1010
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 1612
start_va = 0x7fefcc40000
end_va = 0x7fefcc4afff
monitored = 0
entry_point = 0x7fefcc41030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1613
start_va = 0x7fefcc70000
end_va = 0x7fefcc94fff
monitored = 0
entry_point = 0x7fefcc79658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1614
start_va = 0x7fefcca0000
end_va = 0x7fefccaefff
monitored = 0
entry_point = 0x7fefcca1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1615
start_va = 0x7fefcd50000
end_va = 0x7fefcd8cfff
monitored = 0
entry_point = 0x7fefcd518f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1616
start_va = 0x7fefcd90000
end_va = 0x7fefcda3fff
monitored = 0
entry_point = 0x7fefcd910e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1617
start_va = 0x7fefcdb0000
end_va = 0x7fefcdbefff
monitored = 0
entry_point = 0x7fefcdb19b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1618
start_va = 0x7fefce50000
end_va = 0x7fefce5efff
monitored = 0
entry_point = 0x7fefce51020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1619
start_va = 0x7fefce60000
end_va = 0x7fefce9afff
monitored = 0
entry_point = 0x7fefce61324
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 1620
start_va = 0x7fefcea0000
end_va = 0x7fefceb9fff
monitored = 0
entry_point = 0x7fefcea1558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1621
start_va = 0x7fefcf60000
end_va = 0x7fefcf95fff
monitored = 0
entry_point = 0x7fefcf61474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1622
start_va = 0x7fefcfa0000
end_va = 0x7fefd00afff
monitored = 0
entry_point = 0x7fefcfa30e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1623
start_va = 0x7fefd010000
end_va = 0x7fefd17cfff
monitored = 0
entry_point = 0x7fefd0110b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1624
start_va = 0x7fefdf10000
end_va = 0x7fefdfd8fff
monitored = 0
entry_point = 0x7fefdf8a874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1625
start_va = 0x7fefdfe0000
end_va = 0x7fefe031fff
monitored = 0
entry_point = 0x7fefdfe10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1626
start_va = 0x7fefe0e0000
end_va = 0x7fefe1b6fff
monitored = 0
entry_point = 0x7fefe0e3274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1627
start_va = 0x7fefe240000
end_va = 0x7fefe416fff
monitored = 0
entry_point = 0x7fefe241010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 1628
start_va = 0x7fefe420000
end_va = 0x7fefe486fff
monitored = 0
entry_point = 0x7fefe42b03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1629
start_va = 0x7fefe4b0000
end_va = 0x7fefe4ddfff
monitored = 0
entry_point = 0x7fefe4b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1630
start_va = 0x7fefe4e0000
end_va = 0x7fefe4e7fff
monitored = 0
entry_point = 0x7fefe4e1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1631
start_va = 0x7fefe4f0000
end_va = 0x7fefe50efff
monitored = 0
entry_point = 0x7fefe4f60e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1632
start_va = 0x7fefe510000
end_va = 0x7fefe580fff
monitored = 0
entry_point = 0x7fefe521e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1633
start_va = 0x7fefe590000
end_va = 0x7fefe62efff
monitored = 0
entry_point = 0x7fefe5925a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1634
start_va = 0x7fefe7b0000
end_va = 0x7fefe848fff
monitored = 0
entry_point = 0x7fefe7b1c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1635
start_va = 0x7fefe980000
end_va = 0x7fefe9ccfff
monitored = 0
entry_point = 0x7fefe981070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1636
start_va = 0x7fefec30000
end_va = 0x7fefed5cfff
monitored = 0
entry_point = 0x7fefec7ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1637
start_va = 0x7fefed60000
end_va = 0x7fefed6dfff
monitored = 0
entry_point = 0x7fefed61080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1638
start_va = 0x7fefed70000
end_va = 0x7fefee78fff
monitored = 0
entry_point = 0x7fefed71064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1639
start_va = 0x7fefee80000
end_va = 0x7feff082fff
monitored = 0
entry_point = 0x7fefeea3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1640
start_va = 0x7feff090000
end_va = 0x7feff16afff
monitored = 0
entry_point = 0x7feff0b0760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1641
start_va = 0x7feff180000
end_va = 0x7feff180fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1642
start_va = 0x7fffff8c000
end_va = 0x7fffff8dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8c000"
filename = ""
Region:
id = 1643
start_va = 0x7fffff8e000
end_va = 0x7fffff8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8e000"
filename = ""
Region:
id = 1644
start_va = 0x7fffff92000
end_va = 0x7fffff93fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff92000"
filename = ""
Region:
id = 1645
start_va = 0x7fffff94000
end_va = 0x7fffff95fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff94000"
filename = ""
Region:
id = 1646
start_va = 0x7fffff96000
end_va = 0x7fffff97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff96000"
filename = ""
Region:
id = 1647
start_va = 0x7fffff98000
end_va = 0x7fffff99fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff98000"
filename = ""
Region:
id = 1648
start_va = 0x7fffff9a000
end_va = 0x7fffff9bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9a000"
filename = ""
Region:
id = 1649
start_va = 0x7fffff9c000
end_va = 0x7fffff9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9c000"
filename = ""
Region:
id = 1650
start_va = 0x7fffff9e000
end_va = 0x7fffff9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9e000"
filename = ""
Region:
id = 1651
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 1652
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 1653
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 1654
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 1655
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 1656
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 1657
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 1658
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 1659
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 1660
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 1661
start_va = 0x7fffffd5000
end_va = 0x7fffffd6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 1662
start_va = 0x7fffffd7000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 1663
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 1664
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 1665
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 2392
start_va = 0xf60000
end_va = 0xfc1fff
monitored = 0
entry_point = 0xf708d8
region_type = mapped_file
name = "winlogon.exe"
filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe")
Region:
id = 2402
start_va = 0x7fef1790000
end_va = 0x7fef190ffff
monitored = 0
entry_point = 0x7fef17c80d0
region_type = mapped_file
name = "racengn.dll"
filename = "\\Windows\\System32\\RacEngn.dll" (normalized: "c:\\windows\\system32\\racengn.dll")
Region:
id = 2404
start_va = 0xffd60000
end_va = 0xffdc1fff
monitored = 0
entry_point = 0xffd708d8
region_type = mapped_file
name = "winlogon.exe"
filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe")
Region:
id = 2405
start_va = 0xff260000
end_va = 0xff2b6fff
monitored = 0
entry_point = 0xff273450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 2406
start_va = 0x7fefb590000
end_va = 0x7fefb5c6fff
monitored = 0
entry_point = 0x7fefb598424
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 2407
start_va = 0x7fefba60000
end_va = 0x7fefbb0bfff
monitored = 0
entry_point = 0x7fefba718d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 2408
start_va = 0x7fefa780000
end_va = 0x7fefa79cfff
monitored = 0
entry_point = 0x7fefa781a28
region_type = mapped_file
name = "radardt.dll"
filename = "\\Windows\\System32\\radardt.dll" (normalized: "c:\\windows\\system32\\radardt.dll")
Region:
id = 2409
start_va = 0x7fefa740000
end_va = 0x7fefa790fff
monitored = 0
entry_point = 0x7fefa74f6c0
region_type = mapped_file
name = "dhcpcore.dll"
filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll")
Thread:
id = 90
os_tid = 0xfb4
Thread:
id = 91
os_tid = 0xc50
Thread:
id = 92
os_tid = 0xc4c
Thread:
id = 93
os_tid = 0x834
Thread:
id = 94
os_tid = 0x258
Thread:
id = 95
os_tid = 0x6b0
Thread:
id = 96
os_tid = 0x240
Thread:
id = 97
os_tid = 0x94
Thread:
id = 98
os_tid = 0x5c8
Thread:
id = 99
os_tid = 0x5c0
Thread:
id = 100
os_tid = 0x5bc
Thread:
id = 101
os_tid = 0x5b8
Thread:
id = 102
os_tid = 0x57c
Thread:
id = 103
os_tid = 0x11c
Thread:
id = 104
os_tid = 0x398
Thread:
id = 105
os_tid = 0x384
Thread:
id = 106
os_tid = 0x37c
Thread:
id = 107
os_tid = 0x36c
Thread:
id = 108
os_tid = 0x2f0
Thread:
id = 109
os_tid = 0x2ec
Thread:
id = 110
os_tid = 0x2c8
Thread:
id = 111
os_tid = 0x2c0
Thread:
id = 139
os_tid = 0xad4
Process:
id = "8"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0xdc09000"
os_pid = "0x308"
os_integrity_level = "0x4000"
os_privileges = "0x60b16080"
monitor_reason = "rpc_server"
parent_id = "4"
os_parent_pid = "0x1c8"
cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000acfc" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 2204
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2205
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 2206
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2207
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2208
start_va = 0x50000
end_va = 0xb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2209
start_va = 0xc0000
end_va = 0xc0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 2210
start_va = 0xd0000
end_va = 0xd0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 2211
start_va = 0xe0000
end_va = 0xecfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 2212
start_va = 0xf0000
end_va = 0x16ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2213
start_va = 0x170000
end_va = 0x170fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000170000"
filename = ""
Region:
id = 2214
start_va = 0x180000
end_va = 0x180fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000180000"
filename = ""
Region:
id = 2215
start_va = 0x190000
end_va = 0x190fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 2216
start_va = 0x1a0000
end_va = 0x1a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 2217
start_va = 0x1b0000
end_va = 0x1b1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 2218
start_va = 0x1c0000
end_va = 0x1c1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001c0000"
filename = ""
Region:
id = 2219
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 2220
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 2221
start_va = 0x1f0000
end_va = 0x20ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rasdlg.dll.mui"
filename = "\\Windows\\System32\\en-US\\rasdlg.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rasdlg.dll.mui")
Region:
id = 2222
start_va = 0x210000
end_va = 0x30ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 2223
start_va = 0x310000
end_va = 0x40ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000310000"
filename = ""
Region:
id = 2224
start_va = 0x410000
end_va = 0x41ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 2225
start_va = 0x420000
end_va = 0x5a7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000420000"
filename = ""
Region:
id = 2226
start_va = 0x5b0000
end_va = 0x730fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005b0000"
filename = ""
Region:
id = 2227
start_va = 0x740000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000740000"
filename = ""
Region:
id = 2228
start_va = 0x800000
end_va = 0x800fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000800000"
filename = ""
Region:
id = 2229
start_va = 0x810000
end_va = 0x810fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000810000"
filename = ""
Region:
id = 2230
start_va = 0x820000
end_va = 0x824fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sysmain.dll.mui"
filename = "\\Windows\\System32\\en-US\\sysmain.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sysmain.dll.mui")
Region:
id = 2231
start_va = 0x830000
end_va = 0x83ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000830000"
filename = ""
Region:
id = 2232
start_va = 0x840000
end_va = 0x8bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000840000"
filename = ""
Region:
id = 2233
start_va = 0x8f0000
end_va = 0x96ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008f0000"
filename = ""
Region:
id = 2234
start_va = 0x9b0000
end_va = 0x9bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009b0000"
filename = ""
Region:
id = 2235
start_va = 0x9d0000
end_va = 0xa4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2236
start_va = 0xa50000
end_va = 0xa93fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a50000"
filename = ""
Region:
id = 2237
start_va = 0xb50000
end_va = 0xbcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b50000"
filename = ""
Region:
id = 2238
start_va = 0xbd0000
end_va = 0xe9efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2239
start_va = 0xea0000
end_va = 0xf1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ea0000"
filename = ""
Region:
id = 2240
start_va = 0xf30000
end_va = 0xfaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f30000"
filename = ""
Region:
id = 2241
start_va = 0xfd0000
end_va = 0x104ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fd0000"
filename = ""
Region:
id = 2242
start_va = 0x1190000
end_va = 0x120ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001190000"
filename = ""
Region:
id = 2243
start_va = 0x1270000
end_va = 0x12effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001270000"
filename = ""
Region:
id = 2244
start_va = 0x1350000
end_va = 0x13cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001350000"
filename = ""
Region:
id = 2245
start_va = 0x1400000
end_va = 0x147ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 2246
start_va = 0x1500000
end_va = 0x157ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001500000"
filename = ""
Region:
id = 2247
start_va = 0x15a0000
end_va = 0x161ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000015a0000"
filename = ""
Region:
id = 2248
start_va = 0x1640000
end_va = 0x16bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001640000"
filename = ""
Region:
id = 2249
start_va = 0x16d0000
end_va = 0x17cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000016d0000"
filename = ""
Region:
id = 2250
start_va = 0x17f0000
end_va = 0x186ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000017f0000"
filename = ""
Region:
id = 2251
start_va = 0x18b0000
end_va = 0x192ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000018b0000"
filename = ""
Region:
id = 2252
start_va = 0x1960000
end_va = 0x196ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001960000"
filename = ""
Region:
id = 2253
start_va = 0x1970000
end_va = 0x1a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001970000"
filename = ""
Region:
id = 2254
start_va = 0x1af0000
end_va = 0x1afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001af0000"
filename = ""
Region:
id = 2255
start_va = 0x1b00000
end_va = 0x1b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b00000"
filename = ""
Region:
id = 2256
start_va = 0x1b10000
end_va = 0x1b1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b10000"
filename = ""
Region:
id = 2257
start_va = 0x1bd0000
end_va = 0x1c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001bd0000"
filename = ""
Region:
id = 2258
start_va = 0x1c50000
end_va = 0x1d4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c50000"
filename = ""
Region:
id = 2259
start_va = 0x1d90000
end_va = 0x1e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d90000"
filename = ""
Region:
id = 2260
start_va = 0x1e10000
end_va = 0x1f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e10000"
filename = ""
Region:
id = 2261
start_va = 0x1f10000
end_va = 0x200ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f10000"
filename = ""
Region:
id = 2262
start_va = 0x2070000
end_va = 0x207ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002070000"
filename = ""
Region:
id = 2263
start_va = 0x2080000
end_va = 0x208ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002080000"
filename = ""
Region:
id = 2264
start_va = 0x2090000
end_va = 0x218ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002090000"
filename = ""
Region:
id = 2265
start_va = 0x21a0000
end_va = 0x221ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021a0000"
filename = ""
Region:
id = 2266
start_va = 0x2280000
end_va = 0x228ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 2267
start_va = 0x2290000
end_va = 0x238ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002290000"
filename = ""
Region:
id = 2268
start_va = 0x2390000
end_va = 0x2b8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002390000"
filename = ""
Region:
id = 2269
start_va = 0x2c60000
end_va = 0x2cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c60000"
filename = ""
Region:
id = 2270
start_va = 0x34c0000
end_va = 0x36bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000034c0000"
filename = ""
Region:
id = 2271
start_va = 0x36c0000
end_va = 0x3abffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000036c0000"
filename = ""
Region:
id = 2272
start_va = 0x3ac0000
end_va = 0x42bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ac0000"
filename = ""
Region:
id = 2273
start_va = 0x42c0000
end_va = 0x528ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000042c0000"
filename = ""
Region:
id = 2274
start_va = 0x5290000
end_va = 0x625ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005290000"
filename = ""
Region:
id = 2275
start_va = 0x74b60000
end_va = 0x74b62fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sfc.dll"
filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll")
Region:
id = 2276
start_va = 0x76c40000
end_va = 0x76d5efff
monitored = 0
entry_point = 0x76c55ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2277
start_va = 0x76d60000
end_va = 0x76e59fff
monitored = 0
entry_point = 0x76d7a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2278
start_va = 0x76e60000
end_va = 0x77008fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2279
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 2280
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 2281
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2282
start_va = 0xff630000
end_va = 0xff63afff
monitored = 0
entry_point = 0xff63246c
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 2283
start_va = 0x7fef3700000
end_va = 0x7fef373efff
monitored = 0
entry_point = 0x7fef37012c0
region_type = mapped_file
name = "cscobj.dll"
filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll")
Region:
id = 2284
start_va = 0x7fef3740000
end_va = 0x7fef375bfff
monitored = 0
entry_point = 0x7fef37411a0
region_type = mapped_file
name = "rasman.dll"
filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")
Region:
id = 2285
start_va = 0x7fef3760000
end_va = 0x7fef37c1fff
monitored = 0
entry_point = 0x7fef3761198
region_type = mapped_file
name = "rasapi32.dll"
filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")
Region:
id = 2286
start_va = 0x7fef37d0000
end_va = 0x7fef3809fff
monitored = 0
entry_point = 0x7fef37d1010
region_type = mapped_file
name = "mprapi.dll"
filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll")
Region:
id = 2287
start_va = 0x7fef3810000
end_va = 0x7fef38e7fff
monitored = 0
entry_point = 0x7fef3878bd0
region_type = mapped_file
name = "rasdlg.dll"
filename = "\\Windows\\System32\\rasdlg.dll" (normalized: "c:\\windows\\system32\\rasdlg.dll")
Region:
id = 2288
start_va = 0x7fef38f0000
end_va = 0x7fef394bfff
monitored = 0
entry_point = 0x7fef38f8c20
region_type = mapped_file
name = "netman.dll"
filename = "\\Windows\\System32\\netman.dll" (normalized: "c:\\windows\\system32\\netman.dll")
Region:
id = 2289
start_va = 0x7fef3ba0000
end_va = 0x7fef3e2afff
monitored = 0
entry_point = 0x7fef3ba6f5c
region_type = mapped_file
name = "netshell.dll"
filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll")
Region:
id = 2290
start_va = 0x7fef40b0000
end_va = 0x7fef40bbfff
monitored = 0
entry_point = 0x7fef40b419c
region_type = mapped_file
name = "apphlpdm.dll"
filename = "\\Windows\\System32\\Apphlpdm.dll" (normalized: "c:\\windows\\system32\\apphlpdm.dll")
Region:
id = 2291
start_va = 0x7fef40c0000
end_va = 0x7fef40d6fff
monitored = 0
entry_point = 0x7fef40cd308
region_type = mapped_file
name = "portabledeviceconnectapi.dll"
filename = "\\Windows\\System32\\PortableDeviceConnectApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceconnectapi.dll")
Region:
id = 2292
start_va = 0x7fef40e0000
end_va = 0x7fef419cfff
monitored = 0
entry_point = 0x7fef40e1ea4
region_type = mapped_file
name = "portabledeviceapi.dll"
filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll")
Region:
id = 2293
start_va = 0x7fef46e0000
end_va = 0x7fef474afff
monitored = 0
entry_point = 0x7fef4724344
region_type = mapped_file
name = "hnetcfg.dll"
filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")
Region:
id = 2294
start_va = 0x7fef4750000
end_va = 0x7fef4763fff
monitored = 0
entry_point = 0x7fef4751070
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 2295
start_va = 0x7fef4910000
end_va = 0x7fef4993fff
monitored = 0
entry_point = 0x7fef4961118
region_type = mapped_file
name = "netcfgx.dll"
filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll")
Region:
id = 2296
start_va = 0x7fef4a10000
end_va = 0x7fef4a36fff
monitored = 0
entry_point = 0x7fef4a111a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 2297
start_va = 0x7fef4a40000
end_va = 0x7fef4b21fff
monitored = 0
entry_point = 0x7fef4a63814
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 2298
start_va = 0x7fef4c10000
end_va = 0x7fef4dbdfff
monitored = 0
entry_point = 0x7fef4c3a148
region_type = mapped_file
name = "sysmain.dll"
filename = "\\Windows\\System32\\sysmain.dll" (normalized: "c:\\windows\\system32\\sysmain.dll")
Region:
id = 2299
start_va = 0x7fef5540000
end_va = 0x7fef5558fff
monitored = 0
entry_point = 0x7fef5542b50
region_type = mapped_file
name = "wdi.dll"
filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")
Region:
id = 2300
start_va = 0x7fef7f90000
end_va = 0x7fef800bfff
monitored = 0
entry_point = 0x7fef7f911d4
region_type = mapped_file
name = "wer.dll"
filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")
Region:
id = 2301
start_va = 0x7fef9e60000
end_va = 0x7fef9eb6fff
monitored = 0
entry_point = 0x7fef9e61118
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 2302
start_va = 0x7fefa860000
end_va = 0x7fefa86ffff
monitored = 0
entry_point = 0x7fefa8627f0
region_type = mapped_file
name = "uxsms.dll"
filename = "\\Windows\\System32\\uxsms.dll" (normalized: "c:\\windows\\system32\\uxsms.dll")
Region:
id = 2303
start_va = 0x7fefa870000
end_va = 0x7fefa87afff
monitored = 0
entry_point = 0x7fefa871198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 2304
start_va = 0x7fefa880000
end_va = 0x7fefa8a6fff
monitored = 0
entry_point = 0x7fefa8898bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 2305
start_va = 0x7fefaa10000
end_va = 0x7fefaa95fff
monitored = 0
entry_point = 0x7fefaa1ffd0
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 2306
start_va = 0x7fefab20000
end_va = 0x7fefab2efff
monitored = 0
entry_point = 0x7fefab211d0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 2307
start_va = 0x7fefab30000
end_va = 0x7fefab40fff
monitored = 0
entry_point = 0x7fefab314c0
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 2308
start_va = 0x7fefab90000
end_va = 0x7fefabb1fff
monitored = 0
entry_point = 0x7fefab91020
region_type = mapped_file
name = "trkwks.dll"
filename = "\\Windows\\System32\\trkwks.dll" (normalized: "c:\\windows\\system32\\trkwks.dll")
Region:
id = 2309
start_va = 0x7fefabc0000
end_va = 0x7fefabcffff
monitored = 0
entry_point = 0x7fefabc1010
region_type = mapped_file
name = "sfc_os.dll"
filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll")
Region:
id = 2310
start_va = 0x7fefabd0000
end_va = 0x7fefabe1fff
monitored = 0
entry_point = 0x7fefabd1050
region_type = mapped_file
name = "aepic.dll"
filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll")
Region:
id = 2311
start_va = 0x7fefabf0000
end_va = 0x7fefac22fff
monitored = 0
entry_point = 0x7fefabf101c
region_type = mapped_file
name = "pcasvc.dll"
filename = "\\Windows\\System32\\pcasvc.dll" (normalized: "c:\\windows\\system32\\pcasvc.dll")
Region:
id = 2312
start_va = 0x7fefad60000
end_va = 0x7fefad94fff
monitored = 0
entry_point = 0x7fefad61064
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 2313
start_va = 0x7fefb520000
end_va = 0x7fefb530fff
monitored = 0
entry_point = 0x7fefb521070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2314
start_va = 0x7fefb540000
end_va = 0x7fefb54afff
monitored = 0
entry_point = 0x7fefb544f8c
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 2315
start_va = 0x7fefb550000
end_va = 0x7fefb55bfff
monitored = 0
entry_point = 0x7fefb5515d8
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 2316
start_va = 0x7fefb570000
end_va = 0x7fefb588fff
monitored = 0
entry_point = 0x7fefb5711a8
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 2317
start_va = 0x7fefb5d0000
end_va = 0x7fefb5e4fff
monitored = 0
entry_point = 0x7fefb5d60d8
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 2318
start_va = 0x7fefb6c0000
end_va = 0x7fefb8b3fff
monitored = 0
entry_point = 0x7fefb84c924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 2319
start_va = 0x7fefb8c0000
end_va = 0x7fefb8fcfff
monitored = 0
entry_point = 0x7fefb8c1b7c
region_type = mapped_file
name = "mstask.dll"
filename = "\\Windows\\System32\\mstask.dll" (normalized: "c:\\windows\\system32\\mstask.dll")
Region:
id = 2320
start_va = 0x7fefb900000
end_va = 0x7fefba26fff
monitored = 0
entry_point = 0x7fefb9010ec
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")
Region:
id = 2321
start_va = 0x7fefba30000
end_va = 0x7fefba5ffff
monitored = 0
entry_point = 0x7fefba4fe98
region_type = mapped_file
name = "peerdist.dll"
filename = "\\Windows\\System32\\PeerDist.dll" (normalized: "c:\\windows\\system32\\peerdist.dll")
Region:
id = 2322
start_va = 0x7fefba60000
end_va = 0x7fefbb0bfff
monitored = 0
entry_point = 0x7fefba718d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 2323
start_va = 0x7fefbb30000
end_va = 0x7fefbb38fff
monitored = 0
entry_point = 0x7fefbb31010
region_type = mapped_file
name = "avrt.dll"
filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")
Region:
id = 2324
start_va = 0x7fefbb40000
end_va = 0x7fefbc6bfff
monitored = 0
entry_point = 0x7fefbb494bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 2325
start_va = 0x7fefbc70000
end_va = 0x7fefbcbafff
monitored = 0
entry_point = 0x7fefbc7efcc
region_type = mapped_file
name = "mmdevapi.dll"
filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")
Region:
id = 2326
start_va = 0x7fefbcc0000
end_va = 0x7fefbcebfff
monitored = 0
entry_point = 0x7fefbcc15c4
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2327
start_va = 0x7fefbcf0000
end_va = 0x7fefbd9bfff
monitored = 0
entry_point = 0x7fefbd06acc
region_type = mapped_file
name = "audiosrv.dll"
filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll")
Region:
id = 2328
start_va = 0x7fefbda0000
end_va = 0x7fefbdccfff
monitored = 0
entry_point = 0x7fefbda1010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2329
start_va = 0x7fefbf70000
end_va = 0x7fefbf7bfff
monitored = 0
entry_point = 0x7fefbf71064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2330
start_va = 0x7fefc130000
end_va = 0x7fefc14afff
monitored = 0
entry_point = 0x7fefc132068
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 2331
start_va = 0x7fefc150000
end_va = 0x7fefc16dfff
monitored = 0
entry_point = 0x7fefc1513b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 2332
start_va = 0x7fefc170000
end_va = 0x7fefc181fff
monitored = 0
entry_point = 0x7fefc171060
region_type = mapped_file
name = "devrtl.dll"
filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")
Region:
id = 2333
start_va = 0x7fefc2a0000
end_va = 0x7fefc2a9fff
monitored = 0
entry_point = 0x7fefc2a3cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 2334
start_va = 0x7fefc2b0000
end_va = 0x7fefc2bcfff
monitored = 0
entry_point = 0x7fefc2b1348
region_type = mapped_file
name = "pcwum.dll"
filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")
Region:
id = 2335
start_va = 0x7fefc3a0000
end_va = 0x7fefc3e6fff
monitored = 0
entry_point = 0x7fefc3a1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2336
start_va = 0x7fefc6a0000
end_va = 0x7fefc6b7fff
monitored = 0
entry_point = 0x7fefc6a3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2337
start_va = 0x7fefc890000
end_va = 0x7fefc8befff
monitored = 0
entry_point = 0x7fefc891064
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 2338
start_va = 0x7fefc8d0000
end_va = 0x7fefc93cfff
monitored = 0
entry_point = 0x7fefc8d1010
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 2339
start_va = 0x7fefcc40000
end_va = 0x7fefcc4afff
monitored = 0
entry_point = 0x7fefcc41030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 2340
start_va = 0x7fefcc70000
end_va = 0x7fefcc94fff
monitored = 0
entry_point = 0x7fefcc79658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2341
start_va = 0x7fefcca0000
end_va = 0x7fefccaefff
monitored = 0
entry_point = 0x7fefcca1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2342
start_va = 0x7fefcd50000
end_va = 0x7fefcd8cfff
monitored = 0
entry_point = 0x7fefcd518f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 2343
start_va = 0x7fefcd90000
end_va = 0x7fefcda3fff
monitored = 0
entry_point = 0x7fefcd910e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 2344
start_va = 0x7fefcdb0000
end_va = 0x7fefcdbefff
monitored = 0
entry_point = 0x7fefcdb19b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2345
start_va = 0x7fefce50000
end_va = 0x7fefce5efff
monitored = 0
entry_point = 0x7fefce51020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 2346
start_va = 0x7fefce60000
end_va = 0x7fefce9afff
monitored = 0
entry_point = 0x7fefce61324
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 2347
start_va = 0x7fefcea0000
end_va = 0x7fefceb9fff
monitored = 0
entry_point = 0x7fefcea1558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2348
start_va = 0x7fefcf60000
end_va = 0x7fefcf95fff
monitored = 0
entry_point = 0x7fefcf61474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2349
start_va = 0x7fefcfa0000
end_va = 0x7fefd00afff
monitored = 0
entry_point = 0x7fefcfa30e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2350
start_va = 0x7fefd010000
end_va = 0x7fefd17cfff
monitored = 0
entry_point = 0x7fefd0110b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 2351
start_va = 0x7fefd180000
end_va = 0x7fefdf07fff
monitored = 0
entry_point = 0x7fefd1fcebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2352
start_va = 0x7fefdf10000
end_va = 0x7fefdfd8fff
monitored = 0
entry_point = 0x7fefdf8a874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2353
start_va = 0x7fefdfe0000
end_va = 0x7fefe031fff
monitored = 0
entry_point = 0x7fefdfe10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 2354
start_va = 0x7fefe0e0000
end_va = 0x7fefe1b6fff
monitored = 0
entry_point = 0x7fefe0e3274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2355
start_va = 0x7fefe240000
end_va = 0x7fefe416fff
monitored = 0
entry_point = 0x7fefe241010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 2356
start_va = 0x7fefe420000
end_va = 0x7fefe486fff
monitored = 0
entry_point = 0x7fefe42b03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2357
start_va = 0x7fefe4b0000
end_va = 0x7fefe4ddfff
monitored = 0
entry_point = 0x7fefe4b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2358
start_va = 0x7fefe4e0000
end_va = 0x7fefe4e7fff
monitored = 0
entry_point = 0x7fefe4e1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2359
start_va = 0x7fefe4f0000
end_va = 0x7fefe50efff
monitored = 0
entry_point = 0x7fefe4f60e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2360
start_va = 0x7fefe510000
end_va = 0x7fefe580fff
monitored = 0
entry_point = 0x7fefe521e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2361
start_va = 0x7fefe590000
end_va = 0x7fefe62efff
monitored = 0
entry_point = 0x7fefe5925a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2362
start_va = 0x7fefe7b0000
end_va = 0x7fefe848fff
monitored = 0
entry_point = 0x7fefe7b1c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2363
start_va = 0x7fefe980000
end_va = 0x7fefe9ccfff
monitored = 0
entry_point = 0x7fefe981070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2364
start_va = 0x7fefec30000
end_va = 0x7fefed5cfff
monitored = 0
entry_point = 0x7fefec7ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2365
start_va = 0x7fefed60000
end_va = 0x7fefed6dfff
monitored = 0
entry_point = 0x7fefed61080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2366
start_va = 0x7fefed70000
end_va = 0x7fefee78fff
monitored = 0
entry_point = 0x7fefed71064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2367
start_va = 0x7fefee80000
end_va = 0x7feff082fff
monitored = 0
entry_point = 0x7fefeea3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2368
start_va = 0x7feff090000
end_va = 0x7feff16afff
monitored = 0
entry_point = 0x7feff0b0760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2369
start_va = 0x7feff180000
end_va = 0x7feff180fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2370
start_va = 0x7fffff86000
end_va = 0x7fffff87fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff86000"
filename = ""
Region:
id = 2371
start_va = 0x7fffff8c000
end_va = 0x7fffff8dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8c000"
filename = ""
Region:
id = 2372
start_va = 0x7fffff92000
end_va = 0x7fffff93fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff92000"
filename = ""
Region:
id = 2373
start_va = 0x7fffff94000
end_va = 0x7fffff95fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff94000"
filename = ""
Region:
id = 2374
start_va = 0x7fffff96000
end_va = 0x7fffff97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff96000"
filename = ""
Region:
id = 2375
start_va = 0x7fffff98000
end_va = 0x7fffff99fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff98000"
filename = ""
Region:
id = 2376
start_va = 0x7fffff9c000
end_va = 0x7fffff9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9c000"
filename = ""
Region:
id = 2377
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 2378
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 2379
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 2380
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 2381
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 2382
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 2383
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 2384
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 2385
start_va = 0x7fffffd5000
end_va = 0x7fffffd6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 2386
start_va = 0x7fffffd7000
end_va = 0x7fffffd8fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 2387
start_va = 0x7fffffd9000
end_va = 0x7fffffdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd9000"
filename = ""
Region:
id = 2388
start_va = 0x7fffffdb000
end_va = 0x7fffffdcfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdb000"
filename = ""
Region:
id = 2389
start_va = 0x7fffffdd000
end_va = 0x7fffffdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdd000"
filename = ""
Region:
id = 2390
start_va = 0x7fffffdf000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdf000"
filename = ""
Region:
id = 2398
start_va = 0x1050000
end_va = 0x10cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001050000"
filename = ""
Region:
id = 2399
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 2400
start_va = 0x2ce0000
end_va = 0x2db1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ce0000"
filename = ""
Region:
id = 2401
start_va = 0x2ce0000
end_va = 0x2fa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ce0000"
filename = ""
Region:
id = 2403
start_va = 0x2fb0000
end_va = 0x3270fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002fb0000"
filename = ""
Region:
id = 2410
start_va = 0x2390000
end_va = 0x29c9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002390000"
filename = ""
Region:
id = 2411
start_va = 0x29d0000
end_va = 0x2fe9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000029d0000"
filename = ""
Region:
id = 2412
start_va = 0x2390000
end_va = 0x257efff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002390000"
filename = ""
Region:
id = 2413
start_va = 0x2580000
end_va = 0x275afff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002580000"
filename = ""
Region:
id = 2414
start_va = 0x2390000
end_va = 0x24c3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002390000"
filename = ""
Region:
id = 2415
start_va = 0x24d0000
end_va = 0x25fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024d0000"
filename = ""
Region:
id = 2416
start_va = 0xaa0000
end_va = 0xaf1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "agapplaunch.db"
filename = "\\Windows\\Prefetch\\AgAppLaunch.db" (normalized: "c:\\windows\\prefetch\\agapplaunch.db")
Thread:
id = 117
os_tid = 0x64c
Thread:
id = 118
os_tid = 0x2a0
Thread:
id = 119
os_tid = 0x3dc
Thread:
id = 120
os_tid = 0x738
Thread:
id = 121
os_tid = 0x690
Thread:
id = 122
os_tid = 0x688
Thread:
id = 123
os_tid = 0x120
Thread:
id = 124
os_tid = 0x3f8
Thread:
id = 125
os_tid = 0x3b4
Thread:
id = 126
os_tid = 0x3a8
Thread:
id = 127
os_tid = 0x3a4
Thread:
id = 128
os_tid = 0x394
Thread:
id = 129
os_tid = 0x390
Thread:
id = 130
os_tid = 0x358
Thread:
id = 131
os_tid = 0x344
Thread:
id = 132
os_tid = 0x340
Thread:
id = 133
os_tid = 0x328
Thread:
id = 134
os_tid = 0x310
Thread:
id = 135
os_tid = 0x30c
Thread:
id = 136
os_tid = 0xcc
Thread:
id = 140
os_tid = 0xc44
Process:
id = "9"
image_name = "taskeng.exe"
filename = "c:\\windows\\system32\\taskeng.exe"
page_root = "0x765e8000"
os_pid = "0x5a4"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "created_scheduled_job"
parent_id = "2"
os_parent_pid = "0x364"
cmd_line = "taskeng.exe {8DBB5349-D9B8-453E-AA31-110952FD5DFE} S-1-5-21-4219442223-4223814209-3835049652-1000:Q9IATRKPRH\\kEecfMwgj:Interactive:LUA[1]"
cur_dir = "C:\\Windows\\system32\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e34b" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2417
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2418
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2419
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2420
start_va = 0x70000
end_va = 0xeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000070000"
filename = ""
Region:
id = 2421
start_va = 0x771b0000
end_va = 0x77358fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2422
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 2423
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2424
start_va = 0xff3e0000
end_va = 0xff453fff
monitored = 0
entry_point = 0xff3ef44c
region_type = mapped_file
name = "taskeng.exe"
filename = "\\Windows\\System32\\taskeng.exe" (normalized: "c:\\windows\\system32\\taskeng.exe")
Region:
id = 2425
start_va = 0x7feff4d0000
end_va = 0x7feff4d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2426
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 2427
start_va = 0x7fffffd4000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Region:
id = 2428
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 2552
start_va = 0x1c0000
end_va = 0x2bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2553
start_va = 0x77090000
end_va = 0x771aefff
monitored = 0
entry_point = 0x770a5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2554
start_va = 0x7fefd320000
end_va = 0x7fefd38afff
monitored = 0
entry_point = 0x7fefd3230e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2555
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2556
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 2557
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 2558
start_va = 0xf0000
end_va = 0x156fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2559
start_va = 0x76f90000
end_va = 0x77089fff
monitored = 0
entry_point = 0x76faa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2560
start_va = 0x7fefedd0000
end_va = 0x7fefee36fff
monitored = 0
entry_point = 0x7fefeddb03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2561
start_va = 0x7fefedc0000
end_va = 0x7fefedcdfff
monitored = 0
entry_point = 0x7fefedc1080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2562
start_va = 0x7fefee40000
end_va = 0x7fefef08fff
monitored = 0
entry_point = 0x7fefeeba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2563
start_va = 0x7fefed20000
end_va = 0x7fefedbefff
monitored = 0
entry_point = 0x7fefed225a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2564
start_va = 0x7feff1c0000
end_va = 0x7feff3c2fff
monitored = 0
entry_point = 0x7feff1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2565
start_va = 0x7fefd880000
end_va = 0x7fefd9acfff
monitored = 0
entry_point = 0x7fefd8ced50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2566
start_va = 0x7fefdb30000
end_va = 0x7fefdc06fff
monitored = 0
entry_point = 0x7fefdb33274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2567
start_va = 0x7fef87a0000
end_va = 0x7fef87a9fff
monitored = 0
entry_point = 0x7fef87a260c
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")
Region:
id = 2568
start_va = 0x7fefcc20000
end_va = 0x7fefcc8cfff
monitored = 0
entry_point = 0x7fefcc21010
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 2569
start_va = 0x2c0000
end_va = 0x35ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002c0000"
filename = ""
Region:
id = 2570
start_va = 0x360000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 2571
start_va = 0x160000
end_va = 0x188fff
monitored = 0
entry_point = 0x161010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2572
start_va = 0x460000
end_va = 0x5e7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000460000"
filename = ""
Region:
id = 2573
start_va = 0x160000
end_va = 0x188fff
monitored = 0
entry_point = 0x161010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2574
start_va = 0x7fefd7b0000
end_va = 0x7fefd7ddfff
monitored = 0
entry_point = 0x7fefd7b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2575
start_va = 0x7fefd4d0000
end_va = 0x7fefd5d8fff
monitored = 0
entry_point = 0x7fefd4d1064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2576
start_va = 0x5f0000
end_va = 0x770fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005f0000"
filename = ""
Region:
id = 2577
start_va = 0x780000
end_va = 0x1b7ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000780000"
filename = ""
Region:
id = 2578
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taskeng.exe.mui"
filename = "\\Windows\\System32\\en-US\\TaskEng.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskeng.exe.mui")
Region:
id = 2579
start_va = 0x50000
end_va = 0x50fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2580
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 2581
start_va = 0x1b80000
end_va = 0x1daffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b80000"
filename = ""
Region:
id = 2582
start_va = 0x2c0000
end_va = 0x33cfff
monitored = 0
entry_point = 0x2ccec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2583
start_va = 0x350000
end_va = 0x35ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000350000"
filename = ""
Region:
id = 2584
start_va = 0x2c0000
end_va = 0x33cfff
monitored = 0
entry_point = 0x2ccec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2585
start_va = 0x7fefcff0000
end_va = 0x7fefcffefff
monitored = 0
entry_point = 0x7fefcff1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2586
start_va = 0x7fefd710000
end_va = 0x7fefd72efff
monitored = 0
entry_point = 0x7fefd7160e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2587
start_va = 0x2c0000
end_va = 0x33ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002c0000"
filename = ""
Region:
id = 2588
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 2589
start_va = 0x7feff3e0000
end_va = 0x7feff4bafff
monitored = 0
entry_point = 0x7feff400760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2590
start_va = 0x7fefc9f0000
end_va = 0x7fefca07fff
monitored = 0
entry_point = 0x7fefc9f3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2591
start_va = 0x160000
end_va = 0x1a4fff
monitored = 0
entry_point = 0x161064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2592
start_va = 0x160000
end_va = 0x1a4fff
monitored = 0
entry_point = 0x161064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2593
start_va = 0x160000
end_va = 0x1a4fff
monitored = 0
entry_point = 0x161064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2594
start_va = 0x160000
end_va = 0x1a4fff
monitored = 0
entry_point = 0x161064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2595
start_va = 0x160000
end_va = 0x1a4fff
monitored = 0
entry_point = 0x161064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2596
start_va = 0x7fefc6f0000
end_va = 0x7fefc736fff
monitored = 0
entry_point = 0x7fefc6f1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2597
start_va = 0x7fefef10000
end_va = 0x7fefef80fff
monitored = 0
entry_point = 0x7fefef21e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2598
start_va = 0x1df0000
end_va = 0x1e6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001df0000"
filename = ""
Region:
id = 2599
start_va = 0x7fefcfc0000
end_va = 0x7fefcfe4fff
monitored = 0
entry_point = 0x7fefcfc9658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2600
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 2601
start_va = 0x1b80000
end_va = 0x1c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b80000"
filename = ""
Region:
id = 2602
start_va = 0x1d30000
end_va = 0x1daffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d30000"
filename = ""
Region:
id = 2603
start_va = 0x1ca0000
end_va = 0x1d1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ca0000"
filename = ""
Region:
id = 2604
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 2605
start_va = 0x1e70000
end_va = 0x213efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2606
start_va = 0x7fefd0e0000
end_va = 0x7fefd0f3fff
monitored = 0
entry_point = 0x7fefd0e10e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 2607
start_va = 0x2240000
end_va = 0x22bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002240000"
filename = ""
Region:
id = 2608
start_va = 0x2390000
end_va = 0x240ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002390000"
filename = ""
Region:
id = 2609
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 2610
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 2611
start_va = 0x160000
end_va = 0x160fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000160000"
filename = ""
Region:
id = 2612
start_va = 0x7fefde70000
end_va = 0x7fefdf08fff
monitored = 0
entry_point = 0x7fefde71c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2613
start_va = 0x7fefb3a0000
end_va = 0x7fefb3a8fff
monitored = 0
entry_point = 0x7fefb3a11a0
region_type = mapped_file
name = "tschannel.dll"
filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll")
Region:
id = 2614
start_va = 0x7fefba50000
end_va = 0x7fefbaa5fff
monitored = 0
entry_point = 0x7fefba5bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2615
start_va = 0x2140000
end_va = 0x21bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002140000"
filename = ""
Region:
id = 2616
start_va = 0x7fefb5e0000
end_va = 0x7fefb614fff
monitored = 0
entry_point = 0x7fefb5e1064
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 2617
start_va = 0x24a0000
end_va = 0x251ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024a0000"
filename = ""
Region:
id = 2618
start_va = 0x2520000
end_va = 0x25fefff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002520000"
filename = ""
Region:
id = 2619
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 2620
start_va = 0x7fefb620000
end_va = 0x7fefb637fff
monitored = 0
entry_point = 0x7fefb621130
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 6474
start_va = 0x2430000
end_va = 0x24affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002430000"
filename = ""
Region:
id = 6488
start_va = 0x2370000
end_va = 0x23effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002370000"
filename = ""
Region:
id = 6489
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Thread:
id = 144
os_tid = 0x5a8
Thread:
id = 145
os_tid = 0x5b4
Thread:
id = 146
os_tid = 0x5cc
Thread:
id = 147
os_tid = 0x5d0
Thread:
id = 148
os_tid = 0x5e0
Thread:
id = 149
os_tid = 0x5e4
Thread:
id = 150
os_tid = 0x5f4
Thread:
id = 310
os_tid = 0x55c
Thread:
id = 419
os_tid = 0x304
Thread:
id = 426
os_tid = 0x4bc
Process:
id = "10"
image_name = "emvflise.exe"
filename = "c:\\users\\keecfmwgj\\appdata\\roaming\\emvflise.exe"
page_root = "0x292de000"
os_pid = "0x5fc"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "9"
os_parent_pid = "0x5a4"
cmd_line = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe "
cur_dir = "C:\\Windows\\system32\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e34b" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2784
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2785
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 2786
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2787
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 2788
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 2789
start_va = 0x1d0000
end_va = 0x20ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 2790
start_va = 0x220000
end_va = 0x31ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000220000"
filename = ""
Region:
id = 2791
start_va = 0x1110000
end_va = 0x1259fff
monitored = 1
entry_point = 0x122780e
region_type = mapped_file
name = "emvflise.exe"
filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\emvflise.exe")
Region:
id = 2792
start_va = 0x771b0000
end_va = 0x77358fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2793
start_va = 0x77390000
end_va = 0x7750ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 2794
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 2795
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 2796
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 2797
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 2798
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 2799
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2800
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 2801
start_va = 0x320000
end_va = 0x48ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000320000"
filename = ""
Region:
id = 2802
start_va = 0x74e80000
end_va = 0x74ebefff
monitored = 0
entry_point = 0x74eade78
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 2803
start_va = 0x74e20000
end_va = 0x74e7bfff
monitored = 0
entry_point = 0x74e5f798
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 2804
start_va = 0x74e10000
end_va = 0x74e17fff
monitored = 0
entry_point = 0x74e120f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 2805
start_va = 0x77090000
end_va = 0x771aefff
monitored = 0
entry_point = 0x770a5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2806
start_va = 0x76600000
end_va = 0x7670ffff
monitored = 0
entry_point = 0x766132d3
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 2807
start_va = 0x77090000
end_va = 0x771aefff
monitored = 0
entry_point = 0x770a5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2808
start_va = 0x77090000
end_va = 0x771aefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000077090000"
filename = ""
Region:
id = 2809
start_va = 0x76f90000
end_va = 0x77089fff
monitored = 0
entry_point = 0x76faa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2810
start_va = 0x76f90000
end_va = 0x77089fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076f90000"
filename = ""
Region:
id = 2914
start_va = 0x490000
end_va = 0x67ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 2915
start_va = 0x74cc0000
end_va = 0x74d09fff
monitored = 1
entry_point = 0x74cc2e54
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 2922
start_va = 0x76600000
end_va = 0x7670ffff
monitored = 0
entry_point = 0x766132d3
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 3248
start_va = 0x75580000
end_va = 0x755c5fff
monitored = 0
entry_point = 0x75587478
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 3249
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3250
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 3251
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 3252
start_va = 0x70000
end_va = 0xd6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3253
start_va = 0xe0000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 3254
start_va = 0xe0000
end_va = 0x15ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 3255
start_va = 0x180000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 3659
start_va = 0x76c10000
end_va = 0x76caffff
monitored = 0
entry_point = 0x76c249e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 3660
start_va = 0x76cb0000
end_va = 0x76d5bfff
monitored = 0
entry_point = 0x76cba472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 3661
start_va = 0x764b0000
end_va = 0x764c8fff
monitored = 0
entry_point = 0x764b4975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 3662
start_va = 0x76ea0000
end_va = 0x76f8ffff
monitored = 0
entry_point = 0x76eb0569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 3663
start_va = 0x74ee0000
end_va = 0x74f3ffff
monitored = 0
entry_point = 0x74efa3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 3664
start_va = 0x74ed0000
end_va = 0x74edbfff
monitored = 0
entry_point = 0x74ed10e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 3665
start_va = 0x320000
end_va = 0x37ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000320000"
filename = ""
Region:
id = 3666
start_va = 0x410000
end_va = 0x48ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 3667
start_va = 0x74c20000
end_va = 0x74cacfff
monitored = 1
entry_point = 0x74c32860
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 3668
start_va = 0x74c10000
end_va = 0x74c12fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 3669
start_va = 0x76810000
end_va = 0x76866fff
monitored = 0
entry_point = 0x76829ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 3670
start_va = 0x76a10000
end_va = 0x76a9ffff
monitored = 0
entry_point = 0x76a26343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 3671
start_va = 0x76710000
end_va = 0x7680ffff
monitored = 0
entry_point = 0x7672b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 3672
start_va = 0x77360000
end_va = 0x77369fff
monitored = 0
entry_point = 0x773636a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 3673
start_va = 0x76dc0000
end_va = 0x76e5cfff
monitored = 0
entry_point = 0x76df3fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 3674
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 3675
start_va = 0x680000
end_va = 0x807fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000680000"
filename = ""
Region:
id = 3676
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 3677
start_va = 0x76d60000
end_va = 0x76dbffff
monitored = 0
entry_point = 0x76d7158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 3678
start_va = 0x75340000
end_va = 0x7540bfff
monitored = 0
entry_point = 0x7534168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 3679
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 3680
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 3681
start_va = 0x810000
end_va = 0x990fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000810000"
filename = ""
Region:
id = 3682
start_va = 0x1260000
end_va = 0x265ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001260000"
filename = ""
Region:
id = 3683
start_va = 0x9a0000
end_va = 0xae5fff
monitored = 1
entry_point = 0xab780e
region_type = mapped_file
name = "emvflise.exe"
filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\emvflise.exe")
Region:
id = 3684
start_va = 0x9a0000
end_va = 0xae5fff
monitored = 1
entry_point = 0xab780e
region_type = mapped_file
name = "emvflise.exe"
filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\emvflise.exe")
Region:
id = 3685
start_va = 0x74c00000
end_va = 0x74c08fff
monitored = 0
entry_point = 0x74c01220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 3686
start_va = 0x74450000
end_va = 0x74bfefff
monitored = 1
entry_point = 0x7446d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 3687
start_va = 0x73ca0000
end_va = 0x7444efff
monitored = 1
entry_point = 0x73cbd0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 3688
start_va = 0x74450000
end_va = 0x74bfefff
monitored = 1
entry_point = 0x7446d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 3690
start_va = 0x74430000
end_va = 0x74443fff
monitored = 0
entry_point = 0x7443ac00
region_type = mapped_file
name = "vcruntime140_clr0400.dll"
filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")
Region:
id = 3691
start_va = 0x74380000
end_va = 0x7442afff
monitored = 0
entry_point = 0x74415f20
region_type = mapped_file
name = "ucrtbase_clr0400.dll"
filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")
Region:
id = 3692
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 3693
start_va = 0x120000
end_va = 0x15ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000120000"
filename = ""
Region:
id = 3694
start_va = 0xf0000
end_va = 0xfffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 3695
start_va = 0x100000
end_va = 0x10ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 3696
start_va = 0x110000
end_va = 0x11ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 3697
start_va = 0x160000
end_va = 0x16ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 3698
start_va = 0x170000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 3699
start_va = 0x190000
end_va = 0x19ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 3700
start_va = 0x1a0000
end_va = 0x1a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 3701
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 3702
start_va = 0x9a0000
end_va = 0xb2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 3703
start_va = 0xb30000
end_va = 0xc9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b30000"
filename = ""
Region:
id = 3704
start_va = 0x4b0000
end_va = 0x4effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004b0000"
filename = ""
Region:
id = 3705
start_va = 0x580000
end_va = 0x67ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 3706
start_va = 0xde0000
end_va = 0xedffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 3707
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 3708
start_va = 0x1c0000
end_va = 0x1cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 3709
start_va = 0x2660000
end_va = 0x465ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002660000"
filename = ""
Region:
id = 3710
start_va = 0x9a0000
end_va = 0xa3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 3711
start_va = 0xaf0000
end_va = 0xb2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000af0000"
filename = ""
Region:
id = 3712
start_va = 0x3c0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003c0000"
filename = ""
Region:
id = 3713
start_va = 0xfb0000
end_va = 0x10affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fb0000"
filename = ""
Region:
id = 3714
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 3715
start_va = 0x540000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000540000"
filename = ""
Region:
id = 3716
start_va = 0xca0000
end_va = 0xd9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ca0000"
filename = ""
Region:
id = 3717
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 3718
start_va = 0x4660000
end_va = 0x492efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3719
start_va = 0x72740000
end_va = 0x73b4afff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")
Region:
id = 3720
start_va = 0x76aa0000
end_va = 0x76bfbfff
monitored = 0
entry_point = 0x76aeba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 3721
start_va = 0x74300000
end_va = 0x7437ffff
monitored = 0
entry_point = 0x743137c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 3722
start_va = 0x4930000
end_va = 0x4abffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004930000"
filename = ""
Region:
id = 3723
start_va = 0xb30000
end_va = 0xc0efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b30000"
filename = ""
Region:
id = 3724
start_va = 0xc60000
end_va = 0xc9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c60000"
filename = ""
Region:
id = 3726
start_va = 0x1c0000
end_va = 0x1cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 3727
start_va = 0x210000
end_va = 0x21ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 3728
start_va = 0x71ce0000
end_va = 0x72734fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")
Region:
id = 3729
start_va = 0x714c0000
end_va = 0x71cd7fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")
Region:
id = 3730
start_va = 0x74110000
end_va = 0x742f1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.visualbasic.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")
Region:
id = 3731
start_va = 0x74080000
end_va = 0x74108fff
monitored = 1
entry_point = 0x74081130
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 3732
start_va = 0x752b0000
end_va = 0x7533efff
monitored = 0
entry_point = 0x752b3fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 3733
start_va = 0x320000
end_va = 0x32ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000320000"
filename = ""
Region:
id = 3734
start_va = 0x370000
end_va = 0x37ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000370000"
filename = ""
Region:
id = 3735
start_va = 0x73ed0000
end_va = 0x74072fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")
Region:
id = 3737
start_va = 0x70650000
end_va = 0x714b5fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")
Region:
id = 3741
start_va = 0x73dc0000
end_va = 0x73ec4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.configuration.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")
Region:
id = 3742
start_va = 0x6fed0000
end_va = 0x70643fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")
Region:
id = 3743
start_va = 0x73da0000
end_va = 0x73db2fff
monitored = 1
entry_point = 0x73dad900
region_type = mapped_file
name = "nlssorting.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")
Region:
id = 3744
start_va = 0x4ac0000
end_va = 0x4d91fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nlp"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp")
Region:
id = 3745
start_va = 0x75860000
end_va = 0x764a9fff
monitored = 0
entry_point = 0x758e1601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 3746
start_va = 0x330000
end_va = 0x330fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000330000"
filename = ""
Region:
id = 3747
start_va = 0x73d90000
end_va = 0x73d9afff
monitored = 0
entry_point = 0x73d91992
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 3748
start_va = 0x380000
end_va = 0x3bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 3749
start_va = 0x73d70000
end_va = 0x73d86fff
monitored = 0
entry_point = 0x73d735fa
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 3750
start_va = 0x73d50000
end_va = 0x73d66fff
monitored = 0
entry_point = 0x73d53573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 3751
start_va = 0x4f0000
end_va = 0x52bfff
monitored = 0
entry_point = 0x4f128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3752
start_va = 0x4f0000
end_va = 0x52bfff
monitored = 0
entry_point = 0x4f128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3753
start_va = 0x4f0000
end_va = 0x52bfff
monitored = 0
entry_point = 0x4f128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3754
start_va = 0x4f0000
end_va = 0x52bfff
monitored = 0
entry_point = 0x4f128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3755
start_va = 0x4f0000
end_va = 0x52bfff
monitored = 0
entry_point = 0x4f128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3756
start_va = 0x73d10000
end_va = 0x73d4afff
monitored = 0
entry_point = 0x73d1128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3757
start_va = 0xa40000
end_va = 0xac1fff
monitored = 0
entry_point = 0xa419a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3758
start_va = 0xa40000
end_va = 0xac1fff
monitored = 0
entry_point = 0xa419a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3759
start_va = 0x73c80000
end_va = 0x73d03fff
monitored = 0
entry_point = 0x73c819a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3760
start_va = 0x4da0000
end_va = 0x4f8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004da0000"
filename = ""
Region:
id = 3761
start_va = 0x73bb0000
end_va = 0x73c7ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.runtime.remoting.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\fd0048cfdcd58dd454d2575e5cb55e70\\System.Runtime.Remoting.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runt73a1fc9d#\\fd0048cfdcd58dd454d2575e5cb55e70\\system.runtime.remoting.ni.dll")
Region:
id = 3762
start_va = 0x6f920000
end_va = 0x6fec3fff
monitored = 1
entry_point = 0x6feab692
region_type = mapped_file
name = "system.windows.forms.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.windows.forms\\v4.0_4.0.0.0__b77a5c561934e089\\system.windows.forms.dll")
Region:
id = 3763
start_va = 0x340000
end_va = 0x341fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000340000"
filename = ""
Region:
id = 3764
start_va = 0x350000
end_va = 0x35ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000350000"
filename = ""
Region:
id = 3765
start_va = 0x7ef50000
end_va = 0x7ef9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef50000"
filename = ""
Region:
id = 3766
start_va = 0x7ef40000
end_va = 0x7ef4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef40000"
filename = ""
Region:
id = 3767
start_va = 0x6f6b0000
end_va = 0x6fec9fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.data.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Data\\df2dd09ed7c341842a104e1e668f184e\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.data\\df2dd09ed7c341842a104e1e668f184e\\system.data.ni.dll")
Region:
id = 3768
start_va = 0x6f350000
end_va = 0x6f6a3fff
monitored = 1
entry_point = 0x6f687a72
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 3769
start_va = 0x76e60000
end_va = 0x76e94fff
monitored = 0
entry_point = 0x76e6145d
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 3770
start_va = 0x75570000
end_va = 0x75575fff
monitored = 0
entry_point = 0x75571782
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")
Region:
id = 3771
start_va = 0x764d0000
end_va = 0x765f0fff
monitored = 0
entry_point = 0x764d158e
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")
Region:
id = 3772
start_va = 0x75440000
end_va = 0x7544bfff
monitored = 0
entry_point = 0x7544238e
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")
Region:
id = 3773
start_va = 0x4f90000
end_va = 0x52e0fff
monitored = 1
entry_point = 0x52c7a72
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 3774
start_va = 0x4f90000
end_va = 0x52e0fff
monitored = 1
entry_point = 0x52c7a72
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 3775
start_va = 0x4f90000
end_va = 0x52e0fff
monitored = 1
entry_point = 0x52c7a72
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 3776
start_va = 0x4f90000
end_va = 0x52e0fff
monitored = 1
entry_point = 0x52c7a72
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 3777
start_va = 0x350000
end_va = 0x35ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000350000"
filename = ""
Region:
id = 3778
start_va = 0xa40000
end_va = 0xaa1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 3779
start_va = 0x360000
end_va = 0x36ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 3780
start_va = 0x400000
end_va = 0x40ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 3781
start_va = 0x360000
end_va = 0x36ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 3782
start_va = 0x4f0000
end_va = 0x512fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004f0000"
filename = ""
Region:
id = 3783
start_va = 0x360000
end_va = 0x36ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 3784
start_va = 0x400000
end_va = 0x40ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 3785
start_va = 0x400000
end_va = 0x40ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 3786
start_va = 0x490000
end_va = 0x49ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 3787
start_va = 0x4a0000
end_va = 0x4affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004a0000"
filename = ""
Region:
id = 3788
start_va = 0x520000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 3789
start_va = 0x490000
end_va = 0x49ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 3792
start_va = 0x4a0000
end_va = 0x4affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004a0000"
filename = ""
Region:
id = 3793
start_va = 0x4960000
end_va = 0x499ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004960000"
filename = ""
Region:
id = 3794
start_va = 0x49c0000
end_va = 0x49fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 3795
start_va = 0x4a80000
end_va = 0x4abffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a80000"
filename = ""
Region:
id = 3796
start_va = 0x4dc0000
end_va = 0x4ebffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004dc0000"
filename = ""
Region:
id = 3797
start_va = 0x4f80000
end_va = 0x4f8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f80000"
filename = ""
Region:
id = 3798
start_va = 0x5030000
end_va = 0x512ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005030000"
filename = ""
Region:
id = 3799
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 3800
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 3801
start_va = 0x520000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 3802
start_va = 0x530000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 3803
start_va = 0xab0000
end_va = 0xabffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ab0000"
filename = ""
Region:
id = 3804
start_va = 0xac0000
end_va = 0xacffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ac0000"
filename = ""
Region:
id = 3805
start_va = 0xad0000
end_va = 0xadffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ad0000"
filename = ""
Region:
id = 3806
start_va = 0xae0000
end_va = 0xaeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ae0000"
filename = ""
Region:
id = 3807
start_va = 0xc10000
end_va = 0xc1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c10000"
filename = ""
Region:
id = 3808
start_va = 0xc20000
end_va = 0xc2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c20000"
filename = ""
Region:
id = 3809
start_va = 0xc30000
end_va = 0xc3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c30000"
filename = ""
Region:
id = 3810
start_va = 0xc40000
end_va = 0xc4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c40000"
filename = ""
Region:
id = 3811
start_va = 0xc50000
end_va = 0xc5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c50000"
filename = ""
Region:
id = 3812
start_va = 0xda0000
end_va = 0xdaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000da0000"
filename = ""
Region:
id = 3813
start_va = 0xdb0000
end_va = 0xdbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000db0000"
filename = ""
Region:
id = 3814
start_va = 0xdc0000
end_va = 0xdcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000dc0000"
filename = ""
Region:
id = 3815
start_va = 0xdd0000
end_va = 0xddffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000dd0000"
filename = ""
Region:
id = 3816
start_va = 0xee0000
end_va = 0xeeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ee0000"
filename = ""
Region:
id = 3817
start_va = 0xef0000
end_va = 0xefffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ef0000"
filename = ""
Region:
id = 3818
start_va = 0xf00000
end_va = 0xf0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f00000"
filename = ""
Region:
id = 3819
start_va = 0x6f1c0000
end_va = 0x6f34ffff
monitored = 0
entry_point = 0x6f25d026
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")
Region:
id = 3820
start_va = 0x5130000
end_va = 0x524ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005130000"
filename = ""
Region:
id = 3821
start_va = 0x4a0000
end_va = 0x4affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004a0000"
filename = ""
Region:
id = 3822
start_va = 0xab0000
end_va = 0xaeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ab0000"
filename = ""
Region:
id = 3823
start_va = 0x5250000
end_va = 0x534ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005250000"
filename = ""
Region:
id = 3824
start_va = 0x7efa4000
end_va = 0x7efa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa4000"
filename = ""
Region:
id = 3825
start_va = 0xee0000
end_va = 0xf5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ee0000"
filename = ""
Region:
id = 3826
start_va = 0x5130000
end_va = 0x522ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005130000"
filename = ""
Region:
id = 3827
start_va = 0x5240000
end_va = 0x524ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005240000"
filename = ""
Region:
id = 3828
start_va = 0x6f0c0000
end_va = 0x6f1bafff
monitored = 0
entry_point = 0x6f0d17e1
region_type = mapped_file
name = "windowscodecs.dll"
filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")
Region:
id = 3829
start_va = 0x4a00000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a00000"
filename = ""
Region:
id = 3830
start_va = 0x520000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 3831
start_va = 0x520000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 3832
start_va = 0x4ec0000
end_va = 0x4f2efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004ec0000"
filename = ""
Region:
id = 3833
start_va = 0x520000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 3834
start_va = 0x530000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 3835
start_va = 0xc10000
end_va = 0xc1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c10000"
filename = ""
Region:
id = 3836
start_va = 0x520000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 3837
start_va = 0x530000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 3838
start_va = 0xc20000
end_va = 0xc2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c20000"
filename = ""
Region:
id = 3839
start_va = 0xc30000
end_va = 0xc3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c30000"
filename = ""
Region:
id = 3840
start_va = 0xc40000
end_va = 0xc4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c40000"
filename = ""
Region:
id = 3841
start_va = 0xc50000
end_va = 0xc5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c50000"
filename = ""
Region:
id = 3842
start_va = 0xda0000
end_va = 0xdaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000da0000"
filename = ""
Region:
id = 3843
start_va = 0xdb0000
end_va = 0xdbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000db0000"
filename = ""
Region:
id = 3844
start_va = 0xdc0000
end_va = 0xdcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000dc0000"
filename = ""
Region:
id = 3845
start_va = 0xdd0000
end_va = 0xddffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000dd0000"
filename = ""
Region:
id = 3846
start_va = 0xf60000
end_va = 0xf6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f60000"
filename = ""
Region:
id = 3847
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f70000"
filename = ""
Region:
id = 3848
start_va = 0xf80000
end_va = 0xf8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f80000"
filename = ""
Region:
id = 3849
start_va = 0xf90000
end_va = 0xf9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f90000"
filename = ""
Region:
id = 3850
start_va = 0xfa0000
end_va = 0xfaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fa0000"
filename = ""
Region:
id = 3851
start_va = 0x10b0000
end_va = 0x10bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010b0000"
filename = ""
Region:
id = 3852
start_va = 0x10c0000
end_va = 0x10cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010c0000"
filename = ""
Region:
id = 3853
start_va = 0x520000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 3854
start_va = 0x520000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 3855
start_va = 0x520000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 3856
start_va = 0x6efc0000
end_va = 0x6f0b4fff
monitored = 0
entry_point = 0x6efd0d9e
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll")
Region:
id = 3857
start_va = 0x520000
end_va = 0x521fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000520000"
filename = ""
Region:
id = 3858
start_va = 0x6ee20000
end_va = 0x6efbdfff
monitored = 0
entry_point = 0x6ee4e6b5
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 3859
start_va = 0x530000
end_va = 0x530fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 3860
start_va = 0xc20000
end_va = 0xc21fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c20000"
filename = ""
Region:
id = 3861
start_va = 0x73b60000
end_va = 0x73babfff
monitored = 0
entry_point = 0x73b62c14
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")
Region:
id = 3862
start_va = 0x530000
end_va = 0x530fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000530000"
filename = ""
Region:
id = 3863
start_va = 0x757d0000
end_va = 0x75852fff
monitored = 0
entry_point = 0x757d23d2
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 3864
start_va = 0xc30000
end_va = 0xc30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c30000"
filename = ""
Region:
id = 3865
start_va = 0x6e3a0000
end_va = 0x6ee1ffff
monitored = 0
entry_point = 0x6e3a6b95
region_type = mapped_file
name = "ieframe.dll"
filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll")
Region:
id = 3866
start_va = 0x76c00000
end_va = 0x76c04fff
monitored = 0
entry_point = 0x76c01438
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 3867
start_va = 0x6e360000
end_va = 0x6e39bfff
monitored = 0
entry_point = 0x6e363089
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll")
Region:
id = 3868
start_va = 0x755d0000
end_va = 0x757cafff
monitored = 0
entry_point = 0x755d22d9
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll")
Region:
id = 3869
start_va = 0x5350000
end_va = 0x544ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005350000"
filename = ""
Region:
id = 3870
start_va = 0xc40000
end_va = 0xc40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll")
Region:
id = 3871
start_va = 0xc50000
end_va = 0xc51fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c50000"
filename = ""
Region:
id = 3872
start_va = 0x75010000
end_va = 0x75145fff
monitored = 0
entry_point = 0x75011b35
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll")
Region:
id = 3873
start_va = 0x751b0000
end_va = 0x752a4fff
monitored = 0
entry_point = 0x751b1865
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll")
Region:
id = 3874
start_va = 0x76870000
end_va = 0x76a0cfff
monitored = 0
entry_point = 0x768717e7
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll")
Region:
id = 3875
start_va = 0x75470000
end_va = 0x75496fff
monitored = 0
entry_point = 0x754758b9
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 3876
start_va = 0x75450000
end_va = 0x75461fff
monitored = 0
entry_point = 0x75451441
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll")
Region:
id = 3877
start_va = 0xda0000
end_va = 0xdacfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui")
Region:
id = 3878
start_va = 0x6e330000
end_va = 0x6e350fff
monitored = 0
entry_point = 0x6e33145e
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll")
Region:
id = 3879
start_va = 0x74f40000
end_va = 0x74f84fff
monitored = 0
entry_point = 0x74f411e1
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll")
Region:
id = 3880
start_va = 0xdb0000
end_va = 0xdb3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 3881
start_va = 0xdc0000
end_va = 0xdd9fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000004.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000004.db")
Region:
id = 3882
start_va = 0xf60000
end_va = 0xf60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f60000"
filename = ""
Region:
id = 3883
start_va = 0xdb0000
end_va = 0xdb3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 3884
start_va = 0xf70000
end_va = 0xf9ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db")
Region:
id = 3885
start_va = 0xfa0000
end_va = 0xfa3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 3886
start_va = 0x4f90000
end_va = 0x4ff5fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 3887
start_va = 0x10b0000
end_va = 0x10bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui")
Region:
id = 3888
start_va = 0x10c0000
end_va = 0x10c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000010c0000"
filename = ""
Region:
id = 3965
start_va = 0x6e320000
end_va = 0x6e32dfff
monitored = 0
entry_point = 0x6e321235
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")
Region:
id = 3966
start_va = 0x5480000
end_va = 0x54bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005480000"
filename = ""
Region:
id = 3967
start_va = 0x55e0000
end_va = 0x56dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000055e0000"
filename = ""
Region:
id = 3968
start_va = 0x7efa1000
end_va = 0x7efa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa1000"
filename = ""
Region:
id = 3969
start_va = 0x10d0000
end_va = 0x10dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010d0000"
filename = ""
Region:
id = 3970
start_va = 0x10e0000
end_va = 0x10effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010e0000"
filename = ""
Region:
id = 3971
start_va = 0x10f0000
end_va = 0x10fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010f0000"
filename = ""
Region:
id = 4041
start_va = 0x54e0000
end_va = 0x55dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054e0000"
filename = ""
Region:
id = 4042
start_va = 0x57a0000
end_va = 0x57dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000057a0000"
filename = ""
Region:
id = 4043
start_va = 0x7ef3d000
end_va = 0x7ef3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3d000"
filename = ""
Region:
id = 4056
start_va = 0x10d0000
end_va = 0x10dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010d0000"
filename = ""
Region:
id = 4067
start_va = 0x5730000
end_va = 0x576ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005730000"
filename = ""
Region:
id = 4068
start_va = 0x5840000
end_va = 0x593ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005840000"
filename = ""
Region:
id = 4069
start_va = 0x7ef3a000
end_va = 0x7ef3cfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3a000"
filename = ""
Region:
id = 4073
start_va = 0x10d0000
end_va = 0x10dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010d0000"
filename = ""
Thread:
id = 170
os_tid = 0x600
[0256.565] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0260.353] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc104
[0260.354] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc105
[0260.537] GetCurrentProcess () returned 0xffffffff
[0260.538] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x31ef90 | out: TokenHandle=0x31ef90*=0x1e4) returned 1
[0260.572] GetCurrentProcess () returned 0xffffffff
[0260.572] GetCurrentThread () returned 0xfffffffe
[0260.572] GetCurrentProcess () returned 0xffffffff
[0260.572] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x31efec, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x31efec*=0x1e8) returned 1
[0260.575] GetCurrentThreadId () returned 0x600
[0260.847] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe.config", nBufferLength=0x105, lpBuffer=0x31e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe.config", lpFilePart=0x0) returned 0x36
[0260.854] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x31e5b0 | out: phkResult=0x31e5b0*=0x0) returned 0x2
[0260.854] RegCloseKey (hKey=0x80000002) returned 0x0
[0261.085] GetCurrentProcess () returned 0xffffffff
[0261.085] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x31ebf0 | out: TokenHandle=0x31ebf0*=0x40) returned 1
[0261.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x31e6a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0261.169] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x31ebe8 | out: lpFileInformation=0x31ebe8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0261.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x31e674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0261.171] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x31ebf0 | out: lpFileInformation=0x31ebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0261.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x31e610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0261.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x31eb28) returned 1
[0261.174] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f8
[0261.174] GetFileType (hFile=0x1f8) returned 0x1
[0261.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x31eb24) returned 1
[0261.174] GetFileType (hFile=0x1f8) returned 0x1
[0261.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x31de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0261.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x31dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0261.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x31e104) returned 1
[0261.299] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x31e3c8 | out: lpFileInformation=0x31e3c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0261.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x31e100) returned 1
[0261.433] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x31e294 | out: pfEnabled=0x31e294) returned 0x0
[0261.629] GetFileSize (in: hFile=0x1f8, lpFileSizeHigh=0x31ebe4 | out: lpFileSizeHigh=0x31ebe4*=0x0) returned 0x8c8e
[0261.630] ReadFile (in: hFile=0x1f8, lpBuffer=0x2690268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x31eba0, lpOverlapped=0x0 | out: lpBuffer=0x2690268*, lpNumberOfBytesRead=0x31eba0*=0x1000, lpOverlapped=0x0) returned 1
[0261.647] ReadFile (in: hFile=0x1f8, lpBuffer=0x2690268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x31ea50, lpOverlapped=0x0 | out: lpBuffer=0x2690268*, lpNumberOfBytesRead=0x31ea50*=0x1000, lpOverlapped=0x0) returned 1
[0261.648] ReadFile (in: hFile=0x1f8, lpBuffer=0x2690268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x31e904, lpOverlapped=0x0 | out: lpBuffer=0x2690268*, lpNumberOfBytesRead=0x31e904*=0x1000, lpOverlapped=0x0) returned 1
[0261.649] ReadFile (in: hFile=0x1f8, lpBuffer=0x2690268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x31e904, lpOverlapped=0x0 | out: lpBuffer=0x2690268*, lpNumberOfBytesRead=0x31e904*=0x1000, lpOverlapped=0x0) returned 1
[0261.650] ReadFile (in: hFile=0x1f8, lpBuffer=0x2690268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x31e904, lpOverlapped=0x0 | out: lpBuffer=0x2690268*, lpNumberOfBytesRead=0x31e904*=0x1000, lpOverlapped=0x0) returned 1
[0261.650] ReadFile (in: hFile=0x1f8, lpBuffer=0x2690268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x31e83c, lpOverlapped=0x0 | out: lpBuffer=0x2690268*, lpNumberOfBytesRead=0x31e83c*=0x1000, lpOverlapped=0x0) returned 1
[0261.656] ReadFile (in: hFile=0x1f8, lpBuffer=0x2690268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x31e9a8, lpOverlapped=0x0 | out: lpBuffer=0x2690268*, lpNumberOfBytesRead=0x31e9a8*=0x1000, lpOverlapped=0x0) returned 1
[0261.657] ReadFile (in: hFile=0x1f8, lpBuffer=0x2690268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x31e89c, lpOverlapped=0x0 | out: lpBuffer=0x2690268*, lpNumberOfBytesRead=0x31e89c*=0x1000, lpOverlapped=0x0) returned 1
[0261.657] ReadFile (in: hFile=0x1f8, lpBuffer=0x2690268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x31e89c, lpOverlapped=0x0 | out: lpBuffer=0x2690268*, lpNumberOfBytesRead=0x31e89c*=0xc8e, lpOverlapped=0x0) returned 1
[0261.658] ReadFile (in: hFile=0x1f8, lpBuffer=0x2690268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x31e960, lpOverlapped=0x0 | out: lpBuffer=0x2690268*, lpNumberOfBytesRead=0x31e960*=0x0, lpOverlapped=0x0) returned 1
[0261.658] CloseHandle (hObject=0x1f8) returned 1
[0261.658] CloseHandle (hObject=0x40) returned 1
[0261.659] GetCurrentProcess () returned 0xffffffff
[0261.659] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x31ed3c | out: TokenHandle=0x31ed3c*=0x40) returned 1
[0261.660] CloseHandle (hObject=0x40) returned 1
[0261.660] GetCurrentProcess () returned 0xffffffff
[0261.660] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x31ed3c | out: TokenHandle=0x31ed3c*=0x40) returned 1
[0261.661] CloseHandle (hObject=0x40) returned 1
[0261.667] GetCurrentProcess () returned 0xffffffff
[0261.667] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x31ebf0 | out: TokenHandle=0x31ebf0*=0x40) returned 1
[0261.668] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\emvflise.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x31ebe8 | out: lpFileInformation=0x31ebe8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0261.668] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe.config", nBufferLength=0x105, lpBuffer=0x31e674, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe.config", lpFilePart=0x0) returned 0x36
[0261.668] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\emvflise.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x31ebf0 | out: lpFileInformation=0x31ebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0261.669] CloseHandle (hObject=0x40) returned 1
[0261.669] GetCurrentProcess () returned 0xffffffff
[0261.669] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x31ed3c | out: TokenHandle=0x31ed3c*=0x40) returned 1
[0261.669] CloseHandle (hObject=0x40) returned 1
[0261.670] GetCurrentProcess () returned 0xffffffff
[0261.671] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x31ed3c | out: TokenHandle=0x31ed3c*=0x40) returned 1
[0261.671] CloseHandle (hObject=0x40) returned 1
[0261.690] GetCurrentProcess () returned 0xffffffff
[0261.690] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x31eb54 | out: TokenHandle=0x31eb54*=0x40) returned 1
[0261.695] CloseHandle (hObject=0x40) returned 1
[0261.696] GetCurrentProcess () returned 0xffffffff
[0261.696] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x31eb6c | out: TokenHandle=0x31eb6c*=0x40) returned 1
[0261.707] CloseHandle (hObject=0x40) returned 1
[0261.718] GetSystemMetrics (nIndex=75) returned 1
[0261.789] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0261.829] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76600000
[0261.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x31eec0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory", lpUsedDefaultChar=0x0) returned 15
[0261.833] GetProcAddress (hModule=0x76600000, lpProcName="AddDllDirectory") returned 0x0
[0261.845] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x73c80000
[0261.942] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76710000
[0261.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x31ee04, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\x87p06\x8b\x8eDþEtèñ1", lpUsedDefaultChar=0x0) returned 14
[0261.942] GetProcAddress (hModule=0x76710000, lpProcName="DefWindowProcW") returned 0x773c25dd
[0261.943] GetStockObject (i=5) returned 0x1900015
[0261.947] GetModuleHandleW (lpModuleName=0x0) returned 0x1110000
[0261.949] CoTaskMemAlloc (cb=0x5c) returned 0x5ebba0
[0261.949] RegisterClassW (lpWndClass=0x31edf4) returned 0xc106
[0261.957] CoTaskMemFree (pv=0x5ebba0)
[0261.958] GetModuleHandleW (lpModuleName=0x0) returned 0x1110000
[0261.958] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x1110000, lpParam=0x0) returned 0x2013c
[0261.959] SetWindowLongW (hWnd=0x2013c, nIndex=-4, dwNewLong=2000430557) returned 3672278
[0261.960] GetWindowLongW (hWnd=0x2013c, nIndex=-4) returned 2000430557
[0262.014] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x31e708 | out: phkResult=0x31e708*=0x1f8) returned 0x0
[0262.016] RegQueryValueExW (in: hKey=0x1f8, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x31e728, lpData=0x0, lpcbData=0x31e724*=0x0 | out: lpType=0x31e728*=0x0, lpData=0x0, lpcbData=0x31e724*=0x0) returned 0x2
[0262.016] RegQueryValueExW (in: hKey=0x1f8, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x31e728, lpData=0x0, lpcbData=0x31e724*=0x0 | out: lpType=0x31e728*=0x0, lpData=0x0, lpcbData=0x31e724*=0x0) returned 0x2
[0262.017] RegCloseKey (hKey=0x1f8) returned 0x0
[0262.019] SetWindowLongW (hWnd=0x2013c, nIndex=-4, dwNewLong=3672318) returned 2000430557
[0262.019] GetWindowLongW (hWnd=0x2013c, nIndex=-4) returned 3672318
[0262.019] GetWindowLongW (hWnd=0x2013c, nIndex=-16) returned 113311744
[0262.020] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc107
[0262.021] CallWindowProcW (lpPrevWndFunc=0x773c25dd, hWnd=0x2013c, Msg=0x24, wParam=0x0, lParam=0x31e9e0) returned 0x0
[0262.021] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc108
[0262.021] CallWindowProcW (lpPrevWndFunc=0x773c25dd, hWnd=0x2013c, Msg=0x81, wParam=0x0, lParam=0x31e9d4) returned 0x1
[0262.021] CallWindowProcW (lpPrevWndFunc=0x773c25dd, hWnd=0x2013c, Msg=0x83, wParam=0x0, lParam=0x31e9c0) returned 0x0
[0262.022] CallWindowProcW (lpPrevWndFunc=0x773c25dd, hWnd=0x2013c, Msg=0x1, wParam=0x0, lParam=0x31e9d4) returned 0x0
[0262.022] GetClientRect (in: hWnd=0x2013c, lpRect=0x31e73c | out: lpRect=0x31e73c) returned 1
[0262.022] GetWindowRect (in: hWnd=0x2013c, lpRect=0x31e73c | out: lpRect=0x31e73c) returned 1
[0262.024] GetParent (hWnd=0x2013c) returned 0x0
[0262.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x31edfc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77
[0262.179] IsAppThemed () returned 0x1
[0262.181] CoTaskMemAlloc (cb=0xf0) returned 0x603eb0
[0262.182] CreateActCtxA (pActCtx=0x31f320) returned 0x6085f4
[0262.318] CoTaskMemFree (pv=0x603eb0)
[0262.963] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x5c7010
[0262.965] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x5c7098
[0262.986] AdjustWindowRectEx (in: lpRect=0x31ee28, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x31ee28) returned 1
[0263.026] EtwEventRegister () returned 0x0
[0263.031] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe.config", nBufferLength=0x105, lpBuffer=0x31e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe.config", lpFilePart=0x0) returned 0x36
[0263.031] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x31e92c) returned 1
[0263.032] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\emvflise.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x31ebf0 | out: lpFileInformation=0x31ebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0263.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x31e928) returned 1
[0315.122] GdiplusStartup (in: token=0x166b98, input=0x31d338, output=0x31d388 | out: token=0x166b98, output=0x31d388) returned 0x0
[0315.156] GdipLoadImageFromStream (stream=0x4a0030, image=0x31de20) returned 0x0
[0315.262] GdipImageForceValidation (image=0x5242230) returned 0x0
[0315.272] GdipGetImageType (image=0x5242230, type=0x31de1c) returned 0x0
[0315.273] GdipGetImageRawFormat (image=0x5242230, format=0x31dd90*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0
[0315.295] GdipGetImageWidth (image=0x5242230, width=0x31e38c) returned 0x0
[0315.295] GdipGetImageHeight (image=0x5242230, height=0x31e38c) returned 0x0
[0315.313] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.313] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.313] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=0, color=0x31e37c) returned 0x0
[0315.331] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.331] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.331] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=1, color=0x31e37c) returned 0x0
[0315.331] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.331] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.331] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=2, color=0x31e37c) returned 0x0
[0315.331] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.331] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.332] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=3, color=0x31e37c) returned 0x0
[0315.332] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.332] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.332] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=4, color=0x31e37c) returned 0x0
[0315.332] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.332] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.332] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=5, color=0x31e37c) returned 0x0
[0315.332] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.332] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.332] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=6, color=0x31e37c) returned 0x0
[0315.332] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.332] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.332] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=7, color=0x31e37c) returned 0x0
[0315.332] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.332] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.332] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=8, color=0x31e37c) returned 0x0
[0315.332] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.332] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.332] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=9, color=0x31e37c) returned 0x0
[0315.332] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.332] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.332] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=10, color=0x31e37c) returned 0x0
[0315.333] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.333] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.333] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=11, color=0x31e37c) returned 0x0
[0315.333] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.333] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.333] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=12, color=0x31e37c) returned 0x0
[0315.333] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.333] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.333] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=13, color=0x31e37c) returned 0x0
[0315.333] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.333] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.333] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=14, color=0x31e37c) returned 0x0
[0315.333] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.333] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.333] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=15, color=0x31e37c) returned 0x0
[0315.333] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.333] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.333] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=16, color=0x31e37c) returned 0x0
[0315.333] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.333] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.333] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=17, color=0x31e37c) returned 0x0
[0315.333] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.334] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.334] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=18, color=0x31e37c) returned 0x0
[0315.334] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.334] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.334] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=19, color=0x31e37c) returned 0x0
[0315.334] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.334] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.334] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=20, color=0x31e37c) returned 0x0
[0315.334] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.334] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.334] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=21, color=0x31e37c) returned 0x0
[0315.334] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.334] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.334] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=22, color=0x31e37c) returned 0x0
[0315.334] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.334] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.334] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=23, color=0x31e37c) returned 0x0
[0315.334] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.334] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.334] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=24, color=0x31e37c) returned 0x0
[0315.334] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.334] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.334] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=25, color=0x31e37c) returned 0x0
[0315.335] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.335] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.335] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=26, color=0x31e37c) returned 0x0
[0315.335] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.335] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.335] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=27, color=0x31e37c) returned 0x0
[0315.335] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.335] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.335] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=28, color=0x31e37c) returned 0x0
[0315.335] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.335] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.335] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=29, color=0x31e37c) returned 0x0
[0315.335] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.335] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.335] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=30, color=0x31e37c) returned 0x0
[0315.335] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.335] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.335] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=31, color=0x31e37c) returned 0x0
[0315.335] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.336] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.336] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=32, color=0x31e37c) returned 0x0
[0315.336] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.336] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.336] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=33, color=0x31e37c) returned 0x0
[0315.336] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.336] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.336] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=34, color=0x31e37c) returned 0x0
[0315.336] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.336] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.336] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=35, color=0x31e37c) returned 0x0
[0315.336] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.336] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.336] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=36, color=0x31e37c) returned 0x0
[0315.336] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.336] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.336] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=37, color=0x31e37c) returned 0x0
[0315.337] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.337] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.337] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=38, color=0x31e37c) returned 0x0
[0315.337] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.337] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.337] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=39, color=0x31e37c) returned 0x0
[0315.337] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.337] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.337] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=40, color=0x31e37c) returned 0x0
[0315.337] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.337] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.337] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=41, color=0x31e37c) returned 0x0
[0315.337] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.337] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.337] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=42, color=0x31e37c) returned 0x0
[0315.337] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.337] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.337] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=43, color=0x31e37c) returned 0x0
[0315.337] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.338] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.338] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=44, color=0x31e37c) returned 0x0
[0315.338] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.338] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.338] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=45, color=0x31e37c) returned 0x0
[0315.338] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.338] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.338] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=46, color=0x31e37c) returned 0x0
[0315.338] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.338] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.338] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=47, color=0x31e37c) returned 0x0
[0315.338] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.338] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.338] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=48, color=0x31e37c) returned 0x0
[0315.338] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.338] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.338] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=49, color=0x31e37c) returned 0x0
[0315.338] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.338] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.338] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=50, color=0x31e37c) returned 0x0
[0315.339] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.339] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.339] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=51, color=0x31e37c) returned 0x0
[0315.339] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.339] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.339] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=52, color=0x31e37c) returned 0x0
[0315.339] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.339] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.339] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=53, color=0x31e37c) returned 0x0
[0315.339] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.339] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.339] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=54, color=0x31e37c) returned 0x0
[0315.339] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.339] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.339] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=55, color=0x31e37c) returned 0x0
[0315.339] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.339] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.339] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=56, color=0x31e37c) returned 0x0
[0315.339] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.339] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.339] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=57, color=0x31e37c) returned 0x0
[0315.339] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.339] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.340] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=58, color=0x31e37c) returned 0x0
[0315.340] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.340] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.340] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=59, color=0x31e37c) returned 0x0
[0315.340] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.340] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.340] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=60, color=0x31e37c) returned 0x0
[0315.340] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.340] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.340] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=61, color=0x31e37c) returned 0x0
[0315.340] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.340] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.340] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=62, color=0x31e37c) returned 0x0
[0315.340] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.340] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.340] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=63, color=0x31e37c) returned 0x0
[0315.340] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.340] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.340] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=64, color=0x31e37c) returned 0x0
[0315.340] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.340] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.340] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=65, color=0x31e37c) returned 0x0
[0315.341] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.341] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.341] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=66, color=0x31e37c) returned 0x0
[0315.341] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.341] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.341] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=67, color=0x31e37c) returned 0x0
[0315.341] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.341] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.341] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=68, color=0x31e37c) returned 0x0
[0315.341] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.341] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.341] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=69, color=0x31e37c) returned 0x0
[0315.341] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.341] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.341] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=70, color=0x31e37c) returned 0x0
[0315.341] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.341] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.341] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=71, color=0x31e37c) returned 0x0
[0315.341] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.341] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.341] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=72, color=0x31e37c) returned 0x0
[0315.341] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.342] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.342] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=73, color=0x31e37c) returned 0x0
[0315.342] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.342] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.342] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=74, color=0x31e37c) returned 0x0
[0315.342] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.342] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.342] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=75, color=0x31e37c) returned 0x0
[0315.342] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.342] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.342] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=76, color=0x31e37c) returned 0x0
[0315.342] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.342] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.342] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=77, color=0x31e37c) returned 0x0
[0315.342] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.342] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.342] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=78, color=0x31e37c) returned 0x0
[0315.342] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.342] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.342] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=79, color=0x31e37c) returned 0x0
[0315.342] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.343] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.343] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=80, color=0x31e37c) returned 0x0
[0315.343] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.343] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.343] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=81, color=0x31e37c) returned 0x0
[0315.343] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.343] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.343] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=82, color=0x31e37c) returned 0x0
[0315.343] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.343] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.343] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=83, color=0x31e37c) returned 0x0
[0315.343] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.343] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.343] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=84, color=0x31e37c) returned 0x0
[0315.343] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.343] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.343] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=85, color=0x31e37c) returned 0x0
[0315.343] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.343] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.343] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=86, color=0x31e37c) returned 0x0
[0315.343] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.343] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.343] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=87, color=0x31e37c) returned 0x0
[0315.343] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.344] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.344] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=88, color=0x31e37c) returned 0x0
[0315.344] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.344] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.344] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=89, color=0x31e37c) returned 0x0
[0315.344] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.344] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.344] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=90, color=0x31e37c) returned 0x0
[0315.344] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.344] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.344] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=91, color=0x31e37c) returned 0x0
[0315.344] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.344] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.344] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=92, color=0x31e37c) returned 0x0
[0315.344] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.344] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.344] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=93, color=0x31e37c) returned 0x0
[0315.344] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.344] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.344] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=94, color=0x31e37c) returned 0x0
[0315.344] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.344] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.344] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=95, color=0x31e37c) returned 0x0
[0315.344] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.344] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.344] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=96, color=0x31e37c) returned 0x0
[0315.344] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.344] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.344] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=97, color=0x31e37c) returned 0x0
[0315.344] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.345] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.345] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=98, color=0x31e37c) returned 0x0
[0315.345] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.345] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.345] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=99, color=0x31e37c) returned 0x0
[0315.345] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.345] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.345] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=100, color=0x31e37c) returned 0x0
[0315.345] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.345] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.345] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=101, color=0x31e37c) returned 0x0
[0315.345] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.345] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.345] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=102, color=0x31e37c) returned 0x0
[0315.345] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.345] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.345] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=103, color=0x31e37c) returned 0x0
[0315.345] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.345] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.345] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=104, color=0x31e37c) returned 0x0
[0315.345] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.345] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.345] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=105, color=0x31e37c) returned 0x0
[0315.345] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.345] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.345] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=106, color=0x31e37c) returned 0x0
[0315.345] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.345] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.345] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=107, color=0x31e37c) returned 0x0
[0315.345] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.345] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.345] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=108, color=0x31e37c) returned 0x0
[0315.346] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.346] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.346] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=109, color=0x31e37c) returned 0x0
[0315.346] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.346] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.346] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=110, color=0x31e37c) returned 0x0
[0315.346] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.346] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.346] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=111, color=0x31e37c) returned 0x0
[0315.346] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.346] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.346] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=112, color=0x31e37c) returned 0x0
[0315.346] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.346] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.346] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=113, color=0x31e37c) returned 0x0
[0315.346] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.346] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.346] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=114, color=0x31e37c) returned 0x0
[0315.346] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.346] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.346] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=115, color=0x31e37c) returned 0x0
[0315.346] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.346] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.346] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=116, color=0x31e37c) returned 0x0
[0315.346] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.346] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.346] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=117, color=0x31e37c) returned 0x0
[0315.346] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.346] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.346] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=118, color=0x31e37c) returned 0x0
[0315.346] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.346] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.347] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=119, color=0x31e37c) returned 0x0
[0315.347] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.347] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.347] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=120, color=0x31e37c) returned 0x0
[0315.347] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.347] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.347] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=121, color=0x31e37c) returned 0x0
[0315.347] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.347] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.347] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=122, color=0x31e37c) returned 0x0
[0315.347] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.347] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.347] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=123, color=0x31e37c) returned 0x0
[0315.347] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.347] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.347] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=124, color=0x31e37c) returned 0x0
[0315.347] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.347] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.347] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=125, color=0x31e37c) returned 0x0
[0315.347] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.347] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.347] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=126, color=0x31e37c) returned 0x0
[0315.347] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.347] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.347] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=127, color=0x31e37c) returned 0x0
[0315.347] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.347] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.347] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=128, color=0x31e37c) returned 0x0
[0315.347] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.347] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.347] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=129, color=0x31e37c) returned 0x0
[0315.348] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.348] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.348] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=130, color=0x31e37c) returned 0x0
[0315.348] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.348] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.348] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=131, color=0x31e37c) returned 0x0
[0315.348] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.348] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.348] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=132, color=0x31e37c) returned 0x0
[0315.348] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.348] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.348] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=133, color=0x31e37c) returned 0x0
[0315.348] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.348] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.348] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=134, color=0x31e37c) returned 0x0
[0315.348] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.348] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.348] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=135, color=0x31e37c) returned 0x0
[0315.348] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.348] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.348] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=136, color=0x31e37c) returned 0x0
[0315.348] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.348] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.348] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=137, color=0x31e37c) returned 0x0
[0315.348] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.348] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.348] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=138, color=0x31e37c) returned 0x0
[0315.348] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.348] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.348] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=139, color=0x31e37c) returned 0x0
[0315.348] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.349] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.349] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=140, color=0x31e37c) returned 0x0
[0315.349] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.349] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.349] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=141, color=0x31e37c) returned 0x0
[0315.349] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.349] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.349] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=142, color=0x31e37c) returned 0x0
[0315.349] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.349] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.349] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=143, color=0x31e37c) returned 0x0
[0315.349] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.349] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.349] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=144, color=0x31e37c) returned 0x0
[0315.349] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.349] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.349] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=145, color=0x31e37c) returned 0x0
[0315.349] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.349] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.349] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=146, color=0x31e37c) returned 0x0
[0315.349] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.349] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.349] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=147, color=0x31e37c) returned 0x0
[0315.349] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.349] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.349] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=148, color=0x31e37c) returned 0x0
[0315.349] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.349] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.349] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=149, color=0x31e37c) returned 0x0
[0315.349] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.349] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.349] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=150, color=0x31e37c) returned 0x0
[0315.350] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.350] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.350] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=151, color=0x31e37c) returned 0x0
[0315.350] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.350] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.350] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=152, color=0x31e37c) returned 0x0
[0315.350] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.350] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.350] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=153, color=0x31e37c) returned 0x0
[0315.350] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.350] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.350] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=154, color=0x31e37c) returned 0x0
[0315.350] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.350] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.350] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=155, color=0x31e37c) returned 0x0
[0315.350] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.350] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.350] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=156, color=0x31e37c) returned 0x0
[0315.350] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.350] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.350] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=157, color=0x31e37c) returned 0x0
[0315.350] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.350] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.350] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=158, color=0x31e37c) returned 0x0
[0315.350] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.350] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.350] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=159, color=0x31e37c) returned 0x0
[0315.350] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.350] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.350] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=160, color=0x31e37c) returned 0x0
[0315.350] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.350] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.350] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=161, color=0x31e37c) returned 0x0
[0315.351] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.351] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.351] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=162, color=0x31e37c) returned 0x0
[0315.351] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.351] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.351] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=163, color=0x31e37c) returned 0x0
[0315.351] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.351] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.351] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=164, color=0x31e37c) returned 0x0
[0315.351] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.351] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.351] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=165, color=0x31e37c) returned 0x0
[0315.351] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.351] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.351] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=166, color=0x31e37c) returned 0x0
[0315.351] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.351] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.351] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=167, color=0x31e37c) returned 0x0
[0315.351] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.351] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.351] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=168, color=0x31e37c) returned 0x0
[0315.351] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.351] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.351] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=169, color=0x31e37c) returned 0x0
[0315.351] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.351] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.351] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=170, color=0x31e37c) returned 0x0
[0315.351] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.351] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.351] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=171, color=0x31e37c) returned 0x0
[0315.352] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.352] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.352] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=172, color=0x31e37c) returned 0x0
[0315.352] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.352] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.352] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=173, color=0x31e37c) returned 0x0
[0315.352] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.352] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.352] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=174, color=0x31e37c) returned 0x0
[0315.352] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.352] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.352] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=175, color=0x31e37c) returned 0x0
[0315.352] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.352] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.352] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=176, color=0x31e37c) returned 0x0
[0315.352] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.352] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.352] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=177, color=0x31e37c) returned 0x0
[0315.352] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.352] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.352] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=178, color=0x31e37c) returned 0x0
[0315.352] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.352] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.352] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=179, color=0x31e37c) returned 0x0
[0315.352] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.352] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.352] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=180, color=0x31e37c) returned 0x0
[0315.352] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.352] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.352] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=181, color=0x31e37c) returned 0x0
[0315.353] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.353] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.353] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=182, color=0x31e37c) returned 0x0
[0315.353] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.353] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.353] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=183, color=0x31e37c) returned 0x0
[0315.353] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.353] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.353] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=184, color=0x31e37c) returned 0x0
[0315.353] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.353] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.353] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=185, color=0x31e37c) returned 0x0
[0315.353] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.353] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.353] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=186, color=0x31e37c) returned 0x0
[0315.353] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.353] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.353] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=187, color=0x31e37c) returned 0x0
[0315.353] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.353] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.353] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=188, color=0x31e37c) returned 0x0
[0315.353] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.353] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.353] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=189, color=0x31e37c) returned 0x0
[0315.353] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.353] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.353] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=190, color=0x31e37c) returned 0x0
[0315.353] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.353] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.353] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=191, color=0x31e37c) returned 0x0
[0315.353] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.354] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.354] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=192, color=0x31e37c) returned 0x0
[0315.354] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.354] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.354] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=193, color=0x31e37c) returned 0x0
[0315.354] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.354] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.354] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=194, color=0x31e37c) returned 0x0
[0315.354] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.354] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.354] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=195, color=0x31e37c) returned 0x0
[0315.354] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.354] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.354] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=196, color=0x31e37c) returned 0x0
[0315.354] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.354] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.354] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=197, color=0x31e37c) returned 0x0
[0315.354] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.354] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.354] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=198, color=0x31e37c) returned 0x0
[0315.354] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.354] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.354] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=199, color=0x31e37c) returned 0x0
[0315.354] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.354] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.354] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=200, color=0x31e37c) returned 0x0
[0315.354] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.354] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.354] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=201, color=0x31e37c) returned 0x0
[0315.354] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.355] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.355] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=202, color=0x31e37c) returned 0x0
[0315.355] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.355] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.355] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=203, color=0x31e37c) returned 0x0
[0315.355] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.355] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.355] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=204, color=0x31e37c) returned 0x0
[0315.355] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.355] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.355] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=205, color=0x31e37c) returned 0x0
[0315.355] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.355] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.355] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=206, color=0x31e37c) returned 0x0
[0315.355] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.355] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.355] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=207, color=0x31e37c) returned 0x0
[0315.355] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.355] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.355] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=208, color=0x31e37c) returned 0x0
[0315.355] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.355] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.355] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=209, color=0x31e37c) returned 0x0
[0315.355] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.355] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.355] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=210, color=0x31e37c) returned 0x0
[0315.355] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.355] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.355] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=211, color=0x31e37c) returned 0x0
[0315.356] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.356] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.356] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=212, color=0x31e37c) returned 0x0
[0315.356] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.356] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.356] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=213, color=0x31e37c) returned 0x0
[0315.356] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.356] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.356] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=214, color=0x31e37c) returned 0x0
[0315.356] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.356] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.356] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=215, color=0x31e37c) returned 0x0
[0315.356] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.356] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.356] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=216, color=0x31e37c) returned 0x0
[0315.356] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.356] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.356] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=217, color=0x31e37c) returned 0x0
[0315.356] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.356] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.356] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=218, color=0x31e37c) returned 0x0
[0315.356] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.356] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.356] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=219, color=0x31e37c) returned 0x0
[0315.356] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.356] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.356] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=220, color=0x31e37c) returned 0x0
[0315.356] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.356] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.356] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=221, color=0x31e37c) returned 0x0
[0315.356] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.357] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.357] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=222, color=0x31e37c) returned 0x0
[0315.357] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.357] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.357] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=223, color=0x31e37c) returned 0x0
[0315.357] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.357] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.357] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=224, color=0x31e37c) returned 0x0
[0315.357] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.357] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.357] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=225, color=0x31e37c) returned 0x0
[0315.357] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.357] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.357] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=226, color=0x31e37c) returned 0x0
[0315.357] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.357] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.357] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=227, color=0x31e37c) returned 0x0
[0315.357] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.358] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.358] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=228, color=0x31e37c) returned 0x0
[0315.358] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.358] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.358] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=229, color=0x31e37c) returned 0x0
[0315.358] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.358] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.358] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=230, color=0x31e37c) returned 0x0
[0315.358] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.358] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.358] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=231, color=0x31e37c) returned 0x0
[0315.358] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.358] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.358] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=232, color=0x31e37c) returned 0x0
[0315.358] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.358] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.358] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=233, color=0x31e37c) returned 0x0
[0315.358] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.358] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.358] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=234, color=0x31e37c) returned 0x0
[0315.358] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.358] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.358] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=235, color=0x31e37c) returned 0x0
[0315.358] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.358] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.358] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=236, color=0x31e37c) returned 0x0
[0315.358] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.358] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.358] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=237, color=0x31e37c) returned 0x0
[0315.358] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.359] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.359] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=238, color=0x31e37c) returned 0x0
[0315.359] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.359] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.359] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=239, color=0x31e37c) returned 0x0
[0315.359] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.359] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.359] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=240, color=0x31e37c) returned 0x0
[0315.359] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.359] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.359] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=241, color=0x31e37c) returned 0x0
[0315.359] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.359] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.359] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=242, color=0x31e37c) returned 0x0
[0315.359] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.359] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.359] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=243, color=0x31e37c) returned 0x0
[0315.359] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.359] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.359] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=244, color=0x31e37c) returned 0x0
[0315.359] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.359] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.359] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=245, color=0x31e37c) returned 0x0
[0315.359] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.359] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.359] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=246, color=0x31e37c) returned 0x0
[0315.359] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.359] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.359] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=247, color=0x31e37c) returned 0x0
[0315.360] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.360] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.360] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=248, color=0x31e37c) returned 0x0
[0315.360] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.360] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.360] GdipBitmapGetPixel (bitmap=0x5242230, x=0, y=249, color=0x31e37c) returned 0x0
[0315.490] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.490] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.490] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=292, color=0x31e37c) returned 0x0
[0315.490] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.490] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.490] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=293, color=0x31e37c) returned 0x0
[0315.490] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.491] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.491] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=294, color=0x31e37c) returned 0x0
[0315.491] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.491] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.491] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=295, color=0x31e37c) returned 0x0
[0315.491] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.491] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.491] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=296, color=0x31e37c) returned 0x0
[0315.491] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.491] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.491] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=297, color=0x31e37c) returned 0x0
[0315.491] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.491] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.491] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=298, color=0x31e37c) returned 0x0
[0315.491] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.491] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.491] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=299, color=0x31e37c) returned 0x0
[0315.491] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.491] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.492] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=300, color=0x31e37c) returned 0x0
[0315.492] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.492] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.492] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=301, color=0x31e37c) returned 0x0
[0315.492] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.492] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.492] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=302, color=0x31e37c) returned 0x0
[0315.492] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.492] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.492] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=303, color=0x31e37c) returned 0x0
[0315.492] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.492] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.492] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=304, color=0x31e37c) returned 0x0
[0315.492] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.492] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.492] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=305, color=0x31e37c) returned 0x0
[0315.492] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.492] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.493] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=306, color=0x31e37c) returned 0x0
[0315.493] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.493] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.493] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=307, color=0x31e37c) returned 0x0
[0315.493] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.493] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.493] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=308, color=0x31e37c) returned 0x0
[0315.493] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.493] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.493] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=309, color=0x31e37c) returned 0x0
[0315.493] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.493] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.493] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=310, color=0x31e37c) returned 0x0
[0315.493] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.493] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.493] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=311, color=0x31e37c) returned 0x0
[0315.493] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.494] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.494] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=312, color=0x31e37c) returned 0x0
[0315.494] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.494] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.494] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=313, color=0x31e37c) returned 0x0
[0315.494] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.494] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.494] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=314, color=0x31e37c) returned 0x0
[0315.494] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.494] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.494] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=315, color=0x31e37c) returned 0x0
[0315.494] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.494] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.494] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=316, color=0x31e37c) returned 0x0
[0315.494] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.494] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.494] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=317, color=0x31e37c) returned 0x0
[0315.494] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.495] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.495] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=318, color=0x31e37c) returned 0x0
[0315.495] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.495] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.495] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=319, color=0x31e37c) returned 0x0
[0315.495] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.495] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.495] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=320, color=0x31e37c) returned 0x0
[0315.495] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.495] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.495] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=321, color=0x31e37c) returned 0x0
[0315.495] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.495] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.495] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=322, color=0x31e37c) returned 0x0
[0315.495] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.495] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.495] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=323, color=0x31e37c) returned 0x0
[0315.496] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.496] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.496] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=324, color=0x31e37c) returned 0x0
[0315.496] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.496] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.496] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=325, color=0x31e37c) returned 0x0
[0315.496] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.496] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.496] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=326, color=0x31e37c) returned 0x0
[0315.496] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.496] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.496] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=327, color=0x31e37c) returned 0x0
[0315.496] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.496] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.496] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=328, color=0x31e37c) returned 0x0
[0315.496] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.496] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.497] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=329, color=0x31e37c) returned 0x0
[0315.497] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.497] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.497] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=330, color=0x31e37c) returned 0x0
[0315.497] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.497] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.497] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=331, color=0x31e37c) returned 0x0
[0315.497] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.497] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.497] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=332, color=0x31e37c) returned 0x0
[0315.497] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.497] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.497] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=333, color=0x31e37c) returned 0x0
[0315.497] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.497] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.497] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=334, color=0x31e37c) returned 0x0
[0315.497] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.498] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.498] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=335, color=0x31e37c) returned 0x0
[0315.498] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.498] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.498] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=336, color=0x31e37c) returned 0x0
[0315.498] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.498] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.498] GdipBitmapGetPixel (bitmap=0x5242230, x=286, y=337, color=0x31e37c) returned 0x0
[0315.498] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.498] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.498] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=0, color=0x31e37c) returned 0x0
[0315.498] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.498] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.498] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=1, color=0x31e37c) returned 0x0
[0315.498] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.498] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.498] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=2, color=0x31e37c) returned 0x0
[0315.498] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.498] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.498] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=3, color=0x31e37c) returned 0x0
[0315.499] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.499] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.499] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=4, color=0x31e37c) returned 0x0
[0315.499] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.499] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.499] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=5, color=0x31e37c) returned 0x0
[0315.499] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.499] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.499] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=6, color=0x31e37c) returned 0x0
[0315.499] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.499] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.499] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=7, color=0x31e37c) returned 0x0
[0315.499] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.499] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.499] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=8, color=0x31e37c) returned 0x0
[0315.499] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.499] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.499] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=9, color=0x31e37c) returned 0x0
[0315.499] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.499] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.500] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=10, color=0x31e37c) returned 0x0
[0315.500] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.500] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.500] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=11, color=0x31e37c) returned 0x0
[0315.500] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.500] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.500] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=12, color=0x31e37c) returned 0x0
[0315.500] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.500] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.500] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=13, color=0x31e37c) returned 0x0
[0315.500] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.500] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.500] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=14, color=0x31e37c) returned 0x0
[0315.500] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.500] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.500] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=15, color=0x31e37c) returned 0x0
[0315.500] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.500] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.500] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=16, color=0x31e37c) returned 0x0
[0315.501] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.501] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.501] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=17, color=0x31e37c) returned 0x0
[0315.501] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.501] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.501] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=18, color=0x31e37c) returned 0x0
[0315.501] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.501] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.501] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=19, color=0x31e37c) returned 0x0
[0315.501] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.501] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.501] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=20, color=0x31e37c) returned 0x0
[0315.501] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.501] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.501] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=21, color=0x31e37c) returned 0x0
[0315.501] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.501] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.501] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=22, color=0x31e37c) returned 0x0
[0315.502] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.502] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.502] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=23, color=0x31e37c) returned 0x0
[0315.502] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.502] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.502] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=24, color=0x31e37c) returned 0x0
[0315.502] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.502] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.502] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=25, color=0x31e37c) returned 0x0
[0315.502] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.502] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.502] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=26, color=0x31e37c) returned 0x0
[0315.502] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.502] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.502] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=27, color=0x31e37c) returned 0x0
[0315.502] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.503] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.503] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=28, color=0x31e37c) returned 0x0
[0315.503] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.503] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.503] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=29, color=0x31e37c) returned 0x0
[0315.503] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.503] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.503] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=30, color=0x31e37c) returned 0x0
[0315.503] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.503] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.503] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=31, color=0x31e37c) returned 0x0
[0315.503] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.503] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.503] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=32, color=0x31e37c) returned 0x0
[0315.503] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.503] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.503] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=33, color=0x31e37c) returned 0x0
[0315.504] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.504] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.504] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=34, color=0x31e37c) returned 0x0
[0315.504] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.504] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.504] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=35, color=0x31e37c) returned 0x0
[0315.504] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.504] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.504] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=36, color=0x31e37c) returned 0x0
[0315.504] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.504] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.504] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=37, color=0x31e37c) returned 0x0
[0315.504] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.504] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.504] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=38, color=0x31e37c) returned 0x0
[0315.504] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.504] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.505] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=39, color=0x31e37c) returned 0x0
[0315.505] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.505] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.505] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=40, color=0x31e37c) returned 0x0
[0315.505] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.505] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.505] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=41, color=0x31e37c) returned 0x0
[0315.505] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.505] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.505] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=42, color=0x31e37c) returned 0x0
[0315.505] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.505] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.505] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=43, color=0x31e37c) returned 0x0
[0315.505] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.505] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.505] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=44, color=0x31e37c) returned 0x0
[0315.505] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.505] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.505] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=45, color=0x31e37c) returned 0x0
[0315.505] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.506] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.506] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=46, color=0x31e37c) returned 0x0
[0315.506] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.506] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.506] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=47, color=0x31e37c) returned 0x0
[0315.506] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.506] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.506] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=48, color=0x31e37c) returned 0x0
[0315.506] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.506] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.506] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=49, color=0x31e37c) returned 0x0
[0315.506] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.506] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.506] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=50, color=0x31e37c) returned 0x0
[0315.506] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.506] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.506] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=51, color=0x31e37c) returned 0x0
[0315.506] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.506] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.506] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=52, color=0x31e37c) returned 0x0
[0315.507] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.507] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.507] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=53, color=0x31e37c) returned 0x0
[0315.507] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.507] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.507] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=54, color=0x31e37c) returned 0x0
[0315.507] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.507] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.507] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=55, color=0x31e37c) returned 0x0
[0315.507] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.507] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.507] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=56, color=0x31e37c) returned 0x0
[0315.507] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.507] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.507] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=57, color=0x31e37c) returned 0x0
[0315.507] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.507] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.507] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=58, color=0x31e37c) returned 0x0
[0315.507] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.507] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.507] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=59, color=0x31e37c) returned 0x0
[0315.508] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.508] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.508] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=60, color=0x31e37c) returned 0x0
[0315.508] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.508] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.508] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=61, color=0x31e37c) returned 0x0
[0315.508] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.508] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.508] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=62, color=0x31e37c) returned 0x0
[0315.508] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.508] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.508] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=63, color=0x31e37c) returned 0x0
[0315.508] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.508] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.508] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=64, color=0x31e37c) returned 0x0
[0315.508] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.508] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.508] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=65, color=0x31e37c) returned 0x0
[0315.508] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.508] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.508] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=66, color=0x31e37c) returned 0x0
[0315.508] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.508] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.509] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=67, color=0x31e37c) returned 0x0
[0315.509] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.509] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.509] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=68, color=0x31e37c) returned 0x0
[0315.509] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.509] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.509] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=69, color=0x31e37c) returned 0x0
[0315.509] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.509] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.509] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=70, color=0x31e37c) returned 0x0
[0315.509] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.509] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.509] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=71, color=0x31e37c) returned 0x0
[0315.509] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.509] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.509] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=72, color=0x31e37c) returned 0x0
[0315.509] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.509] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.509] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=73, color=0x31e37c) returned 0x0
[0315.509] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.509] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.509] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=74, color=0x31e37c) returned 0x0
[0315.509] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.509] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.509] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=75, color=0x31e37c) returned 0x0
[0315.510] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.510] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.510] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=76, color=0x31e37c) returned 0x0
[0315.510] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.510] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.510] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=77, color=0x31e37c) returned 0x0
[0315.510] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.510] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.510] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=78, color=0x31e37c) returned 0x0
[0315.510] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.510] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.510] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=79, color=0x31e37c) returned 0x0
[0315.510] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.510] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.510] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=80, color=0x31e37c) returned 0x0
[0315.510] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.510] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.510] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=81, color=0x31e37c) returned 0x0
[0315.510] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.510] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.510] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=82, color=0x31e37c) returned 0x0
[0315.510] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.510] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.511] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=83, color=0x31e37c) returned 0x0
[0315.511] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.511] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.511] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=84, color=0x31e37c) returned 0x0
[0315.511] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.511] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.511] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=85, color=0x31e37c) returned 0x0
[0315.511] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.511] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.511] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=86, color=0x31e37c) returned 0x0
[0315.511] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.511] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.511] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=87, color=0x31e37c) returned 0x0
[0315.511] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.511] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.511] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=88, color=0x31e37c) returned 0x0
[0315.511] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.511] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.511] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=89, color=0x31e37c) returned 0x0
[0315.511] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.511] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.511] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=90, color=0x31e37c) returned 0x0
[0315.511] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.512] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.512] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=91, color=0x31e37c) returned 0x0
[0315.512] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.512] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.512] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=92, color=0x31e37c) returned 0x0
[0315.512] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.512] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.512] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=93, color=0x31e37c) returned 0x0
[0315.512] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.512] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.512] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=94, color=0x31e37c) returned 0x0
[0315.512] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.512] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.512] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=95, color=0x31e37c) returned 0x0
[0315.512] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.512] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.512] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=96, color=0x31e37c) returned 0x0
[0315.512] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.512] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.512] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=97, color=0x31e37c) returned 0x0
[0315.512] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.512] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.514] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=98, color=0x31e37c) returned 0x0
[0315.514] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.514] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.514] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=99, color=0x31e37c) returned 0x0
[0315.514] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.514] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.514] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=100, color=0x31e37c) returned 0x0
[0315.514] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.514] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.514] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=101, color=0x31e37c) returned 0x0
[0315.514] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.514] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.514] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=102, color=0x31e37c) returned 0x0
[0315.515] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.515] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.515] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=103, color=0x31e37c) returned 0x0
[0315.515] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.515] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.515] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=104, color=0x31e37c) returned 0x0
[0315.515] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.515] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.515] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=105, color=0x31e37c) returned 0x0
[0315.515] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.515] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.515] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=106, color=0x31e37c) returned 0x0
[0315.515] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.515] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.515] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=107, color=0x31e37c) returned 0x0
[0315.515] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.515] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.515] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=108, color=0x31e37c) returned 0x0
[0315.515] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.515] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.515] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=109, color=0x31e37c) returned 0x0
[0315.516] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.516] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.516] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=110, color=0x31e37c) returned 0x0
[0315.516] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.516] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.516] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=111, color=0x31e37c) returned 0x0
[0315.516] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.516] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.516] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=112, color=0x31e37c) returned 0x0
[0315.516] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.516] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.516] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=113, color=0x31e37c) returned 0x0
[0315.516] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.516] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.516] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=114, color=0x31e37c) returned 0x0
[0315.516] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.516] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.516] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=115, color=0x31e37c) returned 0x0
[0315.516] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.516] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.516] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=116, color=0x31e37c) returned 0x0
[0315.517] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.517] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.517] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=117, color=0x31e37c) returned 0x0
[0315.517] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.517] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.517] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=118, color=0x31e37c) returned 0x0
[0315.517] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.517] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.517] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=119, color=0x31e37c) returned 0x0
[0315.517] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.517] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.517] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=120, color=0x31e37c) returned 0x0
[0315.517] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.517] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.517] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=121, color=0x31e37c) returned 0x0
[0315.517] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.517] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.517] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=122, color=0x31e37c) returned 0x0
[0315.517] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.517] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.517] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=123, color=0x31e37c) returned 0x0
[0315.518] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.518] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.518] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=124, color=0x31e37c) returned 0x0
[0315.518] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.518] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.518] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=125, color=0x31e37c) returned 0x0
[0315.518] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.518] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.518] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=126, color=0x31e37c) returned 0x0
[0315.518] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.518] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.518] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=127, color=0x31e37c) returned 0x0
[0315.518] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.518] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.518] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=128, color=0x31e37c) returned 0x0
[0315.518] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.518] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.518] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=129, color=0x31e37c) returned 0x0
[0315.518] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.518] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.518] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=130, color=0x31e37c) returned 0x0
[0315.519] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.519] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.519] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=131, color=0x31e37c) returned 0x0
[0315.519] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.519] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.519] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=132, color=0x31e37c) returned 0x0
[0315.519] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.519] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.519] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=133, color=0x31e37c) returned 0x0
[0315.519] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.519] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.519] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=134, color=0x31e37c) returned 0x0
[0315.519] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.519] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.519] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=135, color=0x31e37c) returned 0x0
[0315.519] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.519] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.519] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=136, color=0x31e37c) returned 0x0
[0315.519] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.519] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.520] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=137, color=0x31e37c) returned 0x0
[0315.520] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.520] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.520] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=138, color=0x31e37c) returned 0x0
[0315.520] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.520] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.520] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=139, color=0x31e37c) returned 0x0
[0315.520] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.520] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.520] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=140, color=0x31e37c) returned 0x0
[0315.520] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.520] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.520] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=141, color=0x31e37c) returned 0x0
[0315.520] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.520] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.520] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=142, color=0x31e37c) returned 0x0
[0315.520] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.520] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.520] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=143, color=0x31e37c) returned 0x0
[0315.520] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.520] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.521] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=144, color=0x31e37c) returned 0x0
[0315.521] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.521] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.521] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=145, color=0x31e37c) returned 0x0
[0315.521] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.521] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.521] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=146, color=0x31e37c) returned 0x0
[0315.521] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.521] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.521] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=147, color=0x31e37c) returned 0x0
[0315.521] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.521] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.521] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=148, color=0x31e37c) returned 0x0
[0315.521] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.521] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.521] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=149, color=0x31e37c) returned 0x0
[0315.521] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.521] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.521] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=150, color=0x31e37c) returned 0x0
[0315.521] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.522] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.522] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=151, color=0x31e37c) returned 0x0
[0315.522] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.522] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.522] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=152, color=0x31e37c) returned 0x0
[0315.522] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.522] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.522] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=153, color=0x31e37c) returned 0x0
[0315.522] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.522] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.522] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=154, color=0x31e37c) returned 0x0
[0315.522] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.522] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.522] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=155, color=0x31e37c) returned 0x0
[0315.522] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.522] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.522] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=156, color=0x31e37c) returned 0x0
[0315.522] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.522] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.522] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=157, color=0x31e37c) returned 0x0
[0315.523] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.523] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.523] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=158, color=0x31e37c) returned 0x0
[0315.523] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.523] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.523] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=159, color=0x31e37c) returned 0x0
[0315.523] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.523] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.523] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=160, color=0x31e37c) returned 0x0
[0315.523] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.523] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.523] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=161, color=0x31e37c) returned 0x0
[0315.523] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.523] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.523] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=162, color=0x31e37c) returned 0x0
[0315.523] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.523] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.523] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=163, color=0x31e37c) returned 0x0
[0315.523] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.523] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.524] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=164, color=0x31e37c) returned 0x0
[0315.524] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.524] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.524] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=165, color=0x31e37c) returned 0x0
[0315.524] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.524] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.524] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=166, color=0x31e37c) returned 0x0
[0315.524] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.524] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.524] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=167, color=0x31e37c) returned 0x0
[0315.524] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.524] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.524] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=168, color=0x31e37c) returned 0x0
[0315.524] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.524] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.524] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=169, color=0x31e37c) returned 0x0
[0315.524] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.524] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.524] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=170, color=0x31e37c) returned 0x0
[0315.524] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.524] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.525] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=171, color=0x31e37c) returned 0x0
[0315.525] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.525] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.525] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=172, color=0x31e37c) returned 0x0
[0315.525] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.525] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.525] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=173, color=0x31e37c) returned 0x0
[0315.525] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.525] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.525] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=174, color=0x31e37c) returned 0x0
[0315.525] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.525] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.525] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=175, color=0x31e37c) returned 0x0
[0315.525] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.525] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.525] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=176, color=0x31e37c) returned 0x0
[0315.525] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.525] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.525] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=177, color=0x31e37c) returned 0x0
[0315.525] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.525] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.526] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=178, color=0x31e37c) returned 0x0
[0315.526] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.526] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.526] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=179, color=0x31e37c) returned 0x0
[0315.526] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.526] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.526] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=180, color=0x31e37c) returned 0x0
[0315.526] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.526] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.526] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=181, color=0x31e37c) returned 0x0
[0315.526] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.526] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.526] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=182, color=0x31e37c) returned 0x0
[0315.526] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.526] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.526] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=183, color=0x31e37c) returned 0x0
[0315.526] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.526] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.526] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=184, color=0x31e37c) returned 0x0
[0315.526] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.527] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.527] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=185, color=0x31e37c) returned 0x0
[0315.527] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.527] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.527] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=186, color=0x31e37c) returned 0x0
[0315.527] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.527] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.527] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=187, color=0x31e37c) returned 0x0
[0315.527] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.527] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.527] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=188, color=0x31e37c) returned 0x0
[0315.527] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.527] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.527] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=189, color=0x31e37c) returned 0x0
[0315.527] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.527] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.527] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=190, color=0x31e37c) returned 0x0
[0315.527] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.527] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.527] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=191, color=0x31e37c) returned 0x0
[0315.528] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.528] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.528] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=192, color=0x31e37c) returned 0x0
[0315.528] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.528] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.528] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=193, color=0x31e37c) returned 0x0
[0315.528] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.528] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.528] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=194, color=0x31e37c) returned 0x0
[0315.528] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.528] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.528] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=195, color=0x31e37c) returned 0x0
[0315.528] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.528] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.528] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=196, color=0x31e37c) returned 0x0
[0315.528] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.528] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.528] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=197, color=0x31e37c) returned 0x0
[0315.528] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.528] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.528] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=198, color=0x31e37c) returned 0x0
[0315.528] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.528] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.529] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=199, color=0x31e37c) returned 0x0
[0315.529] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.529] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.529] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=200, color=0x31e37c) returned 0x0
[0315.529] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.529] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.529] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=201, color=0x31e37c) returned 0x0
[0315.529] GdipGetImageWidth (image=0x5242230, width=0x31e36c) returned 0x0
[0315.529] GdipGetImageHeight (image=0x5242230, height=0x31e36c) returned 0x0
[0315.529] GdipBitmapGetPixel (bitmap=0x5242230, x=287, y=202, color=0x31e37c) returned 0x0
[0316.119] CoTaskMemAlloc (cb=0xd) returned 0x641d18
[0316.120] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x269b80c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0316.120] LoadLibraryA (lpLibFileName="kernel32") returned 0x76600000
[0316.120] CoTaskMemFree (pv=0x641d18)
[0316.127] CoTaskMemAlloc (cb=0x11) returned 0x603b50
[0316.127] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResumeThread", cchWideChar=12, lpMultiByteStr=0x269b844, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResumeThread", lpUsedDefaultChar=0x0) returned 12
[0316.128] GetProcAddress (hModule=0x76600000, lpProcName="ResumeThread") returned 0x766143ef
[0316.128] CoTaskMemFree (pv=0x603b50)
[0316.133] CoTaskMemAlloc (cb=0xd) returned 0x641c88
[0316.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x269b900, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0316.133] LoadLibraryA (lpLibFileName="kernel32") returned 0x76600000
[0316.134] CoTaskMemFree (pv=0x641c88)
[0316.134] CoTaskMemAlloc (cb=0x1a) returned 0x61d930
[0316.134] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64SetThreadContext", cchWideChar=21, lpMultiByteStr=0x269b938, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64SetThreadContext", lpUsedDefaultChar=0x0) returned 21
[0316.134] GetProcAddress (hModule=0x76600000, lpProcName="Wow64SetThreadContext") returned 0x76695393
[0316.134] CoTaskMemFree (pv=0x61d930)
[0316.140] CoTaskMemAlloc (cb=0xd) returned 0x641d18
[0316.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x269ba04, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0316.140] LoadLibraryA (lpLibFileName="kernel32") returned 0x76600000
[0316.140] CoTaskMemFree (pv=0x641d18)
[0316.140] CoTaskMemAlloc (cb=0x15) returned 0x603b50
[0316.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetThreadContext", cchWideChar=16, lpMultiByteStr=0x269ba3c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThreadContext", lpUsedDefaultChar=0x0) returned 16
[0316.140] GetProcAddress (hModule=0x76600000, lpProcName="SetThreadContext") returned 0x76695393
[0316.140] CoTaskMemFree (pv=0x603b50)
[0316.141] CoTaskMemAlloc (cb=0xd) returned 0x641d18
[0316.141] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x269bb04, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0316.141] LoadLibraryA (lpLibFileName="kernel32") returned 0x76600000
[0316.142] CoTaskMemFree (pv=0x641d18)
[0316.142] CoTaskMemAlloc (cb=0x1a) returned 0x61d930
[0316.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64GetThreadContext", cchWideChar=21, lpMultiByteStr=0x269bb3c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64GetThreadContext", lpUsedDefaultChar=0x0) returned 21
[0316.142] GetProcAddress (hModule=0x76600000, lpProcName="Wow64GetThreadContext") returned 0x766379d4
[0316.142] CoTaskMemFree (pv=0x61d930)
[0316.143] CoTaskMemAlloc (cb=0xd) returned 0x641d18
[0316.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x269bc08, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0316.143] LoadLibraryA (lpLibFileName="kernel32") returned 0x76600000
[0316.143] CoTaskMemFree (pv=0x641d18)
[0316.143] CoTaskMemAlloc (cb=0x15) returned 0x603b50
[0316.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetThreadContext", cchWideChar=16, lpMultiByteStr=0x269bc40, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThreadContext", lpUsedDefaultChar=0x0) returned 16
[0316.143] GetProcAddress (hModule=0x76600000, lpProcName="GetThreadContext") returned 0x766379d4
[0316.144] CoTaskMemFree (pv=0x603b50)
[0316.145] CoTaskMemAlloc (cb=0xd) returned 0x641d18
[0316.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x269bcfc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0316.145] LoadLibraryA (lpLibFileName="kernel32") returned 0x76600000
[0316.145] CoTaskMemFree (pv=0x641d18)
[0316.145] CoTaskMemAlloc (cb=0x13) returned 0x603a70
[0316.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x269bd34, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocEx", lpUsedDefaultChar=0x0) returned 14
[0316.145] GetProcAddress (hModule=0x76600000, lpProcName="VirtualAllocEx") returned 0x7662d9b0
[0316.145] CoTaskMemFree (pv=0x603a70)
[0316.150] CoTaskMemAlloc (cb=0xd) returned 0x641c88
[0316.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x269bdf0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0316.150] LoadLibraryA (lpLibFileName="kernel32") returned 0x76600000
[0316.150] CoTaskMemFree (pv=0x641c88)
[0316.150] CoTaskMemAlloc (cb=0x17) returned 0x603b50
[0316.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x269be28, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemory", lpUsedDefaultChar=0x0) returned 18
[0316.150] GetProcAddress (hModule=0x76600000, lpProcName="WriteProcessMemory") returned 0x7662d9e0
[0316.150] CoTaskMemFree (pv=0x603b50)
[0316.156] CoTaskMemAlloc (cb=0xd) returned 0x641d18
[0316.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x269beec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0316.156] LoadLibraryA (lpLibFileName="kernel32") returned 0x76600000
[0316.157] CoTaskMemFree (pv=0x641d18)
[0316.157] CoTaskMemAlloc (cb=0x16) returned 0x603a70
[0316.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReadProcessMemory", cchWideChar=17, lpMultiByteStr=0x269bf24, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadProcessMemory", lpUsedDefaultChar=0x0) returned 17
[0316.157] GetProcAddress (hModule=0x76600000, lpProcName="ReadProcessMemory") returned 0x7662cfcc
[0316.157] CoTaskMemFree (pv=0x603a70)
[0316.163] CoTaskMemAlloc (cb=0xa) returned 0x641c88
[0316.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ntdll", cchWideChar=5, lpMultiByteStr=0x269bfe4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntdll", lpUsedDefaultChar=0x0) returned 5
[0316.164] LoadLibraryA (lpLibFileName="ntdll") returned 0x77390000
[0316.164] CoTaskMemFree (pv=0x641c88)
[0316.164] CoTaskMemAlloc (cb=0x19) returned 0x61d930
[0316.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZwUnmapViewOfSection", cchWideChar=20, lpMultiByteStr=0x269c010, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZwUnmapViewOfSection", lpUsedDefaultChar=0x0) returned 20
[0316.164] GetProcAddress (hModule=0x77390000, lpProcName="ZwUnmapViewOfSection") returned 0x773afc70
[0316.164] CoTaskMemFree (pv=0x61d930)
[0316.170] CoTaskMemAlloc (cb=0xd) returned 0x641c88
[0316.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x269c0d8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0316.170] LoadLibraryA (lpLibFileName="kernel32") returned 0x76600000
[0316.170] CoTaskMemFree (pv=0x641c88)
[0316.170] CoTaskMemAlloc (cb=0x13) returned 0x603a70
[0316.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateProcessA", cchWideChar=14, lpMultiByteStr=0x269c110, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateProcessA", lpUsedDefaultChar=0x0) returned 14
[0316.171] GetProcAddress (hModule=0x76600000, lpProcName="CreateProcessA") returned 0x76611072
[0316.171] CoTaskMemFree (pv=0x603a70)
[0316.193] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", nBufferLength=0x105, lpBuffer=0x31d9dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", lpFilePart=0x0) returned 0x2f
[0316.212] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="HqDKaBWIBgZUJuwRAPSyhcVSy") returned 0x0
[0316.293] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="HqDKaBWIBgZUJuwRAPSyhcVSy") returned 0x248
[0322.310] CoTaskMemAlloc (cb=0x20c) returned 0x649218
[0322.310] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x649218 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0
[0322.311] CoTaskMemFree (pv=0x649218)
[0322.311] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x31d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22
[0322.318] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", nBufferLength=0x105, lpBuffer=0x31da54, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe", lpFilePart=0x0) returned 0x2f
[0322.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x31dc94) returned 1
[0322.318] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\emvflise.exe"), fInfoLevelId=0x0, lpFileInformation=0x31df58 | out: lpFileInformation=0x31df58*(dwFileAttributes=0x2027, ftCreationTime.dwLowDateTime=0x372cfae0, ftCreationTime.dwHighDateTime=0x1d71a55, ftLastAccessTime.dwLowDateTime=0x372cfae0, ftLastAccessTime.dwHighDateTime=0x1d71a55, ftLastWriteTime.dwLowDateTime=0xd2630a00, ftLastWriteTime.dwHighDateTime=0x1d71a54, nFileSizeHigh=0x0, nFileSizeLow=0x145800)) returned 1
[0322.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x31dc90) returned 1
[0322.416] GetCurrentProcess () returned 0xffffffff
[0322.416] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x31de8c | out: TokenHandle=0x31de8c*=0x250) returned 1
[0322.418] GetCurrentProcess () returned 0xffffffff
[0322.418] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x31de5c | out: TokenHandle=0x31de5c*=0x254) returned 1
[0322.420] GetTokenInformation (in: TokenHandle=0x250, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x31de90 | out: TokenInformation=0x0, ReturnLength=0x31de90) returned 0
[0322.420] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x61f428
[0322.420] GetTokenInformation (in: TokenHandle=0x250, TokenInformationClass=0x1, TokenInformation=0x61f428, TokenInformationLength=0x24, ReturnLength=0x31de90 | out: TokenInformation=0x61f428, ReturnLength=0x31de90) returned 1
[0322.421] LocalFree (hMem=0x61f428) returned 0x0
[0322.423] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x31ddb8, DesiredAccess=0x800, PolicyHandle=0x31dd78 | out: PolicyHandle=0x31dd78) returned 0x0
[0322.428] LsaLookupSids (in: PolicyHandle=0x603b50, Count=0x1, Sids=0x26a1fd8*=0x26a1f44*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), ReferencedDomains=0x31dd94, Names=0x31dd88 | out: ReferencedDomains=0x31dd94, Names=0x31dd88) returned 0x0
[0322.431] LsaClose (ObjectHandle=0x603b50) returned 0x0
[0322.432] LsaFreeMemory (Buffer=0x618318) returned 0x0
[0322.432] LsaFreeMemory (Buffer=0x61f428) returned 0x0
[0322.432] CloseHandle (hObject=0x254) returned 1
[0322.505] CoTaskMemAlloc (cb=0x20c) returned 0x641e48
[0322.505] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x641e48 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25
[0322.505] CoTaskMemFree (pv=0x641e48)
[0322.518] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x31d9a8, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13
[0322.519] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x31d9bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x26
[0322.535] CoTaskMemAlloc (cb=0x20c) returned 0x641e48
[0322.535] GetTempFileNameW (in: lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x641e48 | out: lpTempFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmp9c4e.tmp")) returned 0x9c4e
[0322.539] CoTaskMemFree (pv=0x641e48)
[0322.546] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp", nBufferLength=0x105, lpBuffer=0x31d86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp", lpFilePart=0x0) returned 0x31
[0322.546] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x31dd84) returned 1
[0322.546] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmp9c4e.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254
[0322.546] GetFileType (hFile=0x254) returned 0x1
[0322.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x31dd80) returned 1
[0322.547] GetFileType (hFile=0x254) returned 0x1
[0322.548] WriteFile (in: hFile=0x254, lpBuffer=0x26a5f6c*, nNumberOfBytesToWrite=0x66a, lpNumberOfBytesWritten=0x31de10, lpOverlapped=0x0 | out: lpBuffer=0x26a5f6c*, lpNumberOfBytesWritten=0x31de10*=0x66a, lpOverlapped=0x0) returned 1
[0322.549] CloseHandle (hObject=0x254) returned 1
[0322.660] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x65f5b0
[0322.660] LocalAlloc (uFlags=0x0, uBytes=0xb0) returned 0x5fd560
[0322.662] ShellExecuteExW (in: pExecInfo=0x26a72d0*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\EmVFlIse\" /XML \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x26a72d0*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\EmVFlIse\" /XML \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x388)) returned 1
[0323.696] LocalFree (hMem=0x65f5b0) returned 0x0
[0323.697] LocalFree (hMem=0x5fd560) returned 0x0
[0323.813] GetCurrentProcess () returned 0xffffffff
[0323.813] GetCurrentProcess () returned 0xffffffff
[0323.813] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x388, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x31de74, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x31de74*=0x33c) returned 1
[0323.917] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x31de6c*=0x33c, lpdwindex=0x31dc90 | out: lpdwindex=0x31dc90) returned 0x0
[0324.321] CloseHandle (hObject=0x33c) returned 1
[0324.324] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp", nBufferLength=0x105, lpBuffer=0x31d9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp", lpFilePart=0x0) returned 0x31
[0324.324] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmp9c4e.tmp")) returned 1
[0324.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x31d93c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0324.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", cchWideChar=57, lpMultiByteStr=0x31db90, cbMultiByte=59, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe\x87Á", lpUsedDefaultChar=0x0) returned 57
[0324.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x31db8c, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="´\x87Á", lpUsedDefaultChar=0x0) returned 0
[0324.390] CreateProcessA (in: lpApplicationName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x31dc28*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x31df2c | out: lpCommandLine="", lpProcessInformation=0x31df2c*(hProcess=0x390, hThread=0x33c, dwProcessId=0x6e0, dwThreadId=0x704)) returned 1
[0324.413] CoTaskMemFree (pv=0x0)
[0324.473] GetThreadContext (in: hThread=0x33c, lpContext=0x26a7690 | out: lpContext=0x26a7690*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0xbe8356, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0324.473] ReadProcessMemory (in: hProcess=0x390, lpBaseAddress=0x7efde008, lpBuffer=0x31df1c, nSize=0x4, lpNumberOfBytesRead=0x31df60 | out: lpBuffer=0x31df1c*, lpNumberOfBytesRead=0x31df60*=0x4) returned 1
[0324.475] VirtualAllocEx (hProcess=0x390, lpAddress=0x400000, dwSize=0x3c000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0324.478] WriteProcessMemory (in: hProcess=0x390, lpBaseAddress=0x400000, lpBuffer=0x3713900*, nSize=0x200, lpNumberOfBytesWritten=0x31df60 | out: lpBuffer=0x3713900*, lpNumberOfBytesWritten=0x31df60*=0x200) returned 1
[0324.493] WriteProcessMemory (in: hProcess=0x390, lpBaseAddress=0x402000, lpBuffer=0x3749d20*, nSize=0x35a00, lpNumberOfBytesWritten=0x31df60 | out: lpBuffer=0x3749d20*, lpNumberOfBytesWritten=0x31df60*=0x35a00) returned 1
[0324.507] WriteProcessMemory (in: hProcess=0x390, lpBaseAddress=0x438000, lpBuffer=0x26a7968*, nSize=0x600, lpNumberOfBytesWritten=0x31df60 | out: lpBuffer=0x26a7968*, lpNumberOfBytesWritten=0x31df60*=0x600) returned 1
[0324.514] WriteProcessMemory (in: hProcess=0x390, lpBaseAddress=0x43a000, lpBuffer=0x26a7f74*, nSize=0x200, lpNumberOfBytesWritten=0x31df60 | out: lpBuffer=0x26a7f74*, lpNumberOfBytesWritten=0x31df60*=0x200) returned 1
[0324.524] WriteProcessMemory (in: hProcess=0x390, lpBaseAddress=0x7efde008, lpBuffer=0x26a8180*, nSize=0x4, lpNumberOfBytesWritten=0x31df60 | out: lpBuffer=0x26a8180*, lpNumberOfBytesWritten=0x31df60*=0x4) returned 1
[0324.528] SetThreadContext (hThread=0x33c, lpContext=0x26a7690*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x43783e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0324.531] ResumeThread (hThread=0x33c) returned 0x1
[0324.788] CoGetContextToken (in: pToken=0x31e308 | out: pToken=0x31e308) returned 0x0
[0324.788] CObjectContext::QueryInterface () returned 0x0
[0324.788] CObjectContext::GetCurrentThreadType () returned 0x0
[0324.788] Release () returned 0x0
[0324.789] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x59de90*=0xac, lpdwindex=0x31e1b4 | out: lpdwindex=0x31e1b4) returned 0x0
Thread:
id = 258
os_tid = 0x1cc
Thread:
id = 259
os_tid = 0x224
[0256.681] CoGetContextToken (in: pToken=0x10af49c | out: pToken=0x10af49c) returned 0x800401f0
[0256.694] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0324.831] SetWindowLongW (hWnd=0x2013c, nIndex=-4, dwNewLong=2000430557) returned 3672318
[0324.832] SetClassLongW (hWnd=0x2013c, nIndex=-24, dwNewLong=2000430557) returned 0x3808d6
[0324.833] PostMessageW (hWnd=0x2013c, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0324.840] GetModuleHandleW (lpModuleName=0x0) returned 0x1110000
[0324.840] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", hInstance=0x1110000) returned 0
[0324.852] LocalFree (hMem=0x5c7098) returned 0x0
[0324.853] LocalFree (hMem=0x5c7010) returned 0x0
[0324.854] EtwEventUnregister () returned 0x0
[0324.882] CloseHandle (hObject=0x1e8) returned 1
[0324.910] GdipDisposeImage (image=0x5242230) returned 0x0
[0324.915] CloseHandle (hObject=0x250) returned 1
[0324.916] CloseHandle (hObject=0x248) returned 1
[0324.916] CloseHandle (hObject=0x388) returned 1
[0324.917] RegCloseKey (hKey=0x80000004) returned 0x0
[0324.918] CloseHandle (hObject=0x1e4) returned 1
Thread:
id = 260
os_tid = 0x20c
Thread:
id = 261
os_tid = 0x678
Thread:
id = 262
os_tid = 0x6a0
Thread:
id = 263
os_tid = 0x5b0
Thread:
id = 266
os_tid = 0x51c
Thread:
id = 268
os_tid = 0x6c0
[0324.733] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
Thread:
id = 270
os_tid = 0x744
Process:
id = "11"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x28dc3000"
os_pid = "0x364"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "rpc_server"
parent_id = "9"
os_parent_pid = "0x1c0"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cfa4" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 2621
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2622
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 2623
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2624
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2625
start_va = 0x50000
end_va = 0x50fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2626
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 2627
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 2628
start_va = 0x80000
end_va = 0x80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 2629
start_va = 0x90000
end_va = 0x10ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 2630
start_va = 0x110000
end_va = 0x176fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2631
start_va = 0x180000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 2632
start_va = 0x280000
end_va = 0x37ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 2633
start_va = 0x380000
end_va = 0x507fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000380000"
filename = ""
Region:
id = 2634
start_va = 0x510000
end_va = 0x510fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000510000"
filename = ""
Region:
id = 2635
start_va = 0x520000
end_va = 0x52afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui")
Region:
id = 2636
start_va = 0x530000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 2637
start_va = 0x540000
end_va = 0x6c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000540000"
filename = ""
Region:
id = 2638
start_va = 0x6d0000
end_va = 0x78ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006d0000"
filename = ""
Region:
id = 2639
start_va = 0x790000
end_va = 0x79cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 2640
start_va = 0x7a0000
end_va = 0x7a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taskcomp.dll.mui"
filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui")
Region:
id = 2641
start_va = 0x7b0000
end_va = 0x7b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schedsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui")
Region:
id = 2642
start_va = 0x7c0000
end_va = 0x7c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007c0000"
filename = ""
Region:
id = 2643
start_va = 0x7d0000
end_va = 0x7dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007d0000"
filename = ""
Region:
id = 2644
start_va = 0x7e0000
end_va = 0x7e1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007e0000"
filename = ""
Region:
id = 2645
start_va = 0x7f0000
end_va = 0x86ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007f0000"
filename = ""
Region:
id = 2646
start_va = 0x870000
end_va = 0x873fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2647
start_va = 0x880000
end_va = 0x881fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000880000"
filename = ""
Region:
id = 2648
start_va = 0x890000
end_va = 0x90ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000890000"
filename = ""
Region:
id = 2649
start_va = 0x910000
end_va = 0x93ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db")
Region:
id = 2650
start_va = 0x940000
end_va = 0x943fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2651
start_va = 0x950000
end_va = 0x95dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui")
Region:
id = 2652
start_va = 0x970000
end_va = 0x9effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000970000"
filename = ""
Region:
id = 2653
start_va = 0xa40000
end_va = 0xabffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a40000"
filename = ""
Region:
id = 2654
start_va = 0xad0000
end_va = 0xb4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ad0000"
filename = ""
Region:
id = 2655
start_va = 0xb50000
end_va = 0xe1efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2656
start_va = 0xe20000
end_va = 0xe9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e20000"
filename = ""
Region:
id = 2657
start_va = 0xec0000
end_va = 0xf3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ec0000"
filename = ""
Region:
id = 2658
start_va = 0xf90000
end_va = 0x100ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f90000"
filename = ""
Region:
id = 2659
start_va = 0x1070000
end_va = 0x10effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 2660
start_va = 0x10f0000
end_va = 0x116ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010f0000"
filename = ""
Region:
id = 2661
start_va = 0x1190000
end_va = 0x120ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001190000"
filename = ""
Region:
id = 2662
start_va = 0x1220000
end_va = 0x129ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001220000"
filename = ""
Region:
id = 2663
start_va = 0x12a0000
end_va = 0x1305fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 2664
start_va = 0x1320000
end_va = 0x139ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001320000"
filename = ""
Region:
id = 2665
start_va = 0x13d0000
end_va = 0x144ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013d0000"
filename = ""
Region:
id = 2666
start_va = 0x1470000
end_va = 0x14effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001470000"
filename = ""
Region:
id = 2667
start_va = 0x1570000
end_va = 0x15effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 2668
start_va = 0x1610000
end_va = 0x168ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001610000"
filename = ""
Region:
id = 2669
start_va = 0x1690000
end_va = 0x170ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001690000"
filename = ""
Region:
id = 2670
start_va = 0x1740000
end_va = 0x17bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001740000"
filename = ""
Region:
id = 2671
start_va = 0x17e0000
end_va = 0x185ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000017e0000"
filename = ""
Region:
id = 2672
start_va = 0x1860000
end_va = 0x18dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001860000"
filename = ""
Region:
id = 2673
start_va = 0x1900000
end_va = 0x197ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001900000"
filename = ""
Region:
id = 2674
start_va = 0x1980000
end_va = 0x1a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001980000"
filename = ""
Region:
id = 2675
start_va = 0x1a80000
end_va = 0x1b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a80000"
filename = ""
Region:
id = 2676
start_va = 0x76f90000
end_va = 0x77089fff
monitored = 0
entry_point = 0x76faa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2677
start_va = 0x77090000
end_va = 0x771aefff
monitored = 0
entry_point = 0x770a5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2678
start_va = 0x771b0000
end_va = 0x77358fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2679
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 2680
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 2681
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2682
start_va = 0xffa90000
end_va = 0xffa9afff
monitored = 0
entry_point = 0xffa9246c
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 2683
start_va = 0x7fef8210000
end_va = 0x7fef8286fff
monitored = 0
entry_point = 0x7fef821afd0
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 2684
start_va = 0x7fef87a0000
end_va = 0x7fef87a9fff
monitored = 0
entry_point = 0x7fef87a260c
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")
Region:
id = 2685
start_va = 0x7fef87b0000
end_va = 0x7fef88c1fff
monitored = 0
entry_point = 0x7fef87cf354
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 2686
start_va = 0x7fef88d0000
end_va = 0x7fef88defff
monitored = 0
entry_point = 0x7fef88d7e80
region_type = mapped_file
name = "wiarpc.dll"
filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll")
Region:
id = 2687
start_va = 0x7fef88e0000
end_va = 0x7fef88e8fff
monitored = 0
entry_point = 0x7fef88e3668
region_type = mapped_file
name = "fvecerts.dll"
filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll")
Region:
id = 2688
start_va = 0x7fef88f0000
end_va = 0x7fef88f8fff
monitored = 0
entry_point = 0x7fef88f1020
region_type = mapped_file
name = "tbs.dll"
filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll")
Region:
id = 2689
start_va = 0x7fef8900000
end_va = 0x7fef8955fff
monitored = 0
entry_point = 0x7fef8901040
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 2690
start_va = 0x7fef8960000
end_va = 0x7fef8a4dfff
monitored = 0
entry_point = 0x7fef89612a0
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 2691
start_va = 0x7fef8a50000
end_va = 0x7fef8aadfff
monitored = 0
entry_point = 0x7fef8a59024
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 2692
start_va = 0x7fefac00000
end_va = 0x7fefac13fff
monitored = 0
entry_point = 0x7fefac03e64
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2693
start_va = 0x7fefac20000
end_va = 0x7fefac86fff
monitored = 0
entry_point = 0x7fefac36060
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 2694
start_va = 0x7fefaca0000
end_va = 0x7fefacaafff
monitored = 0
entry_point = 0x7fefaca4f8c
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 2695
start_va = 0x7fefacb0000
end_va = 0x7fefacbbfff
monitored = 0
entry_point = 0x7fefacb15d8
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 2696
start_va = 0x7fefacc0000
end_va = 0x7fefaccffff
monitored = 0
entry_point = 0x7fefacc835c
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 2697
start_va = 0x7fefacd0000
end_va = 0x7feface8fff
monitored = 0
entry_point = 0x7fefacd11a8
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 2698
start_va = 0x7fefacf0000
end_va = 0x7fefad26fff
monitored = 0
entry_point = 0x7fefacf8424
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 2699
start_va = 0x7fefad70000
end_va = 0x7fefad84fff
monitored = 0
entry_point = 0x7fefad760d8
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 2700
start_va = 0x7fefad90000
end_va = 0x7fefae51fff
monitored = 0
entry_point = 0x7fefad9101c
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 2701
start_va = 0x7fefb070000
end_va = 0x7fefb08cfff
monitored = 0
entry_point = 0x7fefb072f18
region_type = mapped_file
name = "mmcss.dll"
filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll")
Region:
id = 2702
start_va = 0x7fefb090000
end_va = 0x7fefb098fff
monitored = 0
entry_point = 0x7fefb091010
region_type = mapped_file
name = "avrt.dll"
filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")
Region:
id = 2703
start_va = 0x7fefb180000
end_va = 0x7fefb1acfff
monitored = 0
entry_point = 0x7fefb181010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2704
start_va = 0x7fefb320000
end_va = 0x7fefb334fff
monitored = 0
entry_point = 0x7fefb321050
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 2705
start_va = 0x7fefb340000
end_va = 0x7fefb34bfff
monitored = 0
entry_point = 0x7fefb3418a4
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 2706
start_va = 0x7fefb350000
end_va = 0x7fefb365fff
monitored = 0
entry_point = 0x7fefb3511a0
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 2707
start_va = 0x7fefb3a0000
end_va = 0x7fefb3a8fff
monitored = 0
entry_point = 0x7fefb3a11a0
region_type = mapped_file
name = "tschannel.dll"
filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll")
Region:
id = 2708
start_va = 0x7fefb480000
end_va = 0x7fefb490fff
monitored = 0
entry_point = 0x7fefb481070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2709
start_va = 0x7fefb5e0000
end_va = 0x7fefb614fff
monitored = 0
entry_point = 0x7fefb5e1064
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 2710
start_va = 0x7fefba50000
end_va = 0x7fefbaa5fff
monitored = 0
entry_point = 0x7fefba5bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2711
start_va = 0x7fefbab0000
end_va = 0x7fefbbdbfff
monitored = 0
entry_point = 0x7fefbab94bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 2712
start_va = 0x7fefbbe0000
end_va = 0x7fefbbfcfff
monitored = 0
entry_point = 0x7fefbbe1ef4
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 2713
start_va = 0x7fefbc30000
end_va = 0x7fefbe23fff
monitored = 0
entry_point = 0x7fefbdbc924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 2714
start_va = 0x7fefc2c0000
end_va = 0x7fefc2cbfff
monitored = 0
entry_point = 0x7fefc2c1064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2715
start_va = 0x7fefc390000
end_va = 0x7fefc396fff
monitored = 0
entry_point = 0x7fefc3914b0
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 2716
start_va = 0x7fefc480000
end_va = 0x7fefc49afff
monitored = 0
entry_point = 0x7fefc482068
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 2717
start_va = 0x7fefc4a0000
end_va = 0x7fefc4bdfff
monitored = 0
entry_point = 0x7fefc4a13b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 2718
start_va = 0x7fefc5b0000
end_va = 0x7fefc5e8fff
monitored = 0
entry_point = 0x7fefc5bc0f0
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 2719
start_va = 0x7fefc5f0000
end_va = 0x7fefc5f9fff
monitored = 0
entry_point = 0x7fefc5f3cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 2720
start_va = 0x7fefc600000
end_va = 0x7fefc60cfff
monitored = 0
entry_point = 0x7fefc601348
region_type = mapped_file
name = "pcwum.dll"
filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")
Region:
id = 2721
start_va = 0x7fefc6f0000
end_va = 0x7fefc736fff
monitored = 0
entry_point = 0x7fefc6f1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2722
start_va = 0x7fefc7e0000
end_va = 0x7fefc80ffff
monitored = 0
entry_point = 0x7fefc7e194c
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 2723
start_va = 0x7fefc980000
end_va = 0x7fefc986fff
monitored = 0
entry_point = 0x7fefc98142c
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 2724
start_va = 0x7fefc990000
end_va = 0x7fefc9e4fff
monitored = 0
entry_point = 0x7fefc991054
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 2725
start_va = 0x7fefc9f0000
end_va = 0x7fefca07fff
monitored = 0
entry_point = 0x7fefc9f3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2726
start_va = 0x7fefcb00000
end_va = 0x7fefcb31fff
monitored = 0
entry_point = 0x7fefcb0144c
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 2727
start_va = 0x7fefcb50000
end_va = 0x7fefcb59fff
monitored = 0
entry_point = 0x7fefcb53b40
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 2728
start_va = 0x7fefcbe0000
end_va = 0x7fefcc0efff
monitored = 0
entry_point = 0x7fefcbe1064
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 2729
start_va = 0x7fefcc20000
end_va = 0x7fefcc8cfff
monitored = 0
entry_point = 0x7fefcc21010
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 2730
start_va = 0x7fefcef0000
end_va = 0x7fefcf12fff
monitored = 0
entry_point = 0x7fefcef1198
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 2731
start_va = 0x7fefcf90000
end_va = 0x7fefcf9afff
monitored = 0
entry_point = 0x7fefcf91030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 2732
start_va = 0x7fefcfc0000
end_va = 0x7fefcfe4fff
monitored = 0
entry_point = 0x7fefcfc9658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2733
start_va = 0x7fefcff0000
end_va = 0x7fefcffefff
monitored = 0
entry_point = 0x7fefcff1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2734
start_va = 0x7fefd000000
end_va = 0x7fefd090fff
monitored = 0
entry_point = 0x7fefd001440
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 2735
start_va = 0x7fefd0a0000
end_va = 0x7fefd0dcfff
monitored = 0
entry_point = 0x7fefd0a18f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 2736
start_va = 0x7fefd0e0000
end_va = 0x7fefd0f3fff
monitored = 0
entry_point = 0x7fefd0e10e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 2737
start_va = 0x7fefd100000
end_va = 0x7fefd10efff
monitored = 0
entry_point = 0x7fefd1019b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2738
start_va = 0x7fefd1a0000
end_va = 0x7fefd1aefff
monitored = 0
entry_point = 0x7fefd1a1020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 2739
start_va = 0x7fefd1b0000
end_va = 0x7fefd31cfff
monitored = 0
entry_point = 0x7fefd1b10b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 2740
start_va = 0x7fefd320000
end_va = 0x7fefd38afff
monitored = 0
entry_point = 0x7fefd3230e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2741
start_va = 0x7fefd390000
end_va = 0x7fefd3c5fff
monitored = 0
entry_point = 0x7fefd391474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2742
start_va = 0x7fefd470000
end_va = 0x7fefd489fff
monitored = 0
entry_point = 0x7fefd471558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2743
start_va = 0x7fefd490000
end_va = 0x7fefd4cafff
monitored = 0
entry_point = 0x7fefd491324
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 2744
start_va = 0x7fefd4d0000
end_va = 0x7fefd5d8fff
monitored = 0
entry_point = 0x7fefd4d1064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2745
start_va = 0x7fefd710000
end_va = 0x7fefd72efff
monitored = 0
entry_point = 0x7fefd7160e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2746
start_va = 0x7fefd7b0000
end_va = 0x7fefd7ddfff
monitored = 0
entry_point = 0x7fefd7b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2747
start_va = 0x7fefd880000
end_va = 0x7fefd9acfff
monitored = 0
entry_point = 0x7fefd8ced50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2748
start_va = 0x7fefdb30000
end_va = 0x7fefdc06fff
monitored = 0
entry_point = 0x7fefdb33274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2749
start_va = 0x7fefde70000
end_va = 0x7fefdf08fff
monitored = 0
entry_point = 0x7fefde71c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2750
start_va = 0x7fefdf10000
end_va = 0x7fefec97fff
monitored = 0
entry_point = 0x7fefdf8cebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2751
start_va = 0x7fefecc0000
end_va = 0x7fefed11fff
monitored = 0
entry_point = 0x7fefecc10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 2752
start_va = 0x7fefed20000
end_va = 0x7fefedbefff
monitored = 0
entry_point = 0x7fefed225a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2753
start_va = 0x7fefedc0000
end_va = 0x7fefedcdfff
monitored = 0
entry_point = 0x7fefedc1080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2754
start_va = 0x7fefedd0000
end_va = 0x7fefee36fff
monitored = 0
entry_point = 0x7fefeddb03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2755
start_va = 0x7fefee40000
end_va = 0x7fefef08fff
monitored = 0
entry_point = 0x7fefeeba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2756
start_va = 0x7fefef10000
end_va = 0x7fefef80fff
monitored = 0
entry_point = 0x7fefef21e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2757
start_va = 0x7fefef90000
end_va = 0x7fefefdcfff
monitored = 0
entry_point = 0x7fefef91070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2758
start_va = 0x7fefefe0000
end_va = 0x7feff1b6fff
monitored = 0
entry_point = 0x7fefefe1010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 2759
start_va = 0x7feff1c0000
end_va = 0x7feff3c2fff
monitored = 0
entry_point = 0x7feff1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2760
start_va = 0x7feff3d0000
end_va = 0x7feff3d7fff
monitored = 0
entry_point = 0x7feff3d1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2761
start_va = 0x7feff3e0000
end_va = 0x7feff4bafff
monitored = 0
entry_point = 0x7feff400760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2762
start_va = 0x7feff4d0000
end_va = 0x7feff4d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2763
start_va = 0x7fffff96000
end_va = 0x7fffff97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff96000"
filename = ""
Region:
id = 2764
start_va = 0x7fffff98000
end_va = 0x7fffff99fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff98000"
filename = ""
Region:
id = 2765
start_va = 0x7fffff9a000
end_va = 0x7fffff9bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9a000"
filename = ""
Region:
id = 2766
start_va = 0x7fffff9c000
end_va = 0x7fffff9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9c000"
filename = ""
Region:
id = 2767
start_va = 0x7fffff9e000
end_va = 0x7fffff9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9e000"
filename = ""
Region:
id = 2768
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 2769
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 2770
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 2771
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 2772
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 2773
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 2774
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 2775
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 2776
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 2777
start_va = 0x7fffffd3000
end_va = 0x7fffffd3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 2778
start_va = 0x7fffffd4000
end_va = 0x7fffffd5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Region:
id = 2779
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 2780
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 2781
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 2782
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 2783
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 2811
start_va = 0x1c70000
end_va = 0x1ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c70000"
filename = ""
Region:
id = 2812
start_va = 0x7fef38b0000
end_va = 0x7fef3935fff
monitored = 0
entry_point = 0x7fef38bffd0
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 2813
start_va = 0x7fef77e0000
end_va = 0x7fef781ffff
monitored = 0
entry_point = 0x7fef77e2f10
region_type = mapped_file
name = "wmisvc.dll"
filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")
Region:
id = 2814
start_va = 0x7fffff94000
end_va = 0x7fffff95fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff94000"
filename = ""
Region:
id = 2815
start_va = 0x1cf0000
end_va = 0x1e1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001cf0000"
filename = ""
Region:
id = 2816
start_va = 0x1bd0000
end_va = 0x1c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001bd0000"
filename = ""
Region:
id = 2817
start_va = 0x7fef3460000
end_va = 0x7fef34a6fff
monitored = 0
entry_point = 0x7fef3461040
region_type = mapped_file
name = "wdscore.dll"
filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")
Region:
id = 2818
start_va = 0x7fef34b0000
end_va = 0x7fef34f1fff
monitored = 0
entry_point = 0x7fef34b17e4
region_type = mapped_file
name = "sqmapi.dll"
filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")
Region:
id = 2819
start_va = 0x7fef3500000
end_va = 0x7fef3510fff
monitored = 0
entry_point = 0x7fef35014c0
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 2820
start_va = 0x7fef3520000
end_va = 0x7fef35b1fff
monitored = 0
entry_point = 0x7fef35951ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2821
start_va = 0x7fef8b00000
end_va = 0x7fef8b52fff
monitored = 0
entry_point = 0x7fef8b02b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2822
start_va = 0x7fefabc0000
end_va = 0x7fefabcafff
monitored = 0
entry_point = 0x7fefabc1198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 2823
start_va = 0x7fefabd0000
end_va = 0x7fefabf6fff
monitored = 0
entry_point = 0x7fefabd98bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 2824
start_va = 0x7fefc2d0000
end_va = 0x7fefc38afff
monitored = 0
entry_point = 0x7fefc2d6de0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 2825
start_va = 0x7fffff92000
end_va = 0x7fffff93fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff92000"
filename = ""
Region:
id = 2826
start_va = 0x1e20000
end_va = 0x1f9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e20000"
filename = ""
Region:
id = 2827
start_va = 0x1fa0000
end_va = 0x217ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001fa0000"
filename = ""
Region:
id = 2828
start_va = 0x2000000
end_va = 0x207ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002000000"
filename = ""
Region:
id = 2829
start_va = 0x2170000
end_va = 0x217ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002170000"
filename = ""
Region:
id = 2830
start_va = 0x2180000
end_va = 0x234ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 2831
start_va = 0x7fffff90000
end_va = 0x7fffff91fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff90000"
filename = ""
Region:
id = 2832
start_va = 0x7fef3420000
end_va = 0x7fef345cfff
monitored = 0
entry_point = 0x7fef3421070
region_type = mapped_file
name = "srvsvc.dll"
filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")
Region:
id = 2833
start_va = 0x7fef33f0000
end_va = 0x7fef3414fff
monitored = 0
entry_point = 0x7fef3408c54
region_type = mapped_file
name = "browser.dll"
filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll")
Region:
id = 2834
start_va = 0x74d00000
end_va = 0x74d01fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netmsg.dll"
filename = "\\Windows\\System32\\netmsg.dll" (normalized: "c:\\windows\\system32\\netmsg.dll")
Region:
id = 2835
start_va = 0x9f0000
end_va = 0xa1ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netmsg.dll.mui"
filename = "\\Windows\\System32\\en-US\\netmsg.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netmsg.dll.mui")
Region:
id = 2836
start_va = 0x21c0000
end_va = 0x223ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021c0000"
filename = ""
Region:
id = 2837
start_va = 0x22d0000
end_va = 0x234ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022d0000"
filename = ""
Region:
id = 2838
start_va = 0x7fef54b0000
end_va = 0x7fef54c6fff
monitored = 0
entry_point = 0x7fef54b1060
region_type = mapped_file
name = "vsstrace.dll"
filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll")
Region:
id = 2839
start_va = 0x7fef54d0000
end_va = 0x7fef567ffff
monitored = 0
entry_point = 0x7fef54d1010
region_type = mapped_file
name = "vssapi.dll"
filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll")
Region:
id = 2840
start_va = 0x7fffff8e000
end_va = 0x7fffff8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8e000"
filename = ""
Region:
id = 2841
start_va = 0x960000
end_va = 0x967fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vsstrace.dll.mui"
filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui")
Region:
id = 2842
start_va = 0x7fefb300000
end_va = 0x7fefb313fff
monitored = 0
entry_point = 0x7fefb3016b4
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 2854
start_va = 0x7fef3160000
end_va = 0x7fef328efff
monitored = 0
entry_point = 0x7fef3161080
region_type = mapped_file
name = "wbemcore.dll"
filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")
Region:
id = 2855
start_va = 0x7fef30f0000
end_va = 0x7fef315efff
monitored = 0
entry_point = 0x7fef30fbf5c
region_type = mapped_file
name = "esscli.dll"
filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")
Region:
id = 2856
start_va = 0x7fef32c0000
end_va = 0x7fef33a1fff
monitored = 0
entry_point = 0x7fef32e3814
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 2857
start_va = 0x7fef3290000
end_va = 0x7fef32b6fff
monitored = 0
entry_point = 0x7fef32911a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 2858
start_va = 0x2350000
end_va = 0x251ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002350000"
filename = ""
Region:
id = 2859
start_va = 0x7fef30d0000
end_va = 0x7fef30e3fff
monitored = 0
entry_point = 0x7fef30d1070
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 2860
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2861
start_va = 0x2180000
end_va = 0x21fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 2862
start_va = 0x7fffff8e000
end_va = 0x7fffff8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8e000"
filename = ""
Region:
id = 2863
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2864
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2865
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2866
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2867
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2868
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2869
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2870
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2871
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2872
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2873
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2874
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2875
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2876
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2877
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2878
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2879
start_va = 0x7fef30c0000
end_va = 0x7fef30c7fff
monitored = 0
entry_point = 0x7fef30c1020
region_type = mapped_file
name = "sscore.dll"
filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll")
Region:
id = 2880
start_va = 0x7fef3070000
end_va = 0x7fef30bffff
monitored = 0
entry_point = 0x7fef3071190
region_type = mapped_file
name = "clusapi.dll"
filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")
Region:
id = 2881
start_va = 0x7fefcc90000
end_va = 0x7fefcca3fff
monitored = 0
entry_point = 0x7fefcc94160
region_type = mapped_file
name = "cryptdll.dll"
filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")
Region:
id = 2882
start_va = 0x20e0000
end_va = 0x215ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020e0000"
filename = ""
Region:
id = 2883
start_va = 0x7fffff92000
end_va = 0x7fffff93fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff92000"
filename = ""
Region:
id = 2884
start_va = 0x1e90000
end_va = 0x1f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e90000"
filename = ""
Region:
id = 2885
start_va = 0x1f20000
end_va = 0x1f9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f20000"
filename = ""
Region:
id = 2886
start_va = 0x7fffff8c000
end_va = 0x7fffff8dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8c000"
filename = ""
Region:
id = 2887
start_va = 0x2520000
end_va = 0x267ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002520000"
filename = ""
Region:
id = 2888
start_va = 0x2680000
end_va = 0x28effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 2889
start_va = 0x2350000
end_va = 0x244ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002350000"
filename = ""
Region:
id = 2890
start_va = 0x24a0000
end_va = 0x251ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024a0000"
filename = ""
Region:
id = 2891
start_va = 0x2680000
end_va = 0x27fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 2892
start_va = 0x2870000
end_va = 0x28effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 2893
start_va = 0x7fef3050000
end_va = 0x7fef3068fff
monitored = 0
entry_point = 0x7fef3051104
region_type = mapped_file
name = "resutils.dll"
filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")
Region:
id = 2894
start_va = 0x26c0000
end_va = 0x273ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 2895
start_va = 0x2780000
end_va = 0x27fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 2896
start_va = 0x7fffff8a000
end_va = 0x7fffff8bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8a000"
filename = ""
Region:
id = 2897
start_va = 0x7fef2fc0000
end_va = 0x7fef3043fff
monitored = 0
entry_point = 0x7fef3011118
region_type = mapped_file
name = "netcfgx.dll"
filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll")
Region:
id = 2898
start_va = 0x9f0000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2899
start_va = 0x28f0000
end_va = 0x29effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000028f0000"
filename = ""
Region:
id = 2900
start_va = 0x29f0000
end_va = 0x2b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000029f0000"
filename = ""
Region:
id = 2901
start_va = 0x7fefc4c0000
end_va = 0x7fefc4d1fff
monitored = 0
entry_point = 0x7fefc4c1060
region_type = mapped_file
name = "devrtl.dll"
filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")
Region:
id = 2902
start_va = 0x29f0000
end_va = 0x2aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000029f0000"
filename = ""
Region:
id = 2903
start_va = 0x2b00000
end_va = 0x2b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b00000"
filename = ""
Region:
id = 2904
start_va = 0x1d20000
end_va = 0x1d9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d20000"
filename = ""
Region:
id = 2905
start_va = 0x1da0000
end_va = 0x1e1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001da0000"
filename = ""
Region:
id = 2906
start_va = 0x7fffff88000
end_va = 0x7fffff89fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff88000"
filename = ""
Region:
id = 2907
start_va = 0x7fef2f90000
end_va = 0x7fef2fb5fff
monitored = 0
entry_point = 0x7fef2f97948
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 2908
start_va = 0x7fef2f10000
end_va = 0x7fef2f82fff
monitored = 0
entry_point = 0x7fef2f1e480
region_type = mapped_file
name = "repdrvfs.dll"
filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")
Region:
id = 2909
start_va = 0x7fef2ef0000
end_va = 0x7fef2f09fff
monitored = 0
entry_point = 0x7fef2f03fbc
region_type = mapped_file
name = "nci.dll"
filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll")
Region:
id = 2910
start_va = 0x2230000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002230000"
filename = ""
Region:
id = 2911
start_va = 0x7fffff86000
end_va = 0x7fffff87fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff86000"
filename = ""
Region:
id = 2912
start_va = 0x7fef2e30000
end_va = 0x7fef2eebfff
monitored = 0
entry_point = 0x7fef2e511dc
region_type = mapped_file
name = "wmiprvsd.dll"
filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")
Region:
id = 2913
start_va = 0x7fef2e10000
end_va = 0x7fef2e25fff
monitored = 0
entry_point = 0x7fef2e11070
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 2916
start_va = 0x9f0000
end_va = 0x9f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009f0000"
filename = ""
Region:
id = 2917
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 2918
start_va = 0x1bb0000
end_va = 0x1c2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001bb0000"
filename = ""
Region:
id = 2919
start_va = 0x2b10000
end_va = 0x2b8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b10000"
filename = ""
Region:
id = 2920
start_va = 0x7fffff82000
end_va = 0x7fffff83fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff82000"
filename = ""
Region:
id = 2921
start_va = 0x7fffff84000
end_va = 0x7fffff85fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff84000"
filename = ""
Region:
id = 2923
start_va = 0x2bb0000
end_va = 0x2c2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002bb0000"
filename = ""
Region:
id = 2924
start_va = 0x7fffff80000
end_va = 0x7fffff81fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff80000"
filename = ""
Region:
id = 2925
start_va = 0x7fef2d90000
end_va = 0x7fef2e0dfff
monitored = 0
entry_point = 0x7fef2de1310
region_type = mapped_file
name = "wbemess.dll"
filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")
Region:
id = 2926
start_va = 0x2d90000
end_va = 0x2e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d90000"
filename = ""
Region:
id = 2927
start_va = 0x7fffff7e000
end_va = 0x7fffff7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7e000"
filename = ""
Region:
id = 2928
start_va = 0x2c30000
end_va = 0x2caffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c30000"
filename = ""
Region:
id = 2929
start_va = 0x7fffff7c000
end_va = 0x7fffff7dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7c000"
filename = ""
Region:
id = 2930
start_va = 0x2e10000
end_va = 0x2f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002e10000"
filename = ""
Region:
id = 2931
start_va = 0x2cd0000
end_va = 0x2d4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002cd0000"
filename = ""
Region:
id = 2932
start_va = 0x2f70000
end_va = 0x2feffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002f70000"
filename = ""
Region:
id = 2933
start_va = 0x7fffff78000
end_va = 0x7fffff79fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff78000"
filename = ""
Region:
id = 2934
start_va = 0x7fffff7a000
end_va = 0x7fffff7bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7a000"
filename = ""
Region:
id = 2935
start_va = 0x7fef8ad0000
end_va = 0x7fef8ae0fff
monitored = 0
entry_point = 0x7fef8ad16ac
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 2936
start_va = 0x7fef8ab0000
end_va = 0x7fef8ac7fff
monitored = 0
entry_point = 0x7fef8ab1bf8
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 2937
start_va = 0xa00000
end_va = 0xa00fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a00000"
filename = ""
Region:
id = 2938
start_va = 0xa00000
end_va = 0xa00fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a00000"
filename = ""
Region:
id = 2939
start_va = 0x7fef2d20000
end_va = 0x7fef2d8afff
monitored = 0
entry_point = 0x7fef2d64344
region_type = mapped_file
name = "hnetcfg.dll"
filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")
Region:
id = 2940
start_va = 0x7fefb3b0000
end_va = 0x7fefb3befff
monitored = 0
entry_point = 0x7fefb3b11d0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 2941
start_va = 0x2530000
end_va = 0x25affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002530000"
filename = ""
Region:
id = 2942
start_va = 0x2600000
end_va = 0x267ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002600000"
filename = ""
Region:
id = 2943
start_va = 0x3180000
end_va = 0x31fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003180000"
filename = ""
Region:
id = 2944
start_va = 0x7fffff76000
end_va = 0x7fffff77fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff76000"
filename = ""
Region:
id = 2945
start_va = 0x3120000
end_va = 0x319ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003120000"
filename = ""
Region:
id = 2946
start_va = 0x30c0000
end_va = 0x313ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030c0000"
filename = ""
Region:
id = 2947
start_va = 0x3180000
end_va = 0x31fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003180000"
filename = ""
Region:
id = 2948
start_va = 0x7fffff74000
end_va = 0x7fffff75fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff74000"
filename = ""
Region:
id = 2949
start_va = 0x3020000
end_va = 0x309ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003020000"
filename = ""
Region:
id = 2950
start_va = 0x7fefc810000
end_va = 0x7fefc86afff
monitored = 0
entry_point = 0x7fefc816940
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 2951
start_va = 0x7fffff72000
end_va = 0x7fffff73fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff72000"
filename = ""
Region:
id = 2952
start_va = 0x3200000
end_va = 0x336ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003200000"
filename = ""
Region:
id = 2953
start_va = 0x3200000
end_va = 0x327ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003200000"
filename = ""
Region:
id = 2954
start_va = 0x32f0000
end_va = 0x336ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000032f0000"
filename = ""
Region:
id = 2955
start_va = 0x30f0000
end_va = 0x316ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030f0000"
filename = ""
Region:
id = 2956
start_va = 0x3240000
end_va = 0x32bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003240000"
filename = ""
Region:
id = 2957
start_va = 0x30f0000
end_va = 0x316ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030f0000"
filename = ""
Region:
id = 2958
start_va = 0x3240000
end_va = 0x32bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003240000"
filename = ""
Region:
id = 2959
start_va = 0x7fffff70000
end_va = 0x7fffff71fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff70000"
filename = ""
Region:
id = 2960
start_va = 0x3390000
end_va = 0x340ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003390000"
filename = ""
Region:
id = 2961
start_va = 0x33f0000
end_va = 0x346ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033f0000"
filename = ""
Region:
id = 2962
start_va = 0x3450000
end_va = 0x34cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003450000"
filename = ""
Region:
id = 2963
start_va = 0x7fef2d10000
end_va = 0x7fef2d17fff
monitored = 0
entry_point = 0x7fef2d11414
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 2964
start_va = 0x3470000
end_va = 0x34effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003470000"
filename = ""
Region:
id = 2965
start_va = 0x7fffff6e000
end_va = 0x7fffff6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6e000"
filename = ""
Region:
id = 2966
start_va = 0x3500000
end_va = 0x357ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003500000"
filename = ""
Region:
id = 2967
start_va = 0x33d0000
end_va = 0x344ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033d0000"
filename = ""
Region:
id = 2968
start_va = 0x30d0000
end_va = 0x314ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030d0000"
filename = ""
Region:
id = 2969
start_va = 0x30b0000
end_va = 0x312ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030b0000"
filename = ""
Region:
id = 2970
start_va = 0x35a0000
end_va = 0x361ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000035a0000"
filename = ""
Region:
id = 2971
start_va = 0x34f0000
end_va = 0x36effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000034f0000"
filename = ""
Region:
id = 2972
start_va = 0x33d0000
end_va = 0x344ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033d0000"
filename = ""
Region:
id = 2973
start_va = 0x3700000
end_va = 0x377ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003700000"
filename = ""
Region:
id = 2974
start_va = 0x37c0000
end_va = 0x383ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037c0000"
filename = ""
Region:
id = 2975
start_va = 0x3390000
end_va = 0x340ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003390000"
filename = ""
Region:
id = 2976
start_va = 0x3760000
end_va = 0x37dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003760000"
filename = ""
Region:
id = 2977
start_va = 0x30d0000
end_va = 0x314ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030d0000"
filename = ""
Region:
id = 2978
start_va = 0x33f0000
end_va = 0x346ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033f0000"
filename = ""
Region:
id = 3094
start_va = 0xa00000
end_va = 0xa00fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a00000"
filename = ""
Region:
id = 3095
start_va = 0x7fef5d90000
end_va = 0x7fef5e03fff
monitored = 0
entry_point = 0x7fef5d966f0
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 3096
start_va = 0x3720000
end_va = 0x379ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003720000"
filename = ""
Region:
id = 3097
start_va = 0x37a0000
end_va = 0x381ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037a0000"
filename = ""
Region:
id = 3098
start_va = 0xa00000
end_va = 0xa0bfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a00000"
filename = ""
Region:
id = 3100
start_va = 0x3760000
end_va = 0x37dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003760000"
filename = ""
Region:
id = 3101
start_va = 0x7fffff6c000
end_va = 0x7fffff6dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6c000"
filename = ""
Region:
id = 3102
start_va = 0x7fef29e0000
end_va = 0x7fef29ebfff
monitored = 0
entry_point = 0x7fef29e602c
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 3103
start_va = 0x3390000
end_va = 0x340ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003390000"
filename = ""
Region:
id = 3104
start_va = 0x3810000
end_va = 0x388ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003810000"
filename = ""
Region:
id = 3105
start_va = 0x3830000
end_va = 0x38affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003830000"
filename = ""
Region:
id = 3106
start_va = 0x30b0000
end_va = 0x312ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030b0000"
filename = ""
Region:
id = 3107
start_va = 0x3850000
end_va = 0x38cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003850000"
filename = ""
Region:
id = 3108
start_va = 0x3390000
end_va = 0x340ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003390000"
filename = ""
Region:
id = 3109
start_va = 0x3870000
end_va = 0x38effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003870000"
filename = ""
Region:
id = 3110
start_va = 0x30b0000
end_va = 0x312ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030b0000"
filename = ""
Region:
id = 3111
start_va = 0x30f0000
end_va = 0x316ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030f0000"
filename = ""
Region:
id = 3112
start_va = 0x3850000
end_va = 0x38cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003850000"
filename = ""
Region:
id = 3113
start_va = 0x3810000
end_va = 0x388ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003810000"
filename = ""
Region:
id = 3114
start_va = 0x30f0000
end_va = 0x316ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030f0000"
filename = ""
Region:
id = 3115
start_va = 0x3870000
end_va = 0x38effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003870000"
filename = ""
Region:
id = 3116
start_va = 0x33f0000
end_va = 0x346ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033f0000"
filename = ""
Region:
id = 3117
start_va = 0x33f0000
end_va = 0x346ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033f0000"
filename = ""
Region:
id = 3118
start_va = 0x3810000
end_va = 0x388ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003810000"
filename = ""
Region:
id = 3119
start_va = 0x3810000
end_va = 0x388ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003810000"
filename = ""
Region:
id = 3120
start_va = 0x38b0000
end_va = 0x392ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000038b0000"
filename = ""
Region:
id = 3121
start_va = 0x37f0000
end_va = 0x386ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037f0000"
filename = ""
Region:
id = 3122
start_va = 0x33f0000
end_va = 0x346ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033f0000"
filename = ""
Region:
id = 3123
start_va = 0x30b0000
end_va = 0x312ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030b0000"
filename = ""
Region:
id = 3124
start_va = 0x38b0000
end_va = 0x392ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000038b0000"
filename = ""
Region:
id = 3125
start_va = 0x3390000
end_va = 0x340ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003390000"
filename = ""
Region:
id = 3126
start_va = 0x33f0000
end_va = 0x346ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033f0000"
filename = ""
Region:
id = 3127
start_va = 0x30d0000
end_va = 0x314ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030d0000"
filename = ""
Region:
id = 3128
start_va = 0x3810000
end_va = 0x388ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003810000"
filename = ""
Region:
id = 3129
start_va = 0x3850000
end_va = 0x38cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003850000"
filename = ""
Region:
id = 3130
start_va = 0x30f0000
end_va = 0x316ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030f0000"
filename = ""
Region:
id = 3143
start_va = 0x30b0000
end_va = 0x312ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030b0000"
filename = ""
Region:
id = 3144
start_va = 0x3390000
end_va = 0x340ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003390000"
filename = ""
Region:
id = 3145
start_va = 0x39b0000
end_va = 0x3a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000039b0000"
filename = ""
Region:
id = 3146
start_va = 0x7fffff66000
end_va = 0x7fffff67fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff66000"
filename = ""
Region:
id = 3147
start_va = 0x7fffff68000
end_va = 0x7fffff69fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff68000"
filename = ""
Region:
id = 3148
start_va = 0x7fffff6a000
end_va = 0x7fffff6bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6a000"
filename = ""
Region:
id = 3173
start_va = 0x3a40000
end_va = 0x3abffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a40000"
filename = ""
Region:
id = 3174
start_va = 0x38f0000
end_va = 0x396ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000038f0000"
filename = ""
Region:
id = 3186
start_va = 0x38b0000
end_va = 0x392ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000038b0000"
filename = ""
Region:
id = 3187
start_va = 0x3af0000
end_va = 0x3b6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003af0000"
filename = ""
Region:
id = 3188
start_va = 0x7fffff64000
end_va = 0x7fffff65fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff64000"
filename = ""
Region:
id = 3189
start_va = 0x3810000
end_va = 0x388ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003810000"
filename = ""
Region:
id = 3190
start_va = 0x3a50000
end_va = 0x3acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a50000"
filename = ""
Region:
id = 3191
start_va = 0x3af0000
end_va = 0x3b6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003af0000"
filename = ""
Region:
id = 3192
start_va = 0x3a90000
end_va = 0x3b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a90000"
filename = ""
Region:
id = 3193
start_va = 0x3a50000
end_va = 0x3acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a50000"
filename = ""
Region:
id = 3196
start_va = 0x14f0000
end_va = 0x156ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014f0000"
filename = ""
Region:
id = 3197
start_va = 0x3ab0000
end_va = 0x3b2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ab0000"
filename = ""
Region:
id = 3198
start_va = 0x3bc0000
end_va = 0x3c3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003bc0000"
filename = ""
Region:
id = 3199
start_va = 0x3c80000
end_va = 0x3cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c80000"
filename = ""
Region:
id = 3200
start_va = 0x7fffff5e000
end_va = 0x7fffff5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff5e000"
filename = ""
Region:
id = 3201
start_va = 0x7fffff60000
end_va = 0x7fffff61fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff60000"
filename = ""
Region:
id = 3202
start_va = 0x7fffff62000
end_va = 0x7fffff63fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff62000"
filename = ""
Region:
id = 3203
start_va = 0x3df0000
end_va = 0x3e6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003df0000"
filename = ""
Region:
id = 3204
start_va = 0x3df0000
end_va = 0x3e6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003df0000"
filename = ""
Region:
id = 3205
start_va = 0x3dd0000
end_va = 0x3e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003dd0000"
filename = ""
Region:
id = 3206
start_va = 0x3d30000
end_va = 0x3daffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003d30000"
filename = ""
Region:
id = 3207
start_va = 0x3e10000
end_va = 0x3e8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e10000"
filename = ""
Region:
id = 3208
start_va = 0x3dd0000
end_va = 0x3e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003dd0000"
filename = ""
Region:
id = 3209
start_va = 0x3a30000
end_va = 0x3aaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a30000"
filename = ""
Region:
id = 3210
start_va = 0x3b40000
end_va = 0x3bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b40000"
filename = ""
Region:
id = 3211
start_va = 0x37f0000
end_va = 0x386ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037f0000"
filename = ""
Region:
id = 3223
start_va = 0x3a30000
end_va = 0x3aaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a30000"
filename = ""
Region:
id = 3224
start_va = 0x3d70000
end_va = 0x3deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003d70000"
filename = ""
Region:
id = 3233
start_va = 0xa00000
end_va = 0xa00fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a00000"
filename = ""
Region:
id = 3235
start_va = 0x3d90000
end_va = 0x3e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003d90000"
filename = ""
Region:
id = 3236
start_va = 0x3d70000
end_va = 0x3deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003d70000"
filename = ""
Region:
id = 3237
start_va = 0x3b40000
end_va = 0x3bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b40000"
filename = ""
Region:
id = 3272
start_va = 0x37f0000
end_va = 0x386ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037f0000"
filename = ""
Region:
id = 3653
start_va = 0x3d70000
end_va = 0x3deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003d70000"
filename = ""
Region:
id = 3654
start_va = 0x3d30000
end_va = 0x3daffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003d30000"
filename = ""
Region:
id = 3655
start_va = 0x14f0000
end_va = 0x156ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014f0000"
filename = ""
Region:
id = 3657
start_va = 0x3e30000
end_va = 0x3eaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e30000"
filename = ""
Region:
id = 3658
start_va = 0x3db0000
end_va = 0x3e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003db0000"
filename = ""
Region:
id = 3689
start_va = 0xa20000
end_va = 0xa35fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a20000"
filename = ""
Region:
id = 3725
start_va = 0xa20000
end_va = 0xa3bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "firewallapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui")
Region:
id = 3736
start_va = 0x3d10000
end_va = 0x3d8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003d10000"
filename = ""
Region:
id = 3738
start_va = 0x14f0000
end_va = 0x156ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014f0000"
filename = ""
Region:
id = 3739
start_va = 0x3dc0000
end_va = 0x3e3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003dc0000"
filename = ""
Region:
id = 4175
start_va = 0x21a0000
end_va = 0x221ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021a0000"
filename = ""
Region:
id = 4176
start_va = 0x2240000
end_va = 0x22bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002240000"
filename = ""
Region:
id = 4177
start_va = 0x26b0000
end_va = 0x272ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 4178
start_va = 0x2240000
end_va = 0x22bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002240000"
filename = ""
Region:
id = 4179
start_va = 0x1460000
end_va = 0x14dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001460000"
filename = ""
Region:
id = 4180
start_va = 0x2560000
end_va = 0x25dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002560000"
filename = ""
Region:
id = 4181
start_va = 0x2560000
end_va = 0x25dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002560000"
filename = ""
Region:
id = 4182
start_va = 0x890000
end_va = 0x90ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000890000"
filename = ""
Region:
id = 4183
start_va = 0x2f10000
end_va = 0x310ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002f10000"
filename = ""
Region:
id = 4184
start_va = 0x14e0000
end_va = 0x155ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4185
start_va = 0x1480000
end_va = 0x14fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 4186
start_va = 0x890000
end_va = 0x90ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000890000"
filename = ""
Region:
id = 4187
start_va = 0x2580000
end_va = 0x25fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002580000"
filename = ""
Region:
id = 4274
start_va = 0x1460000
end_va = 0x14dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001460000"
filename = ""
Region:
id = 4275
start_va = 0x14e0000
end_va = 0x155ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4276
start_va = 0x2b20000
end_va = 0x2b9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b20000"
filename = ""
Region:
id = 4277
start_va = 0x2b80000
end_va = 0x2bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b80000"
filename = ""
Region:
id = 4282
start_va = 0x2b40000
end_va = 0x2bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b40000"
filename = ""
Region:
id = 4283
start_va = 0x890000
end_va = 0x90ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000890000"
filename = ""
Region:
id = 4284
start_va = 0x2b80000
end_va = 0x2bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b80000"
filename = ""
Region:
id = 4285
start_va = 0x890000
end_va = 0x90ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000890000"
filename = ""
Region:
id = 4286
start_va = 0x2b80000
end_va = 0x2bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b80000"
filename = ""
Region:
id = 4321
start_va = 0x1450000
end_va = 0x154ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001450000"
filename = ""
Region:
id = 4323
start_va = 0x2250000
end_va = 0x22cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002250000"
filename = ""
Region:
id = 4324
start_va = 0x2250000
end_va = 0x22cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002250000"
filename = ""
Region:
id = 4325
start_va = 0x890000
end_va = 0x90ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000890000"
filename = ""
Region:
id = 4326
start_va = 0x2b70000
end_va = 0x2beffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b70000"
filename = ""
Region:
id = 4327
start_va = 0x2570000
end_va = 0x25effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002570000"
filename = ""
Region:
id = 4645
start_va = 0x2530000
end_va = 0x25affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002530000"
filename = ""
Region:
id = 4646
start_va = 0x2b70000
end_va = 0x2beffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b70000"
filename = ""
Region:
id = 4647
start_va = 0x3170000
end_va = 0x31effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003170000"
filename = ""
Region:
id = 4648
start_va = 0x7fffff8a000
end_va = 0x7fffff8bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8a000"
filename = ""
Region:
id = 4649
start_va = 0x7fffff8e000
end_va = 0x7fffff8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8e000"
filename = ""
Region:
id = 4650
start_va = 0x2230000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002230000"
filename = ""
Region:
id = 4651
start_va = 0x31f0000
end_va = 0x326ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000031f0000"
filename = ""
Region:
id = 4652
start_va = 0x890000
end_va = 0x90ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000890000"
filename = ""
Region:
id = 4653
start_va = 0x3150000
end_va = 0x31cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003150000"
filename = ""
Region:
id = 4654
start_va = 0x2230000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002230000"
filename = ""
Region:
id = 4655
start_va = 0x3190000
end_va = 0x320ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003190000"
filename = ""
Region:
id = 4656
start_va = 0x3130000
end_va = 0x31affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003130000"
filename = ""
Region:
id = 4657
start_va = 0x2d00000
end_va = 0x2d7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d00000"
filename = ""
Region:
id = 4658
start_va = 0x3110000
end_va = 0x318ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003110000"
filename = ""
Region:
id = 4659
start_va = 0x3230000
end_va = 0x32affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003230000"
filename = ""
Region:
id = 4660
start_va = 0x3150000
end_va = 0x31cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003150000"
filename = ""
Region:
id = 4661
start_va = 0x3150000
end_va = 0x31cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003150000"
filename = ""
Region:
id = 4662
start_va = 0x3170000
end_va = 0x31effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003170000"
filename = ""
Region:
id = 4663
start_va = 0x3210000
end_va = 0x328ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003210000"
filename = ""
Region:
id = 4664
start_va = 0x2cc0000
end_va = 0x2d3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002cc0000"
filename = ""
Region:
id = 4665
start_va = 0x890000
end_va = 0x890fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000890000"
filename = ""
Region:
id = 4666
start_va = 0x3270000
end_va = 0x32effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003270000"
filename = ""
Region:
id = 4667
start_va = 0x31b0000
end_va = 0x322ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000031b0000"
filename = ""
Region:
id = 4668
start_va = 0x2240000
end_va = 0x22bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002240000"
filename = ""
Region:
id = 4669
start_va = 0x2cd0000
end_va = 0x2d4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002cd0000"
filename = ""
Region:
id = 4670
start_va = 0x3200000
end_va = 0x327ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003200000"
filename = ""
Region:
id = 4671
start_va = 0x7fffff86000
end_va = 0x7fffff87fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff86000"
filename = ""
Region:
id = 4672
start_va = 0x2cd0000
end_va = 0x2d4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002cd0000"
filename = ""
Region:
id = 4673
start_va = 0x3180000
end_va = 0x31fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003180000"
filename = ""
Region:
id = 4674
start_va = 0x3120000
end_va = 0x319ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003120000"
filename = ""
Region:
id = 4675
start_va = 0x3180000
end_va = 0x31fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003180000"
filename = ""
Region:
id = 4676
start_va = 0x3180000
end_va = 0x31fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003180000"
filename = ""
Region:
id = 4677
start_va = 0x3420000
end_va = 0x349ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003420000"
filename = ""
Region:
id = 4678
start_va = 0x7fffff84000
end_va = 0x7fffff85fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff84000"
filename = ""
Region:
id = 4679
start_va = 0x3160000
end_va = 0x31dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003160000"
filename = ""
Region:
id = 4680
start_va = 0x2220000
end_va = 0x229ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002220000"
filename = ""
Region:
id = 4681
start_va = 0x3810000
end_va = 0x388ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003810000"
filename = ""
Region:
id = 4682
start_va = 0x3830000
end_va = 0x38affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003830000"
filename = ""
Region:
id = 4683
start_va = 0x2cc0000
end_va = 0x2d3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002cc0000"
filename = ""
Region:
id = 4684
start_va = 0x3830000
end_va = 0x38affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003830000"
filename = ""
Region:
id = 4685
start_va = 0x33a0000
end_va = 0x341ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033a0000"
filename = ""
Region:
id = 4686
start_va = 0x3160000
end_va = 0x31dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003160000"
filename = ""
Region:
id = 4687
start_va = 0x38b0000
end_va = 0x392ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000038b0000"
filename = ""
Region:
id = 4688
start_va = 0x3930000
end_va = 0x39affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003930000"
filename = ""
Region:
id = 4689
start_va = 0x7fffff80000
end_va = 0x7fffff81fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff80000"
filename = ""
Region:
id = 4690
start_va = 0x3830000
end_va = 0x38affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003830000"
filename = ""
Region:
id = 4691
start_va = 0x3830000
end_va = 0x38affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003830000"
filename = ""
Region:
id = 4692
start_va = 0x3380000
end_va = 0x33fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003380000"
filename = ""
Region:
id = 4693
start_va = 0x3810000
end_va = 0x388ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003810000"
filename = ""
Region:
id = 4696
start_va = 0x3870000
end_va = 0x38effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003870000"
filename = ""
Region:
id = 4697
start_va = 0x3aa0000
end_va = 0x3b1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003aa0000"
filename = ""
Region:
id = 4698
start_va = 0x3810000
end_va = 0x388ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003810000"
filename = ""
Region:
id = 4699
start_va = 0x3a50000
end_va = 0x3acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a50000"
filename = ""
Region:
id = 4700
start_va = 0x7fffff7a000
end_va = 0x7fffff7bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7a000"
filename = ""
Region:
id = 4701
start_va = 0x33a0000
end_va = 0x341ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033a0000"
filename = ""
Region:
id = 4702
start_va = 0x3a50000
end_va = 0x3acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a50000"
filename = ""
Region:
id = 4703
start_va = 0x3a70000
end_va = 0x3aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a70000"
filename = ""
Region:
id = 4706
start_va = 0x3a70000
end_va = 0x3aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a70000"
filename = ""
Region:
id = 4707
start_va = 0x3ad0000
end_va = 0x3b4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ad0000"
filename = ""
Region:
id = 4708
start_va = 0x3380000
end_va = 0x33fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003380000"
filename = ""
Region:
id = 4709
start_va = 0x38a0000
end_va = 0x391ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000038a0000"
filename = ""
Region:
id = 4710
start_va = 0x3140000
end_va = 0x31bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003140000"
filename = ""
Region:
id = 4711
start_va = 0x2230000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002230000"
filename = ""
Region:
id = 4712
start_va = 0x38a0000
end_va = 0x391ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000038a0000"
filename = ""
Region:
id = 4713
start_va = 0x3180000
end_va = 0x31fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003180000"
filename = ""
Region:
id = 4714
start_va = 0x3160000
end_va = 0x31dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003160000"
filename = ""
Region:
id = 4715
start_va = 0x3140000
end_va = 0x31bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003140000"
filename = ""
Region:
id = 4716
start_va = 0x7f0000
end_va = 0x86ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007f0000"
filename = ""
Region:
id = 4717
start_va = 0x3160000
end_va = 0x31dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003160000"
filename = ""
Region:
id = 4718
start_va = 0x3ab0000
end_va = 0x3b2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ab0000"
filename = ""
Region:
id = 4719
start_va = 0x3160000
end_va = 0x31dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003160000"
filename = ""
Region:
id = 4720
start_va = 0x2250000
end_va = 0x22cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002250000"
filename = ""
Region:
id = 4721
start_va = 0x3a50000
end_va = 0x3acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a50000"
filename = ""
Region:
id = 4722
start_va = 0x3140000
end_va = 0x31bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003140000"
filename = ""
Region:
id = 4723
start_va = 0x7fef9250000
end_va = 0x7fef9265fff
monitored = 0
entry_point = 0x7fef925ba1c
region_type = mapped_file
name = "ncprov.dll"
filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll")
Region:
id = 4724
start_va = 0x3a90000
end_va = 0x3b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a90000"
filename = ""
Region:
id = 4725
start_va = 0x2250000
end_va = 0x22cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002250000"
filename = ""
Region:
id = 4726
start_va = 0x3180000
end_va = 0x31fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003180000"
filename = ""
Region:
id = 4727
start_va = 0x3af0000
end_va = 0x3b6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003af0000"
filename = ""
Region:
id = 4728
start_va = 0x7fffff74000
end_va = 0x7fffff75fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff74000"
filename = ""
Region:
id = 4729
start_va = 0x7fffff76000
end_va = 0x7fffff77fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff76000"
filename = ""
Region:
id = 4730
start_va = 0x7fffff78000
end_va = 0x7fffff79fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff78000"
filename = ""
Region:
id = 4733
start_va = 0x7f0000
end_va = 0x7f2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007f0000"
filename = ""
Region:
id = 4734
start_va = 0x3a30000
end_va = 0x3aaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a30000"
filename = ""
Region:
id = 4735
start_va = 0x3b70000
end_va = 0x3beffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b70000"
filename = ""
Region:
id = 4736
start_va = 0x7fffff7e000
end_va = 0x7fffff7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7e000"
filename = ""
Region:
id = 4737
start_va = 0x7fffff82000
end_va = 0x7fffff83fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff82000"
filename = ""
Region:
id = 4742
start_va = 0x1bd0000
end_va = 0x1c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001bd0000"
filename = ""
Region:
id = 4743
start_va = 0x2d50000
end_va = 0x2dcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d50000"
filename = ""
Region:
id = 4744
start_va = 0x2d90000
end_va = 0x2e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d90000"
filename = ""
Region:
id = 4745
start_va = 0x3bf0000
end_va = 0x3c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003bf0000"
filename = ""
Region:
id = 4746
start_va = 0x3c70000
end_va = 0x3ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c70000"
filename = ""
Region:
id = 4818
start_va = 0x1b90000
end_va = 0x1c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b90000"
filename = ""
Region:
id = 4819
start_va = 0x2530000
end_va = 0x25affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002530000"
filename = ""
Region:
id = 4820
start_va = 0x7fef1180000
end_va = 0x7fef13d2fff
monitored = 0
entry_point = 0x7fef118236c
region_type = mapped_file
name = "wuaueng.dll"
filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll")
Region:
id = 4821
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 4822
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 4823
start_va = 0x7fef1c40000
end_va = 0x7fef1eb9fff
monitored = 0
entry_point = 0x7fef1c72200
region_type = mapped_file
name = "esent.dll"
filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll")
Region:
id = 4824
start_va = 0x7fef5e10000
end_va = 0x7fef5e80fff
monitored = 0
entry_point = 0x7fef5e4ecc4
region_type = mapped_file
name = "winspool.drv"
filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv")
Region:
id = 4825
start_va = 0x7fef47c0000
end_va = 0x7fef4830fff
monitored = 0
entry_point = 0x7fef47c1010
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 4826
start_va = 0x7fef4750000
end_va = 0x7fef47b3fff
monitored = 0
entry_point = 0x7fef4751254
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")
Region:
id = 4827
start_va = 0x7fef74a0000
end_va = 0x7fef74bafff
monitored = 0
entry_point = 0x7fef74a1198
region_type = mapped_file
name = "cabinet.dll"
filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")
Region:
id = 4828
start_va = 0x7fef2a50000
end_va = 0x7fef2a5efff
monitored = 0
entry_point = 0x7fef2a59a48
region_type = mapped_file
name = "mspatcha.dll"
filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll")
Region:
id = 4829
start_va = 0x2680000
end_va = 0x277ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4830
start_va = 0x77380000
end_va = 0x77386fff
monitored = 0
entry_point = 0x7738106c
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 4831
start_va = 0x7f0000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007f0000"
filename = ""
Region:
id = 4832
start_va = 0x20c0000
end_va = 0x213ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020c0000"
filename = ""
Region:
id = 4833
start_va = 0x21a0000
end_va = 0x221ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021a0000"
filename = ""
Region:
id = 4834
start_va = 0x3210000
end_va = 0x328ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003210000"
filename = ""
Region:
id = 4835
start_va = 0x7fffff8e000
end_va = 0x7fffff8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8e000"
filename = ""
Region:
id = 4836
start_va = 0x7fffff92000
end_va = 0x7fffff93fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff92000"
filename = ""
Region:
id = 4837
start_va = 0x2b10000
end_va = 0x2b8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b10000"
filename = ""
Region:
id = 4838
start_va = 0x2b70000
end_va = 0x2beffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b70000"
filename = ""
Region:
id = 4839
start_va = 0x33a0000
end_va = 0x341ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033a0000"
filename = ""
Region:
id = 4840
start_va = 0x20a0000
end_va = 0x211ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020a0000"
filename = ""
Region:
id = 4841
start_va = 0x20c0000
end_va = 0x213ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020c0000"
filename = ""
Region:
id = 4842
start_va = 0x2b50000
end_va = 0x2bcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b50000"
filename = ""
Region:
id = 4843
start_va = 0x7fffff8a000
end_va = 0x7fffff8bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8a000"
filename = ""
Region:
id = 4844
start_va = 0x3450000
end_va = 0x34cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003450000"
filename = ""
Region:
id = 4845
start_va = 0x20e0000
end_va = 0x215ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020e0000"
filename = ""
Region:
id = 4846
start_va = 0x2d80000
end_va = 0x2dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d80000"
filename = ""
Region:
id = 4847
start_va = 0x7fffff86000
end_va = 0x7fffff87fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff86000"
filename = ""
Region:
id = 4848
start_va = 0x33d0000
end_va = 0x344ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033d0000"
filename = ""
Region:
id = 4849
start_va = 0x2d80000
end_va = 0x2dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d80000"
filename = ""
Region:
id = 4850
start_va = 0x3830000
end_va = 0x38affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003830000"
filename = ""
Region:
id = 4851
start_va = 0x7fffff84000
end_va = 0x7fffff85fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff84000"
filename = ""
Region:
id = 4852
start_va = 0x3370000
end_va = 0x33effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003370000"
filename = ""
Region:
id = 4853
start_va = 0x33f0000
end_va = 0x346ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033f0000"
filename = ""
Region:
id = 4854
start_va = 0x3900000
end_va = 0x397ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003900000"
filename = ""
Region:
id = 4855
start_va = 0x7fffff80000
end_va = 0x7fffff81fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff80000"
filename = ""
Region:
id = 4856
start_va = 0x2d80000
end_va = 0x2dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d80000"
filename = ""
Region:
id = 4857
start_va = 0x3390000
end_va = 0x340ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003390000"
filename = ""
Region:
id = 4858
start_va = 0x7fffff7a000
end_va = 0x7fffff7bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7a000"
filename = ""
Region:
id = 4859
start_va = 0x33b0000
end_va = 0x342ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033b0000"
filename = ""
Region:
id = 4860
start_va = 0x3c80000
end_va = 0x3cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c80000"
filename = ""
Region:
id = 4861
start_va = 0x33b0000
end_va = 0x342ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033b0000"
filename = ""
Region:
id = 4862
start_va = 0x3c40000
end_va = 0x3cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c40000"
filename = ""
Region:
id = 4863
start_va = 0x3370000
end_va = 0x33effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003370000"
filename = ""
Region:
id = 4864
start_va = 0x3390000
end_va = 0x340ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003390000"
filename = ""
Region:
id = 4865
start_va = 0x3c40000
end_va = 0x3cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c40000"
filename = ""
Region:
id = 4866
start_va = 0x3c60000
end_va = 0x3cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c60000"
filename = ""
Region:
id = 4867
start_va = 0x3410000
end_va = 0x348ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003410000"
filename = ""
Region:
id = 4868
start_va = 0x3430000
end_va = 0x34affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003430000"
filename = ""
Region:
id = 4869
start_va = 0x3470000
end_va = 0x34effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003470000"
filename = ""
Region:
id = 4870
start_va = 0x3cc0000
end_va = 0x3d3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003cc0000"
filename = ""
Region:
id = 4871
start_va = 0x33b0000
end_va = 0x342ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033b0000"
filename = ""
Region:
id = 4872
start_va = 0x33b0000
end_va = 0x342ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033b0000"
filename = ""
Region:
id = 4873
start_va = 0x3cc0000
end_va = 0x3d3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003cc0000"
filename = ""
Region:
id = 4874
start_va = 0x3c40000
end_va = 0x3cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c40000"
filename = ""
Region:
id = 4875
start_va = 0x3c40000
end_va = 0x3cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c40000"
filename = ""
Region:
id = 4876
start_va = 0x3c60000
end_va = 0x3cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c60000"
filename = ""
Region:
id = 4877
start_va = 0x3450000
end_va = 0x34cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003450000"
filename = ""
Region:
id = 4878
start_va = 0x3410000
end_va = 0x348ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003410000"
filename = ""
Region:
id = 5043
start_va = 0x800000
end_va = 0x800fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll")
Region:
id = 5044
start_va = 0x810000
end_va = 0x816fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui")
Region:
id = 5045
start_va = 0x800000
end_va = 0x800fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll")
Region:
id = 5046
start_va = 0x810000
end_va = 0x816fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui")
Region:
id = 5047
start_va = 0x7fefcb40000
end_va = 0x7fefcb47fff
monitored = 0
entry_point = 0x7fefcb42a6c
region_type = mapped_file
name = "wmsgapi.dll"
filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll")
Region:
id = 5048
start_va = 0x7fef2a30000
end_va = 0x7fef2a3cfff
monitored = 0
entry_point = 0x7fef2a31104
region_type = mapped_file
name = "wups.dll"
filename = "\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll")
Region:
id = 5049
start_va = 0x7fef2a40000
end_va = 0x7fef2a4efff
monitored = 0
entry_point = 0x7fef2a46fb0
region_type = mapped_file
name = "wups2.dll"
filename = "\\Windows\\System32\\wups2.dll" (normalized: "c:\\windows\\system32\\wups2.dll")
Region:
id = 5050
start_va = 0x3370000
end_va = 0x342ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 5051
start_va = 0x800000
end_va = 0x819fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 5052
start_va = 0x3bf0000
end_va = 0x3ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003bf0000"
filename = ""
Region:
id = 5053
start_va = 0x3cf0000
end_va = 0x3deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003cf0000"
filename = ""
Region:
id = 5054
start_va = 0x3df0000
end_va = 0x3eeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003df0000"
filename = ""
Region:
id = 5055
start_va = 0x3ef0000
end_va = 0x3feffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ef0000"
filename = ""
Region:
id = 5056
start_va = 0x820000
end_va = 0x820fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000820000"
filename = ""
Region:
id = 5057
start_va = 0x8a0000
end_va = 0x8fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5058
start_va = 0x8a0000
end_va = 0x8affff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008a0000"
filename = ""
Region:
id = 5059
start_va = 0x8b0000
end_va = 0x8bffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008b0000"
filename = ""
Region:
id = 5060
start_va = 0x8c0000
end_va = 0x8cffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008c0000"
filename = ""
Region:
id = 5061
start_va = 0x8d0000
end_va = 0x8dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008d0000"
filename = ""
Region:
id = 5062
start_va = 0x8e0000
end_va = 0x8effff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008e0000"
filename = ""
Region:
id = 5063
start_va = 0x8f0000
end_va = 0x8fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008f0000"
filename = ""
Region:
id = 5064
start_va = 0x830000
end_va = 0x830fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000830000"
filename = ""
Region:
id = 5065
start_va = 0x40e0000
end_va = 0x415ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000040e0000"
filename = ""
Region:
id = 5066
start_va = 0x7fffff72000
end_va = 0x7fffff73fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff72000"
filename = ""
Region:
id = 5067
start_va = 0x4160000
end_va = 0x425ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004160000"
filename = ""
Region:
id = 5068
start_va = 0x4260000
end_va = 0x435ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004260000"
filename = ""
Region:
id = 5069
start_va = 0x1010000
end_va = 0x106ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001010000"
filename = ""
Region:
id = 5070
start_va = 0x1010000
end_va = 0x101ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001010000"
filename = ""
Region:
id = 5071
start_va = 0x1020000
end_va = 0x102ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001020000"
filename = ""
Region:
id = 5072
start_va = 0x1030000
end_va = 0x103ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001030000"
filename = ""
Region:
id = 5073
start_va = 0x1040000
end_va = 0x104ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001040000"
filename = ""
Region:
id = 5074
start_va = 0x1050000
end_va = 0x105ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001050000"
filename = ""
Region:
id = 5075
start_va = 0x1060000
end_va = 0x106ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001060000"
filename = ""
Region:
id = 5076
start_va = 0x840000
end_va = 0x847fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000840000"
filename = ""
Region:
id = 5077
start_va = 0x4360000
end_va = 0x535ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004360000"
filename = ""
Region:
id = 5078
start_va = 0x850000
end_va = 0x85ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000850000"
filename = ""
Region:
id = 5079
start_va = 0x860000
end_va = 0x86ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 5080
start_va = 0x900000
end_va = 0x90ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 5081
start_va = 0xa00000
end_va = 0xa00fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a00000"
filename = ""
Region:
id = 5082
start_va = 0xac0000
end_va = 0xac1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ac0000"
filename = ""
Region:
id = 5083
start_va = 0x3430000
end_va = 0x34affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003430000"
filename = ""
Region:
id = 5084
start_va = 0x3430000
end_va = 0x346ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003430000"
filename = ""
Region:
id = 5085
start_va = 0x3470000
end_va = 0x34affff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003470000"
filename = ""
Region:
id = 5086
start_va = 0xea0000
end_va = 0xea0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ea0000"
filename = ""
Region:
id = 5087
start_va = 0x3430000
end_va = 0x34affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003430000"
filename = ""
Region:
id = 5088
start_va = 0x3430000
end_va = 0x346ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003430000"
filename = ""
Region:
id = 5089
start_va = 0x3470000
end_va = 0x34affff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003470000"
filename = ""
Region:
id = 5090
start_va = 0x5360000
end_va = 0x549ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005360000"
filename = ""
Region:
id = 5091
start_va = 0x5360000
end_va = 0x549ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005360000"
filename = ""
Region:
id = 5092
start_va = 0xeb0000
end_va = 0xeb0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000eb0000"
filename = ""
Region:
id = 5093
start_va = 0x3430000
end_va = 0x34affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003430000"
filename = ""
Region:
id = 5094
start_va = 0x3430000
end_va = 0x346ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003430000"
filename = ""
Region:
id = 5095
start_va = 0x3470000
end_va = 0x34affff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003470000"
filename = ""
Region:
id = 5096
start_va = 0xeb0000
end_va = 0xeb0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000eb0000"
filename = ""
Region:
id = 5097
start_va = 0xf40000
end_va = 0xf41fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f40000"
filename = ""
Region:
id = 5098
start_va = 0x3430000
end_va = 0x34affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003430000"
filename = ""
Region:
id = 5099
start_va = 0x3430000
end_va = 0x346ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003430000"
filename = ""
Region:
id = 5100
start_va = 0x3470000
end_va = 0x34affff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003470000"
filename = ""
Region:
id = 5101
start_va = 0x5360000
end_va = 0x549ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005360000"
filename = ""
Region:
id = 5102
start_va = 0x5360000
end_va = 0x549ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005360000"
filename = ""
Region:
id = 5103
start_va = 0xf40000
end_va = 0xf40fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f40000"
filename = ""
Region:
id = 5104
start_va = 0x3430000
end_va = 0x34affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003430000"
filename = ""
Region:
id = 5105
start_va = 0x3430000
end_va = 0x346ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003430000"
filename = ""
Region:
id = 5106
start_va = 0x3470000
end_va = 0x34affff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003470000"
filename = ""
Region:
id = 5107
start_va = 0xeb0000
end_va = 0xebffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000eb0000"
filename = ""
Region:
id = 5108
start_va = 0xf40000
end_va = 0xf47fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f40000"
filename = ""
Region:
id = 5109
start_va = 0xf50000
end_va = 0xf5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f50000"
filename = ""
Region:
id = 5110
start_va = 0xf60000
end_va = 0xf6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f60000"
filename = ""
Region:
id = 5111
start_va = 0xf70000
end_va = 0xf77fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f70000"
filename = ""
Region:
id = 5112
start_va = 0xf80000
end_va = 0xf87fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f80000"
filename = ""
Region:
id = 5113
start_va = 0x1170000
end_va = 0x1177fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001170000"
filename = ""
Region:
id = 5114
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tmp.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\Logs\\tmp.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\logs\\tmp.edb")
Region:
id = 5115
start_va = 0xf80000
end_va = 0xf81fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f80000"
filename = ""
Region:
id = 5116
start_va = 0xf80000
end_va = 0xf87fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f80000"
filename = ""
Region:
id = 5117
start_va = 0x1180000
end_va = 0x118ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001180000"
filename = ""
Region:
id = 5118
start_va = 0x1180000
end_va = 0x1187fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001180000"
filename = ""
Region:
id = 5119
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5120
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5121
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5122
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5123
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5124
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5125
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5126
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5127
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5128
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5129
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5130
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5131
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5132
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5133
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5134
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5135
start_va = 0x5420000
end_va = 0x549ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005420000"
filename = ""
Region:
id = 5136
start_va = 0x7fffff70000
end_va = 0x7fffff71fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff70000"
filename = ""
Region:
id = 5137
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5138
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5139
start_va = 0x1180000
end_va = 0x118ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001180000"
filename = ""
Region:
id = 5140
start_va = 0x1210000
end_va = 0x121ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001210000"
filename = ""
Region:
id = 5141
start_va = 0x1310000
end_va = 0x131ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001310000"
filename = ""
Region:
id = 5142
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5143
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5144
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5145
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5146
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5147
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5148
start_va = 0x13a0000
end_va = 0x13a7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013a0000"
filename = ""
Region:
id = 5149
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5150
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5151
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5152
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5153
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5154
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5155
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5156
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5157
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5158
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5159
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5160
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5161
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5162
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5163
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5164
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5165
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5166
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5167
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5168
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5169
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5170
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5171
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5172
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5173
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5174
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5175
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5176
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5177
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5178
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5179
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5180
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5181
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5182
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5183
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5184
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5185
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5186
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5187
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5188
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5189
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5190
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5191
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5192
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5193
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5194
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5195
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5196
start_va = 0x13b0000
end_va = 0x13bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013b0000"
filename = ""
Region:
id = 5197
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5198
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5199
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5200
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5201
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5202
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5203
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5204
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5205
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5206
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5207
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5208
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5209
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5210
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5211
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5212
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5213
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5224
start_va = 0x7fef1ed0000
end_va = 0x7fef20a3fff
monitored = 0
entry_point = 0x7fef1f06b00
region_type = mapped_file
name = "msxml3.dll"
filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll")
Region:
id = 5225
start_va = 0x2080000
end_va = 0x216ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002080000"
filename = ""
Region:
id = 5226
start_va = 0x37e0000
end_va = 0x392ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037e0000"
filename = ""
Region:
id = 5227
start_va = 0x54a0000
end_va = 0x56cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054a0000"
filename = ""
Region:
id = 5228
start_va = 0x56d0000
end_va = 0x5acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000056d0000"
filename = ""
Region:
id = 5229
start_va = 0x13c0000
end_va = 0x13c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msxml3r.dll"
filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll")
Region:
id = 5230
start_va = 0x1550000
end_va = 0x156ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001550000"
filename = ""
Region:
id = 5231
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5232
start_va = 0x7fef8420000
end_va = 0x7fef849bfff
monitored = 0
entry_point = 0x7fef84211d4
region_type = mapped_file
name = "wer.dll"
filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")
Region:
id = 5233
start_va = 0x3930000
end_va = 0x3a8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003930000"
filename = ""
Region:
id = 5234
start_va = 0x15f0000
end_va = 0x15f2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wuaueng.dll.mui"
filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui")
Region:
id = 5235
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5236
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5237
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5238
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5239
start_va = 0x1600000
end_va = 0x160ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5240
start_va = 0x2b70000
end_va = 0x2beffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b70000"
filename = ""
Region:
id = 5241
start_va = 0x3250000
end_va = 0x32cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003250000"
filename = ""
Region:
id = 5242
start_va = 0x3990000
end_va = 0x3a0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003990000"
filename = ""
Region:
id = 5243
start_va = 0x3a10000
end_va = 0x3a8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a10000"
filename = ""
Region:
id = 5244
start_va = 0x7fffff8e000
end_va = 0x7fffff8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8e000"
filename = ""
Region:
id = 5245
start_va = 0x7fffff92000
end_va = 0x7fffff93fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff92000"
filename = ""
Region:
id = 5246
start_va = 0x21a0000
end_va = 0x221ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021a0000"
filename = ""
Region:
id = 5247
start_va = 0x2d80000
end_va = 0x2dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d80000"
filename = ""
Region:
id = 5248
start_va = 0x3970000
end_va = 0x39effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003970000"
filename = ""
Region:
id = 5249
start_va = 0x54d0000
end_va = 0x554ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054d0000"
filename = ""
Region:
id = 5250
start_va = 0x5650000
end_va = 0x56cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005650000"
filename = ""
Region:
id = 5251
start_va = 0x7fffff86000
end_va = 0x7fffff87fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff86000"
filename = ""
Region:
id = 5252
start_va = 0x7fffff8a000
end_va = 0x7fffff8bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8a000"
filename = ""
Region:
id = 5253
start_va = 0x54b0000
end_va = 0x552ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054b0000"
filename = ""
Region:
id = 5254
start_va = 0x2180000
end_va = 0x21fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 5255
start_va = 0x4010000
end_va = 0x408ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004010000"
filename = ""
Region:
id = 5256
start_va = 0x3820000
end_va = 0x389ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003820000"
filename = ""
Region:
id = 5257
start_va = 0x38b0000
end_va = 0x392ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000038b0000"
filename = ""
Region:
id = 5258
start_va = 0x4030000
end_va = 0x40affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004030000"
filename = ""
Region:
id = 5259
start_va = 0x3ff0000
end_va = 0x406ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ff0000"
filename = ""
Region:
id = 5260
start_va = 0x53a0000
end_va = 0x541ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000053a0000"
filename = ""
Region:
id = 5261
start_va = 0x4050000
end_va = 0x40cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004050000"
filename = ""
Region:
id = 5262
start_va = 0x5380000
end_va = 0x53fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005380000"
filename = ""
Region:
id = 5263
start_va = 0x4030000
end_va = 0x40affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004030000"
filename = ""
Region:
id = 5264
start_va = 0x4050000
end_va = 0x40cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004050000"
filename = ""
Region:
id = 5265
start_va = 0x3ff0000
end_va = 0x406ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ff0000"
filename = ""
Region:
id = 5266
start_va = 0x54f0000
end_va = 0x556ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054f0000"
filename = ""
Region:
id = 5267
start_va = 0x53a0000
end_va = 0x541ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000053a0000"
filename = ""
Region:
id = 5268
start_va = 0x5380000
end_va = 0x53fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005380000"
filename = ""
Region:
id = 5269
start_va = 0x3800000
end_va = 0x387ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003800000"
filename = ""
Region:
id = 5270
start_va = 0x54d0000
end_va = 0x554ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054d0000"
filename = ""
Region:
id = 5277
start_va = 0x3800000
end_va = 0x387ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003800000"
filename = ""
Region:
id = 5278
start_va = 0x2180000
end_va = 0x2229fff
monitored = 0
entry_point = 0x2184104
region_type = mapped_file
name = "wuapi.dll"
filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")
Region:
id = 5279
start_va = 0x1710000
end_va = 0x171cfff
monitored = 0
entry_point = 0x171a138
region_type = mapped_file
name = "wuauclt.exe"
filename = "\\Windows\\System32\\wuauclt.exe" (normalized: "c:\\windows\\system32\\wuauclt.exe")
Region:
id = 5280
start_va = 0x5ad0000
end_va = 0x5d1efff
monitored = 0
entry_point = 0x5ad236c
region_type = mapped_file
name = "wuaueng.dll"
filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll")
Region:
id = 5281
start_va = 0x4030000
end_va = 0x40affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004030000"
filename = ""
Region:
id = 5282
start_va = 0x7fffff84000
end_va = 0x7fffff85fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff84000"
filename = ""
Region:
id = 5283
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5284
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5285
start_va = 0x1600000
end_va = 0x160ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5286
start_va = 0xf70000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5287
start_va = 0x1170000
end_va = 0x117ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 5335
start_va = 0x7fef2710000
end_va = 0x7fef2771fff
monitored = 0
entry_point = 0x7fef2711198
region_type = mapped_file
name = "rasapi32.dll"
filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")
Region:
id = 5336
start_va = 0x7fef26f0000
end_va = 0x7fef270bfff
monitored = 0
entry_point = 0x7fef26f11a0
region_type = mapped_file
name = "rasman.dll"
filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")
Region:
id = 5457
start_va = 0x21c0000
end_va = 0x223ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021c0000"
filename = ""
Region:
id = 5458
start_va = 0x54b0000
end_va = 0x552ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054b0000"
filename = ""
Region:
id = 5459
start_va = 0x54b0000
end_va = 0x552ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054b0000"
filename = ""
Region:
id = 5460
start_va = 0x2180000
end_va = 0x21fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 5461
start_va = 0x3820000
end_va = 0x389ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003820000"
filename = ""
Region:
id = 5462
start_va = 0x3800000
end_va = 0x387ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003800000"
filename = ""
Region:
id = 5463
start_va = 0x5380000
end_va = 0x53fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005380000"
filename = ""
Region:
id = 5464
start_va = 0x54d0000
end_va = 0x554ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054d0000"
filename = ""
Region:
id = 5465
start_va = 0x5530000
end_va = 0x55affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005530000"
filename = ""
Region:
id = 5466
start_va = 0x3800000
end_va = 0x387ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003800000"
filename = ""
Region:
id = 5474
start_va = 0x3800000
end_va = 0x387ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003800000"
filename = ""
Region:
id = 5475
start_va = 0x5530000
end_va = 0x55affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005530000"
filename = ""
Region:
id = 5476
start_va = 0x3800000
end_va = 0x387ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003800000"
filename = ""
Region:
id = 5477
start_va = 0x54b0000
end_va = 0x552ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054b0000"
filename = ""
Region:
id = 6116
start_va = 0x1710000
end_va = 0x1712fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001710000"
filename = ""
Region:
id = 6117
start_va = 0x37e0000
end_va = 0x385ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037e0000"
filename = ""
Region:
id = 6118
start_va = 0x7fffff82000
end_va = 0x7fffff83fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff82000"
filename = ""
Region:
id = 6120
start_va = 0x1720000
end_va = 0x1722fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001720000"
filename = ""
Region:
id = 6134
start_va = 0x1710000
end_va = 0x1713fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001710000"
filename = ""
Region:
id = 6146
start_va = 0x2b10000
end_va = 0x2be6fff
monitored = 0
entry_point = 0x2b30760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 6147
start_va = 0x1c10000
end_va = 0x1c61fff
monitored = 0
entry_point = 0x1c5fc30
region_type = mapped_file
name = "acpi.sys"
filename = "\\Windows\\System32\\drivers\\acpi.sys" (normalized: "c:\\windows\\system32\\drivers\\acpi.sys")
Region:
id = 6148
start_va = 0x2b10000
end_va = 0x2bf8fff
monitored = 0
entry_point = 0x2be906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 6149
start_va = 0x1710000
end_va = 0x1717fff
monitored = 0
entry_point = 0x1718288
region_type = mapped_file
name = "mssmbios.sys"
filename = "\\Windows\\System32\\drivers\\mssmbios.sys" (normalized: "c:\\windows\\system32\\drivers\\mssmbios.sys")
Region:
id = 6150
start_va = 0x1710000
end_va = 0x172dfff
monitored = 0
entry_point = 0x1721e08
region_type = mapped_file
name = "hdaudbus.sys"
filename = "\\Windows\\System32\\drivers\\hdaudbus.sys" (normalized: "c:\\windows\\system32\\drivers\\hdaudbus.sys")
Region:
id = 6151
start_va = 0x1710000
end_va = 0x171ffff
monitored = 0
entry_point = 0x17113d4
region_type = mapped_file
name = "intelppm.sys"
filename = "\\Windows\\System32\\drivers\\intelppm.sys" (normalized: "c:\\windows\\system32\\drivers\\intelppm.sys")
Region:
id = 6152
start_va = 0x1c10000
end_va = 0x1c48fff
monitored = 0
entry_point = 0x1c49070
region_type = mapped_file
name = "portcls.sys"
filename = "\\Windows\\System32\\drivers\\portcls.sys" (normalized: "c:\\windows\\system32\\drivers\\portcls.sys")
Region:
id = 6153
start_va = 0x1710000
end_va = 0x1717fff
monitored = 0
entry_point = 0x1711e54
region_type = mapped_file
name = "monitor.sys"
filename = "\\Windows\\System32\\drivers\\monitor.sys" (normalized: "c:\\windows\\system32\\drivers\\monitor.sys")
Region:
id = 6229
start_va = 0x2d40000
end_va = 0x2dbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d40000"
filename = ""
Region:
id = 6230
start_va = 0x3250000
end_va = 0x32cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003250000"
filename = ""
Region:
id = 6231
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 6232
start_va = 0x2b90000
end_va = 0x2c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b90000"
filename = ""
Region:
id = 6233
start_va = 0x2180000
end_va = 0x21fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 6234
start_va = 0x2b50000
end_va = 0x2bcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b50000"
filename = ""
Region:
id = 6235
start_va = 0x7fffff92000
end_va = 0x7fffff93fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff92000"
filename = ""
Region:
id = 6236
start_va = 0x2cb0000
end_va = 0x2d2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002cb0000"
filename = ""
Region:
id = 6237
start_va = 0x3950000
end_va = 0x39cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003950000"
filename = ""
Region:
id = 6238
start_va = 0x3990000
end_va = 0x3a0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003990000"
filename = ""
Region:
id = 6239
start_va = 0x3950000
end_va = 0x39cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003950000"
filename = ""
Region:
id = 6240
start_va = 0x3220000
end_va = 0x329ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003220000"
filename = ""
Region:
id = 6242
start_va = 0x21a0000
end_va = 0x221ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021a0000"
filename = ""
Region:
id = 6243
start_va = 0x3950000
end_va = 0x39cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003950000"
filename = ""
Region:
id = 6244
start_va = 0x54c0000
end_va = 0x553ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054c0000"
filename = ""
Region:
id = 6245
start_va = 0x3950000
end_va = 0x39cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003950000"
filename = ""
Region:
id = 6246
start_va = 0x3930000
end_va = 0x39affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003930000"
filename = ""
Region:
id = 6247
start_va = 0x54a0000
end_va = 0x551ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054a0000"
filename = ""
Region:
id = 6248
start_va = 0x54a0000
end_va = 0x551ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054a0000"
filename = ""
Region:
id = 6249
start_va = 0x21c0000
end_va = 0x223ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021c0000"
filename = ""
Region:
id = 6250
start_va = 0x3200000
end_va = 0x327ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003200000"
filename = ""
Region:
id = 6251
start_va = 0x5370000
end_va = 0x53effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005370000"
filename = ""
Region:
id = 6252
start_va = 0x7fffff8a000
end_va = 0x7fffff8bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8a000"
filename = ""
Region:
id = 6253
start_va = 0x7fffff8e000
end_va = 0x7fffff8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8e000"
filename = ""
Region:
id = 6254
start_va = 0x5550000
end_va = 0x55cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005550000"
filename = ""
Region:
id = 6255
start_va = 0x3200000
end_va = 0x327ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003200000"
filename = ""
Region:
id = 6256
start_va = 0x54b0000
end_va = 0x552ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054b0000"
filename = ""
Region:
id = 6346
start_va = 0x2cb0000
end_va = 0x2d2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002cb0000"
filename = ""
Region:
id = 6347
start_va = 0x3260000
end_va = 0x32dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003260000"
filename = ""
Region:
id = 6348
start_va = 0x2cb0000
end_va = 0x2d2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002cb0000"
filename = ""
Region:
id = 6349
start_va = 0x54b0000
end_va = 0x552ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054b0000"
filename = ""
Region:
id = 6353
start_va = 0x2cb0000
end_va = 0x2d2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002cb0000"
filename = ""
Region:
id = 6354
start_va = 0x3930000
end_va = 0x39affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003930000"
filename = ""
Region:
id = 6363
start_va = 0x3200000
end_va = 0x327ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003200000"
filename = ""
Region:
id = 6364
start_va = 0x3240000
end_va = 0x32bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003240000"
filename = ""
Region:
id = 6365
start_va = 0x5510000
end_va = 0x558ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005510000"
filename = ""
Region:
id = 6366
start_va = 0x3970000
end_va = 0x39effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003970000"
filename = ""
Region:
id = 6367
start_va = 0x3930000
end_va = 0x39affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003930000"
filename = ""
Region:
id = 6368
start_va = 0x5510000
end_va = 0x558ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005510000"
filename = ""
Region:
id = 6369
start_va = 0x3200000
end_va = 0x327ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003200000"
filename = ""
Region:
id = 6370
start_va = 0x3200000
end_va = 0x327ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003200000"
filename = ""
Region:
id = 6371
start_va = 0x3930000
end_va = 0x39affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003930000"
filename = ""
Region:
id = 6372
start_va = 0x5510000
end_va = 0x558ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005510000"
filename = ""
Region:
id = 6374
start_va = 0x54f0000
end_va = 0x556ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054f0000"
filename = ""
Region:
id = 6375
start_va = 0x3990000
end_va = 0x3a0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003990000"
filename = ""
Region:
id = 6377
start_va = 0x54f0000
end_va = 0x556ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054f0000"
filename = ""
Region:
id = 6378
start_va = 0x5510000
end_va = 0x558ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005510000"
filename = ""
Region:
id = 6379
start_va = 0x3970000
end_va = 0x39effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003970000"
filename = ""
Region:
id = 6380
start_va = 0x54f0000
end_va = 0x556ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054f0000"
filename = ""
Region:
id = 6381
start_va = 0x3990000
end_va = 0x3a0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003990000"
filename = ""
Region:
id = 6382
start_va = 0x2cb0000
end_va = 0x2d2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002cb0000"
filename = ""
Region:
id = 6383
start_va = 0x5530000
end_va = 0x55affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005530000"
filename = ""
Region:
id = 6384
start_va = 0x54f0000
end_va = 0x556ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054f0000"
filename = ""
Region:
id = 6385
start_va = 0x3220000
end_va = 0x329ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003220000"
filename = ""
Region:
id = 6386
start_va = 0x54d0000
end_va = 0x554ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054d0000"
filename = ""
Region:
id = 6387
start_va = 0x5550000
end_va = 0x55cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005550000"
filename = ""
Region:
id = 6388
start_va = 0x3970000
end_va = 0x39effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003970000"
filename = ""
Region:
id = 6389
start_va = 0x3950000
end_va = 0x39cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003950000"
filename = ""
Region:
id = 6390
start_va = 0x3260000
end_va = 0x32dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003260000"
filename = ""
Region:
id = 6391
start_va = 0x3260000
end_va = 0x32dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003260000"
filename = ""
Region:
id = 6392
start_va = 0x54d0000
end_va = 0x554ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054d0000"
filename = ""
Region:
id = 6393
start_va = 0x3970000
end_va = 0x39effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003970000"
filename = ""
Region:
id = 6394
start_va = 0x5510000
end_va = 0x558ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005510000"
filename = ""
Region:
id = 6396
start_va = 0x3220000
end_va = 0x329ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003220000"
filename = ""
Region:
id = 6397
start_va = 0x3930000
end_va = 0x39affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003930000"
filename = ""
Region:
id = 6398
start_va = 0x3930000
end_va = 0x39affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003930000"
filename = ""
Region:
id = 6399
start_va = 0x2cb0000
end_va = 0x2d2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002cb0000"
filename = ""
Region:
id = 6400
start_va = 0x3260000
end_va = 0x32dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003260000"
filename = ""
Region:
id = 6401
start_va = 0x7fffff86000
end_va = 0x7fffff87fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff86000"
filename = ""
Region:
id = 6402
start_va = 0x5570000
end_va = 0x55effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005570000"
filename = ""
Region:
id = 6403
start_va = 0x5570000
end_va = 0x55effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005570000"
filename = ""
Region:
id = 6404
start_va = 0x3950000
end_va = 0x39cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003950000"
filename = ""
Region:
id = 6405
start_va = 0x2cb0000
end_va = 0x2d2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002cb0000"
filename = ""
Region:
id = 6406
start_va = 0x3930000
end_va = 0x39affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003930000"
filename = ""
Region:
id = 6407
start_va = 0x54f0000
end_va = 0x556ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054f0000"
filename = ""
Region:
id = 6408
start_va = 0x54b0000
end_va = 0x552ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054b0000"
filename = ""
Region:
id = 6409
start_va = 0x55b0000
end_va = 0x562ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000055b0000"
filename = ""
Region:
id = 6410
start_va = 0x5ad0000
end_va = 0x5ecffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005ad0000"
filename = ""
Region:
id = 6411
start_va = 0x5ed0000
end_va = 0x60cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005ed0000"
filename = ""
Region:
id = 6412
start_va = 0x3930000
end_va = 0x39affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003930000"
filename = ""
Region:
id = 6455
start_va = 0x28f0000
end_va = 0x2a6cfff
monitored = 0
entry_point = 0x29280d0
region_type = mapped_file
name = "racengn.dll"
filename = "\\Windows\\System32\\RacEngn.dll" (normalized: "c:\\windows\\system32\\racengn.dll")
Region:
id = 6456
start_va = 0xa10000
end_va = 0xa10fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "racengn.dll.mui"
filename = "\\Windows\\System32\\en-US\\racengn.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\racengn.dll.mui")
Region:
id = 6457
start_va = 0x28f0000
end_va = 0x2a6cfff
monitored = 0
entry_point = 0x29280d0
region_type = mapped_file
name = "racengn.dll"
filename = "\\Windows\\System32\\RacEngn.dll" (normalized: "c:\\windows\\system32\\racengn.dll")
Region:
id = 6458
start_va = 0xa10000
end_va = 0xa10fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "racengn.dll.mui"
filename = "\\Windows\\System32\\en-US\\racengn.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\racengn.dll.mui")
Region:
id = 6459
start_va = 0x28f0000
end_va = 0x2a6cfff
monitored = 0
entry_point = 0x29280d0
region_type = mapped_file
name = "racengn.dll"
filename = "\\Windows\\System32\\RacEngn.dll" (normalized: "c:\\windows\\system32\\racengn.dll")
Region:
id = 6460
start_va = 0xa10000
end_va = 0xa10fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "racengn.dll.mui"
filename = "\\Windows\\System32\\en-US\\racengn.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\racengn.dll.mui")
Region:
id = 6477
start_va = 0x20a0000
end_va = 0x211ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020a0000"
filename = ""
Region:
id = 6478
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Thread:
id = 151
os_tid = 0x500
Thread:
id = 152
os_tid = 0x4c4
Thread:
id = 153
os_tid = 0x4a4
Thread:
id = 154
os_tid = 0x490
Thread:
id = 155
os_tid = 0x48c
Thread:
id = 156
os_tid = 0x488
Thread:
id = 157
os_tid = 0x1b8
Thread:
id = 158
os_tid = 0x120
Thread:
id = 159
os_tid = 0x3f0
Thread:
id = 160
os_tid = 0x3e8
Thread:
id = 161
os_tid = 0x3dc
Thread:
id = 162
os_tid = 0x390
Thread:
id = 163
os_tid = 0x38c
Thread:
id = 164
os_tid = 0x388
Thread:
id = 165
os_tid = 0x384
Thread:
id = 166
os_tid = 0x370
Thread:
id = 167
os_tid = 0x368
Thread:
id = 168
os_tid = 0x424
Thread:
id = 169
os_tid = 0x420
Thread:
id = 171
os_tid = 0x708
Thread:
id = 172
os_tid = 0x72c
Thread:
id = 173
os_tid = 0x734
Thread:
id = 174
os_tid = 0x744
Thread:
id = 175
os_tid = 0x74c
Thread:
id = 176
os_tid = 0x750
Thread:
id = 177
os_tid = 0x754
Thread:
id = 178
os_tid = 0x75c
Thread:
id = 179
os_tid = 0x764
Thread:
id = 180
os_tid = 0x76c
Thread:
id = 181
os_tid = 0x778
Thread:
id = 182
os_tid = 0x77c
Thread:
id = 183
os_tid = 0x784
Thread:
id = 184
os_tid = 0x78c
Thread:
id = 185
os_tid = 0x790
Thread:
id = 186
os_tid = 0x798
Thread:
id = 187
os_tid = 0x7a0
Thread:
id = 188
os_tid = 0x7a4
Thread:
id = 189
os_tid = 0x7a8
Thread:
id = 190
os_tid = 0x7ac
Thread:
id = 191
os_tid = 0x7b0
Thread:
id = 209
os_tid = 0x7c8
Thread:
id = 210
os_tid = 0x7f4
Thread:
id = 211
os_tid = 0x480
Thread:
id = 212
os_tid = 0x464
Thread:
id = 213
os_tid = 0x404
Thread:
id = 216
os_tid = 0x588
Thread:
id = 217
os_tid = 0x33c
Thread:
id = 218
os_tid = 0x340
Thread:
id = 219
os_tid = 0x30c
Thread:
id = 276
os_tid = 0x5f8
Thread:
id = 277
os_tid = 0x5f0
Thread:
id = 291
os_tid = 0x7ac
Thread:
id = 292
os_tid = 0x7b0
Thread:
id = 293
os_tid = 0x7a8
Thread:
id = 294
os_tid = 0x780
Thread:
id = 295
os_tid = 0x360
Thread:
id = 296
os_tid = 0x774
Thread:
id = 297
os_tid = 0x13c
Thread:
id = 298
os_tid = 0x7a4
Thread:
id = 300
os_tid = 0x5bc
Thread:
id = 301
os_tid = 0xc4
Thread:
id = 302
os_tid = 0x178
Thread:
id = 303
os_tid = 0x94
Thread:
id = 315
os_tid = 0x6f4
Thread:
id = 319
os_tid = 0x798
Thread:
id = 320
os_tid = 0x690
Thread:
id = 321
os_tid = 0x56c
Thread:
id = 322
os_tid = 0x59c
Thread:
id = 323
os_tid = 0x570
Thread:
id = 324
os_tid = 0x574
Thread:
id = 325
os_tid = 0x57c
Thread:
id = 326
os_tid = 0x7b4
Thread:
id = 350
os_tid = 0x224
Thread:
id = 351
os_tid = 0x20c
Thread:
id = 354
os_tid = 0x46c
Thread:
id = 355
os_tid = 0x11c
Thread:
id = 356
os_tid = 0x5fc
Thread:
id = 357
os_tid = 0x54c
Thread:
id = 359
os_tid = 0x3ec
Thread:
id = 372
os_tid = 0x774
Thread:
id = 385
os_tid = 0x660
Thread:
id = 386
os_tid = 0x6c8
Thread:
id = 388
os_tid = 0x128
Thread:
id = 389
os_tid = 0x714
Thread:
id = 398
os_tid = 0x6a8
Thread:
id = 420
os_tid = 0x4b8
Thread:
id = 427
os_tid = 0x7ec
Process:
id = "12"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x2b169000"
os_pid = "0x248"
os_integrity_level = "0x4000"
os_privileges = "0x60b00080"
monitor_reason = "rpc_server"
parent_id = "11"
os_parent_pid = "0x1c0"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:00006e3b" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 2979
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2980
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 2981
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2982
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2983
start_va = 0x50000
end_va = 0x50fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2984
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 2985
start_va = 0x70000
end_va = 0x16ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000070000"
filename = ""
Region:
id = 2986
start_va = 0x170000
end_va = 0x1d6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2987
start_va = 0x1e0000
end_va = 0x1ecfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 2988
start_va = 0x1f0000
end_va = 0x26ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 2989
start_va = 0x270000
end_va = 0x36ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 2990
start_va = 0x370000
end_va = 0x370fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000370000"
filename = ""
Region:
id = 2991
start_va = 0x380000
end_va = 0x380fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000380000"
filename = ""
Region:
id = 2992
start_va = 0x390000
end_va = 0x390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000390000"
filename = ""
Region:
id = 2993
start_va = 0x3a0000
end_va = 0x3a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003a0000"
filename = ""
Region:
id = 2994
start_va = 0x3b0000
end_va = 0x3b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003b0000"
filename = ""
Region:
id = 2995
start_va = 0x3d0000
end_va = 0x44ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 2996
start_va = 0x450000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000450000"
filename = ""
Region:
id = 2997
start_va = 0x460000
end_va = 0x51ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000460000"
filename = ""
Region:
id = 2998
start_va = 0x520000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 2999
start_va = 0x5a0000
end_va = 0x61ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 3000
start_va = 0x640000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 3001
start_va = 0x6d0000
end_va = 0x99efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3002
start_va = 0x9a0000
end_va = 0xb27fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009a0000"
filename = ""
Region:
id = 3003
start_va = 0xb30000
end_va = 0xcb0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b30000"
filename = ""
Region:
id = 3004
start_va = 0xd70000
end_va = 0xdeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d70000"
filename = ""
Region:
id = 3005
start_va = 0xe40000
end_va = 0xe4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e40000"
filename = ""
Region:
id = 3006
start_va = 0xe70000
end_va = 0xeeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e70000"
filename = ""
Region:
id = 3007
start_va = 0xef0000
end_va = 0xfeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ef0000"
filename = ""
Region:
id = 3008
start_va = 0x1050000
end_va = 0x10cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001050000"
filename = ""
Region:
id = 3009
start_va = 0x10d0000
end_va = 0x11cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010d0000"
filename = ""
Region:
id = 3010
start_va = 0x11e0000
end_va = 0x125ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011e0000"
filename = ""
Region:
id = 3011
start_va = 0x1260000
end_va = 0x12dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001260000"
filename = ""
Region:
id = 3012
start_va = 0x12f0000
end_va = 0x136ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000012f0000"
filename = ""
Region:
id = 3013
start_va = 0x13b0000
end_va = 0x142ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013b0000"
filename = ""
Region:
id = 3014
start_va = 0x1480000
end_va = 0x14fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 3015
start_va = 0x1560000
end_va = 0x15dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001560000"
filename = ""
Region:
id = 3016
start_va = 0x1630000
end_va = 0x16affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001630000"
filename = ""
Region:
id = 3017
start_va = 0x1750000
end_va = 0x17cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001750000"
filename = ""
Region:
id = 3018
start_va = 0x18c0000
end_va = 0x193ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000018c0000"
filename = ""
Region:
id = 3019
start_va = 0x1a10000
end_va = 0x1a8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a10000"
filename = ""
Region:
id = 3020
start_va = 0x1a90000
end_va = 0x1b8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a90000"
filename = ""
Region:
id = 3021
start_va = 0x76f90000
end_va = 0x77089fff
monitored = 0
entry_point = 0x76faa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3022
start_va = 0x77090000
end_va = 0x771aefff
monitored = 0
entry_point = 0x770a5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3023
start_va = 0x771b0000
end_va = 0x77358fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3024
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 3025
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 3026
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 3027
start_va = 0xffa90000
end_va = 0xffa9afff
monitored = 0
entry_point = 0xffa9246c
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 3028
start_va = 0x7fef2f90000
end_va = 0x7fef2fb5fff
monitored = 0
entry_point = 0x7fef2f97948
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 3029
start_va = 0x7fef30d0000
end_va = 0x7fef30e3fff
monitored = 0
entry_point = 0x7fef30d1070
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 3030
start_va = 0x7fef3290000
end_va = 0x7fef32b6fff
monitored = 0
entry_point = 0x7fef32911a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 3031
start_va = 0x7fef32c0000
end_va = 0x7fef33a1fff
monitored = 0
entry_point = 0x7fef32e3814
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 3032
start_va = 0x7fef33b0000
end_va = 0x7fef33e1fff
monitored = 0
entry_point = 0x7fef33d46ec
region_type = mapped_file
name = "wmidcprv.dll"
filename = "\\Windows\\System32\\wbem\\WmiDcPrv.dll" (normalized: "c:\\windows\\system32\\wbem\\wmidcprv.dll")
Region:
id = 3033
start_va = 0x7fef38b0000
end_va = 0x7fef3935fff
monitored = 0
entry_point = 0x7fef38bffd0
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 3034
start_va = 0x7fefb180000
end_va = 0x7fefb1acfff
monitored = 0
entry_point = 0x7fefb181010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 3035
start_va = 0x7fefb3b0000
end_va = 0x7fefb3befff
monitored = 0
entry_point = 0x7fefb3b11d0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 3036
start_va = 0x7fefb480000
end_va = 0x7fefb490fff
monitored = 0
entry_point = 0x7fefb481070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 3037
start_va = 0x7fefc3c0000
end_va = 0x7fefc440fff
monitored = 0
entry_point = 0x7fefc3ccec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 3038
start_va = 0x7fefc450000
end_va = 0x7fefc47bfff
monitored = 0
entry_point = 0x7fefc451860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 3039
start_va = 0x7fefc480000
end_va = 0x7fefc49afff
monitored = 0
entry_point = 0x7fefc482068
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 3040
start_va = 0x7fefc4a0000
end_va = 0x7fefc4bdfff
monitored = 0
entry_point = 0x7fefc4a13b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 3041
start_va = 0x7fefc4c0000
end_va = 0x7fefc4d1fff
monitored = 0
entry_point = 0x7fefc4c1060
region_type = mapped_file
name = "devrtl.dll"
filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")
Region:
id = 3042
start_va = 0x7fefc4e0000
end_va = 0x7fefc4fefff
monitored = 0
entry_point = 0x7fefc4e5c68
region_type = mapped_file
name = "spinf.dll"
filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll")
Region:
id = 3043
start_va = 0x7fefc500000
end_va = 0x7fefc566fff
monitored = 0
entry_point = 0x7fefc50d320
region_type = mapped_file
name = "umpnpmgr.dll"
filename = "\\Windows\\System32\\umpnpmgr.dll" (normalized: "c:\\windows\\system32\\umpnpmgr.dll")
Region:
id = 3044
start_va = 0x7fefc5f0000
end_va = 0x7fefc5f9fff
monitored = 0
entry_point = 0x7fefc5f3cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 3045
start_va = 0x7fefc600000
end_va = 0x7fefc60cfff
monitored = 0
entry_point = 0x7fefc601348
region_type = mapped_file
name = "pcwum.dll"
filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")
Region:
id = 3046
start_va = 0x7fefc6f0000
end_va = 0x7fefc736fff
monitored = 0
entry_point = 0x7fefc6f1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3047
start_va = 0x7fefc9f0000
end_va = 0x7fefca07fff
monitored = 0
entry_point = 0x7fefc9f3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 3048
start_va = 0x7fefcfc0000
end_va = 0x7fefcfe4fff
monitored = 0
entry_point = 0x7fefcfc9658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 3049
start_va = 0x7fefcff0000
end_va = 0x7fefcffefff
monitored = 0
entry_point = 0x7fefcff1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 3050
start_va = 0x7fefd0a0000
end_va = 0x7fefd0dcfff
monitored = 0
entry_point = 0x7fefd0a18f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 3051
start_va = 0x7fefd0e0000
end_va = 0x7fefd0f3fff
monitored = 0
entry_point = 0x7fefd0e10e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 3052
start_va = 0x7fefd100000
end_va = 0x7fefd10efff
monitored = 0
entry_point = 0x7fefd1019b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 3053
start_va = 0x7fefd1a0000
end_va = 0x7fefd1aefff
monitored = 0
entry_point = 0x7fefd1a1020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 3054
start_va = 0x7fefd1b0000
end_va = 0x7fefd31cfff
monitored = 0
entry_point = 0x7fefd1b10b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 3055
start_va = 0x7fefd320000
end_va = 0x7fefd38afff
monitored = 0
entry_point = 0x7fefd3230e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 3056
start_va = 0x7fefd390000
end_va = 0x7fefd3c5fff
monitored = 0
entry_point = 0x7fefd391474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 3057
start_va = 0x7fefd470000
end_va = 0x7fefd489fff
monitored = 0
entry_point = 0x7fefd471558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 3058
start_va = 0x7fefd490000
end_va = 0x7fefd4cafff
monitored = 0
entry_point = 0x7fefd491324
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 3059
start_va = 0x7fefd4d0000
end_va = 0x7fefd5d8fff
monitored = 0
entry_point = 0x7fefd4d1064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 3060
start_va = 0x7fefd710000
end_va = 0x7fefd72efff
monitored = 0
entry_point = 0x7fefd7160e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3061
start_va = 0x7fefd7b0000
end_va = 0x7fefd7ddfff
monitored = 0
entry_point = 0x7fefd7b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3062
start_va = 0x7fefd880000
end_va = 0x7fefd9acfff
monitored = 0
entry_point = 0x7fefd8ced50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 3063
start_va = 0x7fefdb30000
end_va = 0x7fefdc06fff
monitored = 0
entry_point = 0x7fefdb33274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3064
start_va = 0x7fefde70000
end_va = 0x7fefdf08fff
monitored = 0
entry_point = 0x7fefde71c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 3065
start_va = 0x7fefecc0000
end_va = 0x7fefed11fff
monitored = 0
entry_point = 0x7fefecc10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 3066
start_va = 0x7fefed20000
end_va = 0x7fefedbefff
monitored = 0
entry_point = 0x7fefed225a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 3067
start_va = 0x7fefedc0000
end_va = 0x7fefedcdfff
monitored = 0
entry_point = 0x7fefedc1080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 3068
start_va = 0x7fefedd0000
end_va = 0x7fefee36fff
monitored = 0
entry_point = 0x7fefeddb03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 3069
start_va = 0x7fefee40000
end_va = 0x7fefef08fff
monitored = 0
entry_point = 0x7fefeeba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 3070
start_va = 0x7fefef90000
end_va = 0x7fefefdcfff
monitored = 0
entry_point = 0x7fefef91070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 3071
start_va = 0x7fefefe0000
end_va = 0x7feff1b6fff
monitored = 0
entry_point = 0x7fefefe1010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 3072
start_va = 0x7feff1c0000
end_va = 0x7feff3c2fff
monitored = 0
entry_point = 0x7feff1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 3073
start_va = 0x7feff3d0000
end_va = 0x7feff3d7fff
monitored = 0
entry_point = 0x7feff3d1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 3074
start_va = 0x7feff3e0000
end_va = 0x7feff4bafff
monitored = 0
entry_point = 0x7feff400760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3075
start_va = 0x7feff4d0000
end_va = 0x7feff4d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 3076
start_va = 0x7fffff9a000
end_va = 0x7fffff9bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9a000"
filename = ""
Region:
id = 3077
start_va = 0x7fffff9c000
end_va = 0x7fffff9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9c000"
filename = ""
Region:
id = 3078
start_va = 0x7fffff9e000
end_va = 0x7fffff9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9e000"
filename = ""
Region:
id = 3079
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 3080
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 3081
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 3082
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 3083
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 3084
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 3085
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 3086
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 3087
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 3088
start_va = 0x7fffffd5000
end_va = 0x7fffffd6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 3089
start_va = 0x7fffffd7000
end_va = 0x7fffffd8fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 3090
start_va = 0x7fffffd9000
end_va = 0x7fffffdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd9000"
filename = ""
Region:
id = 3091
start_va = 0x7fffffdb000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdb000"
filename = ""
Region:
id = 3092
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 3093
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 3099
start_va = 0x3c0000
end_va = 0x3cbfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003c0000"
filename = ""
Region:
id = 3131
start_va = 0xff310000
end_va = 0xff316fff
monitored = 0
entry_point = 0xff31124c
region_type = mapped_file
name = "dllhost.exe"
filename = "\\Windows\\System32\\dllhost.exe" (normalized: "c:\\windows\\system32\\dllhost.exe")
Region:
id = 4188
start_va = 0x3c0000
end_va = 0x41afff
monitored = 0
entry_point = 0x3ca9b4
region_type = mapped_file
name = "wmiprvse.exe"
filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")
Region:
id = 4776
start_va = 0x12e0000
end_va = 0x135ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000012e0000"
filename = ""
Region:
id = 4777
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 6257
start_va = 0x3c0000
end_va = 0x41afff
monitored = 0
entry_point = 0x3ca9b4
region_type = mapped_file
name = "wmiprvse.exe"
filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")
Region:
id = 6258
start_va = 0x1450000
end_va = 0x14cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001450000"
filename = ""
Region:
id = 6259
start_va = 0x1600000
end_va = 0x167ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001600000"
filename = ""
Region:
id = 6260
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Thread:
id = 192
os_tid = 0x748
Thread:
id = 193
os_tid = 0x728
Thread:
id = 194
os_tid = 0x724
Thread:
id = 195
os_tid = 0x310
Thread:
id = 196
os_tid = 0x2a0
Thread:
id = 197
os_tid = 0x298
Thread:
id = 198
os_tid = 0x294
Thread:
id = 199
os_tid = 0x27c
Thread:
id = 200
os_tid = 0x278
Thread:
id = 201
os_tid = 0x274
Thread:
id = 202
os_tid = 0x270
Thread:
id = 203
os_tid = 0x26c
Thread:
id = 204
os_tid = 0x268
Thread:
id = 205
os_tid = 0x260
Thread:
id = 206
os_tid = 0x258
Thread:
id = 207
os_tid = 0x254
Thread:
id = 208
os_tid = 0x24c
Thread:
id = 312
os_tid = 0x724
Thread:
id = 314
os_tid = 0x408
Thread:
id = 365
os_tid = 0x64c
Thread:
id = 408
os_tid = 0x748
Thread:
id = 409
os_tid = 0x6c0
Thread:
id = 421
os_tid = 0x46c
Process:
id = "13"
image_name = "dllhost.exe"
filename = "c:\\windows\\system32\\dllhost.exe"
page_root = "0x7232b000"
os_pid = "0x4b0"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "12"
os_parent_pid = "0x248"
cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
cur_dir = "C:\\Windows\\system32\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e34b" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 3132
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 3133
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 3134
start_va = 0xd0000
end_va = 0x1cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 3135
start_va = 0x771b0000
end_va = 0x77358fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3136
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 3137
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 3138
start_va = 0xff310000
end_va = 0xff316fff
monitored = 0
entry_point = 0xff31124c
region_type = mapped_file
name = "dllhost.exe"
filename = "\\Windows\\System32\\dllhost.exe" (normalized: "c:\\windows\\system32\\dllhost.exe")
Region:
id = 3139
start_va = 0x7feff4d0000
end_va = 0x7feff4d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 3140
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 3141
start_va = 0x7fffffd9000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd9000"
filename = ""
Region:
id = 3142
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 3149
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3150
start_va = 0x360000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 3151
start_va = 0x77090000
end_va = 0x771aefff
monitored = 0
entry_point = 0x770a5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3152
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 3153
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 3154
start_va = 0x7fefd320000
end_va = 0x7fefd38afff
monitored = 0
entry_point = 0x7fefd3230e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 3155
start_va = 0x40000
end_va = 0xa6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3156
start_va = 0x7fefed20000
end_va = 0x7fefedbefff
monitored = 0
entry_point = 0x7fefed225a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 3157
start_va = 0x7feff1c0000
end_va = 0x7feff3c2fff
monitored = 0
entry_point = 0x7feff1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 3158
start_va = 0x7fefedd0000
end_va = 0x7fefee36fff
monitored = 0
entry_point = 0x7fefeddb03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 3159
start_va = 0x76f90000
end_va = 0x77089fff
monitored = 0
entry_point = 0x76faa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3160
start_va = 0x7fefedc0000
end_va = 0x7fefedcdfff
monitored = 0
entry_point = 0x7fefedc1080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 3161
start_va = 0x7fefee40000
end_va = 0x7fefef08fff
monitored = 0
entry_point = 0x7fefeeba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 3162
start_va = 0x7fefd880000
end_va = 0x7fefd9acfff
monitored = 0
entry_point = 0x7fefd8ced50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 3163
start_va = 0x1d0000
end_va = 0x29ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 3164
start_va = 0x460000
end_va = 0x55ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 3165
start_va = 0x1d0000
end_va = 0x1f8fff
monitored = 0
entry_point = 0x1d1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3166
start_va = 0x290000
end_va = 0x29ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 3167
start_va = 0x560000
end_va = 0x6e7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000560000"
filename = ""
Region:
id = 3168
start_va = 0x1d0000
end_va = 0x1f8fff
monitored = 0
entry_point = 0x1d1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3169
start_va = 0x7fefd7b0000
end_va = 0x7fefd7ddfff
monitored = 0
entry_point = 0x7fefd7b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3170
start_va = 0x7fefd4d0000
end_va = 0x7fefd5d8fff
monitored = 0
entry_point = 0x7fefd4d1064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 3171
start_va = 0x6f0000
end_va = 0x870fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006f0000"
filename = ""
Region:
id = 3172
start_va = 0x880000
end_va = 0x1c7ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000880000"
filename = ""
Region:
id = 3175
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 3176
start_va = 0xb0000
end_va = 0xb0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000b0000"
filename = ""
Region:
id = 3177
start_va = 0x1d0000
end_va = 0x24cfff
monitored = 0
entry_point = 0x1dcec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 3178
start_va = 0x1d0000
end_va = 0x24cfff
monitored = 0
entry_point = 0x1dcec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 3179
start_va = 0x7fefcff0000
end_va = 0x7fefcffefff
monitored = 0
entry_point = 0x7fefcff1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 3180
start_va = 0xc0000
end_va = 0xc0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 3181
start_va = 0x7fefde70000
end_va = 0x7fefdf08fff
monitored = 0
entry_point = 0x7fefde71c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 3182
start_va = 0x7feff3e0000
end_va = 0x7feff4bafff
monitored = 0
entry_point = 0x7feff400760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3183
start_va = 0x7fefd710000
end_va = 0x7fefd72efff
monitored = 0
entry_point = 0x7fefd7160e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3184
start_va = 0x7fefdb30000
end_va = 0x7fefdc06fff
monitored = 0
entry_point = 0x7fefdb33274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3185
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 3194
start_va = 0x1ce0000
end_va = 0x1ddffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ce0000"
filename = ""
Region:
id = 3195
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 3212
start_va = 0x1fc0000
end_va = 0x20bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001fc0000"
filename = ""
Region:
id = 3213
start_va = 0x7fefc9f0000
end_va = 0x7fefca07fff
monitored = 0
entry_point = 0x7fefc9f3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 3214
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 3215
start_va = 0x1e0000
end_va = 0x224fff
monitored = 0
entry_point = 0x1e1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3216
start_va = 0x1e0000
end_va = 0x224fff
monitored = 0
entry_point = 0x1e1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3217
start_va = 0x1e0000
end_va = 0x224fff
monitored = 0
entry_point = 0x1e1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3218
start_va = 0x1e0000
end_va = 0x224fff
monitored = 0
entry_point = 0x1e1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3219
start_va = 0x1e0000
end_va = 0x224fff
monitored = 0
entry_point = 0x1e1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3220
start_va = 0x7fefc6f0000
end_va = 0x7fefc736fff
monitored = 0
entry_point = 0x7fefc6f1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3221
start_va = 0x20c0000
end_va = 0x238efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3222
start_va = 0x7fefd0e0000
end_va = 0x7fefd0f3fff
monitored = 0
entry_point = 0x7fefd0e10e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 3225
start_va = 0x1e40000
end_va = 0x1f3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e40000"
filename = ""
Region:
id = 3226
start_va = 0x2400000
end_va = 0x24fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002400000"
filename = ""
Region:
id = 3227
start_va = 0x25f0000
end_va = 0x26effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 3228
start_va = 0x7fefba50000
end_va = 0x7fefbaa5fff
monitored = 0
entry_point = 0x7fefba5bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 3229
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 3230
start_va = 0x7fffffd5000
end_va = 0x7fffffd6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 3231
start_va = 0x7fffffd7000
end_va = 0x7fffffd8fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 3232
start_va = 0x26f0000
end_va = 0x28affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026f0000"
filename = ""
Region:
id = 3234
start_va = 0x2500000
end_va = 0x25defff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002500000"
filename = ""
Region:
id = 3238
start_va = 0x7fef81f0000
end_va = 0x7fef820efff
monitored = 0
entry_point = 0x7fef81f57b8
region_type = mapped_file
name = "thumbcache.dll"
filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll")
Region:
id = 3239
start_va = 0x7fefdf10000
end_va = 0x7fefec97fff
monitored = 0
entry_point = 0x7fefdf8cebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 3240
start_va = 0x7fefef10000
end_va = 0x7fefef80fff
monitored = 0
entry_point = 0x7fefef21e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 3241
start_va = 0x7fef8350000
end_va = 0x7fef83effff
monitored = 0
entry_point = 0x7fef83ceb20
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll")
Region:
id = 3242
start_va = 0x77380000
end_va = 0x77386fff
monitored = 0
entry_point = 0x7738106c
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 3243
start_va = 0x7fefbab0000
end_va = 0x7fefbbdbfff
monitored = 0
entry_point = 0x7fefbab94bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 3244
start_va = 0x28b0000
end_va = 0x2a5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000028b0000"
filename = ""
Region:
id = 3245
start_va = 0x26f0000
end_va = 0x27effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026f0000"
filename = ""
Region:
id = 3246
start_va = 0x2830000
end_va = 0x28affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 3247
start_va = 0x7fef8960000
end_va = 0x7fef8a4dfff
monitored = 0
entry_point = 0x7fef89612a0
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 3256
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 3257
start_va = 0x1f0000
end_va = 0x1f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 3258
start_va = 0x7fefbc30000
end_va = 0x7fefbe23fff
monitored = 0
entry_point = 0x7fefbdbc924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 3259
start_va = 0x200000
end_va = 0x200fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 3260
start_va = 0x210000
end_va = 0x211fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000210000"
filename = ""
Region:
id = 3261
start_va = 0x7fefa8b0000
end_va = 0x7fefa906fff
monitored = 0
entry_point = 0x7fefa8b1118
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 3262
start_va = 0x7fef2180000
end_va = 0x7fef2570fff
monitored = 0
entry_point = 0x7fef230d21c
region_type = mapped_file
name = "mf.dll"
filename = "\\Windows\\System32\\mf.dll" (normalized: "c:\\windows\\system32\\mf.dll")
Region:
id = 3263
start_va = 0x7fefacd0000
end_va = 0x7feface8fff
monitored = 0
entry_point = 0x7fefacd11a8
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 3264
start_va = 0x7fef7c40000
end_va = 0x7fef7cacfff
monitored = 0
entry_point = 0x7fef7c4131c
region_type = mapped_file
name = "mfplat.dll"
filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll")
Region:
id = 3265
start_va = 0x7fefef90000
end_va = 0x7fefefdcfff
monitored = 0
entry_point = 0x7fefef91070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 3266
start_va = 0x7feff3d0000
end_va = 0x7feff3d7fff
monitored = 0
entry_point = 0x7feff3d1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 3267
start_va = 0x7fefb090000
end_va = 0x7fefb098fff
monitored = 0
entry_point = 0x7fefb091010
region_type = mapped_file
name = "avrt.dll"
filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")
Region:
id = 3268
start_va = 0x7fefc2c0000
end_va = 0x7fefc2cbfff
monitored = 0
entry_point = 0x7fefc2c1064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 3269
start_va = 0x73b50000
end_va = 0x73b55fff
monitored = 0
entry_point = 0x73b51010
region_type = mapped_file
name = "ksuser.dll"
filename = "\\Windows\\System32\\ksuser.dll" (normalized: "c:\\windows\\system32\\ksuser.dll")
Region:
id = 3270
start_va = 0x7fef20c0000
end_va = 0x7fef212afff
monitored = 0
entry_point = 0x7fef20c101c
region_type = mapped_file
name = "photometadatahandler.dll"
filename = "\\Windows\\System32\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\system32\\photometadatahandler.dll")
Region:
id = 3271
start_va = 0x7fefb4b0000
end_va = 0x7fefb5d9fff
monitored = 0
entry_point = 0x7fefb4b3810
region_type = mapped_file
name = "windowscodecs.dll"
filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")
Region:
id = 3651
start_va = 0x200000
end_va = 0x200fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 3652
start_va = 0x220000
end_va = 0x220fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000220000"
filename = ""
Region:
id = 3656
start_va = 0x230000
end_va = 0x238fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000230000"
filename = ""
Thread:
id = 214
os_tid = 0x4a0
Thread:
id = 215
os_tid = 0x554
Thread:
id = 220
os_tid = 0x31c
Thread:
id = 221
os_tid = 0x308
Thread:
id = 222
os_tid = 0x598
Thread:
id = 223
os_tid = 0x584
Thread:
id = 224
os_tid = 0x5c8
Process:
id = "14"
image_name = "explorer.exe"
filename = "c:\\windows\\explorer.exe"
page_root = "0x27f9a000"
os_pid = "0x36c"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "rpc_server"
parent_id = "13"
os_parent_pid = "0x13c"
cmd_line = "C:\\Windows\\Explorer.EXE"
cur_dir = "C:\\Windows\\system32\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e34b" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 3273
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3274
start_va = 0x20000
end_va = 0x21fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 3275
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 3276
start_va = 0x40000
end_va = 0x41fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 3277
start_va = 0x50000
end_va = 0x55fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "explorer.exe.mui"
filename = "\\Windows\\en-US\\explorer.exe.mui" (normalized: "c:\\windows\\en-us\\explorer.exe.mui")
Region:
id = 3278
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 3279
start_va = 0x70000
end_va = 0x7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000070000"
filename = ""
Region:
id = 3280
start_va = 0x80000
end_va = 0x80fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000080000"
filename = ""
Region:
id = 3281
start_va = 0x90000
end_va = 0x9cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 3282
start_va = 0xa0000
end_va = 0xa0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000a0000"
filename = ""
Region:
id = 3283
start_va = 0xb0000
end_va = 0x1affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000b0000"
filename = ""
Region:
id = 3284
start_va = 0x1b0000
end_va = 0x22ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 3285
start_va = 0x230000
end_va = 0x296fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3286
start_va = 0x2a0000
end_va = 0x39ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002a0000"
filename = ""
Region:
id = 3287
start_va = 0x3a0000
end_va = 0x527fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003a0000"
filename = ""
Region:
id = 3288
start_va = 0x530000
end_va = 0x6b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000530000"
filename = ""
Region:
id = 3289
start_va = 0x6c0000
end_va = 0x1abffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006c0000"
filename = ""
Region:
id = 3290
start_va = 0x1ac0000
end_va = 0x1afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ac0000"
filename = ""
Region:
id = 3291
start_va = 0x1b00000
end_va = 0x1b01fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001b00000"
filename = ""
Region:
id = 3292
start_va = 0x1b10000
end_va = 0x1b10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001b10000"
filename = ""
Region:
id = 3293
start_va = 0x1b20000
end_va = 0x1b21fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001b20000"
filename = ""
Region:
id = 3294
start_va = 0x1b30000
end_va = 0x1b49fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b30000"
filename = ""
Region:
id = 3295
start_va = 0x1b50000
end_va = 0x1b50fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001b50000"
filename = ""
Region:
id = 3296
start_va = 0x1b60000
end_va = 0x1b60fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b60000"
filename = ""
Region:
id = 3297
start_va = 0x1b70000
end_va = 0x1b81fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b70000"
filename = ""
Region:
id = 3298
start_va = 0x1b90000
end_va = 0x1b92fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001b90000"
filename = ""
Region:
id = 3299
start_va = 0x1ba0000
end_va = 0x1ba0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ba0000"
filename = ""
Region:
id = 3300
start_va = 0x1bb0000
end_va = 0x1c2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001bb0000"
filename = ""
Region:
id = 3301
start_va = 0x1c30000
end_va = 0x1d0efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001c30000"
filename = ""
Region:
id = 3302
start_va = 0x1d10000
end_va = 0x1d6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d10000"
filename = ""
Region:
id = 3303
start_va = 0x1d70000
end_va = 0x1d70fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d70000"
filename = ""
Region:
id = 3304
start_va = 0x1d80000
end_va = 0x1d81fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001d80000"
filename = ""
Region:
id = 3305
start_va = 0x1d90000
end_va = 0x1d91fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001d90000"
filename = ""
Region:
id = 3306
start_va = 0x1da0000
end_va = 0x1da1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001da0000"
filename = ""
Region:
id = 3307
start_va = 0x1db0000
end_va = 0x1e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001db0000"
filename = ""
Region:
id = 3308
start_va = 0x1e30000
end_va = 0x20fefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3309
start_va = 0x2100000
end_va = 0x215bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shell32.dll.mui"
filename = "\\Windows\\System32\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shell32.dll.mui")
Region:
id = 3310
start_va = 0x2160000
end_va = 0x2162fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "comctl32.dll.mui"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui")
Region:
id = 3311
start_va = 0x2170000
end_va = 0x2170fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002170000"
filename = ""
Region:
id = 3312
start_va = 0x2180000
end_va = 0x21fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 3313
start_va = 0x2200000
end_va = 0x227dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002200000"
filename = ""
Region:
id = 3314
start_va = 0x2280000
end_va = 0x237ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 3315
start_va = 0x2380000
end_va = 0x2385fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002380000"
filename = ""
Region:
id = 3316
start_va = 0x2390000
end_va = 0x2390fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002390000"
filename = ""
Region:
id = 3317
start_va = 0x23a0000
end_va = 0x23a8fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023a0000"
filename = ""
Region:
id = 3318
start_va = 0x23b0000
end_va = 0x23b7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023b0000"
filename = ""
Region:
id = 3319
start_va = 0x23c0000
end_va = 0x23d9fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000004.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000004.db")
Region:
id = 3320
start_va = 0x23e0000
end_va = 0x2427fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023e0000"
filename = ""
Region:
id = 3321
start_va = 0x2430000
end_va = 0x2433fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002430000"
filename = ""
Region:
id = 3322
start_va = 0x2440000
end_va = 0x2440fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002440000"
filename = ""
Region:
id = 3323
start_va = 0x2450000
end_va = 0x2450fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002450000"
filename = ""
Region:
id = 3324
start_va = 0x2460000
end_va = 0x255ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002460000"
filename = ""
Region:
id = 3325
start_va = 0x2560000
end_va = 0x275ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002560000"
filename = ""
Region:
id = 3326
start_va = 0x2760000
end_va = 0x2760fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002760000"
filename = ""
Region:
id = 3327
start_va = 0x2770000
end_va = 0x2773fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 3328
start_va = 0x2780000
end_va = 0x2783fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 3329
start_va = 0x2790000
end_va = 0x2791fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002790000"
filename = ""
Region:
id = 3330
start_va = 0x27a0000
end_va = 0x281ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000027a0000"
filename = ""
Region:
id = 3331
start_va = 0x2820000
end_va = 0x2824fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "explorerframe.dll.mui"
filename = "\\Windows\\System32\\en-US\\explorerframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\explorerframe.dll.mui")
Region:
id = 3332
start_va = 0x2830000
end_va = 0x2833fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 3333
start_va = 0x2840000
end_va = 0x28bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 3334
start_va = 0x28c0000
end_va = 0x28effff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db")
Region:
id = 3335
start_va = 0x28f0000
end_va = 0x28f3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000028f0000"
filename = ""
Region:
id = 3336
start_va = 0x2900000
end_va = 0x2901fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002900000"
filename = ""
Region:
id = 3337
start_va = 0x2910000
end_va = 0x298ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002910000"
filename = ""
Region:
id = 3338
start_va = 0x2990000
end_va = 0x29f5fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 3339
start_va = 0x2a00000
end_va = 0x2a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a00000"
filename = ""
Region:
id = 3340
start_va = 0x2a80000
end_va = 0x2a80fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a80000"
filename = ""
Region:
id = 3341
start_va = 0x2a90000
end_va = 0x2a90fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a90000"
filename = ""
Region:
id = 3342
start_va = 0x2aa0000
end_va = 0x2aa0fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_1024.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db")
Region:
id = 3343
start_va = 0x2ab0000
end_va = 0x2ab1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002ab0000"
filename = ""
Region:
id = 3344
start_va = 0x2ac0000
end_va = 0x2ac6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "authui.dll.mui"
filename = "\\Windows\\System32\\en-US\\authui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\authui.dll.mui")
Region:
id = 3345
start_va = 0x2ad0000
end_va = 0x2addfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui")
Region:
id = 3346
start_va = 0x2ae0000
end_va = 0x2b5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ae0000"
filename = ""
Region:
id = 3347
start_va = 0x2b60000
end_va = 0x2b60fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b60000"
filename = ""
Region:
id = 3348
start_va = 0x2b70000
end_va = 0x2b70fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b70000"
filename = ""
Region:
id = 3349
start_va = 0x2b80000
end_va = 0x2b80fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b80000"
filename = ""
Region:
id = 3350
start_va = 0x2b90000
end_va = 0x2c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b90000"
filename = ""
Region:
id = 3351
start_va = 0x2c10000
end_va = 0x353ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 3352
start_va = 0x3540000
end_va = 0x3540fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_1024.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db")
Region:
id = 3353
start_va = 0x3550000
end_va = 0x3550fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_sr.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db")
Region:
id = 3354
start_va = 0x3560000
end_va = 0x3560fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_idx.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db")
Region:
id = 3355
start_va = 0x35a0000
end_va = 0x35a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000035a0000"
filename = ""
Region:
id = 3356
start_va = 0x35b0000
end_va = 0x35b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000035b0000"
filename = ""
Region:
id = 3357
start_va = 0x35c0000
end_va = 0x35c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000035c0000"
filename = ""
Region:
id = 3358
start_va = 0x35d0000
end_va = 0x35d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000035d0000"
filename = ""
Region:
id = 3359
start_va = 0x35e0000
end_va = 0x35e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000035e0000"
filename = ""
Region:
id = 3360
start_va = 0x35f0000
end_va = 0x35f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000035f0000"
filename = ""
Region:
id = 3361
start_va = 0x3600000
end_va = 0x3601fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003600000"
filename = ""
Region:
id = 3362
start_va = 0x3610000
end_va = 0x3613fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 3363
start_va = 0x3620000
end_va = 0x3620fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db")
Region:
id = 3364
start_va = 0x3630000
end_va = 0x3633fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 3365
start_va = 0x3640000
end_va = 0x36bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003640000"
filename = ""
Region:
id = 3366
start_va = 0x36c0000
end_va = 0x373ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000036c0000"
filename = ""
Region:
id = 3367
start_va = 0x3740000
end_va = 0x3740fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{228385d3-b646-481b-b0de-f0c3a58f5423}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{228385D3-B646-481B-B0DE-F0C3A58F5423}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{228385d3-b646-481b-b0de-f0c3a58f5423}.2.ver0x0000000000000001.db")
Region:
id = 3368
start_va = 0x3750000
end_va = 0x3753fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 3369
start_va = 0x3760000
end_va = 0x3760fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{87178f01-581a-45f0-9991-3f918faa83f1}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{87178F01-581A-45F0-9991-3F918FAA83F1}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{87178f01-581a-45f0-9991-3f918faa83f1}.2.ver0x0000000000000001.db")
Region:
id = 3370
start_va = 0x3770000
end_va = 0x3773fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 3371
start_va = 0x3780000
end_va = 0x3780fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{c353f91e-d25f-48f0-a2cd-9f60b2681e9a}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{C353F91E-D25F-48F0-A2CD-9F60B2681E9A}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{c353f91e-d25f-48f0-a2cd-9f60b2681e9a}.2.ver0x0000000000000001.db")
Region:
id = 3372
start_va = 0x3790000
end_va = 0x3790fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003790000"
filename = ""
Region:
id = 3373
start_va = 0x37a0000
end_va = 0x37a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037a0000"
filename = ""
Region:
id = 3374
start_va = 0x37b0000
end_va = 0x37b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037b0000"
filename = ""
Region:
id = 3375
start_va = 0x37c0000
end_va = 0x37c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037c0000"
filename = ""
Region:
id = 3376
start_va = 0x37d0000
end_va = 0x37d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037d0000"
filename = ""
Region:
id = 3377
start_va = 0x3810000
end_va = 0x3813fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 3378
start_va = 0x3820000
end_va = 0x3820fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{2f368d22-02bf-4413-97d1-c886cb140911}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{2F368D22-02BF-4413-97D1-C886CB140911}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{2f368d22-02bf-4413-97d1-c886cb140911}.2.ver0x0000000000000001.db")
Region:
id = 3379
start_va = 0x3830000
end_va = 0x387ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003830000"
filename = ""
Region:
id = 3380
start_va = 0x38d0000
end_va = 0x38d0fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_sr.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db")
Region:
id = 3381
start_va = 0x38e0000
end_va = 0x38e0fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_idx.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db")
Region:
id = 3382
start_va = 0x38f0000
end_va = 0x38f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000038f0000"
filename = ""
Region:
id = 3383
start_va = 0x3900000
end_va = 0x3900fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_1024.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db")
Region:
id = 3384
start_va = 0x3910000
end_va = 0x3910fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_sr.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db")
Region:
id = 3385
start_va = 0x3920000
end_va = 0x399ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003920000"
filename = ""
Region:
id = 3386
start_va = 0x39a0000
end_va = 0x3a1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000039a0000"
filename = ""
Region:
id = 3387
start_va = 0x3a20000
end_va = 0x3a20fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003a20000"
filename = ""
Region:
id = 3388
start_va = 0x3a30000
end_va = 0x3a30fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wdmaud.drv.mui"
filename = "\\Windows\\System32\\en-US\\wdmaud.drv.mui" (normalized: "c:\\windows\\system32\\en-us\\wdmaud.drv.mui")
Region:
id = 3389
start_va = 0x3a40000
end_va = 0x3a40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mmdevapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui")
Region:
id = 3390
start_va = 0x3a50000
end_va = 0x3acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a50000"
filename = ""
Region:
id = 3391
start_va = 0x3ad0000
end_va = 0x3ad1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ad0000"
filename = ""
Region:
id = 3392
start_va = 0x3ae0000
end_va = 0x3ae0fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_idx.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db")
Region:
id = 3393
start_va = 0x3af0000
end_va = 0x3af0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "alttab.dll.mui"
filename = "\\Windows\\System32\\en-US\\AltTab.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\alttab.dll.mui")
Region:
id = 3394
start_va = 0x3b00000
end_va = 0x3b04fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnidui.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnidui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnidui.dll.mui")
Region:
id = 3395
start_va = 0x3b10000
end_va = 0x3b8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b10000"
filename = ""
Region:
id = 3396
start_va = 0x3b90000
end_va = 0x3bc5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b90000"
filename = ""
Region:
id = 3397
start_va = 0x3bd0000
end_va = 0x3bd1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stobject.dll.mui"
filename = "\\Windows\\System32\\en-US\\stobject.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\stobject.dll.mui")
Region:
id = 3398
start_va = 0x3be0000
end_va = 0x3be1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003be0000"
filename = ""
Region:
id = 3399
start_va = 0x3bf0000
end_va = 0x3bf1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003bf0000"
filename = ""
Region:
id = 3400
start_va = 0x3c00000
end_va = 0x3c03fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 3401
start_va = 0x3c10000
end_va = 0x3c10fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c10000"
filename = ""
Region:
id = 3402
start_va = 0x3c20000
end_va = 0x3c20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sndvolsso.dll.mui"
filename = "\\Windows\\System32\\en-US\\sndvolsso.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sndvolsso.dll.mui")
Region:
id = 3403
start_va = 0x3c30000
end_va = 0x3c31fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c30000"
filename = ""
Region:
id = 3404
start_va = 0x3c40000
end_va = 0x3c41fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c40000"
filename = ""
Region:
id = 3405
start_va = 0x3c50000
end_va = 0x3c5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c50000"
filename = ""
Region:
id = 3406
start_va = 0x3c60000
end_va = 0x3c60fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 3407
start_va = 0x3c70000
end_va = 0x3c71fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c70000"
filename = ""
Region:
id = 3408
start_va = 0x3c80000
end_va = 0x3cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c80000"
filename = ""
Region:
id = 3409
start_va = 0x3d00000
end_va = 0x3efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003d00000"
filename = ""
Region:
id = 3410
start_va = 0x3f00000
end_va = 0x3f06fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bthprops.cpl.mui"
filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\bthprops.cpl.mui")
Region:
id = 3411
start_va = 0x3f10000
end_va = 0x3f11fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003f10000"
filename = ""
Region:
id = 3412
start_va = 0x3f20000
end_va = 0x3f48fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 3413
start_va = 0x3f50000
end_va = 0x3f51fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003f50000"
filename = ""
Region:
id = 3414
start_va = 0x3f60000
end_va = 0x3f61fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003f60000"
filename = ""
Region:
id = 3415
start_va = 0x3f70000
end_va = 0x3f71fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003f70000"
filename = ""
Region:
id = 3416
start_va = 0x3f80000
end_va = 0x3f81fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003f80000"
filename = ""
Region:
id = 3417
start_va = 0x4040000
end_va = 0x413ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_32.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db")
Region:
id = 3418
start_va = 0x4140000
end_va = 0x423ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_96.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db")
Region:
id = 3419
start_va = 0x4240000
end_va = 0x433ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_256.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db")
Region:
id = 3420
start_va = 0x43b0000
end_va = 0x442ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000043b0000"
filename = ""
Region:
id = 3421
start_va = 0x4470000
end_va = 0x44effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004470000"
filename = ""
Region:
id = 3422
start_va = 0x44f0000
end_va = 0x45effff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_32.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db")
Region:
id = 3423
start_va = 0x4680000
end_va = 0x46fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004680000"
filename = ""
Region:
id = 3424
start_va = 0x4700000
end_va = 0x5a54fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imageres.dll"
filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll")
Region:
id = 3425
start_va = 0x5a60000
end_va = 0x5e62fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005a60000"
filename = ""
Region:
id = 3426
start_va = 0x5e70000
end_va = 0x5f6ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_96.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db")
Region:
id = 3427
start_va = 0x5f70000
end_va = 0x606ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_256.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db")
Region:
id = 3428
start_va = 0x6070000
end_va = 0x60effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006070000"
filename = ""
Region:
id = 3429
start_va = 0x6150000
end_va = 0x61cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006150000"
filename = ""
Region:
id = 3430
start_va = 0x6200000
end_va = 0x627ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006200000"
filename = ""
Region:
id = 3431
start_va = 0x62c0000
end_va = 0x633ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000062c0000"
filename = ""
Region:
id = 3432
start_va = 0x6360000
end_va = 0x63dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006360000"
filename = ""
Region:
id = 3433
start_va = 0x6400000
end_va = 0x647ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006400000"
filename = ""
Region:
id = 3434
start_va = 0x64b0000
end_va = 0x652ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000064b0000"
filename = ""
Region:
id = 3435
start_va = 0x6530000
end_va = 0x65affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006530000"
filename = ""
Region:
id = 3436
start_va = 0x66a0000
end_va = 0x66affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000066a0000"
filename = ""
Region:
id = 3437
start_va = 0x66b0000
end_va = 0x66bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000066b0000"
filename = ""
Region:
id = 3438
start_va = 0x66c0000
end_va = 0x673ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000066c0000"
filename = ""
Region:
id = 3439
start_va = 0x6760000
end_va = 0x67dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006760000"
filename = ""
Region:
id = 3440
start_va = 0x6810000
end_va = 0x688ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006810000"
filename = ""
Region:
id = 3441
start_va = 0x6960000
end_va = 0x69dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006960000"
filename = ""
Region:
id = 3442
start_va = 0x6a00000
end_va = 0x6a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006a00000"
filename = ""
Region:
id = 3443
start_va = 0x6a80000
end_va = 0x6afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006a80000"
filename = ""
Region:
id = 3444
start_va = 0x6b40000
end_va = 0x6bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006b40000"
filename = ""
Region:
id = 3445
start_va = 0x6bc0000
end_va = 0x6cbffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_32.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db")
Region:
id = 3446
start_va = 0x6cc0000
end_va = 0x6dbffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_96.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db")
Region:
id = 3447
start_va = 0x6dc0000
end_va = 0x6ebffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_256.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db")
Region:
id = 3448
start_va = 0x7080000
end_va = 0x70fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007080000"
filename = ""
Region:
id = 3449
start_va = 0x73b50000
end_va = 0x73b55fff
monitored = 0
entry_point = 0x73b51010
region_type = mapped_file
name = "ksuser.dll"
filename = "\\Windows\\System32\\ksuser.dll" (normalized: "c:\\windows\\system32\\ksuser.dll")
Region:
id = 3450
start_va = 0x74d10000
end_va = 0x74df2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 3451
start_va = 0x76f90000
end_va = 0x77089fff
monitored = 0
entry_point = 0x76faa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3452
start_va = 0x77090000
end_va = 0x771aefff
monitored = 0
entry_point = 0x770a5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3453
start_va = 0x771b0000
end_va = 0x77358fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3454
start_va = 0x77380000
end_va = 0x77386fff
monitored = 0
entry_point = 0x7738106c
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 3455
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 3456
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 3457
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 3458
start_va = 0xffce0000
end_va = 0xfff9ffff
monitored = 0
entry_point = 0xffd0b790
region_type = mapped_file
name = "explorer.exe"
filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe")
Region:
id = 3459
start_va = 0x7fef2130000
end_va = 0x7fef2174fff
monitored = 0
entry_point = 0x7fef2134190
region_type = mapped_file
name = "qagent.dll"
filename = "\\Windows\\System32\\QAGENT.DLL" (normalized: "c:\\windows\\system32\\qagent.dll")
Region:
id = 3460
start_va = 0x7fef2580000
end_va = 0x7fef258cfff
monitored = 0
entry_point = 0x7fef2587104
region_type = mapped_file
name = "wwapi.dll"
filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll")
Region:
id = 3461
start_va = 0x7fef2590000
end_va = 0x7fef25edfff
monitored = 0
entry_point = 0x7fef25ca7fc
region_type = mapped_file
name = "wwanapi.dll"
filename = "\\Windows\\System32\\WWanAPI.dll" (normalized: "c:\\windows\\system32\\wwanapi.dll")
Region:
id = 3462
start_va = 0x7fef25f0000
end_va = 0x7fef25f6fff
monitored = 0
entry_point = 0x7fef25f1b24
region_type = mapped_file
name = "wlanutil.dll"
filename = "\\Windows\\System32\\wlanutil.dll" (normalized: "c:\\windows\\system32\\wlanutil.dll")
Region:
id = 3463
start_va = 0x7fef2600000
end_va = 0x7fef261ffff
monitored = 0
entry_point = 0x7fef2601010
region_type = mapped_file
name = "wlanapi.dll"
filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")
Region:
id = 3464
start_va = 0x7fef2620000
end_va = 0x7fef26e5fff
monitored = 0
entry_point = 0x7fef262f220
region_type = mapped_file
name = "msftedit.dll"
filename = "\\Windows\\System32\\msftedit.dll" (normalized: "c:\\windows\\system32\\msftedit.dll")
Region:
id = 3465
start_va = 0x7fef29e0000
end_va = 0x7fef29ebfff
monitored = 0
entry_point = 0x7fef29e602c
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 3466
start_va = 0x7fef35c0000
end_va = 0x7fef35f0fff
monitored = 0
entry_point = 0x7fef35c1b24
region_type = mapped_file
name = "provsvc.dll"
filename = "\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll")
Region:
id = 3467
start_va = 0x7fef3600000
end_va = 0x7fef367efff
monitored = 0
entry_point = 0x7fef3601070
region_type = mapped_file
name = "imapi2.dll"
filename = "\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll")
Region:
id = 3468
start_va = 0x7fef3680000
end_va = 0x7fef38aafff
monitored = 0
entry_point = 0x7fef3681f00
region_type = mapped_file
name = "synccenter.dll"
filename = "\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll")
Region:
id = 3469
start_va = 0x7fef3940000
end_va = 0x7fef3a01fff
monitored = 0
entry_point = 0x7fef39604b4
region_type = mapped_file
name = "actioncenter.dll"
filename = "\\Windows\\System32\\ActionCenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll")
Region:
id = 3470
start_va = 0x7fef3a10000
end_va = 0x7fef3a63fff
monitored = 0
entry_point = 0x7fef3a1104c
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 3471
start_va = 0x7fef3ad0000
end_va = 0x7fef4686fff
monitored = 0
entry_point = 0x7fef3ad1bd8
region_type = mapped_file
name = "ieframe.dll"
filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll")
Region:
id = 3472
start_va = 0x7fef4690000
end_va = 0x7fef4744fff
monitored = 0
entry_point = 0x7fef46b1cd0
region_type = mapped_file
name = "bthprops.cpl"
filename = "\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl")
Region:
id = 3473
start_va = 0x7fef48d0000
end_va = 0x7fef4a8cfff
monitored = 0
entry_point = 0x7fef48d1010
region_type = mapped_file
name = "pnidui.dll"
filename = "\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll")
Region:
id = 3474
start_va = 0x7fef4bf0000
end_va = 0x7fef4c2efff
monitored = 0
entry_point = 0x7fef4bf12c0
region_type = mapped_file
name = "cscobj.dll"
filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll")
Region:
id = 3475
start_va = 0x7fef4c30000
end_va = 0x7fef4c3ffff
monitored = 0
entry_point = 0x7fef4c395dc
region_type = mapped_file
name = "alttab.dll"
filename = "\\Windows\\System32\\AltTab.dll" (normalized: "c:\\windows\\system32\\alttab.dll")
Region:
id = 3476
start_va = 0x7fef4e50000
end_va = 0x7fef4f0cfff
monitored = 0
entry_point = 0x7fef4e51ea4
region_type = mapped_file
name = "portabledeviceapi.dll"
filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll")
Region:
id = 3477
start_va = 0x7fef4f10000
end_va = 0x7fef4f48fff
monitored = 0
entry_point = 0x7fef4f11240
region_type = mapped_file
name = "portabledevicetypes.dll"
filename = "\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll")
Region:
id = 3478
start_va = 0x7fef4f50000
end_va = 0x7fef4f6ffff
monitored = 0
entry_point = 0x7fef4f51298
region_type = mapped_file
name = "wpdshserviceobj.dll"
filename = "\\Windows\\System32\\WPDShServiceObj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll")
Region:
id = 3479
start_va = 0x7fef5220000
end_va = 0x7fef54aafff
monitored = 0
entry_point = 0x7fef5226f5c
region_type = mapped_file
name = "netshell.dll"
filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll")
Region:
id = 3480
start_va = 0x7fef5680000
end_va = 0x7fef568afff
monitored = 0
entry_point = 0x7fef5681030
region_type = mapped_file
name = "ehsso.dll"
filename = "\\Windows\\ehome\\ehSSO.dll" (normalized: "c:\\windows\\ehome\\ehsso.dll")
Region:
id = 3481
start_va = 0x7fef57b0000
end_va = 0x7fef5823fff
monitored = 0
entry_point = 0x7fef57e54c8
region_type = mapped_file
name = "dxp.dll"
filename = "\\Windows\\System32\\DXP.dll" (normalized: "c:\\windows\\system32\\dxp.dll")
Region:
id = 3482
start_va = 0x7fef5d90000
end_va = 0x7fef5e03fff
monitored = 0
entry_point = 0x7fef5d966f0
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 3483
start_va = 0x7fef5e10000
end_va = 0x7fef5e80fff
monitored = 0
entry_point = 0x7fef5e4ecc4
region_type = mapped_file
name = "winspool.drv"
filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv")
Region:
id = 3484
start_va = 0x7fef5e90000
end_va = 0x7fef5ef8fff
monitored = 0
entry_point = 0x7fef5e91198
region_type = mapped_file
name = "prnfldr.dll"
filename = "\\Windows\\System32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll")
Region:
id = 3485
start_va = 0x7fef6300000
end_va = 0x7fef63b9fff
monitored = 0
entry_point = 0x7fef630115c
region_type = mapped_file
name = "batmeter.dll"
filename = "\\Windows\\System32\\batmeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll")
Region:
id = 3486
start_va = 0x7fef63c0000
end_va = 0x7fef6402fff
monitored = 0
entry_point = 0x7fef63c30d8
region_type = mapped_file
name = "stobject.dll"
filename = "\\Windows\\System32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll")
Region:
id = 3487
start_va = 0x7fef7780000
end_va = 0x7fef77d4fff
monitored = 0
entry_point = 0x7fef77826e4
region_type = mapped_file
name = "hgcpl.dll"
filename = "\\Windows\\System32\\hgcpl.dll" (normalized: "c:\\windows\\system32\\hgcpl.dll")
Region:
id = 3488
start_va = 0x7fef7850000
end_va = 0x7fef78ecfff
monitored = 0
entry_point = 0x7fef78dd52c
region_type = mapped_file
name = "fxsapi.dll"
filename = "\\Windows\\System32\\FXSAPI.dll" (normalized: "c:\\windows\\system32\\fxsapi.dll")
Region:
id = 3489
start_va = 0x7fef78f0000
end_va = 0x7fef79c6fff
monitored = 0
entry_point = 0x7fef78f1254
region_type = mapped_file
name = "fxsst.dll"
filename = "\\Windows\\System32\\FXSST.dll" (normalized: "c:\\windows\\system32\\fxsst.dll")
Region:
id = 3490
start_va = 0x7fef7f40000
end_va = 0x7fef7f48fff
monitored = 0
entry_point = 0x7fef7f42f98
region_type = mapped_file
name = "midimap.dll"
filename = "\\Windows\\System32\\midimap.dll" (normalized: "c:\\windows\\system32\\midimap.dll")
Region:
id = 3491
start_va = 0x7fef7f50000
end_va = 0x7fef7f67fff
monitored = 0
entry_point = 0x7fef7f51060
region_type = mapped_file
name = "msacm32.dll"
filename = "\\Windows\\System32\\msacm32.dll" (normalized: "c:\\windows\\system32\\msacm32.dll")
Region:
id = 3492
start_va = 0x7fef7f70000
end_va = 0x7fef7f79fff
monitored = 0
entry_point = 0x7fef7f749f0
region_type = mapped_file
name = "msacm32.drv"
filename = "\\Windows\\System32\\msacm32.drv" (normalized: "c:\\windows\\system32\\msacm32.drv")
Region:
id = 3493
start_va = 0x7fef7f80000
end_va = 0x7fef7fcefff
monitored = 0
entry_point = 0x7fef7f82760
region_type = mapped_file
name = "audioses.dll"
filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll")
Region:
id = 3494
start_va = 0x7fef7fd0000
end_va = 0x7fef800afff
monitored = 0
entry_point = 0x7fef7ff7600
region_type = mapped_file
name = "wdmaud.drv"
filename = "\\Windows\\System32\\wdmaud.drv" (normalized: "c:\\windows\\system32\\wdmaud.drv")
Region:
id = 3495
start_va = 0x7fef8010000
end_va = 0x7fef804afff
monitored = 0
entry_point = 0x7fef80122f0
region_type = mapped_file
name = "winmm.dll"
filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll")
Region:
id = 3496
start_va = 0x7fef8050000
end_va = 0x7fef81ebfff
monitored = 0
entry_point = 0x7fef8051030
region_type = mapped_file
name = "networkexplorer.dll"
filename = "\\Windows\\System32\\networkexplorer.dll" (normalized: "c:\\windows\\system32\\networkexplorer.dll")
Region:
id = 3497
start_va = 0x7fef81f0000
end_va = 0x7fef820efff
monitored = 0
entry_point = 0x7fef81f57b8
region_type = mapped_file
name = "thumbcache.dll"
filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll")
Region:
id = 3498
start_va = 0x7fef8290000
end_va = 0x7fef830efff
monitored = 0
entry_point = 0x7fef82e385c
region_type = mapped_file
name = "tiptsf.dll"
filename = "\\Program Files\\Common Files\\Microsoft Shared\\ink\\tiptsf.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\tiptsf.dll")
Region:
id = 3499
start_va = 0x7fef8310000
end_va = 0x7fef834afff
monitored = 0
entry_point = 0x7fef8311070
region_type = mapped_file
name = "msls31.dll"
filename = "\\Windows\\System32\\msls31.dll" (normalized: "c:\\windows\\system32\\msls31.dll")
Region:
id = 3500
start_va = 0x7fef8420000
end_va = 0x7fef849bfff
monitored = 0
entry_point = 0x7fef84211d4
region_type = mapped_file
name = "wer.dll"
filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")
Region:
id = 3501
start_va = 0x7fef84a0000
end_va = 0x7fef8742fff
monitored = 0
entry_point = 0x7fef84a3498
region_type = mapped_file
name = "gameux.dll"
filename = "\\Windows\\System32\\gameux.dll" (normalized: "c:\\windows\\system32\\gameux.dll")
Region:
id = 3502
start_va = 0x7fef8750000
end_va = 0x7fef875bfff
monitored = 0
entry_point = 0x7fef8751380
region_type = mapped_file
name = "linkinfo.dll"
filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll")
Region:
id = 3503
start_va = 0x7fef8760000
end_va = 0x7fef8793fff
monitored = 0
entry_point = 0x7fef8761890
region_type = mapped_file
name = "shdocvw.dll"
filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll")
Region:
id = 3504
start_va = 0x7fef8960000
end_va = 0x7fef8a4dfff
monitored = 0
entry_point = 0x7fef89612a0
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 3505
start_va = 0x7fef8ab0000
end_va = 0x7fef8ac7fff
monitored = 0
entry_point = 0x7fef8ab1bf8
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 3506
start_va = 0x7fef8ad0000
end_va = 0x7fef8ae0fff
monitored = 0
entry_point = 0x7fef8ad16ac
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 3507
start_va = 0x7fef8f90000
end_va = 0x7fef9012fff
monitored = 0
entry_point = 0x7fef8fb692c
region_type = mapped_file
name = "timedate.cpl"
filename = "\\Windows\\System32\\timedate.cpl" (normalized: "c:\\windows\\system32\\timedate.cpl")
Region:
id = 3508
start_va = 0x7fef9020000
end_va = 0x7fef92f1fff
monitored = 0
entry_point = 0x7fef90815f0
region_type = mapped_file
name = "themeui.dll"
filename = "\\Windows\\System32\\themeui.dll" (normalized: "c:\\windows\\system32\\themeui.dll")
Region:
id = 3509
start_va = 0x7fef9300000
end_va = 0x7fef9307fff
monitored = 0
entry_point = 0x7fef9301030
region_type = mapped_file
name = "iconcodecservice.dll"
filename = "\\Windows\\System32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll")
Region:
id = 3510
start_va = 0x7fef9310000
end_va = 0x7fef938ffff
monitored = 0
entry_point = 0x7fef9314a8c
region_type = mapped_file
name = "ntshrui.dll"
filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll")
Region:
id = 3511
start_va = 0x7fef9390000
end_va = 0x7fef939efff
monitored = 0
entry_point = 0x7fef9391040
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 3512
start_va = 0x7fef93a0000
end_va = 0x7fef93abfff
monitored = 0
entry_point = 0x7fef93a1070
region_type = mapped_file
name = "cscdll.dll"
filename = "\\Windows\\System32\\cscdll.dll" (normalized: "c:\\windows\\system32\\cscdll.dll")
Region:
id = 3513
start_va = 0x7fef93b0000
end_va = 0x7fef942dfff
monitored = 0
entry_point = 0x7fef93b1304
region_type = mapped_file
name = "cscui.dll"
filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll")
Region:
id = 3514
start_va = 0x7fef9430000
end_va = 0x7fef9464fff
monitored = 0
entry_point = 0x7fef943c59c
region_type = mapped_file
name = "ehstorshell.dll"
filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll")
Region:
id = 3515
start_va = 0x7fef9470000
end_va = 0x7fef9cedfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "grooveintlresource.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\1033\\grooveintlresource.dll")
Region:
id = 3516
start_va = 0x7fef9cf0000
end_va = 0x7fef9ea8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "office.odf"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf")
Region:
id = 3517
start_va = 0x7fef9eb0000
end_va = 0x7fefa1c5fff
monitored = 0
entry_point = 0x7fef9eb3e98
region_type = mapped_file
name = "msi.dll"
filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll")
Region:
id = 3518
start_va = 0x7fefa1d0000
end_va = 0x7fefa1d2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-utility-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-utility-l1-1-0.dll")
Region:
id = 3519
start_va = 0x7fefa1e0000
end_va = 0x7fefa1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-environment-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-environment-l1-1-0.dll")
Region:
id = 3520
start_va = 0x7fefa1f0000
end_va = 0x7fefa1f2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-filesystem-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-filesystem-l1-1-0.dll")
Region:
id = 3521
start_va = 0x7fefa200000
end_va = 0x7fefa202fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-time-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-time-l1-1-0.dll")
Region:
id = 3522
start_va = 0x7fefa210000
end_va = 0x7fefa214fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-multibyte-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-multibyte-l1-1-0.dll")
Region:
id = 3523
start_va = 0x7fefa220000
end_va = 0x7fefa224fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-math-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-math-l1-1-0.dll")
Region:
id = 3524
start_va = 0x7fefa230000
end_va = 0x7fefa232fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-locale-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-locale-l1-1-0.dll")
Region:
id = 3525
start_va = 0x7fefa240000
end_va = 0x7fefa2ddfff
monitored = 0
entry_point = 0x7fefa289d40
region_type = mapped_file
name = "msvcp140.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\msvcp140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\msvcp140.dll")
Region:
id = 3526
start_va = 0x7fefa2e0000
end_va = 0x7fefa2e3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-convert-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-convert-l1-1-0.dll")
Region:
id = 3527
start_va = 0x7fefa2f0000
end_va = 0x7fefa2f3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-stdio-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-stdio-l1-1-0.dll")
Region:
id = 3528
start_va = 0x7fefa300000
end_va = 0x7fefa302fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-heap-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-heap-l1-1-0.dll")
Region:
id = 3529
start_va = 0x7fefa310000
end_va = 0x7fefa313fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-string-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-string-l1-1-0.dll")
Region:
id = 3530
start_va = 0x7fefa320000
end_va = 0x7fefa322fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-file-l1-2-0.dll"
filename = "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll")
Region:
id = 3531
start_va = 0x7fefa330000
end_va = 0x7fefa332fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-processthreads-l1-1-1.dll"
filename = "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll")
Region:
id = 3532
start_va = 0x7fefa340000
end_va = 0x7fefa342fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 3533
start_va = 0x7fefa350000
end_va = 0x7fefa352fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-localization-l1-2-0.dll"
filename = "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll")
Region:
id = 3534
start_va = 0x7fefa360000
end_va = 0x7fefa362fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-file-l2-1-0.dll"
filename = "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll")
Region:
id = 3535
start_va = 0x7fefa370000
end_va = 0x7fefa372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-timezone-l1-1-0.dll"
filename = "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll")
Region:
id = 3536
start_va = 0x7fefa380000
end_va = 0x7fefa471fff
monitored = 0
entry_point = 0x7fefa389060
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 3537
start_va = 0x7fefa480000
end_va = 0x7fefa483fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-crt-runtime-l1-1-0.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-runtime-l1-1-0.dll")
Region:
id = 3538
start_va = 0x7fefa490000
end_va = 0x7fefa4a6fff
monitored = 0
entry_point = 0x7fefa49c440
region_type = mapped_file
name = "vcruntime140.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\vcruntime140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\vcruntime140.dll")
Region:
id = 3539
start_va = 0x7fefa4b0000
end_va = 0x7fefa6c3fff
monitored = 0
entry_point = 0x7fefa4b1000
region_type = mapped_file
name = "grooveex.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\grooveex.dll")
Region:
id = 3540
start_va = 0x7fefa6d0000
end_va = 0x7fefa79dfff
monitored = 0
entry_point = 0x7fefa6f30fc
region_type = mapped_file
name = "msvcr110.dll"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\msvcr110.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\msvcr110.dll")
Region:
id = 3541
start_va = 0x7fefa7a0000
end_va = 0x7fefa846fff
monitored = 0
entry_point = 0x7fefa7eb93c
region_type = mapped_file
name = "msvcp110.dll"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\msvcp110.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\msvcp110.dll")
Region:
id = 3542
start_va = 0x7fefa850000
end_va = 0x7fefa8a5fff
monitored = 0
entry_point = 0x7fefa8586e8
region_type = mapped_file
name = "filesyncshell64.dll"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\filesyncshell64.dll")
Region:
id = 3543
start_va = 0x7fefa8b0000
end_va = 0x7fefa906fff
monitored = 0
entry_point = 0x7fefa8b1118
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 3544
start_va = 0x7fefa910000
end_va = 0x7fefaad9fff
monitored = 0
entry_point = 0x7fefa917a60
region_type = mapped_file
name = "explorerframe.dll"
filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll")
Region:
id = 3545
start_va = 0x7fefab00000
end_va = 0x7fefab15fff
monitored = 0
entry_point = 0x7fefab01050
region_type = mapped_file
name = "syncreg.dll"
filename = "\\Windows\\System32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll")
Region:
id = 3546
start_va = 0x7fefab50000
end_va = 0x7fefab6efff
monitored = 0
entry_point = 0x7fefab53580
region_type = mapped_file
name = "qutil.dll"
filename = "\\Windows\\System32\\QUTIL.DLL" (normalized: "c:\\windows\\system32\\qutil.dll")
Region:
id = 3547
start_va = 0x7fefabc0000
end_va = 0x7fefabcafff
monitored = 0
entry_point = 0x7fefabc1198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 3548
start_va = 0x7fefabd0000
end_va = 0x7fefabf6fff
monitored = 0
entry_point = 0x7fefabd98bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 3549
start_va = 0x7fefac20000
end_va = 0x7fefac86fff
monitored = 0
entry_point = 0x7fefac36060
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 3550
start_va = 0x7fefaca0000
end_va = 0x7fefacaafff
monitored = 0
entry_point = 0x7fefaca4f8c
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 3551
start_va = 0x7fefacd0000
end_va = 0x7feface8fff
monitored = 0
entry_point = 0x7fefacd11a8
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 3552
start_va = 0x7fefad70000
end_va = 0x7fefad84fff
monitored = 0
entry_point = 0x7fefad760d8
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 3553
start_va = 0x7fefae60000
end_va = 0x7fefaf86fff
monitored = 0
entry_point = 0x7fefae610ec
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")
Region:
id = 3554
start_va = 0x7fefb090000
end_va = 0x7fefb098fff
monitored = 0
entry_point = 0x7fefb091010
region_type = mapped_file
name = "avrt.dll"
filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")
Region:
id = 3555
start_va = 0x7fefb0a0000
end_va = 0x7fefb0cbfff
monitored = 0
entry_point = 0x7fefb0a15c4
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 3556
start_va = 0x7fefb180000
end_va = 0x7fefb1acfff
monitored = 0
entry_point = 0x7fefb181010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 3557
start_va = 0x7fefb300000
end_va = 0x7fefb313fff
monitored = 0
entry_point = 0x7fefb3016b4
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 3558
start_va = 0x7fefb320000
end_va = 0x7fefb334fff
monitored = 0
entry_point = 0x7fefb321050
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 3559
start_va = 0x7fefb340000
end_va = 0x7fefb34bfff
monitored = 0
entry_point = 0x7fefb3418a4
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 3560
start_va = 0x7fefb3c0000
end_va = 0x7fefb417fff
monitored = 0
entry_point = 0x7fefb3c30f0
region_type = mapped_file
name = "srchadmin.dll"
filename = "\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll")
Region:
id = 3561
start_va = 0x7fefb480000
end_va = 0x7fefb490fff
monitored = 0
entry_point = 0x7fefb481070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 3562
start_va = 0x7fefb4b0000
end_va = 0x7fefb5d9fff
monitored = 0
entry_point = 0x7fefb4b3810
region_type = mapped_file
name = "windowscodecs.dll"
filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")
Region:
id = 3563
start_va = 0x7fefb5e0000
end_va = 0x7fefb614fff
monitored = 0
entry_point = 0x7fefb5e1064
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 3564
start_va = 0x7fefb620000
end_va = 0x7fefb637fff
monitored = 0
entry_point = 0x7fefb621130
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 3565
start_va = 0x7fefb640000
end_va = 0x7fefb68afff
monitored = 0
entry_point = 0x7fefb64efcc
region_type = mapped_file
name = "mmdevapi.dll"
filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")
Region:
id = 3566
start_va = 0x7fefb690000
end_va = 0x7fefb69afff
monitored = 0
entry_point = 0x7fefb691020
region_type = mapped_file
name = "hid.dll"
filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll")
Region:
id = 3567
start_va = 0x7fefb6a0000
end_va = 0x7fefb6dafff
monitored = 0
entry_point = 0x7fefb6af410
region_type = mapped_file
name = "sndvolsso.dll"
filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll")
Region:
id = 3568
start_va = 0x7fefb6e0000
end_va = 0x7fefb722fff
monitored = 0
entry_point = 0x7fefb6ec168
region_type = mapped_file
name = "duser.dll"
filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll")
Region:
id = 3569
start_va = 0x7fefb730000
end_va = 0x7fefb821fff
monitored = 0
entry_point = 0x7fefb75ac20
region_type = mapped_file
name = "dui70.dll"
filename = "\\Windows\\System32\\dui70.dll" (normalized: "c:\\windows\\system32\\dui70.dll")
Region:
id = 3570
start_va = 0x7fefb830000
end_va = 0x7fefba44fff
monitored = 0
entry_point = 0x7fefba064b0
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll")
Region:
id = 3571
start_va = 0x7fefba50000
end_va = 0x7fefbaa5fff
monitored = 0
entry_point = 0x7fefba5bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 3572
start_va = 0x7fefbab0000
end_va = 0x7fefbbdbfff
monitored = 0
entry_point = 0x7fefbab94bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 3573
start_va = 0x7fefbbe0000
end_va = 0x7fefbbfcfff
monitored = 0
entry_point = 0x7fefbbe1ef4
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 3574
start_va = 0x7fefbc00000
end_va = 0x7fefbc23fff
monitored = 0
entry_point = 0x7fefbc01024
region_type = mapped_file
name = "shacct.dll"
filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll")
Region:
id = 3575
start_va = 0x7fefbc30000
end_va = 0x7fefbe23fff
monitored = 0
entry_point = 0x7fefbdbc924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 3576
start_va = 0x7fefbe30000
end_va = 0x7fefbf39fff
monitored = 0
entry_point = 0x7fefbe31010
region_type = mapped_file
name = "cryptui.dll"
filename = "\\Windows\\System32\\cryptui.dll" (normalized: "c:\\windows\\system32\\cryptui.dll")
Region:
id = 3577
start_va = 0x7fefbf40000
end_va = 0x7fefc119fff
monitored = 0
entry_point = 0x7fefbf43130
region_type = mapped_file
name = "authui.dll"
filename = "\\Windows\\System32\\authui.dll" (normalized: "c:\\windows\\system32\\authui.dll")
Region:
id = 3578
start_va = 0x7fefc2c0000
end_va = 0x7fefc2cbfff
monitored = 0
entry_point = 0x7fefc2c1064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 3579
start_va = 0x7fefc4a0000
end_va = 0x7fefc4bdfff
monitored = 0
entry_point = 0x7fefc4a13b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 3580
start_va = 0x7fefc6f0000
end_va = 0x7fefc736fff
monitored = 0
entry_point = 0x7fefc6f1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3581
start_va = 0x7fefc9f0000
end_va = 0x7fefca07fff
monitored = 0
entry_point = 0x7fefc9f3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 3582
start_va = 0x7fefcb00000
end_va = 0x7fefcb31fff
monitored = 0
entry_point = 0x7fefcb0144c
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 3583
start_va = 0x7fefcc20000
end_va = 0x7fefcc8cfff
monitored = 0
entry_point = 0x7fefcc21010
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 3584
start_va = 0x7fefcef0000
end_va = 0x7fefcf12fff
monitored = 0
entry_point = 0x7fefcef1198
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 3585
start_va = 0x7fefcf90000
end_va = 0x7fefcf9afff
monitored = 0
entry_point = 0x7fefcf91030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 3586
start_va = 0x7fefcfc0000
end_va = 0x7fefcfe4fff
monitored = 0
entry_point = 0x7fefcfc9658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 3587
start_va = 0x7fefcff0000
end_va = 0x7fefcffefff
monitored = 0
entry_point = 0x7fefcff1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 3588
start_va = 0x7fefd000000
end_va = 0x7fefd090fff
monitored = 0
entry_point = 0x7fefd001440
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 3589
start_va = 0x7fefd0a0000
end_va = 0x7fefd0dcfff
monitored = 0
entry_point = 0x7fefd0a18f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 3590
start_va = 0x7fefd0e0000
end_va = 0x7fefd0f3fff
monitored = 0
entry_point = 0x7fefd0e10e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 3591
start_va = 0x7fefd100000
end_va = 0x7fefd10efff
monitored = 0
entry_point = 0x7fefd1019b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 3592
start_va = 0x7fefd1a0000
end_va = 0x7fefd1aefff
monitored = 0
entry_point = 0x7fefd1a1020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 3593
start_va = 0x7fefd1b0000
end_va = 0x7fefd31cfff
monitored = 0
entry_point = 0x7fefd1b10b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 3594
start_va = 0x7fefd320000
end_va = 0x7fefd38afff
monitored = 0
entry_point = 0x7fefd3230e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 3595
start_va = 0x7fefd390000
end_va = 0x7fefd3c5fff
monitored = 0
entry_point = 0x7fefd391474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 3596
start_va = 0x7fefd470000
end_va = 0x7fefd489fff
monitored = 0
entry_point = 0x7fefd471558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 3597
start_va = 0x7fefd490000
end_va = 0x7fefd4cafff
monitored = 0
entry_point = 0x7fefd491324
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 3598
start_va = 0x7fefd4d0000
end_va = 0x7fefd5d8fff
monitored = 0
entry_point = 0x7fefd4d1064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 3599
start_va = 0x7fefd5e0000
end_va = 0x7fefd709fff
monitored = 0
entry_point = 0x7fefd5e10d4
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 3600
start_va = 0x7fefd710000
end_va = 0x7fefd72efff
monitored = 0
entry_point = 0x7fefd7160e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3601
start_va = 0x7fefd7b0000
end_va = 0x7fefd7ddfff
monitored = 0
entry_point = 0x7fefd7b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3602
start_va = 0x7fefd880000
end_va = 0x7fefd9acfff
monitored = 0
entry_point = 0x7fefd8ced50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 3603
start_va = 0x7fefd9b0000
end_va = 0x7fefdb27fff
monitored = 0
entry_point = 0x7fefd9b10e0
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 3604
start_va = 0x7fefdb30000
end_va = 0x7fefdc06fff
monitored = 0
entry_point = 0x7fefdb33274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3605
start_va = 0x7fefdc10000
end_va = 0x7fefde68fff
monitored = 0
entry_point = 0x7fefdc11340
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 3606
start_va = 0x7fefde70000
end_va = 0x7fefdf08fff
monitored = 0
entry_point = 0x7fefde71c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 3607
start_va = 0x7fefdf10000
end_va = 0x7fefec97fff
monitored = 0
entry_point = 0x7fefdf8cebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 3608
start_va = 0x7fefecc0000
end_va = 0x7fefed11fff
monitored = 0
entry_point = 0x7fefecc10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 3609
start_va = 0x7fefed20000
end_va = 0x7fefedbefff
monitored = 0
entry_point = 0x7fefed225a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 3610
start_va = 0x7fefedc0000
end_va = 0x7fefedcdfff
monitored = 0
entry_point = 0x7fefedc1080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 3611
start_va = 0x7fefedd0000
end_va = 0x7fefee36fff
monitored = 0
entry_point = 0x7fefeddb03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 3612
start_va = 0x7fefee40000
end_va = 0x7fefef08fff
monitored = 0
entry_point = 0x7fefeeba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 3613
start_va = 0x7fefef10000
end_va = 0x7fefef80fff
monitored = 0
entry_point = 0x7fefef21e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 3614
start_va = 0x7fefef90000
end_va = 0x7fefefdcfff
monitored = 0
entry_point = 0x7fefef91070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 3615
start_va = 0x7fefefe0000
end_va = 0x7feff1b6fff
monitored = 0
entry_point = 0x7fefefe1010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 3616
start_va = 0x7feff1c0000
end_va = 0x7feff3c2fff
monitored = 0
entry_point = 0x7feff1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 3617
start_va = 0x7feff3d0000
end_va = 0x7feff3d7fff
monitored = 0
entry_point = 0x7feff3d1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 3618
start_va = 0x7feff3e0000
end_va = 0x7feff4bafff
monitored = 0
entry_point = 0x7feff400760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3619
start_va = 0x7feff4d0000
end_va = 0x7feff4d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 3620
start_va = 0x7fffff80000
end_va = 0x7fffff81fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff80000"
filename = ""
Region:
id = 3621
start_va = 0x7fffff82000
end_va = 0x7fffff83fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff82000"
filename = ""
Region:
id = 3622
start_va = 0x7fffff84000
end_va = 0x7fffff85fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff84000"
filename = ""
Region:
id = 3623
start_va = 0x7fffff86000
end_va = 0x7fffff87fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff86000"
filename = ""
Region:
id = 3624
start_va = 0x7fffff88000
end_va = 0x7fffff89fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff88000"
filename = ""
Region:
id = 3625
start_va = 0x7fffff8a000
end_va = 0x7fffff8bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8a000"
filename = ""
Region:
id = 3626
start_va = 0x7fffff8c000
end_va = 0x7fffff8dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8c000"
filename = ""
Region:
id = 3627
start_va = 0x7fffff8e000
end_va = 0x7fffff8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8e000"
filename = ""
Region:
id = 3628
start_va = 0x7fffff90000
end_va = 0x7fffff91fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff90000"
filename = ""
Region:
id = 3629
start_va = 0x7fffff92000
end_va = 0x7fffff93fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff92000"
filename = ""
Region:
id = 3630
start_va = 0x7fffff94000
end_va = 0x7fffff95fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff94000"
filename = ""
Region:
id = 3631
start_va = 0x7fffff96000
end_va = 0x7fffff97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff96000"
filename = ""
Region:
id = 3632
start_va = 0x7fffff9a000
end_va = 0x7fffff9bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9a000"
filename = ""
Region:
id = 3633
start_va = 0x7fffff9c000
end_va = 0x7fffff9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9c000"
filename = ""
Region:
id = 3634
start_va = 0x7fffff9e000
end_va = 0x7fffff9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9e000"
filename = ""
Region:
id = 3635
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 3636
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 3637
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 3638
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 3639
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 3640
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 3641
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 3642
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 3643
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 3644
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 3645
start_va = 0x7fffffd5000
end_va = 0x7fffffd5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 3646
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 3647
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 3648
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 3649
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 3650
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 3740
start_va = 0x6ec0000
end_va = 0x6fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006ec0000"
filename = ""
Region:
id = 3790
start_va = 0x7fef92d0000
end_va = 0x7fef92f0fff
monitored = 0
entry_point = 0x7fef92d73a0
region_type = mapped_file
name = "uianimation.dll"
filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll")
Region:
id = 3791
start_va = 0x2aa0000
end_va = 0x2aa0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002aa0000"
filename = ""
Region:
id = 4778
start_va = 0x2910000
end_va = 0x2913fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002910000"
filename = ""
Region:
id = 4779
start_va = 0x3540000
end_va = 0x3540fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003540000"
filename = ""
Region:
id = 4780
start_va = 0x3560000
end_va = 0x3561fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003560000"
filename = ""
Region:
id = 4781
start_va = 0x3ff0000
end_va = 0x406ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ff0000"
filename = ""
Region:
id = 4782
start_va = 0x7fffff70000
end_va = 0x7fffff70fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff70000"
filename = ""
Region:
id = 4783
start_va = 0x41c0000
end_va = 0x423ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000041c0000"
filename = ""
Region:
id = 4784
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 4785
start_va = 0x7fef2100000
end_va = 0x7fef2127fff
monitored = 0
entry_point = 0x7fef2113cc4
region_type = mapped_file
name = "wscinterop.dll"
filename = "\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll")
Region:
id = 4786
start_va = 0x7fef81f0000
end_va = 0x7fef8202fff
monitored = 0
entry_point = 0x7fef81fa8b8
region_type = mapped_file
name = "wscapi.dll"
filename = "\\Windows\\System32\\wscapi.dll" (normalized: "c:\\windows\\system32\\wscapi.dll")
Region:
id = 4787
start_va = 0x7fef1860000
end_va = 0x7fef197efff
monitored = 0
entry_point = 0x7fef187339c
region_type = mapped_file
name = "wscui.cpl"
filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl")
Region:
id = 4788
start_va = 0x2180000
end_va = 0x2181fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002180000"
filename = ""
Region:
id = 4789
start_va = 0x2190000
end_va = 0x2190fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002190000"
filename = ""
Region:
id = 4790
start_va = 0x21a0000
end_va = 0x21aefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wscui.cpl.mui"
filename = "\\Windows\\System32\\en-US\\wscui.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\wscui.cpl.mui")
Region:
id = 4791
start_va = 0x7fef1720000
end_va = 0x7fef185bfff
monitored = 0
entry_point = 0x7fef172197c
region_type = mapped_file
name = "werconcpl.dll"
filename = "\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll")
Region:
id = 4792
start_va = 0x7fef9280000
end_va = 0x7fef92cbfff
monitored = 0
entry_point = 0x7fef9281064
region_type = mapped_file
name = "framedynos.dll"
filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")
Region:
id = 4793
start_va = 0x7fef20e0000
end_va = 0x7fef20f8fff
monitored = 0
entry_point = 0x7fef20f077c
region_type = mapped_file
name = "wercplsupport.dll"
filename = "\\Windows\\System32\\wercplsupport.dll" (normalized: "c:\\windows\\system32\\wercplsupport.dll")
Region:
id = 4794
start_va = 0x7fef8350000
end_va = 0x7fef835afff
monitored = 0
entry_point = 0x7fef8355740
region_type = mapped_file
name = "hcproviders.dll"
filename = "\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll")
Region:
id = 4795
start_va = 0x21b0000
end_va = 0x21b1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000021b0000"
filename = ""
Region:
id = 4796
start_va = 0x21c0000
end_va = 0x21c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "hcproviders.dll.mui"
filename = "\\Windows\\System32\\en-US\\hcproviders.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\hcproviders.dll.mui")
Region:
id = 4797
start_va = 0x21d0000
end_va = 0x21d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "actioncenter.dll.mui"
filename = "\\Windows\\System32\\en-US\\ActionCenter.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\actioncenter.dll.mui")
Region:
id = 4798
start_va = 0x7fef16a0000
end_va = 0x7fef1712fff
monitored = 0
entry_point = 0x7fef16fc7f8
region_type = mapped_file
name = "ieproxy.dll"
filename = "\\Program Files\\Internet Explorer\\ieproxy.dll" (normalized: "c:\\program files\\internet explorer\\ieproxy.dll")
Region:
id = 4799
start_va = 0x21e0000
end_va = 0x21effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021e0000"
filename = ""
Region:
id = 6135
start_va = 0x4070000
end_va = 0x432dfff
monitored = 0
entry_point = 0x409b790
region_type = mapped_file
name = "explorer.exe"
filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe")
Region:
id = 6136
start_va = 0x3b20000
end_va = 0x3b9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b20000"
filename = ""
Region:
id = 6137
start_va = 0x7fefeca0000
end_va = 0x7fefecb6fff
monitored = 0
entry_point = 0x7fefeca1070
region_type = mapped_file
name = "imagehlp.dll"
filename = "\\Windows\\System32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll")
Region:
id = 6138
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 6139
start_va = 0x4070000
end_va = 0x42dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004070000"
filename = ""
Region:
id = 6140
start_va = 0x4430000
end_va = 0x46edfff
monitored = 0
entry_point = 0x445b790
region_type = mapped_file
name = "explorer.exe"
filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe")
Thread:
id = 225
os_tid = 0x350
Thread:
id = 226
os_tid = 0x6f8
Thread:
id = 227
os_tid = 0x6c8
Thread:
id = 228
os_tid = 0x6bc
Thread:
id = 229
os_tid = 0x6b0
Thread:
id = 230
os_tid = 0x6ac
Thread:
id = 231
os_tid = 0x69c
Thread:
id = 232
os_tid = 0x698
Thread:
id = 233
os_tid = 0x688
Thread:
id = 234
os_tid = 0x648
Thread:
id = 235
os_tid = 0x5c0
Thread:
id = 236
os_tid = 0x5a0
Thread:
id = 237
os_tid = 0x550
Thread:
id = 238
os_tid = 0x51c
Thread:
id = 239
os_tid = 0x4f0
Thread:
id = 240
os_tid = 0x4d0
Thread:
id = 241
os_tid = 0x4c8
Thread:
id = 242
os_tid = 0x4c0
Thread:
id = 243
os_tid = 0x4bc
Thread:
id = 244
os_tid = 0x4b8
Thread:
id = 245
os_tid = 0x4b4
Thread:
id = 246
os_tid = 0x4ac
Thread:
id = 247
os_tid = 0x4a0
Thread:
id = 248
os_tid = 0x498
Thread:
id = 249
os_tid = 0x494
Thread:
id = 250
os_tid = 0x404
Thread:
id = 251
os_tid = 0x288
Thread:
id = 252
os_tid = 0x168
Thread:
id = 253
os_tid = 0x154
Thread:
id = 254
os_tid = 0x128
Thread:
id = 255
os_tid = 0x124
Thread:
id = 256
os_tid = 0x398
Thread:
id = 257
os_tid = 0x394
Thread:
id = 309
os_tid = 0x524
Thread:
id = 313
os_tid = 0x76c
Thread:
id = 376
os_tid = 0x7b0
Thread:
id = 407
os_tid = 0x5e4
Thread:
id = 418
os_tid = 0x778
Process:
id = "15"
image_name = "schtasks.exe"
filename = "c:\\windows\\syswow64\\schtasks.exe"
page_root = "0x69ce3000"
os_pid = "0x57c"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "10"
os_parent_pid = "0x5fc"
cmd_line = "\"C:\\Windows\\System32\\schtasks.exe\" /Create /TN \"Updates\\EmVFlIse\" /XML \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e34b" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 3889
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 3890
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 3891
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 3892
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 3893
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 3894
start_va = 0x90000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 3895
start_va = 0x200000
end_va = 0x23ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 3896
start_va = 0xae0000
end_va = 0xb0dfff
monitored = 1
entry_point = 0xaf7683
region_type = mapped_file
name = "schtasks.exe"
filename = "\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")
Region:
id = 3897
start_va = 0x771b0000
end_va = 0x77358fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3898
start_va = 0x77390000
end_va = 0x7750ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 3899
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 3900
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 3901
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 3902
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 3903
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 3904
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 3905
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 3906
start_va = 0x330000
end_va = 0x3affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000330000"
filename = ""
Region:
id = 3907
start_va = 0x74e10000
end_va = 0x74e17fff
monitored = 0
entry_point = 0x74e120f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 3908
start_va = 0x74e20000
end_va = 0x74e7bfff
monitored = 0
entry_point = 0x74e5f798
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 3909
start_va = 0x74e80000
end_va = 0x74ebefff
monitored = 0
entry_point = 0x74eade78
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 3910
start_va = 0x77090000
end_va = 0x771aefff
monitored = 0
entry_point = 0x770a5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3911
start_va = 0x76600000
end_va = 0x7670ffff
monitored = 0
entry_point = 0x766132d3
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 3912
start_va = 0x77090000
end_va = 0x771aefff
monitored = 0
entry_point = 0x770a5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3913
start_va = 0x77090000
end_va = 0x771aefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000077090000"
filename = ""
Region:
id = 3914
start_va = 0x76f90000
end_va = 0x77089fff
monitored = 0
entry_point = 0x76faa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3915
start_va = 0x76f90000
end_va = 0x77089fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076f90000"
filename = ""
Region:
id = 3916
start_va = 0x3b0000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003b0000"
filename = ""
Region:
id = 3917
start_va = 0x76600000
end_va = 0x7670ffff
monitored = 0
entry_point = 0x766132d3
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 3918
start_va = 0x75580000
end_va = 0x755c5fff
monitored = 0
entry_point = 0x75587478
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 3919
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3920
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 3921
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 3922
start_va = 0x20000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 3923
start_va = 0xd0000
end_va = 0x136fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3924
start_va = 0x76cb0000
end_va = 0x76d5bfff
monitored = 0
entry_point = 0x76cba472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 3925
start_va = 0x76710000
end_va = 0x7680ffff
monitored = 0
entry_point = 0x7672b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 3926
start_va = 0x76a10000
end_va = 0x76a9ffff
monitored = 0
entry_point = 0x76a26343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 3927
start_va = 0x77360000
end_va = 0x77369fff
monitored = 0
entry_point = 0x773636a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 3928
start_va = 0x76dc0000
end_va = 0x76e5cfff
monitored = 0
entry_point = 0x76df3fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 3929
start_va = 0x76c10000
end_va = 0x76caffff
monitored = 0
entry_point = 0x76c249e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 3930
start_va = 0x764b0000
end_va = 0x764c8fff
monitored = 0
entry_point = 0x764b4975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 3931
start_va = 0x76ea0000
end_va = 0x76f8ffff
monitored = 0
entry_point = 0x76eb0569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 3932
start_va = 0x74ee0000
end_va = 0x74f3ffff
monitored = 0
entry_point = 0x74efa3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 3933
start_va = 0x74ed0000
end_va = 0x74edbfff
monitored = 0
entry_point = 0x74ed10e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 3934
start_va = 0x76aa0000
end_va = 0x76bfbfff
monitored = 0
entry_point = 0x76aeba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 3935
start_va = 0x752b0000
end_va = 0x7533efff
monitored = 0
entry_point = 0x752b3fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 3936
start_va = 0x76810000
end_va = 0x76866fff
monitored = 0
entry_point = 0x76829ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 3937
start_va = 0x6e310000
end_va = 0x6e318fff
monitored = 0
entry_point = 0x6e311830
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\SysWOW64\\ktmw32.dll" (normalized: "c:\\windows\\syswow64\\ktmw32.dll")
Region:
id = 3938
start_va = 0x5a0000
end_va = 0x76ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 3939
start_va = 0x70000
end_va = 0x8dfff
monitored = 0
entry_point = 0x8158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 3940
start_va = 0x5a0000
end_va = 0x727fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005a0000"
filename = ""
Region:
id = 3941
start_va = 0x760000
end_va = 0x76ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000760000"
filename = ""
Region:
id = 3942
start_va = 0x70000
end_va = 0x8dfff
monitored = 0
entry_point = 0x8158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 3943
start_va = 0x76d60000
end_va = 0x76dbffff
monitored = 0
entry_point = 0x76d7158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 3944
start_va = 0x75340000
end_va = 0x7540bfff
monitored = 0
entry_point = 0x7534168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 3945
start_va = 0x770000
end_va = 0x8f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000770000"
filename = ""
Region:
id = 3946
start_va = 0xb10000
end_va = 0x1f0ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b10000"
filename = ""
Region:
id = 3947
start_va = 0x70000
end_va = 0x81fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schtasks.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui")
Region:
id = 3948
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 3949
start_va = 0x140000
end_va = 0x140fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 3950
start_va = 0x74c00000
end_va = 0x74c08fff
monitored = 0
entry_point = 0x74c01220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 3951
start_va = 0x1f10000
end_va = 0x21defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3952
start_va = 0x74300000
end_va = 0x7437ffff
monitored = 0
entry_point = 0x743137c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 3953
start_va = 0x900000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 3954
start_va = 0x240000
end_va = 0x31efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000240000"
filename = ""
Region:
id = 3955
start_va = 0x430000
end_va = 0x46ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000430000"
filename = ""
Region:
id = 3956
start_va = 0x4a0000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004a0000"
filename = ""
Region:
id = 3957
start_va = 0x970000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000970000"
filename = ""
Region:
id = 3958
start_va = 0x9e0000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 3959
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 3960
start_va = 0x150000
end_va = 0x150fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 3961
start_va = 0x757d0000
end_va = 0x75852fff
monitored = 0
entry_point = 0x757d23d2
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 3962
start_va = 0x160000
end_va = 0x160fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000160000"
filename = ""
Region:
id = 3963
start_va = 0x6e290000
end_va = 0x6e30cfff
monitored = 0
entry_point = 0x6e29166a
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\SysWOW64\\taskschd.dll" (normalized: "c:\\windows\\syswow64\\taskschd.dll")
Region:
id = 3964
start_va = 0xa20000
end_va = 0xadffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui")
Thread:
id = 264
os_tid = 0x570
[0324.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x23f90c | out: lpSystemTimeAsFileTime=0x23f90c*(dwLowDateTime=0xaca51fa0, dwHighDateTime=0x1d71a55))
[0324.036] GetCurrentProcessId () returned 0x57c
[0324.036] GetCurrentThreadId () returned 0x570
[0324.036] GetTickCount () returned 0x1f2b6
[0324.036] RtlQueryPerformanceCounter () returned 0x1
[0324.036] GetModuleHandleA (lpModuleName=0x0) returned 0xae0000
[0324.036] __set_app_type (_Type=0x1)
[0324.036] __p__fmode () returned 0x76d531f4
[0324.036] __p__commode () returned 0x76d531fc
[0324.037] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xaf7881) returned 0x0
[0324.037] __wgetmainargs (in: _Argc=0xb09e6c, _Argv=0xb09e74, _Env=0xb09e70, _DoWildCard=0, _StartInfo=0xb09e80 | out: _Argc=0xb09e6c, _Argv=0xb09e74, _Env=0xb09e70) returned 0
[0324.037] _onexit (_Func=0xb00fe2) returned 0xb00fe2
[0324.037] _onexit (_Func=0xb00ff3) returned 0xb00ff3
[0324.037] _onexit (_Func=0xb01002) returned 0xb01002
[0324.038] _onexit (_Func=0xb0101e) returned 0xb0101e
[0324.038] _onexit (_Func=0xb0103a) returned 0xb0103a
[0324.038] _onexit (_Func=0xb01056) returned 0xb01056
[0324.038] _onexit (_Func=0xb01072) returned 0xb01072
[0324.038] _onexit (_Func=0xb0108e) returned 0xb0108e
[0324.038] _onexit (_Func=0xb010aa) returned 0xb010aa
[0324.038] _onexit (_Func=0xb010c6) returned 0xb010c6
[0324.038] _onexit (_Func=0xb010e2) returned 0xb010e2
[0324.038] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0324.038] WinSqmIsOptedIn () returned 0x0
[0324.039] GetProcessHeap () returned 0x4a0000
[0324.039] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x10) returned 0x4aef10
[0324.039] SetLastError (dwErrCode=0x0)
[0324.039] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0324.039] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0324.039] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0324.040] VerifyVersionInfoW (in: lpVersionInformation=0x23f384, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x23f384) returned 1
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x10) returned 0x4b4a00
[0324.040] lstrlenW (lpString="") returned 0
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x2) returned 0x4b3c98
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b3ca8
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x10) returned 0x4b4a18
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b4de8
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b4e08
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b4e28
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b4e48
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x10) returned 0x4b4a30
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b4e68
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b4e88
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b4ea8
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b4ec8
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x10) returned 0x4b4a48
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b4ee8
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b4f08
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b4f40
[0324.040] GetProcessHeap () returned 0x4a0000
[0324.040] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b4f60
[0324.040] SetThreadUILanguage (LangId=0x0) returned 0x409
[0324.041] SetLastError (dwErrCode=0x0)
[0324.041] GetProcessHeap () returned 0x4a0000
[0324.041] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b4f80
[0324.041] GetProcessHeap () returned 0x4a0000
[0324.041] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b4fa0
[0324.041] GetProcessHeap () returned 0x4a0000
[0324.041] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b4fc0
[0324.041] GetProcessHeap () returned 0x4a0000
[0324.041] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b4fe0
[0324.041] GetProcessHeap () returned 0x4a0000
[0324.041] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b5000
[0324.041] GetProcessHeap () returned 0x4a0000
[0324.041] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x10) returned 0x4b4a60
[0324.041] _memicmp (_Buf1=0x4b4a60, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.041] GetProcessHeap () returned 0x4a0000
[0324.041] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x208) returned 0x4b58a8
[0324.041] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4b58a8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0324.041] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x0) returned 0x74c00000
[0324.043] GetProcAddress (hModule=0x74c00000, lpProcName="GetFileVersionInfoSizeW") returned 0x74c019d9
[0324.043] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744
[0324.043] GetProcessHeap () returned 0x4a0000
[0324.043] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x74e) returned 0x4b5ab8
[0324.044] GetProcAddress (hModule=0x74c00000, lpProcName="GetFileVersionInfoW") returned 0x74c019f4
[0324.044] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x4b5ab8 | out: lpData=0x4b5ab8) returned 1
[0324.044] GetProcAddress (hModule=0x74c00000, lpProcName="VerQueryValueW") returned 0x74c01b51
[0324.044] VerQueryValueW (in: pBlock=0x4b5ab8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x23f48c, puLen=0x23f490 | out: lplpBuffer=0x23f48c*=0x4b5e54, puLen=0x23f490) returned 1
[0324.050] _memicmp (_Buf1=0x4b4a60, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.050] _vsnwprintf (in: _Buffer=0x4b58a8, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x23f474 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0324.050] VerQueryValueW (in: pBlock=0x4b5ab8, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x23f49c, puLen=0x23f498 | out: lplpBuffer=0x23f49c*=0x4b5c80, puLen=0x23f498) returned 1
[0324.050] lstrlenW (lpString="schtasks.exe") returned 12
[0324.050] lstrlenW (lpString="schtasks.exe") returned 12
[0324.050] lstrlenW (lpString=".EXE") returned 4
[0324.050] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0324.051] lstrlenW (lpString="schtasks.exe") returned 12
[0324.051] lstrlenW (lpString=".EXE") returned 4
[0324.051] _memicmp (_Buf1=0x4b4a60, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.051] lstrlenW (lpString="schtasks") returned 8
[0324.051] GetProcessHeap () returned 0x4a0000
[0324.051] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b5040
[0324.051] GetProcessHeap () returned 0x4a0000
[0324.051] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b5060
[0324.051] GetProcessHeap () returned 0x4a0000
[0324.051] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b5080
[0324.051] GetProcessHeap () returned 0x4a0000
[0324.051] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b50a0
[0324.051] GetProcessHeap () returned 0x4a0000
[0324.051] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x10) returned 0x4b4ac0
[0324.051] _memicmp (_Buf1=0x4b4ac0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.052] GetProcessHeap () returned 0x4a0000
[0324.052] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0xa0) returned 0x4b6498
[0324.052] GetProcessHeap () returned 0x4a0000
[0324.052] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b50c0
[0324.052] GetProcessHeap () returned 0x4a0000
[0324.052] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b50e0
[0324.052] GetProcessHeap () returned 0x4a0000
[0324.052] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b5100
[0324.052] GetProcessHeap () returned 0x4a0000
[0324.052] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x10) returned 0x4b4ad8
[0324.052] _memicmp (_Buf1=0x4b4ad8, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.052] GetProcessHeap () returned 0x4a0000
[0324.052] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x200) returned 0x4b6540
[0324.052] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x4b6540, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0324.052] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0324.052] GetProcessHeap () returned 0x4a0000
[0324.052] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x30) returned 0x4b6748
[0324.052] _vsnwprintf (in: _Buffer=0x4b6498, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x23f478 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29
[0324.052] GetProcessHeap () returned 0x4a0000
[0324.052] GetProcessHeap () returned 0x4a0000
[0324.052] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5ab8) returned 1
[0324.052] GetProcessHeap () returned 0x4a0000
[0324.052] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5ab8) returned 0x74e
[0324.052] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5ab8 | out: hHeap=0x4a0000) returned 1
[0324.052] SetLastError (dwErrCode=0x0)
[0324.052] GetThreadLocale () returned 0x409
[0324.053] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.053] lstrlenW (lpString="?") returned 1
[0324.053] GetThreadLocale () returned 0x409
[0324.053] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.053] lstrlenW (lpString="create") returned 6
[0324.053] GetThreadLocale () returned 0x409
[0324.053] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.053] lstrlenW (lpString="delete") returned 6
[0324.053] GetThreadLocale () returned 0x409
[0324.053] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.053] lstrlenW (lpString="query") returned 5
[0324.053] GetThreadLocale () returned 0x409
[0324.053] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.053] lstrlenW (lpString="change") returned 6
[0324.053] GetThreadLocale () returned 0x409
[0324.053] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.053] lstrlenW (lpString="run") returned 3
[0324.053] GetThreadLocale () returned 0x409
[0324.053] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.053] lstrlenW (lpString="end") returned 3
[0324.053] GetThreadLocale () returned 0x409
[0324.053] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.053] lstrlenW (lpString="showsid") returned 7
[0324.053] GetThreadLocale () returned 0x409
[0324.053] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.053] SetLastError (dwErrCode=0x0)
[0324.053] SetLastError (dwErrCode=0x0)
[0324.053] lstrlenW (lpString="/Create") returned 7
[0324.053] lstrlenW (lpString="-/") returned 2
[0324.053] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0324.053] lstrlenW (lpString="?") returned 1
[0324.053] lstrlenW (lpString="?") returned 1
[0324.053] GetProcessHeap () returned 0x4a0000
[0324.053] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x10) returned 0x4b4af0
[0324.053] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.053] GetProcessHeap () returned 0x4a0000
[0324.053] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0xa) returned 0x4b4b08
[0324.053] lstrlenW (lpString="Create") returned 6
[0324.053] GetProcessHeap () returned 0x4a0000
[0324.053] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x10) returned 0x4b4b20
[0324.053] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.054] GetProcessHeap () returned 0x4a0000
[0324.054] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b5120
[0324.054] _vsnwprintf (in: _Buffer=0x4b4b08, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|?|") returned 3
[0324.054] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x9, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|Create|") returned 8
[0324.054] lstrlenW (lpString="|?|") returned 3
[0324.054] lstrlenW (lpString="|Create|") returned 8
[0324.054] SetLastError (dwErrCode=0x490)
[0324.054] lstrlenW (lpString="create") returned 6
[0324.054] lstrlenW (lpString="create") returned 6
[0324.054] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.054] GetProcessHeap () returned 0x4a0000
[0324.054] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4b08) returned 1
[0324.054] GetProcessHeap () returned 0x4a0000
[0324.054] RtlReAllocateHeap (Heap=0x4a0000, Flags=0xc, Ptr=0x4b4b08, Size=0x14) returned 0x4b5140
[0324.054] lstrlenW (lpString="Create") returned 6
[0324.054] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.054] _vsnwprintf (in: _Buffer=0x4b5140, _BufferCount=0x9, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|create|") returned 8
[0324.054] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x9, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|Create|") returned 8
[0324.054] lstrlenW (lpString="|create|") returned 8
[0324.054] lstrlenW (lpString="|Create|") returned 8
[0324.054] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0324.054] SetLastError (dwErrCode=0x0)
[0324.054] SetLastError (dwErrCode=0x0)
[0324.054] SetLastError (dwErrCode=0x0)
[0324.054] lstrlenW (lpString="/TN") returned 3
[0324.054] lstrlenW (lpString="-/") returned 2
[0324.054] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0324.054] lstrlenW (lpString="?") returned 1
[0324.054] lstrlenW (lpString="?") returned 1
[0324.054] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.054] lstrlenW (lpString="TN") returned 2
[0324.054] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.054] _vsnwprintf (in: _Buffer=0x4b5140, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|?|") returned 3
[0324.054] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|TN|") returned 4
[0324.054] lstrlenW (lpString="|?|") returned 3
[0324.055] lstrlenW (lpString="|TN|") returned 4
[0324.055] SetLastError (dwErrCode=0x490)
[0324.055] lstrlenW (lpString="create") returned 6
[0324.055] lstrlenW (lpString="create") returned 6
[0324.055] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.055] lstrlenW (lpString="TN") returned 2
[0324.055] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.055] _vsnwprintf (in: _Buffer=0x4b5140, _BufferCount=0x9, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|create|") returned 8
[0324.055] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|TN|") returned 4
[0324.055] lstrlenW (lpString="|create|") returned 8
[0324.055] lstrlenW (lpString="|TN|") returned 4
[0324.055] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0324.055] SetLastError (dwErrCode=0x490)
[0324.055] lstrlenW (lpString="delete") returned 6
[0324.055] lstrlenW (lpString="delete") returned 6
[0324.055] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.055] lstrlenW (lpString="TN") returned 2
[0324.055] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.055] _vsnwprintf (in: _Buffer=0x4b5140, _BufferCount=0x9, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|delete|") returned 8
[0324.055] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|TN|") returned 4
[0324.055] lstrlenW (lpString="|delete|") returned 8
[0324.055] lstrlenW (lpString="|TN|") returned 4
[0324.055] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0
[0324.055] SetLastError (dwErrCode=0x490)
[0324.055] lstrlenW (lpString="query") returned 5
[0324.055] lstrlenW (lpString="query") returned 5
[0324.055] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.055] lstrlenW (lpString="TN") returned 2
[0324.055] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.055] _vsnwprintf (in: _Buffer=0x4b5140, _BufferCount=0x8, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|query|") returned 7
[0324.055] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|TN|") returned 4
[0324.055] lstrlenW (lpString="|query|") returned 7
[0324.055] lstrlenW (lpString="|TN|") returned 4
[0324.055] StrStrIW (lpFirst="|query|", lpSrch="|TN|") returned 0x0
[0324.055] SetLastError (dwErrCode=0x490)
[0324.055] lstrlenW (lpString="change") returned 6
[0324.056] lstrlenW (lpString="change") returned 6
[0324.056] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.056] lstrlenW (lpString="TN") returned 2
[0324.056] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.056] _vsnwprintf (in: _Buffer=0x4b5140, _BufferCount=0x9, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|change|") returned 8
[0324.056] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|TN|") returned 4
[0324.056] lstrlenW (lpString="|change|") returned 8
[0324.056] lstrlenW (lpString="|TN|") returned 4
[0324.056] StrStrIW (lpFirst="|change|", lpSrch="|TN|") returned 0x0
[0324.056] SetLastError (dwErrCode=0x490)
[0324.056] lstrlenW (lpString="run") returned 3
[0324.056] lstrlenW (lpString="run") returned 3
[0324.056] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.056] lstrlenW (lpString="TN") returned 2
[0324.056] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.056] _vsnwprintf (in: _Buffer=0x4b5140, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|run|") returned 5
[0324.056] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|TN|") returned 4
[0324.056] lstrlenW (lpString="|run|") returned 5
[0324.056] lstrlenW (lpString="|TN|") returned 4
[0324.056] StrStrIW (lpFirst="|run|", lpSrch="|TN|") returned 0x0
[0324.056] SetLastError (dwErrCode=0x490)
[0324.056] lstrlenW (lpString="end") returned 3
[0324.056] lstrlenW (lpString="end") returned 3
[0324.056] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.056] lstrlenW (lpString="TN") returned 2
[0324.056] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.056] _vsnwprintf (in: _Buffer=0x4b5140, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|end|") returned 5
[0324.056] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|TN|") returned 4
[0324.056] lstrlenW (lpString="|end|") returned 5
[0324.056] lstrlenW (lpString="|TN|") returned 4
[0324.056] StrStrIW (lpFirst="|end|", lpSrch="|TN|") returned 0x0
[0324.056] SetLastError (dwErrCode=0x490)
[0324.056] lstrlenW (lpString="showsid") returned 7
[0324.056] lstrlenW (lpString="showsid") returned 7
[0324.056] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.056] GetProcessHeap () returned 0x4a0000
[0324.056] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5140) returned 1
[0324.056] GetProcessHeap () returned 0x4a0000
[0324.057] RtlReAllocateHeap (Heap=0x4a0000, Flags=0xc, Ptr=0x4b5140, Size=0x16) returned 0x4b5160
[0324.057] lstrlenW (lpString="TN") returned 2
[0324.057] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.057] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0xa, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|showsid|") returned 9
[0324.057] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|TN|") returned 4
[0324.057] lstrlenW (lpString="|showsid|") returned 9
[0324.057] lstrlenW (lpString="|TN|") returned 4
[0324.057] StrStrIW (lpFirst="|showsid|", lpSrch="|TN|") returned 0x0
[0324.057] SetLastError (dwErrCode=0x490)
[0324.057] SetLastError (dwErrCode=0x490)
[0324.057] SetLastError (dwErrCode=0x0)
[0324.057] lstrlenW (lpString="/TN") returned 3
[0324.057] StrChrIW (lpStart="/TN", wMatch=0x3a) returned 0x0
[0324.057] SetLastError (dwErrCode=0x490)
[0324.057] SetLastError (dwErrCode=0x0)
[0324.057] lstrlenW (lpString="/TN") returned 3
[0324.057] GetProcessHeap () returned 0x4a0000
[0324.057] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x8) returned 0x4b5ab8
[0324.057] GetProcessHeap () returned 0x4a0000
[0324.057] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b5140
[0324.057] SetLastError (dwErrCode=0x0)
[0324.057] SetLastError (dwErrCode=0x0)
[0324.057] lstrlenW (lpString="Updates\\EmVFlIse") returned 16
[0324.057] lstrlenW (lpString="-/") returned 2
[0324.057] StrChrIW (lpStart="-/", wMatch=0x55) returned 0x0
[0324.057] SetLastError (dwErrCode=0x490)
[0324.057] SetLastError (dwErrCode=0x490)
[0324.057] SetLastError (dwErrCode=0x0)
[0324.057] lstrlenW (lpString="Updates\\EmVFlIse") returned 16
[0324.057] StrChrIW (lpStart="Updates\\EmVFlIse", wMatch=0x3a) returned 0x0
[0324.057] SetLastError (dwErrCode=0x490)
[0324.057] SetLastError (dwErrCode=0x0)
[0324.057] lstrlenW (lpString="Updates\\EmVFlIse") returned 16
[0324.057] GetProcessHeap () returned 0x4a0000
[0324.057] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x22) returned 0x4b5ac8
[0324.057] GetProcessHeap () returned 0x4a0000
[0324.058] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b5180
[0324.058] SetLastError (dwErrCode=0x0)
[0324.058] SetLastError (dwErrCode=0x0)
[0324.058] lstrlenW (lpString="/XML") returned 4
[0324.058] lstrlenW (lpString="-/") returned 2
[0324.058] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0324.058] lstrlenW (lpString="?") returned 1
[0324.058] lstrlenW (lpString="?") returned 1
[0324.058] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.058] lstrlenW (lpString="XML") returned 3
[0324.058] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.058] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|?|") returned 3
[0324.058] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|XML|") returned 5
[0324.058] lstrlenW (lpString="|?|") returned 3
[0324.058] lstrlenW (lpString="|XML|") returned 5
[0324.058] SetLastError (dwErrCode=0x490)
[0324.058] lstrlenW (lpString="create") returned 6
[0324.058] lstrlenW (lpString="create") returned 6
[0324.058] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.058] lstrlenW (lpString="XML") returned 3
[0324.058] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.058] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x9, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|create|") returned 8
[0324.058] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|XML|") returned 5
[0324.058] lstrlenW (lpString="|create|") returned 8
[0324.058] lstrlenW (lpString="|XML|") returned 5
[0324.058] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0324.058] SetLastError (dwErrCode=0x490)
[0324.058] lstrlenW (lpString="delete") returned 6
[0324.058] lstrlenW (lpString="delete") returned 6
[0324.058] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.058] lstrlenW (lpString="XML") returned 3
[0324.058] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.058] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x9, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|delete|") returned 8
[0324.058] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|XML|") returned 5
[0324.058] lstrlenW (lpString="|delete|") returned 8
[0324.058] lstrlenW (lpString="|XML|") returned 5
[0324.058] StrStrIW (lpFirst="|delete|", lpSrch="|XML|") returned 0x0
[0324.059] SetLastError (dwErrCode=0x490)
[0324.059] lstrlenW (lpString="query") returned 5
[0324.059] lstrlenW (lpString="query") returned 5
[0324.059] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.059] lstrlenW (lpString="XML") returned 3
[0324.059] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.059] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x8, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|query|") returned 7
[0324.059] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|XML|") returned 5
[0324.059] lstrlenW (lpString="|query|") returned 7
[0324.059] lstrlenW (lpString="|XML|") returned 5
[0324.059] StrStrIW (lpFirst="|query|", lpSrch="|XML|") returned 0x0
[0324.059] SetLastError (dwErrCode=0x490)
[0324.059] lstrlenW (lpString="change") returned 6
[0324.059] lstrlenW (lpString="change") returned 6
[0324.059] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.059] lstrlenW (lpString="XML") returned 3
[0324.059] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.059] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x9, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|change|") returned 8
[0324.059] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|XML|") returned 5
[0324.059] lstrlenW (lpString="|change|") returned 8
[0324.059] lstrlenW (lpString="|XML|") returned 5
[0324.059] StrStrIW (lpFirst="|change|", lpSrch="|XML|") returned 0x0
[0324.059] SetLastError (dwErrCode=0x490)
[0324.059] lstrlenW (lpString="run") returned 3
[0324.059] lstrlenW (lpString="run") returned 3
[0324.059] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.059] lstrlenW (lpString="XML") returned 3
[0324.059] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.059] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|run|") returned 5
[0324.059] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|XML|") returned 5
[0324.059] lstrlenW (lpString="|run|") returned 5
[0324.059] lstrlenW (lpString="|XML|") returned 5
[0324.059] StrStrIW (lpFirst="|run|", lpSrch="|XML|") returned 0x0
[0324.059] SetLastError (dwErrCode=0x490)
[0324.059] lstrlenW (lpString="end") returned 3
[0324.059] lstrlenW (lpString="end") returned 3
[0324.060] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.060] lstrlenW (lpString="XML") returned 3
[0324.060] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.060] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|end|") returned 5
[0324.060] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|XML|") returned 5
[0324.060] lstrlenW (lpString="|end|") returned 5
[0324.060] lstrlenW (lpString="|XML|") returned 5
[0324.060] StrStrIW (lpFirst="|end|", lpSrch="|XML|") returned 0x0
[0324.060] SetLastError (dwErrCode=0x490)
[0324.060] lstrlenW (lpString="showsid") returned 7
[0324.060] lstrlenW (lpString="showsid") returned 7
[0324.060] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.060] lstrlenW (lpString="XML") returned 3
[0324.060] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.060] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0xa, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|showsid|") returned 9
[0324.060] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23f460 | out: _Buffer="|XML|") returned 5
[0324.060] lstrlenW (lpString="|showsid|") returned 9
[0324.060] lstrlenW (lpString="|XML|") returned 5
[0324.060] StrStrIW (lpFirst="|showsid|", lpSrch="|XML|") returned 0x0
[0324.060] SetLastError (dwErrCode=0x490)
[0324.060] SetLastError (dwErrCode=0x490)
[0324.060] SetLastError (dwErrCode=0x0)
[0324.060] lstrlenW (lpString="/XML") returned 4
[0324.060] StrChrIW (lpStart="/XML", wMatch=0x3a) returned 0x0
[0324.060] SetLastError (dwErrCode=0x490)
[0324.060] SetLastError (dwErrCode=0x0)
[0324.060] lstrlenW (lpString="/XML") returned 4
[0324.060] GetProcessHeap () returned 0x4a0000
[0324.060] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0xa) returned 0x4b4b08
[0324.060] GetProcessHeap () returned 0x4a0000
[0324.060] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b51a0
[0324.060] SetLastError (dwErrCode=0x0)
[0324.060] SetLastError (dwErrCode=0x0)
[0324.060] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp") returned 49
[0324.060] lstrlenW (lpString="-/") returned 2
[0324.060] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0
[0324.060] SetLastError (dwErrCode=0x490)
[0324.060] SetLastError (dwErrCode=0x490)
[0324.061] SetLastError (dwErrCode=0x0)
[0324.061] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp") returned 49
[0324.061] StrChrIW (lpStart="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp", wMatch=0x3a) returned=":\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp"
[0324.061] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp") returned 49
[0324.061] GetProcessHeap () returned 0x4a0000
[0324.061] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x10) returned 0x4b4b38
[0324.061] _memicmp (_Buf1=0x4b4b38, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.061] GetProcessHeap () returned 0x4a0000
[0324.061] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0xc) returned 0x4b4b50
[0324.061] GetProcessHeap () returned 0x4a0000
[0324.061] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x10) returned 0x4b4b68
[0324.061] _memicmp (_Buf1=0x4b4b68, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.061] GetProcessHeap () returned 0x4a0000
[0324.061] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x68) returned 0x4b5af8
[0324.061] SetLastError (dwErrCode=0x7a)
[0324.061] SetLastError (dwErrCode=0x0)
[0324.061] SetLastError (dwErrCode=0x0)
[0324.061] lstrlenW (lpString="C") returned 1
[0324.061] SetLastError (dwErrCode=0x490)
[0324.061] SetLastError (dwErrCode=0x0)
[0324.061] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp") returned 49
[0324.061] GetProcessHeap () returned 0x4a0000
[0324.061] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x64) returned 0x4b5b68
[0324.061] GetProcessHeap () returned 0x4a0000
[0324.061] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b51c0
[0324.061] SetLastError (dwErrCode=0x0)
[0324.061] GetProcessHeap () returned 0x4a0000
[0324.061] GetProcessHeap () returned 0x4a0000
[0324.061] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5ab8) returned 1
[0324.061] GetProcessHeap () returned 0x4a0000
[0324.061] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5ab8) returned 0x8
[0324.061] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5ab8 | out: hHeap=0x4a0000) returned 1
[0324.061] GetProcessHeap () returned 0x4a0000
[0324.061] GetProcessHeap () returned 0x4a0000
[0324.061] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5140) returned 1
[0324.061] GetProcessHeap () returned 0x4a0000
[0324.061] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5140) returned 0x14
[0324.061] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5140 | out: hHeap=0x4a0000) returned 1
[0324.061] GetProcessHeap () returned 0x4a0000
[0324.061] GetProcessHeap () returned 0x4a0000
[0324.062] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5ac8) returned 1
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5ac8) returned 0x22
[0324.062] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5ac8 | out: hHeap=0x4a0000) returned 1
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5180) returned 1
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5180) returned 0x14
[0324.062] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5180 | out: hHeap=0x4a0000) returned 1
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4b08) returned 1
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4b08) returned 0xa
[0324.062] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4b08 | out: hHeap=0x4a0000) returned 1
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b51a0) returned 1
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b51a0) returned 0x14
[0324.062] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b51a0 | out: hHeap=0x4a0000) returned 1
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5b68) returned 1
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5b68) returned 0x64
[0324.062] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5b68 | out: hHeap=0x4a0000) returned 1
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b51c0) returned 1
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b51c0) returned 0x14
[0324.062] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b51c0 | out: hHeap=0x4a0000) returned 1
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4aef10) returned 1
[0324.062] GetProcessHeap () returned 0x4a0000
[0324.062] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4aef10) returned 0x10
[0324.063] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4aef10 | out: hHeap=0x4a0000) returned 1
[0324.063] SetLastError (dwErrCode=0x0)
[0324.063] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0324.063] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0324.063] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0324.063] VerifyVersionInfoW (in: lpVersionInformation=0x23c878, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x23c878) returned 1
[0324.063] SetLastError (dwErrCode=0x0)
[0324.063] lstrlenW (lpString="create") returned 6
[0324.063] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0
[0324.063] SetLastError (dwErrCode=0x490)
[0324.063] SetLastError (dwErrCode=0x0)
[0324.063] lstrlenW (lpString="create") returned 6
[0324.063] GetProcessHeap () returned 0x4a0000
[0324.063] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b51c0
[0324.063] GetProcessHeap () returned 0x4a0000
[0324.063] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x10) returned 0x4aef10
[0324.063] _memicmp (_Buf1=0x4aef10, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.063] GetProcessHeap () returned 0x4a0000
[0324.063] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x16) returned 0x4b51a0
[0324.063] SetLastError (dwErrCode=0x0)
[0324.063] _memicmp (_Buf1=0x4b4a60, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.063] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4b58a8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0324.063] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744
[0324.064] GetProcessHeap () returned 0x4a0000
[0324.064] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x74e) returned 0x4b6780
[0324.064] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x4b6780 | out: lpData=0x4b6780) returned 1
[0324.064] VerQueryValueW (in: pBlock=0x4b6780, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x23c980, puLen=0x23c984 | out: lplpBuffer=0x23c980*=0x4b6b1c, puLen=0x23c984) returned 1
[0324.064] _memicmp (_Buf1=0x4b4a60, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.064] _vsnwprintf (in: _Buffer=0x4b58a8, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x23c968 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0324.064] VerQueryValueW (in: pBlock=0x4b6780, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x23c990, puLen=0x23c98c | out: lplpBuffer=0x23c990*=0x4b6948, puLen=0x23c98c) returned 1
[0324.064] lstrlenW (lpString="schtasks.exe") returned 12
[0324.064] lstrlenW (lpString="schtasks.exe") returned 12
[0324.064] lstrlenW (lpString=".EXE") returned 4
[0324.064] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0324.064] lstrlenW (lpString="schtasks.exe") returned 12
[0324.064] lstrlenW (lpString=".EXE") returned 4
[0324.064] lstrlenW (lpString="schtasks") returned 8
[0324.064] lstrlenW (lpString="/create") returned 7
[0324.064] _memicmp (_Buf1=0x4b4a60, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.064] _vsnwprintf (in: _Buffer=0x4b58a8, _BufferCount=0x19, _Format="%s %s", _ArgList=0x23c968 | out: _Buffer="schtasks /create") returned 16
[0324.064] _memicmp (_Buf1=0x4b4ac0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.064] GetProcessHeap () returned 0x4a0000
[0324.064] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b5180
[0324.064] _memicmp (_Buf1=0x4b4ad8, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.064] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x4b6540, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0324.065] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0324.065] GetProcessHeap () returned 0x4a0000
[0324.065] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x30) returned 0x4b5ab8
[0324.065] _vsnwprintf (in: _Buffer=0x4b6498, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x23c96c | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37
[0324.065] GetProcessHeap () returned 0x4a0000
[0324.065] GetProcessHeap () returned 0x4a0000
[0324.065] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b6780) returned 1
[0324.065] GetProcessHeap () returned 0x4a0000
[0324.065] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b6780) returned 0x74e
[0324.065] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b6780 | out: hHeap=0x4a0000) returned 1
[0324.065] SetLastError (dwErrCode=0x0)
[0324.065] GetThreadLocale () returned 0x409
[0324.065] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.065] lstrlenW (lpString="create") returned 6
[0324.065] GetThreadLocale () returned 0x409
[0324.065] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.065] lstrlenW (lpString="?") returned 1
[0324.065] GetThreadLocale () returned 0x409
[0324.065] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.065] lstrlenW (lpString="s") returned 1
[0324.065] GetThreadLocale () returned 0x409
[0324.065] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.065] lstrlenW (lpString="u") returned 1
[0324.065] GetThreadLocale () returned 0x409
[0324.065] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.065] lstrlenW (lpString="p") returned 1
[0324.065] GetThreadLocale () returned 0x409
[0324.065] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.065] lstrlenW (lpString="ru") returned 2
[0324.065] GetThreadLocale () returned 0x409
[0324.065] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.065] lstrlenW (lpString="rp") returned 2
[0324.065] GetThreadLocale () returned 0x409
[0324.065] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.065] lstrlenW (lpString="sc") returned 2
[0324.065] GetThreadLocale () returned 0x409
[0324.065] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.065] lstrlenW (lpString="mo") returned 2
[0324.065] GetThreadLocale () returned 0x409
[0324.065] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.066] lstrlenW (lpString="d") returned 1
[0324.066] GetThreadLocale () returned 0x409
[0324.066] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.066] lstrlenW (lpString="m") returned 1
[0324.066] GetThreadLocale () returned 0x409
[0324.066] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.066] lstrlenW (lpString="i") returned 1
[0324.066] GetThreadLocale () returned 0x409
[0324.066] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.066] lstrlenW (lpString="tn") returned 2
[0324.066] GetThreadLocale () returned 0x409
[0324.066] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.066] lstrlenW (lpString="tr") returned 2
[0324.066] GetThreadLocale () returned 0x409
[0324.066] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.066] lstrlenW (lpString="st") returned 2
[0324.066] GetThreadLocale () returned 0x409
[0324.066] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.066] lstrlenW (lpString="sd") returned 2
[0324.066] GetThreadLocale () returned 0x409
[0324.066] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.066] lstrlenW (lpString="ed") returned 2
[0324.066] GetThreadLocale () returned 0x409
[0324.066] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.066] lstrlenW (lpString="it") returned 2
[0324.066] GetThreadLocale () returned 0x409
[0324.066] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.066] lstrlenW (lpString="et") returned 2
[0324.066] GetThreadLocale () returned 0x409
[0324.066] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.066] lstrlenW (lpString="k") returned 1
[0324.066] GetThreadLocale () returned 0x409
[0324.066] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.066] lstrlenW (lpString="du") returned 2
[0324.066] GetThreadLocale () returned 0x409
[0324.066] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.066] lstrlenW (lpString="ri") returned 2
[0324.066] GetThreadLocale () returned 0x409
[0324.066] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.066] lstrlenW (lpString="z") returned 1
[0324.066] GetThreadLocale () returned 0x409
[0324.066] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.066] lstrlenW (lpString="f") returned 1
[0324.067] GetThreadLocale () returned 0x409
[0324.067] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.067] lstrlenW (lpString="v1") returned 2
[0324.067] GetThreadLocale () returned 0x409
[0324.067] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.067] lstrlenW (lpString="xml") returned 3
[0324.067] GetThreadLocale () returned 0x409
[0324.067] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.067] lstrlenW (lpString="ec") returned 2
[0324.067] GetThreadLocale () returned 0x409
[0324.067] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.067] lstrlenW (lpString="rl") returned 2
[0324.067] GetThreadLocale () returned 0x409
[0324.067] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.067] lstrlenW (lpString="delay") returned 5
[0324.067] GetThreadLocale () returned 0x409
[0324.067] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0324.067] lstrlenW (lpString="np") returned 2
[0324.067] SetLastError (dwErrCode=0x0)
[0324.067] SetLastError (dwErrCode=0x0)
[0324.067] lstrlenW (lpString="/Create") returned 7
[0324.067] lstrlenW (lpString="-/") returned 2
[0324.067] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0324.067] lstrlenW (lpString="create") returned 6
[0324.067] lstrlenW (lpString="create") returned 6
[0324.067] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.067] lstrlenW (lpString="Create") returned 6
[0324.067] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.067] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x9, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|create|") returned 8
[0324.067] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x9, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|Create|") returned 8
[0324.067] lstrlenW (lpString="|create|") returned 8
[0324.067] lstrlenW (lpString="|Create|") returned 8
[0324.067] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0324.067] SetLastError (dwErrCode=0x0)
[0324.067] SetLastError (dwErrCode=0x0)
[0324.067] SetLastError (dwErrCode=0x0)
[0324.067] lstrlenW (lpString="/TN") returned 3
[0324.067] lstrlenW (lpString="-/") returned 2
[0324.067] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0324.067] lstrlenW (lpString="create") returned 6
[0324.068] lstrlenW (lpString="create") returned 6
[0324.068] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.068] lstrlenW (lpString="TN") returned 2
[0324.068] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.068] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x9, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|create|") returned 8
[0324.068] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|TN|") returned 4
[0324.068] lstrlenW (lpString="|create|") returned 8
[0324.068] lstrlenW (lpString="|TN|") returned 4
[0324.068] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0324.068] SetLastError (dwErrCode=0x490)
[0324.068] lstrlenW (lpString="?") returned 1
[0324.068] lstrlenW (lpString="?") returned 1
[0324.068] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.068] lstrlenW (lpString="TN") returned 2
[0324.068] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.068] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|?|") returned 3
[0324.068] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|TN|") returned 4
[0324.068] lstrlenW (lpString="|?|") returned 3
[0324.068] lstrlenW (lpString="|TN|") returned 4
[0324.068] SetLastError (dwErrCode=0x490)
[0324.068] lstrlenW (lpString="s") returned 1
[0324.068] lstrlenW (lpString="s") returned 1
[0324.068] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.068] lstrlenW (lpString="TN") returned 2
[0324.068] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.068] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|s|") returned 3
[0324.068] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|TN|") returned 4
[0324.068] lstrlenW (lpString="|s|") returned 3
[0324.068] lstrlenW (lpString="|TN|") returned 4
[0324.068] SetLastError (dwErrCode=0x490)
[0324.068] lstrlenW (lpString="u") returned 1
[0324.068] lstrlenW (lpString="u") returned 1
[0324.068] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.068] lstrlenW (lpString="TN") returned 2
[0324.068] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.069] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|u|") returned 3
[0324.069] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|TN|") returned 4
[0324.069] lstrlenW (lpString="|u|") returned 3
[0324.069] lstrlenW (lpString="|TN|") returned 4
[0324.069] SetLastError (dwErrCode=0x490)
[0324.069] lstrlenW (lpString="p") returned 1
[0324.069] lstrlenW (lpString="p") returned 1
[0324.069] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.069] lstrlenW (lpString="TN") returned 2
[0324.069] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.069] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|p|") returned 3
[0324.069] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|TN|") returned 4
[0324.069] lstrlenW (lpString="|p|") returned 3
[0324.069] lstrlenW (lpString="|TN|") returned 4
[0324.069] SetLastError (dwErrCode=0x490)
[0324.069] lstrlenW (lpString="ru") returned 2
[0324.069] lstrlenW (lpString="ru") returned 2
[0324.069] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.069] lstrlenW (lpString="TN") returned 2
[0324.069] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.069] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|ru|") returned 4
[0324.069] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|TN|") returned 4
[0324.069] lstrlenW (lpString="|ru|") returned 4
[0324.069] lstrlenW (lpString="|TN|") returned 4
[0324.069] StrStrIW (lpFirst="|ru|", lpSrch="|TN|") returned 0x0
[0324.069] SetLastError (dwErrCode=0x490)
[0324.069] lstrlenW (lpString="rp") returned 2
[0324.069] lstrlenW (lpString="rp") returned 2
[0324.069] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.069] lstrlenW (lpString="TN") returned 2
[0324.069] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.069] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|rp|") returned 4
[0324.069] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|TN|") returned 4
[0324.069] lstrlenW (lpString="|rp|") returned 4
[0324.069] lstrlenW (lpString="|TN|") returned 4
[0324.069] StrStrIW (lpFirst="|rp|", lpSrch="|TN|") returned 0x0
[0324.069] SetLastError (dwErrCode=0x490)
[0324.069] lstrlenW (lpString="sc") returned 2
[0324.069] lstrlenW (lpString="sc") returned 2
[0324.070] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.070] lstrlenW (lpString="TN") returned 2
[0324.070] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.070] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|sc|") returned 4
[0324.070] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|TN|") returned 4
[0324.070] lstrlenW (lpString="|sc|") returned 4
[0324.070] lstrlenW (lpString="|TN|") returned 4
[0324.070] StrStrIW (lpFirst="|sc|", lpSrch="|TN|") returned 0x0
[0324.070] SetLastError (dwErrCode=0x490)
[0324.070] lstrlenW (lpString="mo") returned 2
[0324.070] lstrlenW (lpString="mo") returned 2
[0324.070] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.070] lstrlenW (lpString="TN") returned 2
[0324.070] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.070] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|mo|") returned 4
[0324.070] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|TN|") returned 4
[0324.070] lstrlenW (lpString="|mo|") returned 4
[0324.070] lstrlenW (lpString="|TN|") returned 4
[0324.070] StrStrIW (lpFirst="|mo|", lpSrch="|TN|") returned 0x0
[0324.070] SetLastError (dwErrCode=0x490)
[0324.070] lstrlenW (lpString="d") returned 1
[0324.070] lstrlenW (lpString="d") returned 1
[0324.070] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.070] lstrlenW (lpString="TN") returned 2
[0324.070] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.070] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|d|") returned 3
[0324.070] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|TN|") returned 4
[0324.070] lstrlenW (lpString="|d|") returned 3
[0324.070] lstrlenW (lpString="|TN|") returned 4
[0324.070] SetLastError (dwErrCode=0x490)
[0324.070] lstrlenW (lpString="m") returned 1
[0324.070] lstrlenW (lpString="m") returned 1
[0324.070] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.070] lstrlenW (lpString="TN") returned 2
[0324.070] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.070] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|m|") returned 3
[0324.070] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|TN|") returned 4
[0324.070] lstrlenW (lpString="|m|") returned 3
[0324.071] lstrlenW (lpString="|TN|") returned 4
[0324.071] SetLastError (dwErrCode=0x490)
[0324.071] lstrlenW (lpString="i") returned 1
[0324.071] lstrlenW (lpString="i") returned 1
[0324.071] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.071] lstrlenW (lpString="TN") returned 2
[0324.071] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.071] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|i|") returned 3
[0324.071] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|TN|") returned 4
[0324.071] lstrlenW (lpString="|i|") returned 3
[0324.071] lstrlenW (lpString="|TN|") returned 4
[0324.071] SetLastError (dwErrCode=0x490)
[0324.071] lstrlenW (lpString="tn") returned 2
[0324.071] lstrlenW (lpString="tn") returned 2
[0324.071] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.071] lstrlenW (lpString="TN") returned 2
[0324.071] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.071] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|tn|") returned 4
[0324.071] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|TN|") returned 4
[0324.071] lstrlenW (lpString="|tn|") returned 4
[0324.071] lstrlenW (lpString="|TN|") returned 4
[0324.071] StrStrIW (lpFirst="|tn|", lpSrch="|TN|") returned="|tn|"
[0324.071] SetLastError (dwErrCode=0x0)
[0324.071] SetLastError (dwErrCode=0x0)
[0324.071] lstrlenW (lpString="Updates\\EmVFlIse") returned 16
[0324.071] lstrlenW (lpString="-/") returned 2
[0324.071] StrChrIW (lpStart="-/", wMatch=0x55) returned 0x0
[0324.071] SetLastError (dwErrCode=0x490)
[0324.071] SetLastError (dwErrCode=0x490)
[0324.071] SetLastError (dwErrCode=0x0)
[0324.071] lstrlenW (lpString="Updates\\EmVFlIse") returned 16
[0324.071] StrChrIW (lpStart="Updates\\EmVFlIse", wMatch=0x3a) returned 0x0
[0324.071] SetLastError (dwErrCode=0x490)
[0324.071] SetLastError (dwErrCode=0x0)
[0324.071] lstrlenW (lpString="Updates\\EmVFlIse") returned 16
[0324.071] SetLastError (dwErrCode=0x0)
[0324.071] SetLastError (dwErrCode=0x0)
[0324.071] lstrlenW (lpString="/XML") returned 4
[0324.072] lstrlenW (lpString="-/") returned 2
[0324.072] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0324.072] lstrlenW (lpString="create") returned 6
[0324.072] lstrlenW (lpString="create") returned 6
[0324.072] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.072] lstrlenW (lpString="XML") returned 3
[0324.072] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.072] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x9, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|create|") returned 8
[0324.072] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.072] lstrlenW (lpString="|create|") returned 8
[0324.072] lstrlenW (lpString="|XML|") returned 5
[0324.072] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0324.072] SetLastError (dwErrCode=0x490)
[0324.072] lstrlenW (lpString="?") returned 1
[0324.072] lstrlenW (lpString="?") returned 1
[0324.072] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.072] lstrlenW (lpString="XML") returned 3
[0324.072] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.072] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|?|") returned 3
[0324.072] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.072] lstrlenW (lpString="|?|") returned 3
[0324.072] lstrlenW (lpString="|XML|") returned 5
[0324.072] SetLastError (dwErrCode=0x490)
[0324.072] lstrlenW (lpString="s") returned 1
[0324.072] lstrlenW (lpString="s") returned 1
[0324.072] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.072] lstrlenW (lpString="XML") returned 3
[0324.072] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.072] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|s|") returned 3
[0324.072] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.072] lstrlenW (lpString="|s|") returned 3
[0324.072] lstrlenW (lpString="|XML|") returned 5
[0324.072] SetLastError (dwErrCode=0x490)
[0324.072] lstrlenW (lpString="u") returned 1
[0324.072] lstrlenW (lpString="u") returned 1
[0324.072] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.072] lstrlenW (lpString="XML") returned 3
[0324.073] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.073] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|u|") returned 3
[0324.073] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.073] lstrlenW (lpString="|u|") returned 3
[0324.073] lstrlenW (lpString="|XML|") returned 5
[0324.073] SetLastError (dwErrCode=0x490)
[0324.073] lstrlenW (lpString="p") returned 1
[0324.073] lstrlenW (lpString="p") returned 1
[0324.073] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.073] lstrlenW (lpString="XML") returned 3
[0324.073] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.073] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|p|") returned 3
[0324.073] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.073] lstrlenW (lpString="|p|") returned 3
[0324.073] lstrlenW (lpString="|XML|") returned 5
[0324.073] SetLastError (dwErrCode=0x490)
[0324.073] lstrlenW (lpString="ru") returned 2
[0324.073] lstrlenW (lpString="ru") returned 2
[0324.073] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.073] lstrlenW (lpString="XML") returned 3
[0324.073] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.073] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|ru|") returned 4
[0324.073] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.073] lstrlenW (lpString="|ru|") returned 4
[0324.073] lstrlenW (lpString="|XML|") returned 5
[0324.073] SetLastError (dwErrCode=0x490)
[0324.073] lstrlenW (lpString="rp") returned 2
[0324.073] lstrlenW (lpString="rp") returned 2
[0324.073] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.073] lstrlenW (lpString="XML") returned 3
[0324.073] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.074] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|rp|") returned 4
[0324.074] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.074] lstrlenW (lpString="|rp|") returned 4
[0324.074] lstrlenW (lpString="|XML|") returned 5
[0324.074] SetLastError (dwErrCode=0x490)
[0324.074] lstrlenW (lpString="sc") returned 2
[0324.074] lstrlenW (lpString="sc") returned 2
[0324.074] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.074] lstrlenW (lpString="XML") returned 3
[0324.074] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.074] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|sc|") returned 4
[0324.074] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.074] lstrlenW (lpString="|sc|") returned 4
[0324.074] lstrlenW (lpString="|XML|") returned 5
[0324.074] SetLastError (dwErrCode=0x490)
[0324.074] lstrlenW (lpString="mo") returned 2
[0324.074] lstrlenW (lpString="mo") returned 2
[0324.074] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.074] lstrlenW (lpString="XML") returned 3
[0324.074] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.074] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|mo|") returned 4
[0324.074] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.074] lstrlenW (lpString="|mo|") returned 4
[0324.074] lstrlenW (lpString="|XML|") returned 5
[0324.074] SetLastError (dwErrCode=0x490)
[0324.074] lstrlenW (lpString="d") returned 1
[0324.074] lstrlenW (lpString="d") returned 1
[0324.074] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.074] lstrlenW (lpString="XML") returned 3
[0324.074] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.074] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|d|") returned 3
[0324.075] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.075] lstrlenW (lpString="|d|") returned 3
[0324.075] lstrlenW (lpString="|XML|") returned 5
[0324.075] SetLastError (dwErrCode=0x490)
[0324.075] lstrlenW (lpString="m") returned 1
[0324.075] lstrlenW (lpString="m") returned 1
[0324.075] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.075] lstrlenW (lpString="XML") returned 3
[0324.075] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.075] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|m|") returned 3
[0324.075] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.075] lstrlenW (lpString="|m|") returned 3
[0324.075] lstrlenW (lpString="|XML|") returned 5
[0324.075] SetLastError (dwErrCode=0x490)
[0324.075] lstrlenW (lpString="i") returned 1
[0324.075] lstrlenW (lpString="i") returned 1
[0324.075] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.075] lstrlenW (lpString="XML") returned 3
[0324.075] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.075] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|i|") returned 3
[0324.075] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.075] lstrlenW (lpString="|i|") returned 3
[0324.075] lstrlenW (lpString="|XML|") returned 5
[0324.075] SetLastError (dwErrCode=0x490)
[0324.075] lstrlenW (lpString="tn") returned 2
[0324.075] lstrlenW (lpString="tn") returned 2
[0324.075] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.075] lstrlenW (lpString="XML") returned 3
[0324.075] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.075] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|tn|") returned 4
[0324.075] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.075] lstrlenW (lpString="|tn|") returned 4
[0324.075] lstrlenW (lpString="|XML|") returned 5
[0324.075] SetLastError (dwErrCode=0x490)
[0324.075] lstrlenW (lpString="tr") returned 2
[0324.076] lstrlenW (lpString="tr") returned 2
[0324.076] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.076] lstrlenW (lpString="XML") returned 3
[0324.076] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.076] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|tr|") returned 4
[0324.076] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.076] lstrlenW (lpString="|tr|") returned 4
[0324.076] lstrlenW (lpString="|XML|") returned 5
[0324.076] SetLastError (dwErrCode=0x490)
[0324.076] lstrlenW (lpString="st") returned 2
[0324.076] lstrlenW (lpString="st") returned 2
[0324.076] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.076] lstrlenW (lpString="XML") returned 3
[0324.076] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.076] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|st|") returned 4
[0324.076] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.076] lstrlenW (lpString="|st|") returned 4
[0324.076] lstrlenW (lpString="|XML|") returned 5
[0324.076] SetLastError (dwErrCode=0x490)
[0324.076] lstrlenW (lpString="sd") returned 2
[0324.076] lstrlenW (lpString="sd") returned 2
[0324.076] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.076] lstrlenW (lpString="XML") returned 3
[0324.076] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.076] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|sd|") returned 4
[0324.076] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.076] lstrlenW (lpString="|sd|") returned 4
[0324.076] lstrlenW (lpString="|XML|") returned 5
[0324.076] SetLastError (dwErrCode=0x490)
[0324.076] lstrlenW (lpString="ed") returned 2
[0324.076] lstrlenW (lpString="ed") returned 2
[0324.076] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.076] lstrlenW (lpString="XML") returned 3
[0324.076] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.077] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|ed|") returned 4
[0324.077] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.077] lstrlenW (lpString="|ed|") returned 4
[0324.077] lstrlenW (lpString="|XML|") returned 5
[0324.077] SetLastError (dwErrCode=0x490)
[0324.077] lstrlenW (lpString="it") returned 2
[0324.077] lstrlenW (lpString="it") returned 2
[0324.077] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.077] lstrlenW (lpString="XML") returned 3
[0324.077] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.077] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|it|") returned 4
[0324.077] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.077] lstrlenW (lpString="|it|") returned 4
[0324.077] lstrlenW (lpString="|XML|") returned 5
[0324.078] SetLastError (dwErrCode=0x490)
[0324.078] lstrlenW (lpString="et") returned 2
[0324.078] lstrlenW (lpString="et") returned 2
[0324.078] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.078] lstrlenW (lpString="XML") returned 3
[0324.078] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.078] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|et|") returned 4
[0324.078] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.078] lstrlenW (lpString="|et|") returned 4
[0324.079] lstrlenW (lpString="|XML|") returned 5
[0324.079] SetLastError (dwErrCode=0x490)
[0324.079] lstrlenW (lpString="k") returned 1
[0324.079] lstrlenW (lpString="k") returned 1
[0324.079] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.079] lstrlenW (lpString="XML") returned 3
[0324.079] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.079] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|k|") returned 3
[0324.079] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.079] lstrlenW (lpString="|k|") returned 3
[0324.079] lstrlenW (lpString="|XML|") returned 5
[0324.079] SetLastError (dwErrCode=0x490)
[0324.079] lstrlenW (lpString="du") returned 2
[0324.079] lstrlenW (lpString="du") returned 2
[0324.079] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.079] lstrlenW (lpString="XML") returned 3
[0324.079] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.079] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|du|") returned 4
[0324.079] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.079] lstrlenW (lpString="|du|") returned 4
[0324.079] lstrlenW (lpString="|XML|") returned 5
[0324.079] SetLastError (dwErrCode=0x490)
[0324.079] lstrlenW (lpString="ri") returned 2
[0324.079] lstrlenW (lpString="ri") returned 2
[0324.079] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.079] lstrlenW (lpString="XML") returned 3
[0324.079] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.079] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|ri|") returned 4
[0324.079] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.079] lstrlenW (lpString="|ri|") returned 4
[0324.079] lstrlenW (lpString="|XML|") returned 5
[0324.079] SetLastError (dwErrCode=0x490)
[0324.079] lstrlenW (lpString="z") returned 1
[0324.079] lstrlenW (lpString="z") returned 1
[0324.079] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.080] lstrlenW (lpString="XML") returned 3
[0324.080] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.080] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|z|") returned 3
[0324.080] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.080] lstrlenW (lpString="|z|") returned 3
[0324.080] lstrlenW (lpString="|XML|") returned 5
[0324.080] SetLastError (dwErrCode=0x490)
[0324.080] lstrlenW (lpString="f") returned 1
[0324.080] lstrlenW (lpString="f") returned 1
[0324.080] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.080] lstrlenW (lpString="XML") returned 3
[0324.080] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.080] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x4, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|f|") returned 3
[0324.080] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.080] lstrlenW (lpString="|f|") returned 3
[0324.080] lstrlenW (lpString="|XML|") returned 5
[0324.080] SetLastError (dwErrCode=0x490)
[0324.080] lstrlenW (lpString="v1") returned 2
[0324.080] lstrlenW (lpString="v1") returned 2
[0324.080] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.080] lstrlenW (lpString="XML") returned 3
[0324.080] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.080] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x5, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|v1|") returned 4
[0324.080] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.080] lstrlenW (lpString="|v1|") returned 4
[0324.080] lstrlenW (lpString="|XML|") returned 5
[0324.080] SetLastError (dwErrCode=0x490)
[0324.080] lstrlenW (lpString="xml") returned 3
[0324.080] lstrlenW (lpString="xml") returned 3
[0324.080] _memicmp (_Buf1=0x4b4af0, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.080] lstrlenW (lpString="XML") returned 3
[0324.080] _memicmp (_Buf1=0x4b4b20, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.080] _vsnwprintf (in: _Buffer=0x4b5160, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|xml|") returned 5
[0324.080] _vsnwprintf (in: _Buffer=0x4b5120, _BufferCount=0x6, _Format="|%s|", _ArgList=0x23c954 | out: _Buffer="|XML|") returned 5
[0324.080] lstrlenW (lpString="|xml|") returned 5
[0324.080] lstrlenW (lpString="|XML|") returned 5
[0324.081] StrStrIW (lpFirst="|xml|", lpSrch="|XML|") returned="|xml|"
[0324.081] SetLastError (dwErrCode=0x0)
[0324.081] SetLastError (dwErrCode=0x0)
[0324.081] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp") returned 49
[0324.081] lstrlenW (lpString="-/") returned 2
[0324.081] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0
[0324.081] SetLastError (dwErrCode=0x490)
[0324.081] SetLastError (dwErrCode=0x490)
[0324.081] SetLastError (dwErrCode=0x0)
[0324.081] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp") returned 49
[0324.081] StrChrIW (lpStart="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp", wMatch=0x3a) returned=":\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp"
[0324.081] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp") returned 49
[0324.081] _memicmp (_Buf1=0x4b4b38, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.081] _memicmp (_Buf1=0x4b4b68, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.081] SetLastError (dwErrCode=0x7a)
[0324.081] SetLastError (dwErrCode=0x0)
[0324.081] SetLastError (dwErrCode=0x0)
[0324.081] lstrlenW (lpString="C") returned 1
[0324.081] SetLastError (dwErrCode=0x490)
[0324.081] SetLastError (dwErrCode=0x0)
[0324.081] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp") returned 49
[0324.081] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp") returned 49
[0324.081] GetProcessHeap () returned 0x4a0000
[0324.081] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x64) returned 0x4b5b68
[0324.081] SetLastError (dwErrCode=0x0)
[0324.081] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp") returned 49
[0324.081] SetLastError (dwErrCode=0x0)
[0324.081] GetProcessHeap () returned 0x4a0000
[0324.081] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x1fc) returned 0x4b5bd8
[0324.081] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0324.090] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
[0324.105] CoCreateInstance (in: rclsid=0xae230c*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0xae20fc*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x23cd84 | out: ppv=0x23cd84*=0x763cb8) returned 0x0
[0324.113] TaskScheduler:ITaskService:Connect (This=0x763cb8, serverName=0x23ccf4*(varType=0x8, wReserved1=0x0, wReserved2=0xcd68, wReserved3=0x23, varVal1=0x0, varVal2=0x23d640), user=0x23cd04*(varType=0x0, wReserved1=0x23, wReserved2=0xcd8c, wReserved3=0x23, varVal1=0x76cb9cde, varVal2=0x23d640), domain=0x23cd14*(varType=0x0, wReserved1=0x0, wReserved2=0x1f0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), password=0x23cd24*(varType=0x0, wReserved1=0x0, wReserved2=0x9c39, wReserved3=0x76cb, varVal1=0x70, varVal2=0x23d7c0)) returned 0x0
[0324.117] TaskScheduler:IUnknown:AddRef (This=0x763cb8) returned 0x2
[0324.118] TaskScheduler:ITaskService:GetFolder (in: This=0x763cb8, Path=0x0, ppFolder=0x23ce28 | out: ppFolder=0x23ce28*=0x761368) returned 0x0
[0324.121] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmp9c4e.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0x10c
[0324.122] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x23c718 | out: lpFileSize=0x23c718*=1642) returned 1
[0324.122] ReadFile (in: hFile=0x10c, lpBuffer=0x23c720, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0x23c728, lpOverlapped=0x0 | out: lpBuffer=0x23c720*, lpNumberOfBytesRead=0x23c728*=0x2, lpOverlapped=0x0) returned 1
[0324.123] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
[0324.123] malloc (_Size=0x66b) returned 0x762638
[0324.123] ReadFile (in: hFile=0x10c, lpBuffer=0x762638, nNumberOfBytesToRead=0x66b, lpNumberOfBytesRead=0x23c728, lpOverlapped=0x0 | out: lpBuffer=0x762638*, lpNumberOfBytesRead=0x23c728*=0x66a, lpOverlapped=0x0) returned 1
[0324.123] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x762638, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1643
[0324.123] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x762638, cbMultiByte=-1, lpWideCharStr=0x4c55fc, cchWideChar=1643 | out: lpWideCharStr="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n Q9IATRKPRH\\kEecfMwgj\r\n \r\n \r\n \r\n true\r\n Q9IATRKPRH\\kEecfMwgj\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n Q9IATRKPRH\\kEecfMwgj\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe\r\n \r\n \r\n") returned 1643
[0324.123] SysStringLen (param_1="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n Q9IATRKPRH\\kEecfMwgj\r\n \r\n \r\n \r\n true\r\n Q9IATRKPRH\\kEecfMwgj\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n Q9IATRKPRH\\kEecfMwgj\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe\r\n \r\n \r\n") returned 0x66a
[0324.123] VarBstrCat (in: bstrLeft=0x0, bstrRight="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n Q9IATRKPRH\\kEecfMwgj\r\n \r\n \r\n \r\n true\r\n Q9IATRKPRH\\kEecfMwgj\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n Q9IATRKPRH\\kEecfMwgj\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe\r\n \r\n \r\n", pbstrResult=0x23c6c8 | out: pbstrResult=0x23c6c8) returned 0x0
[0324.123] free (_Block=0x762638)
[0324.123] CloseHandle (hObject=0x10c) returned 1
[0324.123] lstrlenW (lpString="") returned 0
[0324.124] malloc (_Size=0xc) returned 0x763d40
[0324.124] SysStringLen (param_1="") returned 0x0
[0324.125] free (_Block=0x763d40)
[0324.125] lstrlenW (lpString="") returned 0
[0324.125] ITaskFolder:RegisterTask (in: This=0x761368, Path="Updates\\EmVFlIse", XmlText="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n Q9IATRKPRH\\kEecfMwgj\r\n \r\n \r\n \r\n true\r\n Q9IATRKPRH\\kEecfMwgj\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n Q9IATRKPRH\\kEecfMwgj\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EmVFlIse.exe\r\n \r\n \r\n", flags=2, UserId=0x23c704*(varType=0x8, wReserved1=0x0, wReserved2=0x3ff0, wReserved3=0x4c, varVal1="", varVal2=0x4c3ff0), password=0x23c714*(varType=0x0, wReserved1=0x4c, wReserved2=0x0, wReserved3=0x0, varVal1=0x23c79c, varVal2=0x76eb7526), LogonType=0, sddl=0x23c728*(varType=0x0, wReserved1=0x4c, wReserved2=0x3ff0, wReserved3=0x4c, varVal1=0x0, varVal2=0x0), ppTask=0x23c788 | out: ppTask=0x23c788*=0x0) returned 0x800700b7
[0324.140] SetLastError (dwErrCode=0x800700b7)
[0324.140] GetLastError () returned 0x800700b7
[0324.140] FormatMessageW (in: dwFlags=0x1300, lpSource=0x0, dwMessageId=0x800700b7, dwLanguageId=0x0, lpBuffer=0x23c71c, nSize=0x0, Arguments=0x0 | out: lpBuffer="䮀L윬#鿹¯㺮甫춘#锵®⥀盕\x01\x01⾸㽤\x01") returned 0x35
[0324.190] GetLastError () returned 0x800700b7
[0324.190] lstrlenW (lpString="Cannot create a file when that file already exists.\r\n") returned 53
[0324.190] GetProcessHeap () returned 0x4a0000
[0324.190] GetProcessHeap () returned 0x4a0000
[0324.190] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b3c98) returned 1
[0324.191] GetProcessHeap () returned 0x4a0000
[0324.191] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b3c98) returned 0x2
[0324.191] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b3c98 | out: hHeap=0x4a0000) returned 1
[0324.191] GetProcessHeap () returned 0x4a0000
[0324.191] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x6c) returned 0x4c4530
[0324.191] SetLastError (dwErrCode=0x800700b7)
[0324.191] GetProcessHeap () returned 0x4a0000
[0324.191] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x14) returned 0x4b5560
[0324.191] _memicmp (_Buf1=0x4b4ad8, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.191] LoadStringW (in: hInstance=0x0, uID=0x1389, lpBuffer=0x4b6540, cchBufferMax=256 | out: lpBuffer="ERROR:") returned 0x6
[0324.191] lstrlenW (lpString="ERROR:") returned 6
[0324.191] GetProcessHeap () returned 0x4a0000
[0324.191] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0xe) returned 0x4c1240
[0324.191] GetProcessHeap () returned 0x4a0000
[0324.191] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x10) returned 0x4c12b8
[0324.191] _memicmp (_Buf1=0x4c12b8, _Buf2=0xae1ed8, _Size=0x7) returned 0
[0324.191] GetProcessHeap () returned 0x4a0000
[0324.191] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0xc, Size=0x1000) returned 0x4c6fc8
[0324.191] _vsnwprintf (in: _Buffer=0x4c6fc8, _BufferCount=0x7ff, _Format="%s ", _ArgList=0x23c720 | out: _Buffer="ERROR: ") returned 7
[0324.191] _fileno (_File=0x76d52940) returned 2
[0324.192] _errno () returned 0x7607d8
[0324.192] _get_osfhandle (_FileHandle=2) returned 0xb
[0324.192] _errno () returned 0x7607d8
[0324.192] GetFileType (hFile=0xb) returned 0x2
[0324.192] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0324.192] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x23c6b8 | out: lpMode=0x23c6b8) returned 1
[0324.192] __iob_func () returned 0x76d52900
[0324.192] __iob_func () returned 0x76d52900
[0324.192] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0324.192] lstrlenW (lpString="ERROR: ") returned 7
[0324.192] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4c6fc8*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x23c6e0, lpReserved=0x0 | out: lpBuffer=0x4c6fc8*, lpNumberOfCharsWritten=0x23c6e0*=0x7) returned 1
[0324.193] _fileno (_File=0x76d52940) returned 2
[0324.193] _errno () returned 0x7607d8
[0324.193] _get_osfhandle (_FileHandle=2) returned 0xb
[0324.193] _errno () returned 0x7607d8
[0324.193] GetFileType (hFile=0xb) returned 0x2
[0324.193] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0324.193] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x23c6e4 | out: lpMode=0x23c6e4) returned 1
[0324.194] __iob_func () returned 0x76d52900
[0324.194] __iob_func () returned 0x76d52900
[0324.194] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0324.194] lstrlenW (lpString="Cannot create a file when that file already exists.\r\n") returned 53
[0324.194] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4c4530*, nNumberOfCharsToWrite=0x35, lpNumberOfCharsWritten=0x23c70c, lpReserved=0x0 | out: lpBuffer=0x4c4530*, lpNumberOfCharsWritten=0x23c70c*=0x35) returned 1
[0324.194] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x23c790 | out: pperrinfo=0x23c790*=0x0) returned 0x1
[0324.195] TaskScheduler:IUnknown:Release (This=0x761368) returned 0x0
[0324.195] TaskScheduler:IUnknown:Release (This=0x763cb8) returned 0x1
[0324.195] lstrlenW (lpString="") returned 0
[0324.195] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp") returned 49
[0324.195] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9C4E.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50
[0324.195] GetProcessHeap () returned 0x4a0000
[0324.195] GetProcessHeap () returned 0x4a0000
[0324.195] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5bd8) returned 1
[0324.195] GetProcessHeap () returned 0x4a0000
[0324.195] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5bd8) returned 0x1fc
[0324.195] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5bd8 | out: hHeap=0x4a0000) returned 1
[0324.195] GetProcessHeap () returned 0x4a0000
[0324.195] GetProcessHeap () returned 0x4a0000
[0324.195] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5b68) returned 1
[0324.195] GetProcessHeap () returned 0x4a0000
[0324.195] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5b68) returned 0x64
[0324.195] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5b68 | out: hHeap=0x4a0000) returned 1
[0324.195] GetProcessHeap () returned 0x4a0000
[0324.195] GetProcessHeap () returned 0x4a0000
[0324.195] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b51a0) returned 1
[0324.195] GetProcessHeap () returned 0x4a0000
[0324.195] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b51a0) returned 0x16
[0324.195] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b51a0 | out: hHeap=0x4a0000) returned 1
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4aef10) returned 1
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4aef10) returned 0x10
[0324.196] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4aef10 | out: hHeap=0x4a0000) returned 1
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b51c0) returned 1
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b51c0) returned 0x14
[0324.196] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b51c0 | out: hHeap=0x4a0000) returned 1
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b6498) returned 1
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b6498) returned 0xa0
[0324.196] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b6498 | out: hHeap=0x4a0000) returned 1
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4ac0) returned 1
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4ac0) returned 0x10
[0324.196] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4ac0 | out: hHeap=0x4a0000) returned 1
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b50a0) returned 1
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b50a0) returned 0x14
[0324.196] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b50a0 | out: hHeap=0x4a0000) returned 1
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5af8) returned 1
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5af8) returned 0x68
[0324.196] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5af8 | out: hHeap=0x4a0000) returned 1
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4b68) returned 1
[0324.196] GetProcessHeap () returned 0x4a0000
[0324.196] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4b68) returned 0x10
[0324.197] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4b68 | out: hHeap=0x4a0000) returned 1
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5060) returned 1
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5060) returned 0x14
[0324.197] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5060 | out: hHeap=0x4a0000) returned 1
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4b50) returned 1
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4b50) returned 0xc
[0324.197] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4b50 | out: hHeap=0x4a0000) returned 1
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4b38) returned 1
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4b38) returned 0x10
[0324.197] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4b38 | out: hHeap=0x4a0000) returned 1
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5040) returned 1
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5040) returned 0x14
[0324.197] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5040 | out: hHeap=0x4a0000) returned 1
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b58a8) returned 1
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b58a8) returned 0x208
[0324.197] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b58a8 | out: hHeap=0x4a0000) returned 1
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4a60) returned 1
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.197] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4a60) returned 0x10
[0324.197] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4a60 | out: hHeap=0x4a0000) returned 1
[0324.197] GetProcessHeap () returned 0x4a0000
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5000) returned 1
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5000) returned 0x14
[0324.198] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5000 | out: hHeap=0x4a0000) returned 1
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b6540) returned 1
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b6540) returned 0x200
[0324.198] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b6540 | out: hHeap=0x4a0000) returned 1
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4ad8) returned 1
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4ad8) returned 0x10
[0324.198] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4ad8 | out: hHeap=0x4a0000) returned 1
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4fa0) returned 1
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4fa0) returned 0x14
[0324.198] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4fa0 | out: hHeap=0x4a0000) returned 1
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4c6fc8) returned 1
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4c6fc8) returned 0x1000
[0324.198] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4c6fc8 | out: hHeap=0x4a0000) returned 1
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4c12b8) returned 1
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4c12b8) returned 0x10
[0324.198] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4c12b8 | out: hHeap=0x4a0000) returned 1
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4f80) returned 1
[0324.198] GetProcessHeap () returned 0x4a0000
[0324.198] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4f80) returned 0x14
[0324.199] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4f80 | out: hHeap=0x4a0000) returned 1
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5120) returned 1
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5120) returned 0x14
[0324.199] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5120 | out: hHeap=0x4a0000) returned 1
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4b20) returned 1
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4b20) returned 0x10
[0324.199] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4b20 | out: hHeap=0x4a0000) returned 1
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4f08) returned 1
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4f08) returned 0x14
[0324.199] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4f08 | out: hHeap=0x4a0000) returned 1
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5160) returned 1
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5160) returned 0x16
[0324.199] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5160 | out: hHeap=0x4a0000) returned 1
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4af0) returned 1
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4af0) returned 0x10
[0324.199] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4af0 | out: hHeap=0x4a0000) returned 1
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4ee8) returned 1
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.199] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4ee8) returned 0x14
[0324.199] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4ee8 | out: hHeap=0x4a0000) returned 1
[0324.199] GetProcessHeap () returned 0x4a0000
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4c4530) returned 1
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4c4530) returned 0x6c
[0324.200] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4c4530 | out: hHeap=0x4a0000) returned 1
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b3ca8) returned 1
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b3ca8) returned 0x14
[0324.200] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b3ca8 | out: hHeap=0x4a0000) returned 1
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4de8) returned 1
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4de8) returned 0x14
[0324.200] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4de8 | out: hHeap=0x4a0000) returned 1
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4e08) returned 1
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4e08) returned 0x14
[0324.200] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4e08 | out: hHeap=0x4a0000) returned 1
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4e28) returned 1
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4e28) returned 0x14
[0324.200] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4e28 | out: hHeap=0x4a0000) returned 1
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b50c0) returned 1
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b50c0) returned 0x14
[0324.200] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b50c0 | out: hHeap=0x4a0000) returned 1
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] GetProcessHeap () returned 0x4a0000
[0324.200] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b50e0) returned 1
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b50e0) returned 0x14
[0324.201] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b50e0 | out: hHeap=0x4a0000) returned 1
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b6748) returned 1
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b6748) returned 0x30
[0324.201] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b6748 | out: hHeap=0x4a0000) returned 1
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5100) returned 1
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5100) returned 0x14
[0324.201] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5100 | out: hHeap=0x4a0000) returned 1
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5ab8) returned 1
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5ab8) returned 0x30
[0324.201] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5ab8 | out: hHeap=0x4a0000) returned 1
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5180) returned 1
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5180) returned 0x14
[0324.201] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5180 | out: hHeap=0x4a0000) returned 1
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4c1240) returned 1
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4c1240) returned 0xe
[0324.201] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4c1240 | out: hHeap=0x4a0000) returned 1
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5560) returned 1
[0324.201] GetProcessHeap () returned 0x4a0000
[0324.201] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5560) returned 0x14
[0324.201] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5560 | out: hHeap=0x4a0000) returned 1
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4a18) returned 1
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4a18) returned 0x10
[0324.202] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4a18 | out: hHeap=0x4a0000) returned 1
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4e48) returned 1
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4e48) returned 0x14
[0324.202] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4e48 | out: hHeap=0x4a0000) returned 1
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4e68) returned 1
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4e68) returned 0x14
[0324.202] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4e68 | out: hHeap=0x4a0000) returned 1
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4e88) returned 1
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4e88) returned 0x14
[0324.202] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4e88 | out: hHeap=0x4a0000) returned 1
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4ea8) returned 1
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4ea8) returned 0x14
[0324.202] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4ea8 | out: hHeap=0x4a0000) returned 1
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4a30) returned 1
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4a30) returned 0x10
[0324.202] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4a30 | out: hHeap=0x4a0000) returned 1
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] GetProcessHeap () returned 0x4a0000
[0324.202] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4ec8) returned 1
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4ec8) returned 0x14
[0324.203] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4ec8 | out: hHeap=0x4a0000) returned 1
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4f40) returned 1
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4f40) returned 0x14
[0324.203] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4f40 | out: hHeap=0x4a0000) returned 1
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4fc0) returned 1
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4fc0) returned 0x14
[0324.203] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4fc0 | out: hHeap=0x4a0000) returned 1
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4fe0) returned 1
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4fe0) returned 0x14
[0324.203] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4fe0 | out: hHeap=0x4a0000) returned 1
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5080) returned 1
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b5080) returned 0x14
[0324.203] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b5080 | out: hHeap=0x4a0000) returned 1
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4a48) returned 1
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4a48) returned 0x10
[0324.203] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4a48 | out: hHeap=0x4a0000) returned 1
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.203] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4f60) returned 1
[0324.203] GetProcessHeap () returned 0x4a0000
[0324.204] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4f60) returned 0x14
[0324.204] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4f60 | out: hHeap=0x4a0000) returned 1
[0324.204] GetProcessHeap () returned 0x4a0000
[0324.204] GetProcessHeap () returned 0x4a0000
[0324.204] HeapValidate (hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4a00) returned 1
[0324.204] GetProcessHeap () returned 0x4a0000
[0324.204] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b4a00) returned 0x10
[0324.204] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b4a00 | out: hHeap=0x4a0000) returned 1
[0324.204] exit (_Code=1)
Thread:
id = 265
os_tid = 0x59c
Process:
id = "16"
image_name = "regsvcs.exe"
filename = "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe"
page_root = "0x6a676000"
os_pid = "0x6e0"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "10"
os_parent_pid = "0x5fc"
cmd_line = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e34b" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 3972
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 3973
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 3974
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 3975
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 3976
start_va = 0x210000
end_va = 0x24ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 3977
start_va = 0x280000
end_va = 0x37ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 3978
start_va = 0xbe0000
end_va = 0xbedfff
monitored = 0
entry_point = 0xbe8356
region_type = mapped_file
name = "regsvcs.exe"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")
Region:
id = 3979
start_va = 0x771b0000
end_va = 0x77358fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3980
start_va = 0x77390000
end_va = 0x7750ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 3981
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 3982
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 3983
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 3984
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 3985
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 3986
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 3987
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 3988
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 3989
start_va = 0x400000
end_va = 0x43bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 3990
start_va = 0x100000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 3991
start_va = 0x74e10000
end_va = 0x74e17fff
monitored = 0
entry_point = 0x74e120f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 3992
start_va = 0x74e20000
end_va = 0x74e7bfff
monitored = 0
entry_point = 0x74e5f798
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 3993
start_va = 0x74e80000
end_va = 0x74ebefff
monitored = 0
entry_point = 0x74eade78
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 3994
start_va = 0x77090000
end_va = 0x771aefff
monitored = 0
entry_point = 0x770a5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3995
start_va = 0x76600000
end_va = 0x7670ffff
monitored = 0
entry_point = 0x766132d3
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 3996
start_va = 0x77090000
end_va = 0x771aefff
monitored = 0
entry_point = 0x770a5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3997
start_va = 0x77090000
end_va = 0x771aefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000077090000"
filename = ""
Region:
id = 3998
start_va = 0x76f90000
end_va = 0x77089fff
monitored = 0
entry_point = 0x76faa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3999
start_va = 0x76f90000
end_va = 0x77089fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076f90000"
filename = ""
Region:
id = 4000
start_va = 0x440000
end_va = 0x5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 4001
start_va = 0x74cc0000
end_va = 0x74d09fff
monitored = 1
entry_point = 0x74cc2e54
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 4002
start_va = 0x76600000
end_va = 0x7670ffff
monitored = 0
entry_point = 0x766132d3
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 4003
start_va = 0x75580000
end_va = 0x755c5fff
monitored = 0
entry_point = 0x75587478
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 4004
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 4005
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 4006
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 4007
start_va = 0x70000
end_va = 0xd6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 4008
start_va = 0x180000
end_va = 0x1affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 4009
start_va = 0x5d0000
end_va = 0x7effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 4010
start_va = 0x76c10000
end_va = 0x76caffff
monitored = 0
entry_point = 0x76c249e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 4011
start_va = 0x76cb0000
end_va = 0x76d5bfff
monitored = 0
entry_point = 0x76cba472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 4012
start_va = 0x764b0000
end_va = 0x764c8fff
monitored = 0
entry_point = 0x764b4975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 4013
start_va = 0x76ea0000
end_va = 0x76f8ffff
monitored = 0
entry_point = 0x76eb0569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 4014
start_va = 0x74ee0000
end_va = 0x74f3ffff
monitored = 0
entry_point = 0x74efa3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 4015
start_va = 0x74ed0000
end_va = 0x74edbfff
monitored = 0
entry_point = 0x74ed10e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 4016
start_va = 0x7f0000
end_va = 0x9dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007f0000"
filename = ""
Region:
id = 4017
start_va = 0x74c20000
end_va = 0x74cacfff
monitored = 1
entry_point = 0x74c32860
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 4018
start_va = 0x74c10000
end_va = 0x74c12fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 4019
start_va = 0x76810000
end_va = 0x76866fff
monitored = 0
entry_point = 0x76829ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 4020
start_va = 0x76a10000
end_va = 0x76a9ffff
monitored = 0
entry_point = 0x76a26343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 4021
start_va = 0x76710000
end_va = 0x7680ffff
monitored = 0
entry_point = 0x7672b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 4022
start_va = 0x77360000
end_va = 0x77369fff
monitored = 0
entry_point = 0x773636a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 4023
start_va = 0x76dc0000
end_va = 0x76e5cfff
monitored = 0
entry_point = 0x76df3fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 4024
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 4025
start_va = 0x5d0000
end_va = 0x757fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005d0000"
filename = ""
Region:
id = 4026
start_va = 0x7b0000
end_va = 0x7effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007b0000"
filename = ""
Region:
id = 4027
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 4028
start_va = 0x76d60000
end_va = 0x76dbffff
monitored = 0
entry_point = 0x76d7158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 4029
start_va = 0x75340000
end_va = 0x7540bfff
monitored = 0
entry_point = 0x7534168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 4030
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 4031
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 4032
start_va = 0x7f0000
end_va = 0x970fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007f0000"
filename = ""
Region:
id = 4033
start_va = 0x9d0000
end_va = 0x9dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 4034
start_va = 0xbf0000
end_va = 0x1feffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000bf0000"
filename = ""
Region:
id = 4035
start_va = 0x74c00000
end_va = 0x74c08fff
monitored = 0
entry_point = 0x74c01220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 4036
start_va = 0x74450000
end_va = 0x74bfefff
monitored = 1
entry_point = 0x7446d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 4037
start_va = 0x74450000
end_va = 0x74bfefff
monitored = 1
entry_point = 0x7446d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 4038
start_va = 0x74450000
end_va = 0x74bfefff
monitored = 1
entry_point = 0x7446d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 4039
start_va = 0x74430000
end_va = 0x74443fff
monitored = 0
entry_point = 0x7443ac00
region_type = mapped_file
name = "vcruntime140_clr0400.dll"
filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")
Region:
id = 4040
start_va = 0x74380000
end_va = 0x7442afff
monitored = 0
entry_point = 0x74415f20
region_type = mapped_file
name = "ucrtbase_clr0400.dll"
filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")
Region:
id = 4044
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 4045
start_va = 0xf0000
end_va = 0xfffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 4046
start_va = 0x180000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 4047
start_va = 0x1a0000
end_va = 0x1affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 4048
start_va = 0x190000
end_va = 0x19ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 4049
start_va = 0x1b0000
end_va = 0x1bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 4050
start_va = 0x1c0000
end_va = 0x1cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 4051
start_va = 0x1d0000
end_va = 0x1dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 4052
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 4053
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 4054
start_va = 0x9e0000
end_va = 0xb7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 4055
start_va = 0x380000
end_va = 0x3cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4057
start_va = 0xa20000
end_va = 0xa5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a20000"
filename = ""
Region:
id = 4058
start_va = 0xb40000
end_va = 0xb7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b40000"
filename = ""
Region:
id = 4059
start_va = 0x2130000
end_va = 0x222ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002130000"
filename = ""
Region:
id = 4060
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 4061
start_va = 0x200000
end_va = 0x20ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 4062
start_va = 0x2230000
end_va = 0x422ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002230000"
filename = ""
Region:
id = 4063
start_va = 0xa60000
end_va = 0xafffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a60000"
filename = ""
Region:
id = 4064
start_va = 0x20e0000
end_va = 0x211ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020e0000"
filename = ""
Region:
id = 4065
start_va = 0x43f0000
end_va = 0x44effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000043f0000"
filename = ""
Region:
id = 4066
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 4070
start_va = 0xb80000
end_va = 0xbbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b80000"
filename = ""
Region:
id = 4071
start_va = 0x4230000
end_va = 0x432ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004230000"
filename = ""
Region:
id = 4072
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 4074
start_va = 0x44f0000
end_va = 0x47befff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 4075
start_va = 0x72740000
end_va = 0x73b4afff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")
Region:
id = 4076
start_va = 0x76aa0000
end_va = 0x76bfbfff
monitored = 0
entry_point = 0x76aeba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 4077
start_va = 0x74300000
end_va = 0x7437ffff
monitored = 0
entry_point = 0x743137c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 4078
start_va = 0x47c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047c0000"
filename = ""
Region:
id = 4079
start_va = 0x1ff0000
end_va = 0x20cefff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ff0000"
filename = ""
Region:
id = 4080
start_va = 0x200000
end_va = 0x20ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 4081
start_va = 0x250000
end_va = 0x25ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000250000"
filename = ""
Region:
id = 4082
start_va = 0x74270000
end_va = 0x742f8fff
monitored = 1
entry_point = 0x74271130
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 4083
start_va = 0x752b0000
end_va = 0x7533efff
monitored = 0
entry_point = 0x752b3fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 4084
start_va = 0x260000
end_va = 0x26ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 4085
start_va = 0x71280000
end_va = 0x71cd4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")
Region:
id = 4086
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 4087
start_va = 0x740c0000
end_va = 0x74262fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")
Region:
id = 4088
start_va = 0x70410000
end_va = 0x71275fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")
Region:
id = 4089
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 4090
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4091
start_va = 0x390000
end_va = 0x3cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000390000"
filename = ""
Region:
id = 4092
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 4093
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 4094
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 4095
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 4096
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 4097
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 4098
start_va = 0x270000
end_va = 0x27ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 4099
start_va = 0x71f20000
end_va = 0x72737fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")
Region:
id = 4100
start_va = 0x73fb0000
end_va = 0x740b4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.configuration.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")
Region:
id = 4101
start_va = 0x6fc90000
end_va = 0x70403fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")
Region:
id = 4102
start_va = 0x73f90000
end_va = 0x73fa2fff
monitored = 1
entry_point = 0x73f9d900
region_type = mapped_file
name = "nlssorting.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")
Region:
id = 4103
start_va = 0x49d0000
end_va = 0x4ca1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nlp"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp")
Region:
id = 4104
start_va = 0x75860000
end_va = 0x764a9fff
monitored = 0
entry_point = 0x758e1601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 4105
start_va = 0x270000
end_va = 0x270fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000270000"
filename = ""
Region:
id = 4106
start_va = 0x73f80000
end_va = 0x73f8afff
monitored = 0
entry_point = 0x73f81992
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 4107
start_va = 0x47c0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047c0000"
filename = ""
Region:
id = 4108
start_va = 0x4990000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004990000"
filename = ""
Region:
id = 4109
start_va = 0x73f60000
end_va = 0x73f76fff
monitored = 0
entry_point = 0x73f635fa
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 4110
start_va = 0x73f40000
end_va = 0x73f56fff
monitored = 0
entry_point = 0x73f43573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 4111
start_va = 0x440000
end_va = 0x47bfff
monitored = 0
entry_point = 0x44128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 4112
start_va = 0x4d0000
end_va = 0x5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 4113
start_va = 0x440000
end_va = 0x47bfff
monitored = 0
entry_point = 0x44128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 4114
start_va = 0x440000
end_va = 0x47bfff
monitored = 0
entry_point = 0x44128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 4115
start_va = 0x440000
end_va = 0x47bfff
monitored = 0
entry_point = 0x44128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 4116
start_va = 0x440000
end_va = 0x47bfff
monitored = 0
entry_point = 0x44128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 4117
start_va = 0x73f00000
end_va = 0x73f3afff
monitored = 0
entry_point = 0x73f0128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 4118
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4119
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 4120
start_va = 0x73ee0000
end_va = 0x73ef2fff
monitored = 0
entry_point = 0x73ee1d3f
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 4121
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4122
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4123
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4124
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4125
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4126
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4127
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4128
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4129
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4130
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4131
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4132
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4133
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4134
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4135
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4136
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4137
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4138
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4139
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4140
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4141
start_va = 0x73cf0000
end_va = 0x73ed1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.visualbasic.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")
Region:
id = 4142
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4143
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 4144
start_va = 0x76c00000
end_va = 0x76c04fff
monitored = 0
entry_point = 0x76c01438
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 4145
start_va = 0x9e0000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 4146
start_va = 0x4d20000
end_va = 0x4e1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d20000"
filename = ""
Region:
id = 4147
start_va = 0x73ce0000
end_va = 0x73cedfff
monitored = 0
entry_point = 0x73ce1235
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")
Region:
id = 4148
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 4149
start_va = 0x380000
end_va = 0x380fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000380000"
filename = ""
Region:
id = 4150
start_va = 0x43a0000
end_va = 0x43dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000043a0000"
filename = ""
Region:
id = 4151
start_va = 0x47e0000
end_va = 0x481ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047e0000"
filename = ""
Region:
id = 4152
start_va = 0x48c0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048c0000"
filename = ""
Region:
id = 4153
start_va = 0x4e20000
end_va = 0x4f1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e20000"
filename = ""
Region:
id = 4154
start_va = 0x5080000
end_va = 0x517ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005080000"
filename = ""
Region:
id = 4155
start_va = 0x7efa4000
end_va = 0x7efa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa4000"
filename = ""
Region:
id = 4156
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 4157
start_va = 0x757d0000
end_va = 0x75852fff
monitored = 0
entry_point = 0x757d23d2
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 4158
start_va = 0x3d0000
end_va = 0x3d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003d0000"
filename = ""
Region:
id = 4159
start_va = 0x73ca0000
end_va = 0x73cd0fff
monitored = 1
entry_point = 0x73ca12d7
region_type = mapped_file
name = "wbemdisp.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.dll")
Region:
id = 4160
start_va = 0x73c40000
end_va = 0x73c9bfff
monitored = 0
entry_point = 0x73c62b48
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll")
Region:
id = 4161
start_va = 0x76e60000
end_va = 0x76e94fff
monitored = 0
entry_point = 0x76e6145d
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 4162
start_va = 0x75570000
end_va = 0x75575fff
monitored = 0
entry_point = 0x75571782
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")
Region:
id = 4163
start_va = 0x440000
end_va = 0x4bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 4164
start_va = 0x4f20000
end_va = 0x503ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f20000"
filename = ""
Region:
id = 4165
start_va = 0x73c30000
end_va = 0x73c39fff
monitored = 0
entry_point = 0x73c3149a
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll")
Region:
id = 4166
start_va = 0x73c10000
end_va = 0x73c26fff
monitored = 0
entry_point = 0x73c176c5
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll")
Region:
id = 4167
start_va = 0x73c00000
end_va = 0x73c0efff
monitored = 0
entry_point = 0x73c021a0
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll")
Region:
id = 4168
start_va = 0x5180000
end_va = 0x527ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005180000"
filename = ""
Region:
id = 4169
start_va = 0x73b60000
end_va = 0x73bf5fff
monitored = 0
entry_point = 0x73b7f8b9
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll")
Region:
id = 4170
start_va = 0x71f00000
end_va = 0x71f17fff
monitored = 0
entry_point = 0x71f01335
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\SysWOW64\\ntdsapi.dll" (normalized: "c:\\windows\\syswow64\\ntdsapi.dll")
Region:
id = 4171
start_va = 0x71ea0000
end_va = 0x71efefff
monitored = 0
entry_point = 0x71ea2134
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll")
Region:
id = 4172
start_va = 0x3e0000
end_va = 0x3eefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wbemdisp.tlb"
filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.tlb" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.tlb")
Region:
id = 4173
start_va = 0x4f20000
end_va = 0x4fdffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui")
Region:
id = 4174
start_va = 0x5000000
end_va = 0x503ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005000000"
filename = ""
Region:
id = 4291
start_va = 0x71e40000
end_va = 0x71e74fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "custommarshalers.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\CustomMarshalers\\0df8ec76525d72c37f86b6d2ab717e84\\CustomMarshalers.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\custommarshalers\\0df8ec76525d72c37f86b6d2ab717e84\\custommarshalers.ni.dll")
Region:
id = 4292
start_va = 0x71e20000
end_va = 0x71e37fff
monitored = 1
entry_point = 0x71e258de
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 4293
start_va = 0x440000
end_va = 0x458fff
monitored = 1
entry_point = 0x4458de
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 4294
start_va = 0x480000
end_va = 0x4bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 4295
start_va = 0x440000
end_va = 0x458fff
monitored = 1
entry_point = 0x4458de
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 4296
start_va = 0x440000
end_va = 0x458fff
monitored = 1
entry_point = 0x4458de
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 4297
start_va = 0x440000
end_va = 0x458fff
monitored = 1
entry_point = 0x4458de
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 4298
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 4299
start_va = 0x440000
end_va = 0x443fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb")
Region:
id = 4300
start_va = 0x71cf0000
end_va = 0x71e1ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\e114780fd3ea5727401c06ea4f22ef35\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\e114780fd3ea5727401c06ea4f22ef35\\system.management.ni.dll")
Region:
id = 4301
start_va = 0x4cb0000
end_va = 0x4ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 4302
start_va = 0x5340000
end_va = 0x543ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005340000"
filename = ""
Region:
id = 4303
start_va = 0x7efa1000
end_va = 0x7efa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa1000"
filename = ""
Region:
id = 4304
start_va = 0x7ef50000
end_va = 0x7ef9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef50000"
filename = ""
Region:
id = 4305
start_va = 0x7ef40000
end_va = 0x7ef4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef40000"
filename = ""
Region:
id = 4306
start_va = 0xb00000
end_va = 0xb3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 4307
start_va = 0x5540000
end_va = 0x563ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005540000"
filename = ""
Region:
id = 4308
start_va = 0x7ef3d000
end_va = 0x7ef3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3d000"
filename = ""
Region:
id = 4309
start_va = 0x6fc60000
end_va = 0x6fc80fff
monitored = 1
entry_point = 0x6fc698e0
region_type = mapped_file
name = "wminet_utils.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll")
Region:
id = 4310
start_va = 0x450000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000450000"
filename = ""
Region:
id = 4311
start_va = 0x460000
end_va = 0x46ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 4312
start_va = 0x460000
end_va = 0x46ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 4313
start_va = 0x5280000
end_va = 0x52bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005280000"
filename = ""
Region:
id = 4314
start_va = 0x56d0000
end_va = 0x57cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000056d0000"
filename = ""
Region:
id = 4315
start_va = 0x7ef3a000
end_va = 0x7ef3cfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3a000"
filename = ""
Region:
id = 4316
start_va = 0x4870000
end_va = 0x48affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004870000"
filename = ""
Region:
id = 4317
start_va = 0x5560000
end_va = 0x565ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005560000"
filename = ""
Region:
id = 4318
start_va = 0x5300000
end_va = 0x533ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005300000"
filename = ""
Region:
id = 4319
start_va = 0x57b0000
end_va = 0x58affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000057b0000"
filename = ""
Region:
id = 4320
start_va = 0x7ef3a000
end_va = 0x7ef3cfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3a000"
filename = ""
Region:
id = 4322
start_va = 0x460000
end_va = 0x464fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000460000"
filename = ""
Region:
id = 4738
start_va = 0x4910000
end_va = 0x494ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 4739
start_va = 0x5960000
end_va = 0x5a5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005960000"
filename = ""
Region:
id = 4740
start_va = 0x7ef37000
end_va = 0x7ef39fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef37000"
filename = ""
Region:
id = 4741
start_va = 0x460000
end_va = 0x472fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000460000"
filename = ""
Region:
id = 4764
start_va = 0x460000
end_va = 0x46ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 4765
start_va = 0x760000
end_va = 0x79ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000760000"
filename = ""
Region:
id = 4766
start_va = 0x5280000
end_va = 0x52bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005280000"
filename = ""
Region:
id = 4767
start_va = 0x7ef37000
end_va = 0x7ef39fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef37000"
filename = ""
Region:
id = 4768
start_va = 0x4930000
end_va = 0x496ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004930000"
filename = ""
Region:
id = 4769
start_va = 0x5490000
end_va = 0x54cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005490000"
filename = ""
Region:
id = 4770
start_va = 0x56f0000
end_va = 0x572ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000056f0000"
filename = ""
Region:
id = 4771
start_va = 0x5990000
end_va = 0x5a8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005990000"
filename = ""
Region:
id = 4772
start_va = 0x7ef31000
end_va = 0x7ef33fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef31000"
filename = ""
Region:
id = 4773
start_va = 0x7ef34000
end_va = 0x7ef36fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef34000"
filename = ""
Region:
id = 4774
start_va = 0x4910000
end_va = 0x494ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 4775
start_va = 0x5680000
end_va = 0x577ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005680000"
filename = ""
Region:
id = 4800
start_va = 0x4850000
end_va = 0x488ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004850000"
filename = ""
Region:
id = 4801
start_va = 0x52f0000
end_va = 0x532ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000052f0000"
filename = ""
Region:
id = 4802
start_va = 0x54d0000
end_va = 0x550ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054d0000"
filename = ""
Region:
id = 4803
start_va = 0x5790000
end_va = 0x588ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005790000"
filename = ""
Region:
id = 4804
start_va = 0x7ef3d000
end_va = 0x7ef3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3d000"
filename = ""
Region:
id = 4805
start_va = 0x460000
end_va = 0x460fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 4806
start_va = 0x470000
end_va = 0x476fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 4807
start_va = 0x460000
end_va = 0x460fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 4808
start_va = 0x470000
end_va = 0x476fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 4809
start_va = 0x460000
end_va = 0x460fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 4810
start_va = 0x460000
end_va = 0x466fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 4811
start_va = 0x460000
end_va = 0x460fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 4812
start_va = 0x460000
end_va = 0x466fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 4813
start_va = 0x460000
end_va = 0x460fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 4814
start_va = 0x460000
end_va = 0x466fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 4815
start_va = 0x5600000
end_va = 0x563ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005600000"
filename = ""
Region:
id = 4816
start_va = 0x5910000
end_va = 0x5a0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005910000"
filename = ""
Region:
id = 4817
start_va = 0x7ef34000
end_va = 0x7ef36fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef34000"
filename = ""
Region:
id = 5222
start_va = 0x4340000
end_va = 0x437ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004340000"
filename = ""
Region:
id = 5223
start_va = 0x54a0000
end_va = 0x559ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054a0000"
filename = ""
Region:
id = 5288
start_va = 0x6fc00000
end_va = 0x6fc51fff
monitored = 0
entry_point = 0x6fc014be
region_type = mapped_file
name = "rasapi32.dll"
filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")
Region:
id = 5289
start_va = 0x6fbe0000
end_va = 0x6fbf4fff
monitored = 0
entry_point = 0x6fbe12de
region_type = mapped_file
name = "rasman.dll"
filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")
Region:
id = 5290
start_va = 0x71e90000
end_va = 0x71e9cfff
monitored = 0
entry_point = 0x71e91326
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")
Region:
id = 5291
start_va = 0x6fba0000
end_va = 0x6fbdbfff
monitored = 0
entry_point = 0x6fba145d
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")
Region:
id = 5292
start_va = 0x4cf0000
end_va = 0x4e1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cf0000"
filename = ""
Region:
id = 5293
start_va = 0x71ce0000
end_va = 0x71ce4fff
monitored = 0
entry_point = 0x71ce15df
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")
Region:
id = 5294
start_va = 0x6fb90000
end_va = 0x6fb95fff
monitored = 0
entry_point = 0x6fb91673
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")
Region:
id = 5295
start_va = 0x52d0000
end_va = 0x530ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000052d0000"
filename = ""
Region:
id = 5296
start_va = 0x5900000
end_va = 0x59fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005900000"
filename = ""
Region:
id = 5297
start_va = 0x6fb30000
end_va = 0x6fb87fff
monitored = 0
entry_point = 0x6fb313b4
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")
Region:
id = 5298
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 5299
start_va = 0x6fae0000
end_va = 0x6fb2efff
monitored = 0
entry_point = 0x6fae1452
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\SysWOW64\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")
Region:
id = 5300
start_va = 0x4d90000
end_va = 0x4dcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d90000"
filename = ""
Region:
id = 5301
start_va = 0x4de0000
end_va = 0x4e1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004de0000"
filename = ""
Region:
id = 5302
start_va = 0x5a10000
end_va = 0x5b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005a10000"
filename = ""
Region:
id = 5303
start_va = 0x6fad0000
end_va = 0x6fad7fff
monitored = 0
entry_point = 0x6fad34d3
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\SysWOW64\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")
Region:
id = 5304
start_va = 0x7ef3a000
end_va = 0x7ef3cfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3a000"
filename = ""
Region:
id = 5305
start_va = 0x6fab0000
end_va = 0x6facbfff
monitored = 0
entry_point = 0x6faba431
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")
Region:
id = 5306
start_va = 0x6faa0000
end_va = 0x6faa6fff
monitored = 0
entry_point = 0x6faa128d
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll")
Region:
id = 5307
start_va = 0x6fa90000
end_va = 0x6fa9cfff
monitored = 0
entry_point = 0x6fa92012
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")
Region:
id = 5308
start_va = 0x6fa70000
end_va = 0x6fa81fff
monitored = 0
entry_point = 0x6fa73271
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")
Region:
id = 5309
start_va = 0x4330000
end_va = 0x4391fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 5310
start_va = 0x4cf0000
end_va = 0x4d2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cf0000"
filename = ""
Region:
id = 5311
start_va = 0x5480000
end_va = 0x557ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005480000"
filename = ""
Region:
id = 5312
start_va = 0x7ef3d000
end_va = 0x7ef3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3d000"
filename = ""
Region:
id = 5313
start_va = 0x460000
end_va = 0x470fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000460000"
filename = ""
Region:
id = 5314
start_va = 0x6fa20000
end_va = 0x6fa63fff
monitored = 0
entry_point = 0x6fa363f9
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")
Region:
id = 5315
start_va = 0x980000
end_va = 0x9bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000980000"
filename = ""
Region:
id = 5316
start_va = 0x6fa10000
end_va = 0x6fa15fff
monitored = 0
entry_point = 0x6fa114b2
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")
Region:
id = 5317
start_va = 0x6f9d0000
end_va = 0x6fa07fff
monitored = 0
entry_point = 0x6f9d990e
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")
Region:
id = 5318
start_va = 0x4820000
end_va = 0x48bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004820000"
filename = ""
Region:
id = 5319
start_va = 0x6f9c0000
end_va = 0x6f9c7fff
monitored = 0
entry_point = 0x6f9c10e9
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")
Region:
id = 5320
start_va = 0x6f980000
end_va = 0x6f9befff
monitored = 0
entry_point = 0x6f982351
region_type = mapped_file
name = "schannel.dll"
filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")
Region:
id = 5321
start_va = 0x764d0000
end_va = 0x765f0fff
monitored = 0
entry_point = 0x764d158e
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")
Region:
id = 5322
start_va = 0x75440000
end_va = 0x7544bfff
monitored = 0
entry_point = 0x7544238e
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")
Region:
id = 5323
start_va = 0x6f940000
end_va = 0x6f977fff
monitored = 0
entry_point = 0x6f941489
region_type = mapped_file
name = "ncrypt.dll"
filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")
Region:
id = 5324
start_va = 0x6f900000
end_va = 0x6f93cfff
monitored = 0
entry_point = 0x6f9010f5
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 5325
start_va = 0x5780000
end_va = 0x57bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005780000"
filename = ""
Region:
id = 5326
start_va = 0x5bf0000
end_va = 0x5ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005bf0000"
filename = ""
Region:
id = 5327
start_va = 0x6f8e0000
end_va = 0x6f8f6fff
monitored = 0
entry_point = 0x6f8e1c9d
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")
Region:
id = 5328
start_va = 0x7ef34000
end_va = 0x7ef36fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef34000"
filename = ""
Region:
id = 5329
start_va = 0x5580000
end_va = 0x567ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005580000"
filename = ""
Region:
id = 5330
start_va = 0x6f8c0000
end_va = 0x6f8d5fff
monitored = 0
entry_point = 0x6f8c2061
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\SysWOW64\\gpapi.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")
Region:
id = 5331
start_va = 0x4c0000
end_va = 0x4c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "crypt32.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\crypt32.dll.mui")
Region:
id = 5332
start_va = 0x6f8a0000
end_va = 0x6f8bbfff
monitored = 0
entry_point = 0x6f8a145e
region_type = mapped_file
name = "cryptnet.dll"
filename = "\\Windows\\SysWOW64\\cryptnet.dll" (normalized: "c:\\windows\\syswow64\\cryptnet.dll")
Region:
id = 5333
start_va = 0x74f40000
end_va = 0x74f84fff
monitored = 0
entry_point = 0x74f411e1
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll")
Region:
id = 5334
start_va = 0x6f890000
end_va = 0x6f895fff
monitored = 0
entry_point = 0x6f89125a
region_type = mapped_file
name = "sensapi.dll"
filename = "\\Windows\\SysWOW64\\SensApi.dll" (normalized: "c:\\windows\\syswow64\\sensapi.dll")
Region:
id = 5337
start_va = 0x5810000
end_va = 0x584ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005810000"
filename = ""
Region:
id = 5338
start_va = 0x5d10000
end_va = 0x5e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005d10000"
filename = ""
Region:
id = 5339
start_va = 0x7ef2e000
end_va = 0x7ef30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef2e000"
filename = ""
Region:
id = 5340
start_va = 0x76870000
end_va = 0x76a0cfff
monitored = 0
entry_point = 0x768717e7
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll")
Region:
id = 5341
start_va = 0x75470000
end_va = 0x75496fff
monitored = 0
entry_point = 0x754758b9
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 5342
start_va = 0x75450000
end_va = 0x75461fff
monitored = 0
entry_point = 0x75451441
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll")
Region:
id = 5343
start_va = 0x7a0000
end_va = 0x7acfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui")
Region:
id = 5344
start_va = 0x6f870000
end_va = 0x6f884fff
monitored = 0
entry_point = 0x6f8711fa
region_type = mapped_file
name = "cabinet.dll"
filename = "\\Windows\\SysWOW64\\cabinet.dll" (normalized: "c:\\windows\\syswow64\\cabinet.dll")
Region:
id = 5345
start_va = 0x6f860000
end_va = 0x6f86dfff
monitored = 0
entry_point = 0x6f861289
region_type = mapped_file
name = "devrtl.dll"
filename = "\\Windows\\SysWOW64\\devrtl.dll" (normalized: "c:\\windows\\syswow64\\devrtl.dll")
Region:
id = 5346
start_va = 0x5cf0000
end_va = 0x5eeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 5347
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5348
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5349
start_va = 0x9e0000
end_va = 0x9effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 5350
start_va = 0x9f0000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 5351
start_va = 0xa00000
end_va = 0xa0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a00000"
filename = ""
Region:
id = 5352
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5353
start_va = 0xb00000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 5354
start_va = 0xb10000
end_va = 0xb1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5355
start_va = 0xb20000
end_va = 0xb2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b20000"
filename = ""
Region:
id = 5356
start_va = 0xb30000
end_va = 0xb3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b30000"
filename = ""
Region:
id = 5357
start_va = 0xbc0000
end_va = 0xbcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000bc0000"
filename = ""
Region:
id = 5358
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5359
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5360
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5361
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5362
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5363
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5364
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5365
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5366
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5367
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5368
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5369
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5370
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5371
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5372
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5373
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5374
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5375
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5376
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5377
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5378
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5379
start_va = 0x9e0000
end_va = 0x9effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 5380
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5381
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5382
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5383
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5384
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5386
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 5387
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5388
start_va = 0x9e0000
end_va = 0x9effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 5389
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5390
start_va = 0x9e0000
end_va = 0x9effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 5391
start_va = 0x9f0000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 5392
start_va = 0xa00000
end_va = 0xa0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a00000"
filename = ""
Region:
id = 5393
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5394
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5395
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5396
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5397
start_va = 0x9e0000
end_va = 0x9effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 5398
start_va = 0x9f0000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 5399
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5400
start_va = 0xb00000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 5401
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5402
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5403
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5404
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5405
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5406
start_va = 0x9e0000
end_va = 0x9effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 5407
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5408
start_va = 0x9e0000
end_va = 0x9effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 5409
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 5410
start_va = 0x6f830000
end_va = 0x6f850fff
monitored = 0
entry_point = 0x6f83e356
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx")
Region:
id = 5411
start_va = 0x6f810000
end_va = 0x6f821fff
monitored = 0
entry_point = 0x6f811200
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll")
Region:
id = 5412
start_va = 0x6f7e0000
end_va = 0x6f809fff
monitored = 0
entry_point = 0x6f7e13f2
region_type = mapped_file
name = "scrrun.dll"
filename = "\\Windows\\SysWOW64\\scrrun.dll" (normalized: "c:\\windows\\syswow64\\scrrun.dll")
Region:
id = 5413
start_va = 0x9c0000
end_va = 0x9cbfff
monitored = 0
entry_point = 0x9ce356
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx")
Region:
id = 5414
start_va = 0x9e0000
end_va = 0x9e1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wshom.ocx.mui"
filename = "\\Windows\\SysWOW64\\en-US\\wshom.ocx.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshom.ocx.mui")
Region:
id = 5415
start_va = 0x9f0000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 5416
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5417
start_va = 0xb00000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 5418
start_va = 0x9f0000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 5419
start_va = 0x6f7d0000
end_va = 0x6f7dbfff
monitored = 0
entry_point = 0x6f7d505c
region_type = mapped_file
name = "vaultcli.dll"
filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll")
Region:
id = 5420
start_va = 0x9f0000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 5421
start_va = 0x9f0000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 5422
start_va = 0x9f0000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 5423
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5424
start_va = 0x6f6f0000
end_va = 0x6f7c7fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.security.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\93d03eb9812405fa70e89d4efd5f7e14\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\93d03eb9812405fa70e89d4efd5f7e14\\system.security.ni.dll")
Region:
id = 5425
start_va = 0x9f0000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 5426
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5427
start_va = 0xb00000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 5428
start_va = 0xb10000
end_va = 0xb1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5429
start_va = 0xb20000
end_va = 0xb2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b20000"
filename = ""
Region:
id = 5430
start_va = 0xb30000
end_va = 0xb3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b30000"
filename = ""
Region:
id = 5431
start_va = 0x9f0000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 5432
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5433
start_va = 0xb00000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 5434
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5435
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5436
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5437
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5438
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5439
start_va = 0xb00000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 5440
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5441
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5442
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5443
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5444
start_va = 0xb00000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 5445
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5446
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5447
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5448
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5449
start_va = 0x57c0000
end_va = 0x57fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000057c0000"
filename = ""
Region:
id = 5450
start_va = 0x5f60000
end_va = 0x605ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005f60000"
filename = ""
Region:
id = 5451
start_va = 0x7ef2e000
end_va = 0x7ef30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef2e000"
filename = ""
Region:
id = 5452
start_va = 0x5b40000
end_va = 0x5b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005b40000"
filename = ""
Region:
id = 5453
start_va = 0x60f0000
end_va = 0x61effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000060f0000"
filename = ""
Region:
id = 5454
start_va = 0x7ef2b000
end_va = 0x7ef2dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef2b000"
filename = ""
Region:
id = 5455
start_va = 0x57e0000
end_va = 0x581ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000057e0000"
filename = ""
Region:
id = 5456
start_va = 0x5ff0000
end_va = 0x60effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005ff0000"
filename = ""
Region:
id = 5467
start_va = 0x5b40000
end_va = 0x5b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005b40000"
filename = ""
Region:
id = 5468
start_va = 0x6240000
end_va = 0x633ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006240000"
filename = ""
Region:
id = 5469
start_va = 0x7ef2b000
end_va = 0x7ef2dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef2b000"
filename = ""
Region:
id = 5470
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5471
start_va = 0x58a0000
end_va = 0x58dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000058a0000"
filename = ""
Region:
id = 5472
start_va = 0x63d0000
end_va = 0x64cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000063d0000"
filename = ""
Region:
id = 5473
start_va = 0x7ef28000
end_va = 0x7ef2afff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef28000"
filename = ""
Region:
id = 6121
start_va = 0x5ef0000
end_va = 0x5feffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005ef0000"
filename = ""
Region:
id = 6122
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 6123
start_va = 0xb00000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 6124
start_va = 0x5440000
end_va = 0x547ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005440000"
filename = ""
Region:
id = 6125
start_va = 0x58c0000
end_va = 0x58fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000058c0000"
filename = ""
Region:
id = 6126
start_va = 0x6130000
end_va = 0x616ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006130000"
filename = ""
Region:
id = 6127
start_va = 0x63e0000
end_va = 0x64dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000063e0000"
filename = ""
Region:
id = 6128
start_va = 0x7ef25000
end_va = 0x7ef27fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef25000"
filename = ""
Region:
id = 6129
start_va = 0x7ef28000
end_va = 0x7ef2afff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef28000"
filename = ""
Region:
id = 6130
start_va = 0x5820000
end_va = 0x58a1fff
monitored = 0
entry_point = 0x58219a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 6131
start_va = 0x5820000
end_va = 0x58a1fff
monitored = 0
entry_point = 0x58219a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 6132
start_va = 0x6f660000
end_va = 0x6f6e3fff
monitored = 0
entry_point = 0x6f6619a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 6133
start_va = 0x5820000
end_va = 0x588ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005820000"
filename = ""
Region:
id = 6141
start_va = 0xb00000
end_va = 0xb3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 6142
start_va = 0x5820000
end_va = 0x585ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005820000"
filename = ""
Region:
id = 6143
start_va = 0x5880000
end_va = 0x588ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005880000"
filename = ""
Region:
id = 6144
start_va = 0x6010000
end_va = 0x604ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006010000"
filename = ""
Region:
id = 6145
start_va = 0x60b0000
end_va = 0x61affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000060b0000"
filename = ""
Region:
id = 6415
start_va = 0x4810000
end_va = 0x484ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004810000"
filename = ""
Region:
id = 6416
start_va = 0x4e60000
end_va = 0x4e9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e60000"
filename = ""
Region:
id = 6417
start_va = 0x5840000
end_va = 0x587ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005840000"
filename = ""
Region:
id = 6418
start_va = 0x5b50000
end_va = 0x5b8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005b50000"
filename = ""
Region:
id = 6419
start_va = 0x6070000
end_va = 0x616ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006070000"
filename = ""
Region:
id = 6420
start_va = 0x6170000
end_va = 0x626ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006170000"
filename = ""
Region:
id = 6421
start_va = 0x6010000
end_va = 0x604ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006010000"
filename = ""
Region:
id = 6422
start_va = 0x6270000
end_va = 0x636ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006270000"
filename = ""
Region:
id = 6423
start_va = 0x7ef28000
end_va = 0x7ef2afff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef28000"
filename = ""
Region:
id = 6446
start_va = 0x47d0000
end_va = 0x480ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047d0000"
filename = ""
Region:
id = 6447
start_va = 0x4840000
end_va = 0x487ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004840000"
filename = ""
Region:
id = 6448
start_va = 0x58b0000
end_va = 0x58effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000058b0000"
filename = ""
Region:
id = 6449
start_va = 0x6280000
end_va = 0x637ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006280000"
filename = ""
Region:
id = 6450
start_va = 0x4840000
end_va = 0x487ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004840000"
filename = ""
Region:
id = 6451
start_va = 0x4880000
end_va = 0x48bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004880000"
filename = ""
Region:
id = 6452
start_va = 0x5b50000
end_va = 0x5b8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005b50000"
filename = ""
Region:
id = 6453
start_va = 0x5ff0000
end_va = 0x60effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005ff0000"
filename = ""
Region:
id = 6454
start_va = 0x7ef28000
end_va = 0x7ef2afff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef28000"
filename = ""
Region:
id = 6464
start_va = 0x43b0000
end_va = 0x43effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000043b0000"
filename = ""
Region:
id = 6465
start_va = 0x4ec0000
end_va = 0x4efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ec0000"
filename = ""
Region:
id = 6466
start_va = 0x5050000
end_va = 0x508ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005050000"
filename = ""
Region:
id = 6467
start_va = 0x6350000
end_va = 0x644ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006350000"
filename = ""
Region:
id = 6468
start_va = 0x7ef31000
end_va = 0x7ef33fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef31000"
filename = ""
Region:
id = 6469
start_va = 0x4900000
end_va = 0x493ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004900000"
filename = ""
Region:
id = 6470
start_va = 0x4940000
end_va = 0x497ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004940000"
filename = ""
Region:
id = 6471
start_va = 0x4d30000
end_va = 0x4d6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d30000"
filename = ""
Region:
id = 6472
start_va = 0x5a50000
end_va = 0x5b4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005a50000"
filename = ""
Region:
id = 6473
start_va = 0x6360000
end_va = 0x645ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006360000"
filename = ""
Region:
id = 6479
start_va = 0x5070000
end_va = 0x50affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005070000"
filename = ""
Region:
id = 6480
start_va = 0x50e0000
end_va = 0x511ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000050e0000"
filename = ""
Region:
id = 6481
start_va = 0x5130000
end_va = 0x516ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005130000"
filename = ""
Region:
id = 6482
start_va = 0x62b0000
end_va = 0x63affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000062b0000"
filename = ""
Region:
id = 6483
start_va = 0x4ea0000
end_va = 0x4edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ea0000"
filename = ""
Region:
id = 6484
start_va = 0x63d0000
end_va = 0x64cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000063d0000"
filename = ""
Region:
id = 6485
start_va = 0x7ef2e000
end_va = 0x7ef30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef2e000"
filename = ""
Region:
id = 6486
start_va = 0x4da0000
end_va = 0x4ddffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004da0000"
filename = ""
Region:
id = 6487
start_va = 0x6040000
end_va = 0x613ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006040000"
filename = ""
Region:
id = 6492
start_va = 0xb00000
end_va = 0xb3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 6493
start_va = 0x4840000
end_va = 0x487ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004840000"
filename = ""
Region:
id = 6494
start_va = 0x4d60000
end_va = 0x4d9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d60000"
filename = ""
Region:
id = 6495
start_va = 0x6150000
end_va = 0x624ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006150000"
filename = ""
Region:
id = 6496
start_va = 0x7ef31000
end_va = 0x7ef33fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef31000"
filename = ""
Thread:
id = 267
os_tid = 0x704
[0325.392] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0326.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config", nBufferLength=0x105, lpBuffer=0x37d1bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config", lpFilePart=0x0) returned 0x40
[0326.025] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ceb8 | out: phkResult=0x37ceb8*=0x0) returned 0x2
[0326.025] RegCloseKey (hKey=0x80000002) returned 0x0
[0326.108] GetCurrentProcess () returned 0xffffffff
[0326.108] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37d4f4 | out: TokenHandle=0x37d4f4*=0x40) returned 1
[0326.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x37cfac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0326.132] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x37d4ec | out: lpFileInformation=0x37d4ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0326.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x37cf78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0326.135] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x37d4f4 | out: lpFileInformation=0x37d4f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0326.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x37cf14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0326.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37d42c) returned 1
[0326.137] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f0
[0326.138] GetFileType (hFile=0x1f0) returned 0x1
[0326.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d428) returned 1
[0326.138] GetFileType (hFile=0x1f0) returned 0x1
[0326.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x37c768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0326.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x37c7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0326.158] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ca0c) returned 1
[0326.159] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x37ccd0 | out: lpFileInformation=0x37ccd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0326.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ca08) returned 1
[0326.218] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x37cb9c | out: pfEnabled=0x37cb9c) returned 0x0
[0326.262] GetFileSize (in: hFile=0x1f0, lpFileSizeHigh=0x37d4e8 | out: lpFileSizeHigh=0x37d4e8*=0x0) returned 0x8c8e
[0326.262] ReadFile (in: hFile=0x1f0, lpBuffer=0x2262e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37d4a4, lpOverlapped=0x0 | out: lpBuffer=0x2262e2c*, lpNumberOfBytesRead=0x37d4a4*=0x1000, lpOverlapped=0x0) returned 1
[0326.274] ReadFile (in: hFile=0x1f0, lpBuffer=0x2262e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37d354, lpOverlapped=0x0 | out: lpBuffer=0x2262e2c*, lpNumberOfBytesRead=0x37d354*=0x1000, lpOverlapped=0x0) returned 1
[0326.276] ReadFile (in: hFile=0x1f0, lpBuffer=0x2262e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37d208, lpOverlapped=0x0 | out: lpBuffer=0x2262e2c*, lpNumberOfBytesRead=0x37d208*=0x1000, lpOverlapped=0x0) returned 1
[0326.276] ReadFile (in: hFile=0x1f0, lpBuffer=0x2262e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37d208, lpOverlapped=0x0 | out: lpBuffer=0x2262e2c*, lpNumberOfBytesRead=0x37d208*=0x1000, lpOverlapped=0x0) returned 1
[0326.277] ReadFile (in: hFile=0x1f0, lpBuffer=0x2262e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37d208, lpOverlapped=0x0 | out: lpBuffer=0x2262e2c*, lpNumberOfBytesRead=0x37d208*=0x1000, lpOverlapped=0x0) returned 1
[0326.278] ReadFile (in: hFile=0x1f0, lpBuffer=0x2262e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37d140, lpOverlapped=0x0 | out: lpBuffer=0x2262e2c*, lpNumberOfBytesRead=0x37d140*=0x1000, lpOverlapped=0x0) returned 1
[0326.282] ReadFile (in: hFile=0x1f0, lpBuffer=0x2262e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37d2ac, lpOverlapped=0x0 | out: lpBuffer=0x2262e2c*, lpNumberOfBytesRead=0x37d2ac*=0x1000, lpOverlapped=0x0) returned 1
[0326.284] ReadFile (in: hFile=0x1f0, lpBuffer=0x2262e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37d1a0, lpOverlapped=0x0 | out: lpBuffer=0x2262e2c*, lpNumberOfBytesRead=0x37d1a0*=0x1000, lpOverlapped=0x0) returned 1
[0326.284] ReadFile (in: hFile=0x1f0, lpBuffer=0x2262e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37d1a0, lpOverlapped=0x0 | out: lpBuffer=0x2262e2c*, lpNumberOfBytesRead=0x37d1a0*=0xc8e, lpOverlapped=0x0) returned 1
[0326.284] ReadFile (in: hFile=0x1f0, lpBuffer=0x2262e2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37d264, lpOverlapped=0x0 | out: lpBuffer=0x2262e2c*, lpNumberOfBytesRead=0x37d264*=0x0, lpOverlapped=0x0) returned 1
[0326.284] CloseHandle (hObject=0x1f0) returned 1
[0326.285] CloseHandle (hObject=0x40) returned 1
[0326.285] GetCurrentProcess () returned 0xffffffff
[0326.286] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37d640 | out: TokenHandle=0x37d640*=0x40) returned 1
[0326.286] CloseHandle (hObject=0x40) returned 1
[0326.286] GetCurrentProcess () returned 0xffffffff
[0326.286] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37d640 | out: TokenHandle=0x37d640*=0x40) returned 1
[0326.287] CloseHandle (hObject=0x40) returned 1
[0326.293] GetCurrentProcess () returned 0xffffffff
[0326.293] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37d4f4 | out: TokenHandle=0x37d4f4*=0x40) returned 1
[0326.293] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x37d4ec | out: lpFileInformation=0x37d4ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc39c5900, ftCreationTime.dwHighDateTime=0x1cac64f, ftLastAccessTime.dwLowDateTime=0xfa159150, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0xc39c5900, ftLastWriteTime.dwHighDateTime=0x1cac64f, nFileSizeHigh=0x0, nFileSizeLow=0xdf)) returned 1
[0326.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config", nBufferLength=0x105, lpBuffer=0x37cf78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config", lpFilePart=0x0) returned 0x40
[0326.294] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x37d4f4 | out: lpFileInformation=0x37d4f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc39c5900, ftCreationTime.dwHighDateTime=0x1cac64f, ftLastAccessTime.dwLowDateTime=0xfa159150, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0xc39c5900, ftLastWriteTime.dwHighDateTime=0x1cac64f, nFileSizeHigh=0x0, nFileSizeLow=0xdf)) returned 1
[0326.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config", nBufferLength=0x105, lpBuffer=0x37cf14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config", lpFilePart=0x0) returned 0x40
[0326.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37d42c) returned 1
[0326.294] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f0
[0326.295] GetFileType (hFile=0x1f0) returned 0x1
[0326.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d428) returned 1
[0326.295] GetFileType (hFile=0x1f0) returned 0x1
[0326.295] GetFileSize (in: hFile=0x1f0, lpFileSizeHigh=0x37d4e8 | out: lpFileSizeHigh=0x37d4e8*=0x0) returned 0xdf
[0326.295] ReadFile (in: hFile=0x1f0, lpBuffer=0x227b524, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37d4a4, lpOverlapped=0x0 | out: lpBuffer=0x227b524*, lpNumberOfBytesRead=0x37d4a4*=0xdf, lpOverlapped=0x0) returned 1
[0326.297] ReadFile (in: hFile=0x1f0, lpBuffer=0x227b524, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37d368, lpOverlapped=0x0 | out: lpBuffer=0x227b524*, lpNumberOfBytesRead=0x37d368*=0x0, lpOverlapped=0x0) returned 1
[0326.297] CloseHandle (hObject=0x1f0) returned 1
[0326.297] CloseHandle (hObject=0x40) returned 1
[0326.298] GetCurrentProcess () returned 0xffffffff
[0326.298] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37d640 | out: TokenHandle=0x37d640*=0x40) returned 1
[0326.298] CloseHandle (hObject=0x40) returned 1
[0326.299] GetCurrentProcess () returned 0xffffffff
[0326.299] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37d640 | out: TokenHandle=0x37d640*=0x40) returned 1
[0326.300] CloseHandle (hObject=0x40) returned 1
[0326.307] GetCurrentProcess () returned 0xffffffff
[0326.307] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37d458 | out: TokenHandle=0x37d458*=0x40) returned 1
[0326.312] CloseHandle (hObject=0x40) returned 1
[0326.312] GetCurrentProcess () returned 0xffffffff
[0326.312] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37d470 | out: TokenHandle=0x37d470*=0x40) returned 1
[0326.316] CloseHandle (hObject=0x40) returned 1
[0326.325] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76710000
[0326.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x37d6bc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWcp\x0fîª\x0bDþEtÄÙ7", lpUsedDefaultChar=0x0) returned 14
[0326.325] GetProcAddress (hModule=0x76710000, lpProcName="DefWindowProcW") returned 0x773c25dd
[0326.326] GetStockObject (i=5) returned 0x1900015
[0326.329] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0326.332] CoTaskMemAlloc (cb=0x5c) returned 0x536f50
[0326.333] RegisterClassW (lpWndClass=0x37d6ac) returned 0xc106
[0326.334] CoTaskMemFree (pv=0x536f50)
[0326.334] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0326.336] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.34f5582_r14_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x50132
[0326.338] SetWindowLongW (hWnd=0x50132, nIndex=-4, dwNewLong=2000430557) returned 76286166
[0326.339] GetWindowLongW (hWnd=0x50132, nIndex=-4) returned 2000430557
[0326.342] GetCurrentProcess () returned 0xffffffff
[0326.342] GetCurrentThread () returned 0xfffffffe
[0326.342] GetCurrentProcess () returned 0xffffffff
[0326.342] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x37d03c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x37d03c*=0x40) returned 1
[0326.345] GetCurrentThreadId () returned 0x704
[0326.349] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x37cfc0 | out: phkResult=0x37cfc0*=0x1f0) returned 0x0
[0326.349] RegQueryValueExW (in: hKey=0x1f0, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x37cfe0, lpData=0x0, lpcbData=0x37cfdc*=0x0 | out: lpType=0x37cfe0*=0x0, lpData=0x0, lpcbData=0x37cfdc*=0x0) returned 0x2
[0326.349] RegQueryValueExW (in: hKey=0x1f0, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x37cfe0, lpData=0x0, lpcbData=0x37cfdc*=0x0 | out: lpType=0x37cfe0*=0x0, lpData=0x0, lpcbData=0x37cfdc*=0x0) returned 0x2
[0326.350] RegCloseKey (hKey=0x1f0) returned 0x0
[0326.351] SetWindowLongW (hWnd=0x50132, nIndex=-4, dwNewLong=76286206) returned 2000430557
[0326.351] GetWindowLongW (hWnd=0x50132, nIndex=-4) returned 76286206
[0326.351] GetWindowLongW (hWnd=0x50132, nIndex=-16) returned 79691776
[0326.401] CallWindowProcW (lpPrevWndFunc=0x773c25dd, hWnd=0x50132, Msg=0x24, wParam=0x0, lParam=0x37d298) returned 0x0
[0326.402] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc108
[0326.402] CallWindowProcW (lpPrevWndFunc=0x773c25dd, hWnd=0x50132, Msg=0x81, wParam=0x0, lParam=0x37d28c) returned 0x1
[0326.404] CallWindowProcW (lpPrevWndFunc=0x773c25dd, hWnd=0x50132, Msg=0x83, wParam=0x0, lParam=0x37d278) returned 0x0
[0326.471] CallWindowProcW (lpPrevWndFunc=0x773c25dd, hWnd=0x50132, Msg=0x1, wParam=0x0, lParam=0x37d28c) returned 0x0
[0326.758] GetCurrentProcessId () returned 0x6e0
[0326.763] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x37e864 | out: lpLuid=0x37e864*(LowPart=0x14, HighPart=0)) returned 1
[0326.766] GetCurrentProcess () returned 0xffffffff
[0326.766] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x37e860 | out: TokenHandle=0x37e860*=0x238) returned 1
[0326.767] AdjustTokenPrivileges (in: TokenHandle=0x238, DisableAllPrivileges=0, NewState=0x227fa20*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0326.767] CloseHandle (hObject=0x238) returned 1
[0326.774] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3239540, Length=0x20000, ResultLength=0x37ef44 | out: SystemInformation=0x3239540, ResultLength=0x37ef44*=0x6ae8) returned 0x0
[0326.785] GetCurrentProcessId () returned 0x6e0
[0326.785] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3239540, Length=0x20000, ResultLength=0x37ef34 | out: SystemInformation=0x3239540, ResultLength=0x37ef34*=0x6ae8) returned 0x0
[0332.880] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x238
[0332.881] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x23c
[0332.889] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e0fc | out: phkResult=0x37e0fc*=0x240) returned 0x0
[0332.890] RegQueryValueExW (in: hKey=0x240, lpValueName="InstallationType", lpReserved=0x0, lpType=0x37e11c, lpData=0x0, lpcbData=0x37e118*=0x0 | out: lpType=0x37e11c*=0x1, lpData=0x0, lpcbData=0x37e118*=0xe) returned 0x0
[0332.890] RegQueryValueExW (in: hKey=0x240, lpValueName="InstallationType", lpReserved=0x0, lpType=0x37e11c, lpData=0x2290d60, lpcbData=0x37e118*=0xe | out: lpType=0x37e11c*=0x1, lpData="Client", lpcbData=0x37e118*=0xe) returned 0x0
[0332.891] RegCloseKey (hKey=0x240) returned 0x0
[0332.909] GetCurrentProcess () returned 0xffffffff
[0332.909] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37dd50 | out: TokenHandle=0x37dd50*=0x240) returned 1
[0332.920] CloseHandle (hObject=0x240) returned 1
[0332.920] GetCurrentProcess () returned 0xffffffff
[0332.920] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37dd68 | out: TokenHandle=0x37dd68*=0x240) returned 1
[0332.920] CloseHandle (hObject=0x240) returned 1
[0332.928] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec4 | out: phkResult=0x37eec4*=0x240) returned 0x0
[0332.928] RegQueryValueExW (in: hKey=0x240, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x37eee0, lpData=0x0, lpcbData=0x37eedc*=0x0 | out: lpType=0x37eee0*=0x0, lpData=0x0, lpcbData=0x37eedc*=0x0) returned 0x2
[0332.928] RegCloseKey (hKey=0x240) returned 0x0
[0332.930] GetCurrentProcessId () returned 0x6e0
[0332.932] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6e0) returned 0x240
[0332.938] EnumProcessModules (in: hProcess=0x240, lphModule=0x2294c50, cb=0x100, lpcbNeeded=0x37eed0 | out: lphModule=0x2294c50, lpcbNeeded=0x37eed0) returned 1
[0332.939] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x2294d90, cb=0xc | out: lpmodinfo=0x2294d90*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x43783e)) returned 1
[0332.941] CoTaskMemAlloc (cb=0x804) returned 0x551288
[0332.941] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x551288, nSize=0x800 | out: lpBaseName="RegSvcs.exe") returned 0xb
[0332.941] CoTaskMemFree (pv=0x551288)
[0332.942] CoTaskMemAlloc (cb=0x804) returned 0x551288
[0332.942] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x551288, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")) returned 0x39
[0332.942] CoTaskMemFree (pv=0x551288)
[0332.942] CloseHandle (hObject=0x240) returned 1
[0332.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x37e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0332.943] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec8 | out: phkResult=0x37eec8*=0x0) returned 0x2
[0332.943] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec8 | out: phkResult=0x37eec8*=0x240) returned 0x0
[0332.943] RegQueryValueExW (in: hKey=0x240, lpValueName="UseHttpPipeliningAndBufferPooling", lpReserved=0x0, lpType=0x37eee4, lpData=0x0, lpcbData=0x37eee0*=0x0 | out: lpType=0x37eee4*=0x0, lpData=0x0, lpcbData=0x37eee0*=0x0) returned 0x2
[0332.944] RegCloseKey (hKey=0x240) returned 0x0
[0332.944] GetCurrentProcessId () returned 0x6e0
[0332.944] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6e0) returned 0x240
[0332.944] EnumProcessModules (in: hProcess=0x240, lphModule=0x22977fc, cb=0x100, lpcbNeeded=0x37eed0 | out: lphModule=0x22977fc, lpcbNeeded=0x37eed0) returned 1
[0332.945] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x229793c, cb=0xc | out: lpmodinfo=0x229793c*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x43783e)) returned 1
[0332.945] CoTaskMemAlloc (cb=0x804) returned 0x551288
[0332.945] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x551288, nSize=0x800 | out: lpBaseName="RegSvcs.exe") returned 0xb
[0332.946] CoTaskMemFree (pv=0x551288)
[0332.946] CoTaskMemAlloc (cb=0x804) returned 0x551288
[0332.946] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x551288, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")) returned 0x39
[0332.946] CoTaskMemFree (pv=0x551288)
[0332.946] CloseHandle (hObject=0x240) returned 1
[0332.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x37e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0332.946] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec8 | out: phkResult=0x37eec8*=0x0) returned 0x2
[0332.947] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec8 | out: phkResult=0x37eec8*=0x240) returned 0x0
[0332.947] RegQueryValueExW (in: hKey=0x240, lpValueName="UseSafeSynchronousClose", lpReserved=0x0, lpType=0x37eee4, lpData=0x0, lpcbData=0x37eee0*=0x0 | out: lpType=0x37eee4*=0x0, lpData=0x0, lpcbData=0x37eee0*=0x0) returned 0x2
[0332.947] RegCloseKey (hKey=0x240) returned 0x0
[0332.947] GetCurrentProcessId () returned 0x6e0
[0332.947] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6e0) returned 0x240
[0332.947] EnumProcessModules (in: hProcess=0x240, lphModule=0x229a3d4, cb=0x100, lpcbNeeded=0x37eed0 | out: lphModule=0x229a3d4, lpcbNeeded=0x37eed0) returned 1
[0332.948] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x229a514, cb=0xc | out: lpmodinfo=0x229a514*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x43783e)) returned 1
[0332.948] CoTaskMemAlloc (cb=0x804) returned 0x551288
[0332.948] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x551288, nSize=0x800 | out: lpBaseName="RegSvcs.exe") returned 0xb
[0332.949] CoTaskMemFree (pv=0x551288)
[0332.949] CoTaskMemAlloc (cb=0x804) returned 0x551288
[0332.949] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x551288, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")) returned 0x39
[0332.949] CoTaskMemFree (pv=0x551288)
[0332.949] CloseHandle (hObject=0x240) returned 1
[0332.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x37e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0332.949] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec8 | out: phkResult=0x37eec8*=0x0) returned 0x2
[0332.949] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec8 | out: phkResult=0x37eec8*=0x240) returned 0x0
[0332.950] RegQueryValueExW (in: hKey=0x240, lpValueName="UseStrictRfcInterimResponseHandling", lpReserved=0x0, lpType=0x37eee4, lpData=0x0, lpcbData=0x37eee0*=0x0 | out: lpType=0x37eee4*=0x0, lpData=0x0, lpcbData=0x37eee0*=0x0) returned 0x2
[0332.950] RegCloseKey (hKey=0x240) returned 0x0
[0332.950] GetCurrentProcessId () returned 0x6e0
[0332.950] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6e0) returned 0x240
[0332.950] EnumProcessModules (in: hProcess=0x240, lphModule=0x229d03c, cb=0x100, lpcbNeeded=0x37eed0 | out: lphModule=0x229d03c, lpcbNeeded=0x37eed0) returned 1
[0332.951] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x229d17c, cb=0xc | out: lpmodinfo=0x229d17c*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x43783e)) returned 1
[0332.951] CoTaskMemAlloc (cb=0x804) returned 0x551288
[0332.951] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x551288, nSize=0x800 | out: lpBaseName="RegSvcs.exe") returned 0xb
[0332.951] CoTaskMemFree (pv=0x551288)
[0332.951] CoTaskMemAlloc (cb=0x804) returned 0x551288
[0332.951] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x551288, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")) returned 0x39
[0332.952] CoTaskMemFree (pv=0x551288)
[0332.952] CloseHandle (hObject=0x240) returned 1
[0332.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x37e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0332.952] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec8 | out: phkResult=0x37eec8*=0x0) returned 0x2
[0332.952] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec8 | out: phkResult=0x37eec8*=0x240) returned 0x0
[0332.952] RegQueryValueExW (in: hKey=0x240, lpValueName="AllowDangerousUnicodeDecompositions", lpReserved=0x0, lpType=0x37eee4, lpData=0x0, lpcbData=0x37eee0*=0x0 | out: lpType=0x37eee4*=0x0, lpData=0x0, lpcbData=0x37eee0*=0x0) returned 0x2
[0332.952] RegCloseKey (hKey=0x240) returned 0x0
[0332.953] GetCurrentProcessId () returned 0x6e0
[0332.953] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6e0) returned 0x240
[0332.953] EnumProcessModules (in: hProcess=0x240, lphModule=0x229fa68, cb=0x100, lpcbNeeded=0x37eed0 | out: lphModule=0x229fa68, lpcbNeeded=0x37eed0) returned 1
[0332.954] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x229fba8, cb=0xc | out: lpmodinfo=0x229fba8*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x43783e)) returned 1
[0332.954] CoTaskMemAlloc (cb=0x804) returned 0x551288
[0332.954] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x551288, nSize=0x800 | out: lpBaseName="RegSvcs.exe") returned 0xb
[0332.955] CoTaskMemFree (pv=0x551288)
[0332.955] CoTaskMemAlloc (cb=0x804) returned 0x551288
[0332.955] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x551288, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")) returned 0x39
[0332.955] CoTaskMemFree (pv=0x551288)
[0332.955] CloseHandle (hObject=0x240) returned 1
[0332.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x37e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0332.955] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec8 | out: phkResult=0x37eec8*=0x0) returned 0x2
[0332.956] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec8 | out: phkResult=0x37eec8*=0x240) returned 0x0
[0332.956] RegQueryValueExW (in: hKey=0x240, lpValueName="UseStrictIPv6AddressParsing", lpReserved=0x0, lpType=0x37eee4, lpData=0x0, lpcbData=0x37eee0*=0x0 | out: lpType=0x37eee4*=0x0, lpData=0x0, lpcbData=0x37eee0*=0x0) returned 0x2
[0332.956] RegCloseKey (hKey=0x240) returned 0x0
[0332.957] GetCurrentProcessId () returned 0x6e0
[0332.957] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6e0) returned 0x240
[0332.957] EnumProcessModules (in: hProcess=0x240, lphModule=0x22a2484, cb=0x100, lpcbNeeded=0x37eed0 | out: lphModule=0x22a2484, lpcbNeeded=0x37eed0) returned 1
[0332.958] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x22a25c4, cb=0xc | out: lpmodinfo=0x22a25c4*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x43783e)) returned 1
[0332.958] CoTaskMemAlloc (cb=0x804) returned 0x551288
[0332.958] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x551288, nSize=0x800 | out: lpBaseName="RegSvcs.exe") returned 0xb
[0332.958] CoTaskMemFree (pv=0x551288)
[0332.958] CoTaskMemAlloc (cb=0x804) returned 0x551288
[0332.958] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x551288, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")) returned 0x39
[0332.959] CoTaskMemFree (pv=0x551288)
[0332.959] CloseHandle (hObject=0x240) returned 1
[0332.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x37e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0332.959] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec8 | out: phkResult=0x37eec8*=0x0) returned 0x2
[0332.959] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec8 | out: phkResult=0x37eec8*=0x240) returned 0x0
[0332.959] RegQueryValueExW (in: hKey=0x240, lpValueName="AllowAllUriEncodingExpansion", lpReserved=0x0, lpType=0x37eee4, lpData=0x0, lpcbData=0x37eee0*=0x0 | out: lpType=0x37eee4*=0x0, lpData=0x0, lpcbData=0x37eee0*=0x0) returned 0x2
[0332.959] RegCloseKey (hKey=0x240) returned 0x0
[0332.967] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec8 | out: phkResult=0x37eec8*=0x240) returned 0x0
[0332.967] RegQueryValueExW (in: hKey=0x240, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x37eee4, lpData=0x0, lpcbData=0x37eee0*=0x0 | out: lpType=0x37eee4*=0x0, lpData=0x0, lpcbData=0x37eee0*=0x0) returned 0x2
[0332.967] RegCloseKey (hKey=0x240) returned 0x0
[0332.968] GetCurrentProcessId () returned 0x6e0
[0332.968] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6e0) returned 0x240
[0332.968] EnumProcessModules (in: hProcess=0x240, lphModule=0x22a5da0, cb=0x100, lpcbNeeded=0x37eecc | out: lphModule=0x22a5da0, lpcbNeeded=0x37eecc) returned 1
[0332.969] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x22a5ee0, cb=0xc | out: lpmodinfo=0x22a5ee0*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x43783e)) returned 1
[0332.969] CoTaskMemAlloc (cb=0x804) returned 0x551288
[0332.969] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x551288, nSize=0x800 | out: lpBaseName="RegSvcs.exe") returned 0xb
[0332.969] CoTaskMemFree (pv=0x551288)
[0332.970] CoTaskMemAlloc (cb=0x804) returned 0x551288
[0332.970] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x551288, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")) returned 0x39
[0332.970] CoTaskMemFree (pv=0x551288)
[0332.970] CloseHandle (hObject=0x240) returned 1
[0332.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x37e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0332.971] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec4 | out: phkResult=0x37eec4*=0x0) returned 0x2
[0332.971] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec4 | out: phkResult=0x37eec4*=0x240) returned 0x0
[0332.971] RegQueryValueExW (in: hKey=0x240, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x37eee0, lpData=0x0, lpcbData=0x37eedc*=0x0 | out: lpType=0x37eee0*=0x0, lpData=0x0, lpcbData=0x37eedc*=0x0) returned 0x2
[0332.971] RegCloseKey (hKey=0x240) returned 0x0
[0332.972] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec8 | out: phkResult=0x37eec8*=0x240) returned 0x0
[0332.972] RegQueryValueExW (in: hKey=0x240, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x37eee4, lpData=0x0, lpcbData=0x37eee0*=0x0 | out: lpType=0x37eee4*=0x0, lpData=0x0, lpcbData=0x37eee0*=0x0) returned 0x2
[0332.972] RegCloseKey (hKey=0x240) returned 0x0
[0332.972] GetCurrentProcessId () returned 0x6e0
[0332.972] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6e0) returned 0x240
[0332.972] EnumProcessModules (in: hProcess=0x240, lphModule=0x22a8ba0, cb=0x100, lpcbNeeded=0x37eecc | out: lphModule=0x22a8ba0, lpcbNeeded=0x37eecc) returned 1
[0332.973] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x22a8ce0, cb=0xc | out: lpmodinfo=0x22a8ce0*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x43783e)) returned 1
[0332.973] CoTaskMemAlloc (cb=0x804) returned 0x551288
[0332.973] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x551288, nSize=0x800 | out: lpBaseName="RegSvcs.exe") returned 0xb
[0332.974] CoTaskMemFree (pv=0x551288)
[0332.974] CoTaskMemAlloc (cb=0x804) returned 0x551288
[0332.974] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x551288, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe")) returned 0x39
[0332.974] CoTaskMemFree (pv=0x551288)
[0332.974] CloseHandle (hObject=0x240) returned 1
[0332.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x37e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0332.974] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec4 | out: phkResult=0x37eec4*=0x0) returned 0x2
[0332.974] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eec4 | out: phkResult=0x37eec4*=0x240) returned 0x0
[0332.975] RegQueryValueExW (in: hKey=0x240, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x37eee0, lpData=0x0, lpcbData=0x37eedc*=0x0 | out: lpType=0x37eee0*=0x0, lpData=0x0, lpcbData=0x37eedc*=0x0) returned 0x2
[0332.975] RegCloseKey (hKey=0x240) returned 0x0
[0333.030] CreateBindCtx (in: reserved=0x0, ppbc=0x37ef24 | out: ppbc=0x37ef24*=0x514688) returned 0x0
[0333.031] IUnknown:QueryInterface (in: This=0x514688, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e9e0 | out: ppvObject=0x37e9e0*=0x514688) returned 0x0
[0333.035] IUnknown:QueryInterface (in: This=0x514688, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e994 | out: ppvObject=0x37e994*=0x0) returned 0x80004002
[0333.035] IUnknown:QueryInterface (in: This=0x514688, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e7bc | out: ppvObject=0x37e7bc*=0x0) returned 0x80004002
[0333.035] IUnknown:AddRef (This=0x514688) returned 0x3
[0333.035] IUnknown:QueryInterface (in: This=0x514688, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37e2f0 | out: ppvObject=0x37e2f0*=0x0) returned 0x80004002
[0333.035] IUnknown:QueryInterface (in: This=0x514688, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37e2a0 | out: ppvObject=0x37e2a0*=0x0) returned 0x80004002
[0333.035] IUnknown:QueryInterface (in: This=0x514688, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e2ac | out: ppvObject=0x37e2ac*=0x0) returned 0x80004002
[0333.035] CoGetContextToken (in: pToken=0x37e30c | out: pToken=0x37e30c) returned 0x0
[0333.035] CObjectContext::QueryInterface () returned 0x0
[0333.036] CObjectContext::GetCurrentApartmentType () returned 0x0
[0333.036] Release () returned 0x0
[0333.037] CoGetObjectContext (in: riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x54f8dc | out: ppv=0x54f8dc*=0x523278) returned 0x0
[0333.059] CoGetContextToken (in: pToken=0x37e71c | out: pToken=0x37e71c) returned 0x0
[0333.059] IUnknown:QueryInterface (in: This=0x514688, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e7a0 | out: ppvObject=0x37e7a0*=0x0) returned 0x80004002
[0333.059] IUnknown:Release (This=0x514688) returned 0x2
[0333.059] CoGetContextToken (in: pToken=0x37ecec | out: pToken=0x37ecec) returned 0x0
[0333.059] CoGetContextToken (in: pToken=0x37ec4c | out: pToken=0x37ec4c) returned 0x0
[0333.059] IUnknown:QueryInterface (in: This=0x514688, riid=0x37ed1c*(Data1=0xe, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ed18 | out: ppvObject=0x37ed18*=0x514688) returned 0x0
[0333.059] IUnknown:AddRef (This=0x514688) returned 0x4
[0333.059] IUnknown:Release (This=0x514688) returned 0x3
[0333.060] IUnknown:Release (This=0x514688) returned 0x2
[0333.060] CoGetContextToken (in: pToken=0x37ed74 | out: pToken=0x37ed74) returned 0x0
[0333.060] IUnknown:AddRef (This=0x514688) returned 0x3
[0333.061] MkParseDisplayName (in: pbc=0x514688, szUserName="WinMgmts:", pchEaten=0x37ef58, ppmk=0x37ef10 | out: pchEaten=0x37ef58, ppmk=0x37ef10*=0x55abc0) returned 0x0
[0333.280] malloc (_Size=0x80) returned 0x9d2e50
[0333.284] DllGetClassObject (in: rclsid=0x55e994*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x37eb50*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37e208 | out: ppv=0x37e208*=0x0) returned 0x80004002
[0333.284] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000810
[0333.284] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0333.285] DllGetClassObject (in: rclsid=0x55e994*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x76aeee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37ed04 | out: ppv=0x37ed04*=0x5000810) returned 0x0
[0333.285] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000810
[0333.285] WinMGMTS:IClassFactory:CreateInstance (in: This=0x5000810, pUnkOuter=0x0, riid=0x76aef084*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ecb0 | out: ppvObject=0x37ecb0*=0x5000850) returned 0x0
[0333.285] GetVersionExW (in: lpVersionInformation=0x37eafc*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x7f, dwMinorVersion=0x36b7, dwBuildNumber=0x3, dwPlatformId=0x37eb60, szCSDVersion="塩癡\x08쀕") | out: lpVersionInformation=0x37eafc*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0333.285] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x37eaf0 | out: phkResult=0x37eaf0*=0x284) returned 0x0
[0333.285] RegQueryValueExW (in: hKey=0x284, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0x37eaf8, lpcbData=0x37eaf4*=0x4 | out: lpType=0x0, lpData=0x37eaf8*=0x3, lpcbData=0x37eaf4*=0x4) returned 0x0
[0333.285] RegCloseKey (hKey=0x284) returned 0x0
[0333.286] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000828
[0333.286] GetSystemDirectoryW (in: lpBuffer=0x5000828, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0333.286] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x76c10000
[0333.287] GetProcAddress (hModule=0x76c10000, lpProcName="DuplicateTokenEx") returned 0x76c1ca24
[0333.287] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0333.287] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000828
[0333.287] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000850
[0333.287] WinMGMTS:IUnknown:Release (This=0x5000810) returned 0x0
[0333.287] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0333.288] WinMGMTS:IParseDisplayName:ParseDisplayName (in: This=0x5000850, pbc=0x514688, pszDisplayName="WinMgmts:", pchEaten=0x37eec8, ppmkOut=0x37eecc | out: pchEaten=0x37eec8*=0x9, ppmkOut=0x37eecc*=0x55abc0) returned 0x0
[0333.288] _wcsnicmp (_String1="WinMgmts:", _String2="WINMGMTS:", _MaxCount=0x9) returned 0
[0333.334] IBindCtx:GetObjectParam (in: This=0x514688, pszKey="WmiObject", ppunk=0x37edd0 | out: ppunk=0x37edd0*=0x0) returned 0x80004005
[0333.334] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000860
[0333.334] _wcsnicmp (_String1="", _String2="{", _MaxCount=0x1) returned -123
[0333.334] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000880
[0333.334] CoCreateInstance (in: rclsid=0x73ca42b0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x73ca42a0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5000898 | out: ppv=0x5000898*=0x50008e8) returned 0x0
[0333.394] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x50008f8
[0333.394] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000960
[0333.394] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x50009c0
[0333.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0333.394] GetCurrentThreadId () returned 0x704
[0333.394] _wcsnicmp (_String1="", _String2="[", _MaxCount=0x1) returned -91
[0333.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0333.394] GetCurrentThreadId () returned 0x704
[0333.395] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x37ecb8 | out: phkResult=0x37ecb8*=0x28c) returned 0x0
[0333.395] RegQueryValueExW (in: hKey=0x28c, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x37ecc0*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x37ecc0*=0x16) returned 0x0
[0333.395] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x50009e0
[0333.395] RegQueryValueExW (in: hKey=0x28c, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x50009e0, lpcbData=0x37ecc0*=0x16 | out: lpType=0x0, lpData=0x50009e0*=0x72, lpcbData=0x37ecc0*=0x16) returned 0x0
[0333.395] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000a00
[0333.395] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0333.395] RegCloseKey (hKey=0x28c) returned 0x0
[0333.395] CoCreateInstance (in: rclsid=0x73ca53b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x73ca50dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x37ecec | out: ppv=0x37ecec*=0x5000a20) returned 0x0
[0333.491] SysStringLen (param_1=".") returned 0x1
[0333.491] WbemDefPath:IWbemPath:SetServer (This=0x5000a20, Name=".") returned 0x0
[0333.491] CoCreateInstance (in: rclsid=0x73ca53b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x73ca50dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x37eca4 | out: ppv=0x37eca4*=0x5000ab8) returned 0x0
[0333.492] CoCreateInstance (in: rclsid=0x73ca53b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x73ca50dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x37ec48 | out: ppv=0x37ec48*=0x5000b50) returned 0x0
[0333.492] WbemDefPath:IWbemPath:SetText (This=0x5000b50, uMode=0x4, pszPath="root\\cimv2") returned 0x0
[0333.492] WbemDefPath:IUnknown:Release (This=0x5000b50) returned 0x0
[0333.492] SysStringLen (param_1="root\\cimv2") returned 0xa
[0333.492] WbemDefPath:IWbemPath:SetText (This=0x5000ab8, uMode=0xc, pszPath="root\\cimv2") returned 0x0
[0333.492] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5000ab8, puCount=0x37ecb4 | out: puCount=0x37ecb4*=0x2) returned 0x0
[0333.492] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x5000a20) returned 0x0
[0333.492] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x5000ab8, uIndex=0x0, puNameBufLength=0x37ec7c*=0x0, pName=0x0 | out: puNameBufLength=0x37ec7c*=0x5, pName=0x0) returned 0x0
[0333.492] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000b50
[0333.492] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x5000ab8, uIndex=0x0, puNameBufLength=0x37ec7c*=0x5, pName="ಀԀÄԀ" | out: puNameBufLength=0x37ec7c*=0x5, pName="root") returned 0x0
[0333.492] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0333.492] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x5000a20, uIndex=0x0, pszName="root") returned 0x0
[0333.492] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x5000ab8, uIndex=0x1, puNameBufLength=0x37ec7c*=0x0, pName=0x0 | out: puNameBufLength=0x37ec7c*=0x6, pName=0x0) returned 0x0
[0333.492] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000ce8
[0333.492] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x5000ab8, uIndex=0x1, puNameBufLength=0x37ec7c*=0x6, pName="ÄԀÄԀ2" | out: puNameBufLength=0x37ec7c*=0x6, pName="cimv2") returned 0x0
[0333.492] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0333.492] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x5000a20, uIndex=0x1, pszName="cimv2") returned 0x0
[0333.492] WbemDefPath:IUnknown:Release (This=0x5000ab8) returned 0x0
[0333.492] WbemDefPath:IWbemPath:GetText (in: This=0x5000a20, lFlags=4, puBuffLength=0x37ecd0*=0x0, pszText=0x0 | out: puBuffLength=0x37ecd0*=0xf, pszText=0x0) returned 0x0
[0333.493] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000ab8
[0333.493] WbemDefPath:IWbemPath:GetText (in: This=0x5000a20, lFlags=4, puBuffLength=0x37ecd0*=0xf, pszText="୰ԀৠԀ2" | out: puBuffLength=0x37ecd0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0333.493] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0333.493] WbemDefPath:IUnknown:Release (This=0x5000a20) returned 0x0
[0333.493] WbemLocator:IWbemLocator:ConnectServer (in: This=0x50008e8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x37ed58 | out: ppNamespace=0x37ed58*=0x500d174) returned 0x0
[0333.742] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500c878
[0333.742] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500d188
[0333.743] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500d1e8
[0333.743] WbemLocator:IUnknown:QueryInterface (in: This=0x500d174, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ec28 | out: ppvObject=0x37ec28*=0x563194) returned 0x0
[0333.743] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x563194, pProxy=0x500d174, pAuthnSvc=0x37ec18, pAuthzSvc=0x37ec1c, pServerPrincName=0x0, pAuthnLevel=0x37ec44, pImpLevel=0x37ec40, pAuthInfo=0x0, pCapabilites=0x37ec30 | out: pAuthnSvc=0x37ec18*=0xa, pAuthzSvc=0x37ec1c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37ec44*=0x6, pImpLevel=0x37ec40*=0x2, pAuthInfo=0x0, pCapabilites=0x37ec30*=0x1) returned 0x0
[0333.743] WbemLocator:IUnknown:Release (This=0x563194) returned 0x1
[0333.743] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0333.743] GetCurrentThreadId () returned 0x704
[0333.743] WbemLocator:IUnknown:QueryInterface (in: This=0x500d174, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ec58 | out: ppvObject=0x37ec58*=0x563194) returned 0x0
[0333.744] WbemLocator:IClientSecurity:CopyProxy (in: This=0x563194, pProxy=0x500d174, ppCopy=0x37ec5c | out: ppCopy=0x37ec5c*=0x500d2e4) returned 0x0
[0333.744] WbemLocator:IUnknown:QueryInterface (in: This=0x500d2e4, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37eb74 | out: ppvObject=0x37eb74*=0x563194) returned 0x0
[0333.744] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x563194, pProxy=0x500d2e4, pAuthnSvc=0x37eb98, pAuthzSvc=0x37eb88, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x37eb98*=0xa, pAuthzSvc=0x37eb88*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0
[0333.744] WbemLocator:IUnknown:Release (This=0x563194) returned 0x3
[0333.744] WbemLocator:IUnknown:QueryInterface (in: This=0x500d2e4, riid=0x73ca34f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37eb4c | out: ppvObject=0x37eb4c*=0x5631b4) returned 0x0
[0333.744] WbemLocator:IUnknown:QueryInterface (in: This=0x500d2e4, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37eb50 | out: ppvObject=0x37eb50*=0x563194) returned 0x0
[0333.744] WbemLocator:IClientSecurity:SetBlanket (This=0x563194, pProxy=0x500d2e4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0333.745] WbemLocator:IUnknown:Release (This=0x563194) returned 0x4
[0333.745] WbemLocator:IUnknown:Release (This=0x5631b4) returned 0x3
[0333.745] WbemLocator:IUnknown:Release (This=0x563194) returned 0x2
[0333.745] WbemLocator:IUnknown:AddRef (This=0x500d2e4) returned 0x3
[0333.745] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500d2f8
[0333.745] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500c948
[0333.745] WbemLocator:IUnknown:Release (This=0x500d174) returned 0x2
[0333.745] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0333.745] GetCurrentThreadId () returned 0x704
[0333.745] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0333.746] GetCurrentThreadId () returned 0x704
[0333.746] WbemLocator:IUnknown:QueryInterface (in: This=0x500d2e4, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ed1c | out: ppvObject=0x37ed1c*=0x563194) returned 0x0
[0333.746] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x563194, pProxy=0x500d2e4, pAuthnSvc=0x37ed0c, pAuthzSvc=0x37ed10, pServerPrincName=0x0, pAuthnLevel=0x37ed3c, pImpLevel=0x37ed40, pAuthInfo=0x0, pCapabilites=0x37ed24 | out: pAuthnSvc=0x37ed0c*=0xa, pAuthzSvc=0x37ed10*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37ed3c*=0x6, pImpLevel=0x37ed40*=0x3, pAuthInfo=0x0, pCapabilites=0x37ed24*=0x20) returned 0x0
[0333.746] WbemLocator:IUnknown:Release (This=0x563194) returned 0x2
[0333.746] CreatePointerMoniker (in: punk=0x500c878, ppmk=0x37eecc | out: ppmk=0x37eecc*=0x55abc0) returned 0x0
[0333.746] IUnknown:AddRef (This=0x500c878) returned 0x2
[0333.747] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0333.747] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0333.747] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0333.747] WbemLocator:IUnknown:Release (This=0x50008e8) returned 0x0
[0333.747] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0333.747] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0333.748] WinMGMTS:IUnknown:Release (This=0x5000850) returned 0x0
[0333.748] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0333.797] IUnknown:QueryInterface (in: This=0x55abc0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e9d4 | out: ppvObject=0x37e9d4*=0x55abc0) returned 0x0
[0333.799] IUnknown:QueryInterface (in: This=0x55abc0, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e988 | out: ppvObject=0x37e988*=0x0) returned 0x80004002
[0333.800] IUnknown:QueryInterface (in: This=0x55abc0, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e7b0 | out: ppvObject=0x37e7b0*=0x0) returned 0x80004002
[0333.800] IUnknown:AddRef (This=0x55abc0) returned 0x3
[0333.800] IUnknown:QueryInterface (in: This=0x55abc0, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37e2e4 | out: ppvObject=0x37e2e4*=0x0) returned 0x80004002
[0333.800] IUnknown:QueryInterface (in: This=0x55abc0, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37e294 | out: ppvObject=0x37e294*=0x0) returned 0x80004002
[0333.800] IUnknown:QueryInterface (in: This=0x55abc0, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e2a0 | out: ppvObject=0x37e2a0*=0x55abd4) returned 0x0
[0333.800] IMarshal:GetUnmarshalClass (in: This=0x55abd4, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37e2a8 | out: pCid=0x37e2a8*(Data1=0x306, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0333.800] IUnknown:Release (This=0x55abd4) returned 0x3
[0333.800] CoGetContextToken (in: pToken=0x37e300 | out: pToken=0x37e300) returned 0x0
[0333.801] CoGetContextToken (in: pToken=0x37e714 | out: pToken=0x37e714) returned 0x0
[0333.801] IUnknown:QueryInterface (in: This=0x55abc0, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e794 | out: ppvObject=0x37e794*=0x0) returned 0x80004002
[0333.801] IUnknown:Release (This=0x55abc0) returned 0x2
[0333.801] CoGetContextToken (in: pToken=0x37ece4 | out: pToken=0x37ece4) returned 0x0
[0333.801] CoGetContextToken (in: pToken=0x37ec44 | out: pToken=0x37ec44) returned 0x0
[0333.801] IUnknown:QueryInterface (in: This=0x55abc0, riid=0x37ed14*(Data1=0xf, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ed10 | out: ppvObject=0x37ed10*=0x55abc0) returned 0x0
[0333.801] IUnknown:AddRef (This=0x55abc0) returned 0x4
[0333.801] IUnknown:Release (This=0x55abc0) returned 0x3
[0333.801] IUnknown:Release (This=0x514688) returned 0x2
[0333.801] IUnknown:Release (This=0x55abc0) returned 0x2
[0333.802] CoGetContextToken (in: pToken=0x37ed7c | out: pToken=0x37ed7c) returned 0x0
[0333.802] IUnknown:AddRef (This=0x55abc0) returned 0x3
[0333.803] BindMoniker (in: pmk=0x55abc0, grfOpt=0x0, iidResult=0x227e55c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvResult=0x37ef14 | out: ppvResult=0x37ef14*=0x500c878) returned 0x0
[0333.803] IUnknown:QueryInterface (in: This=0x500c878, riid=0x227e55c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ef14 | out: ppvObject=0x37ef14*=0x500c878) returned 0x0
[0333.805] LoadRegTypeLib (in: rguid=0x73ca364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x37e780*=0x0 | out: pptlib=0x37e780*=0x569238) returned 0x0
[0333.891] ITypeLib:GetTypeInfoOfGuid (in: This=0x569238, GUID=0x500c8bc*(Data1=0x62e522dc, Data2=0x8cf3, Data3=0x40a8, Data4=([0]=0x8b, [1]=0x2e, [2]=0x37, [3]=0xd5, [4]=0x95, [5]=0x65, [6]=0x1e, [7]=0x40)), ppTInfo=0x500c8a4 | out: ppTInfo=0x500c8a4*=0x56ac8c) returned 0x0
[0333.891] IUnknown:Release (This=0x569238) returned 0x1
[0333.891] IUnknown:AddRef (This=0x56ac8c) returned 0x2
[0333.891] ITypeInfo:RemoteGetTypeAttr (in: This=0x56ac8c, ppTypeAttr=0x37e7b0, pDummy=0xb9cad3e | out: ppTypeAttr=0x37e7b0, pDummy=0xb9cad3e) returned 0x0
[0333.897] ITypeInfo:LocalReleaseTypeAttr (This=0x56ac8c) returned 0x563428
[0333.897] IUnknown:Release (This=0x56ac8c) returned 0x1
[0333.897] CoGetContextToken (in: pToken=0x37e304 | out: pToken=0x37e304) returned 0x0
[0333.897] CoGetContextToken (in: pToken=0x37e714 | out: pToken=0x37e714) returned 0x0
[0333.897] IUnknown:Release (This=0x55abc0) returned 0x2
[0333.918] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0
[0333.919] LoadRegTypeLib (in: rguid=0x73ca364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x37e9f4*=0x0 | out: pptlib=0x37e9f4*=0x569238) returned 0x0
[0333.922] ITypeLib:GetTypeInfoOfGuid (in: This=0x569238, GUID=0x500c8ac*(Data1=0xd2f68443, Data2=0x85dc, Data3=0x427e, Data4=([0]=0x91, [1]=0xd8, [2]=0x36, [3]=0x65, [4]=0x54, [5]=0xcc, [6]=0x75, [7]=0x4c)), ppTInfo=0x500c8a0 | out: ppTInfo=0x500c8a0*=0x56acb8) returned 0x0
[0333.922] IUnknown:Release (This=0x569238) returned 0x2
[0333.922] IUnknown:AddRef (This=0x56acb8) returned 0x2
[0333.922] DispGetIDsOfNames (in: ptinfo=0x56acb8, rgszNames=0x37ea50*="InstancesOf", cNames=0x1, rgdispid=0x37ea40 | out: rgdispid=0x37ea40*=5) returned 0x0
[0333.927] IUnknown:Release (This=0x56acb8) returned 0x1
[0333.930] IUnknown:AddRef (This=0x56acb8) returned 0x2
[0333.930] ITypeInfo:LocalInvoke (This=0x56acb8) returned 0x0
[0333.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0333.930] GetCurrentThreadId () returned 0x704
[0333.930] WbemLocator:IUnknown:AddRef (This=0x500d2e4) returned 0x3
[0333.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0333.930] GetCurrentThreadId () returned 0x704
[0333.930] IWbemServices:CreateInstanceEnum (in: This=0x500d2e4, strFilter="Win32_BaseBoard", lFlags=16, pCtx=0x0, ppEnum=0x37e694 | out: ppEnum=0x37e694*=0x50008dc) returned 0x0
[0334.473] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000918
[0334.473] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000978
[0334.473] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500d358
[0334.473] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500c988
[0334.473] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500d3b8
[0334.473] IUnknown:QueryInterface (in: This=0x50008dc, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e5ac | out: ppvObject=0x37e5ac*=0x50008e0) returned 0x0
[0334.473] IClientSecurity:QueryBlanket (in: This=0x50008e0, pProxy=0x50008dc, pAuthnSvc=0x37e59c, pAuthzSvc=0x37e5a0, pServerPrincName=0x0, pAuthnLevel=0x37e5c8, pImpLevel=0x37e5c4, pAuthInfo=0x0, pCapabilites=0x37e5b4 | out: pAuthnSvc=0x37e59c*=0xa, pAuthzSvc=0x37e5a0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37e5c8*=0x6, pImpLevel=0x37e5c4*=0x2, pAuthInfo=0x0, pCapabilites=0x37e5b4*=0x1) returned 0x0
[0334.473] IUnknown:Release (This=0x50008e0) returned 0x1
[0334.473] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0334.473] GetCurrentThreadId () returned 0x704
[0334.474] WbemLocator:IUnknown:QueryInterface (in: This=0x500d2e4, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e590 | out: ppvObject=0x37e590*=0x563194) returned 0x0
[0334.474] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x563194, pProxy=0x500d2e4, pAuthnSvc=0x37e580, pAuthzSvc=0x37e584, pServerPrincName=0x0, pAuthnLevel=0x37e5b0, pImpLevel=0x37e5b4, pAuthInfo=0x0, pCapabilites=0x37e598 | out: pAuthnSvc=0x37e580*=0xa, pAuthzSvc=0x37e584*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37e5b0*=0x6, pImpLevel=0x37e5b4*=0x3, pAuthInfo=0x0, pCapabilites=0x37e598*=0x20) returned 0x0
[0334.474] WbemLocator:IUnknown:Release (This=0x563194) returned 0x3
[0334.474] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0334.474] GetCurrentThreadId () returned 0x704
[0334.474] WbemLocator:IUnknown:QueryInterface (in: This=0x500d2e4, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e590 | out: ppvObject=0x37e590*=0x563194) returned 0x0
[0334.474] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x563194, pProxy=0x500d2e4, pAuthnSvc=0x37e580, pAuthzSvc=0x37e584, pServerPrincName=0x0, pAuthnLevel=0x37e5b4, pImpLevel=0x37e5b0, pAuthInfo=0x0, pCapabilites=0x37e598 | out: pAuthnSvc=0x37e580*=0xa, pAuthzSvc=0x37e584*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37e5b4*=0x6, pImpLevel=0x37e5b0*=0x3, pAuthInfo=0x0, pCapabilites=0x37e598*=0x20) returned 0x0
[0334.474] WbemLocator:IUnknown:Release (This=0x563194) returned 0x3
[0334.474] IUnknown:QueryInterface (in: This=0x50008dc, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e5dc | out: ppvObject=0x37e5dc*=0x50008e0) returned 0x0
[0334.474] IClientSecurity:CopyProxy (in: This=0x50008e0, pProxy=0x50008dc, ppCopy=0x37e5e0 | out: ppCopy=0x37e5e0*=0x500d4fc) returned 0x0
[0334.474] IUnknown:QueryInterface (in: This=0x500d4fc, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e4f8 | out: ppvObject=0x37e4f8*=0x500d500) returned 0x0
[0334.474] IClientSecurity:QueryBlanket (in: This=0x500d500, pProxy=0x500d4fc, pAuthnSvc=0x37e51c, pAuthzSvc=0x37e50c, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x37e51c*=0xa, pAuthzSvc=0x37e50c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0
[0334.474] IUnknown:Release (This=0x500d500) returned 0x3
[0334.474] IUnknown:QueryInterface (in: This=0x500d4fc, riid=0x73ca34f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e4d0 | out: ppvObject=0x37e4d0*=0x56b99c) returned 0x0
[0334.474] IUnknown:QueryInterface (in: This=0x500d4fc, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e4d4 | out: ppvObject=0x37e4d4*=0x500d500) returned 0x0
[0334.474] IClientSecurity:SetBlanket (This=0x500d500, pProxy=0x500d4fc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0334.480] IUnknown:Release (This=0x500d500) returned 0x4
[0334.480] WbemLocator:IUnknown:Release (This=0x56b99c) returned 0x3
[0334.480] IUnknown:Release (This=0x50008e0) returned 0x2
[0334.480] IUnknown:AddRef (This=0x500d4fc) returned 0x3
[0334.480] IUnknown:Release (This=0x50008dc) returned 0x2
[0334.480] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x37e64c | out: pperrinfo=0x37e64c*=0x0) returned 0x1
[0334.480] WbemLocator:IUnknown:Release (This=0x500d2e4) returned 0x2
[0334.481] IUnknown:Release (This=0x56acb8) returned 0x1
[0334.531] LoadRegTypeLib (in: rguid=0x73ca364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x37e23c*=0x0 | out: pptlib=0x37e23c*=0x569238) returned 0x0
[0334.533] ITypeLib:GetTypeInfoOfGuid (in: This=0x569238, GUID=0x5000950*(Data1=0x4b83d61, Data2=0x21ae, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x33, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x5000938 | out: ppTInfo=0x5000938*=0x56adc0) returned 0x0
[0334.533] IUnknown:Release (This=0x569238) returned 0x3
[0334.533] IUnknown:AddRef (This=0x56adc0) returned 0x2
[0334.533] ITypeInfo:RemoteGetTypeAttr (in: This=0x56adc0, ppTypeAttr=0x37e26c, pDummy=0xb9ca87a | out: ppTypeAttr=0x37e26c, pDummy=0xb9ca87a) returned 0x0
[0334.534] ITypeInfo:LocalReleaseTypeAttr (This=0x56adc0) returned 0x563428
[0334.534] IUnknown:Release (This=0x56adc0) returned 0x1
[0334.534] CoGetContextToken (in: pToken=0x37ddc0 | out: pToken=0x37ddc0) returned 0x0
[0334.534] CoGetContextToken (in: pToken=0x37e1d4 | out: pToken=0x37e1d4) returned 0x0
[0334.535] CoGetContextToken (in: pToken=0x37edbc | out: pToken=0x37edbc) returned 0x0
[0334.535] CoGetContextToken (in: pToken=0x37ed1c | out: pToken=0x37ed1c) returned 0x0
[0334.537] CoGetContextToken (in: pToken=0x37ed3c | out: pToken=0x37ed3c) returned 0x0
[0334.537] LoadRegTypeLib (in: rguid=0x73ca364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x400, pptlib=0x37ed50*=0x0 | out: pptlib=0x37ed50*=0x569238) returned 0x0
[0334.540] ITypeLib:GetTypeInfoOfGuid (in: This=0x569238, GUID=0x5000940*(Data1=0x76a6415f, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x5000934 | out: ppTInfo=0x5000934*=0x56ad68) returned 0x0
[0334.540] IUnknown:Release (This=0x569238) returned 0x4
[0334.540] IUnknown:AddRef (This=0x56ad68) returned 0x2
[0334.540] ITypeInfo:LocalInvoke (This=0x56ad68) returned 0x0
[0334.540] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0334.540] GetCurrentThreadId () returned 0x704
[0334.540] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000810
[0334.540] IUnknown:Release (This=0x56ad68) returned 0x1
[0334.540] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0334.789] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x53ed80
[0334.792] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x53ee08
[0334.806] CoGetContextToken (in: pToken=0x37ea84 | out: pToken=0x37ea84) returned 0x0
[0334.812] CoGetContextToken (in: pToken=0x37e59c | out: pToken=0x37e59c) returned 0x0
[0334.813] IUnknown:AddRef (This=0x56ad68) returned 0x2
[0334.813] ITypeInfo:LocalInvoke (This=0x56ad68) returned 0x0
[0334.813] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0334.813] GetCurrentThreadId () returned 0x704
[0334.813] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0334.813] GetCurrentThreadId () returned 0x704
[0334.813] IUnknown:AddRef (This=0x500d4fc) returned 0x3
[0334.813] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0334.813] GetCurrentThreadId () returned 0x704
[0334.813] IEnumWbemClassObject:Clone (in: This=0x500d4fc, ppEnum=0x37e7f0 | out: ppEnum=0x37e7f0*=0x500d5c4) returned 0x0
[0334.815] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500d600
[0334.815] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500d660
[0334.815] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500d6c0
[0334.816] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500c968
[0334.816] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500d720
[0334.816] IUnknown:QueryInterface (in: This=0x500d5c4, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e708 | out: ppvObject=0x37e708*=0x500d5c8) returned 0x0
[0334.816] IClientSecurity:QueryBlanket (in: This=0x500d5c8, pProxy=0x500d5c4, pAuthnSvc=0x37e6f8, pAuthzSvc=0x37e6fc, pServerPrincName=0x0, pAuthnLevel=0x37e724, pImpLevel=0x37e720, pAuthInfo=0x0, pCapabilites=0x37e710 | out: pAuthnSvc=0x37e6f8*=0xa, pAuthzSvc=0x37e6fc*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37e724*=0x6, pImpLevel=0x37e720*=0x2, pAuthInfo=0x0, pCapabilites=0x37e710*=0x1) returned 0x0
[0334.816] IUnknown:Release (This=0x500d5c8) returned 0x1
[0334.816] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0334.816] GetCurrentThreadId () returned 0x704
[0334.816] IUnknown:QueryInterface (in: This=0x500d4fc, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6ec | out: ppvObject=0x37e6ec*=0x500d500) returned 0x0
[0334.816] IClientSecurity:QueryBlanket (in: This=0x500d500, pProxy=0x500d4fc, pAuthnSvc=0x37e6dc, pAuthzSvc=0x37e6e0, pServerPrincName=0x0, pAuthnLevel=0x37e70c, pImpLevel=0x37e710, pAuthInfo=0x0, pCapabilites=0x37e6f4 | out: pAuthnSvc=0x37e6dc*=0xa, pAuthzSvc=0x37e6e0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37e70c*=0x6, pImpLevel=0x37e710*=0x3, pAuthInfo=0x0, pCapabilites=0x37e6f4*=0x20) returned 0x0
[0334.816] IUnknown:Release (This=0x500d500) returned 0x3
[0334.817] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0334.817] GetCurrentThreadId () returned 0x704
[0334.817] IUnknown:QueryInterface (in: This=0x500d4fc, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6ec | out: ppvObject=0x37e6ec*=0x500d500) returned 0x0
[0334.817] IClientSecurity:QueryBlanket (in: This=0x500d500, pProxy=0x500d4fc, pAuthnSvc=0x37e6dc, pAuthzSvc=0x37e6e0, pServerPrincName=0x0, pAuthnLevel=0x37e710, pImpLevel=0x37e70c, pAuthInfo=0x0, pCapabilites=0x37e6f4 | out: pAuthnSvc=0x37e6dc*=0xa, pAuthzSvc=0x37e6e0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37e710*=0x6, pImpLevel=0x37e70c*=0x3, pAuthInfo=0x0, pCapabilites=0x37e6f4*=0x20) returned 0x0
[0334.817] IUnknown:Release (This=0x500d500) returned 0x3
[0334.817] IUnknown:QueryInterface (in: This=0x500d5c4, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e738 | out: ppvObject=0x37e738*=0x500d5c8) returned 0x0
[0334.817] IClientSecurity:CopyProxy (in: This=0x500d5c8, pProxy=0x500d5c4, ppCopy=0x37e73c | out: ppCopy=0x37e73c*=0x500d864) returned 0x0
[0334.817] IUnknown:QueryInterface (in: This=0x500d864, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e654 | out: ppvObject=0x37e654*=0x500d868) returned 0x0
[0334.817] IClientSecurity:QueryBlanket (in: This=0x500d868, pProxy=0x500d864, pAuthnSvc=0x37e678, pAuthzSvc=0x37e668, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x37e678*=0xa, pAuthzSvc=0x37e668*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0
[0334.817] IUnknown:Release (This=0x500d868) returned 0x3
[0334.817] IUnknown:QueryInterface (in: This=0x500d864, riid=0x73ca34f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e62c | out: ppvObject=0x37e62c*=0x5285cc) returned 0x0
[0334.817] IUnknown:QueryInterface (in: This=0x500d864, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e630 | out: ppvObject=0x37e630*=0x500d868) returned 0x0
[0334.817] IClientSecurity:SetBlanket (This=0x500d868, pProxy=0x500d864, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0334.820] IUnknown:Release (This=0x500d868) returned 0x4
[0334.820] WbemLocator:IUnknown:Release (This=0x5285cc) returned 0x3
[0334.820] IUnknown:Release (This=0x500d5c8) returned 0x2
[0334.820] IUnknown:AddRef (This=0x500d864) returned 0x3
[0334.820] IUnknown:Release (This=0x500d5c4) returned 0x2
[0334.820] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x37e7a8 | out: pperrinfo=0x37e7a8*=0x0) returned 0x1
[0334.820] IUnknown:Release (This=0x500d4fc) returned 0x2
[0334.820] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0334.821] GetCurrentThreadId () returned 0x704
[0334.821] IUnknown:AddRef (This=0x500d864) returned 0x3
[0334.821] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0334.821] GetCurrentThreadId () returned 0x704
[0334.821] IEnumWbemClassObject:Reset (This=0x500d864) returned 0x0
[0334.822] IUnknown:Release (This=0x500d864) returned 0x2
[0334.822] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000810
[0334.822] IUnknown:Release (This=0x56ad68) returned 0x1
[0334.823] CoGetContextToken (in: pToken=0x37dd68 | out: pToken=0x37dd68) returned 0x0
[0334.823] CoGetContextToken (in: pToken=0x37e17c | out: pToken=0x37e17c) returned 0x0
[0334.845] CoGetContextToken (in: pToken=0x37eb5c | out: pToken=0x37eb5c) returned 0x0
[0334.846] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0334.846] GetCurrentThreadId () returned 0x704
[0334.846] IUnknown:AddRef (This=0x500d864) returned 0x3
[0334.846] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0334.846] GetCurrentThreadId () returned 0x704
[0334.846] IEnumWbemClassObject:Next (in: This=0x500d864, lTimeout=-1, uCount=0x1, apObjects=0x37eee0, puReturned=0x37eed8 | out: apObjects=0x37eee0*=0x500d8a0, puReturned=0x37eed8*=0x1) returned 0x0
[0334.850] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500c8e8
[0334.850] IUnknown:AddRef (This=0x500d8a0) returned 0x2
[0334.850] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500fbb8
[0334.850] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500fc28
[0334.850] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500fc88
[0334.850] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500c9a8
[0334.850] WbemLocator:IUnknown:AddRef (This=0x500d2e4) returned 0x3
[0334.850] IUnknown:AddRef (This=0x500d864) returned 0x4
[0334.850] IUnknown:QueryInterface (in: This=0x500d864, riid=0x73ca31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee40 | out: ppvObject=0x37ee40*=0x500d868) returned 0x0
[0334.850] IClientSecurity:QueryBlanket (in: This=0x500d868, pProxy=0x500d864, pAuthnSvc=0x37ee30, pAuthzSvc=0x37ee34, pServerPrincName=0x0, pAuthnLevel=0x37ee50, pImpLevel=0x37ee5c, pAuthInfo=0x0, pCapabilites=0x37ee48 | out: pAuthnSvc=0x37ee30*=0xa, pAuthzSvc=0x37ee34*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37ee50*=0x6, pImpLevel=0x37ee5c*=0x3, pAuthInfo=0x0, pCapabilites=0x37ee48*=0x20) returned 0x0
[0334.850] IUnknown:Release (This=0x500d868) returned 0x4
[0334.850] WbemLocator:IUnknown:Release (This=0x500d2e4) returned 0x2
[0334.851] WbemLocator:IUnknown:AddRef (This=0x500d2e4) returned 0x3
[0334.851] IUnknown:Release (This=0x500d864) returned 0x3
[0334.851] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe
[0334.851] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500bd28
[0334.851] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x500c9c8
[0334.851] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x50009d8
[0334.851] IUnknown:AddRef (This=0x500d8a0) returned 0x3
[0334.851] IUnknown:Release (This=0x500d8a0) returned 0x2
[0334.851] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x37ee94 | out: pperrinfo=0x37ee94*=0x0) returned 0x1
[0334.851] IUnknown:Release (This=0x500d864) returned 0x2
[0334.851] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x37eed8 | out: pperrinfo=0x37eed8*=0x0) returned 0x1
[0334.853] LoadRegTypeLib (in: rguid=0x73ca364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x37e6a4*=0x0 | out: pptlib=0x37e6a4*=0x569238) returned 0x0
[0334.855] ITypeLib:GetTypeInfoOfGuid (in: This=0x569238, GUID=0x73cb70c4*(Data1=0xd6bdafb2, Data2=0x9435, Data3=0x491f, Data4=([0]=0xbb, [1]=0x87, [2]=0x6a, [3]=0xa0, [4]=0xf0, [5]=0xbc, [6]=0x31, [7]=0xa2)), ppTInfo=0x500bd44 | out: ppTInfo=0x500bd44*=0x56adec) returned 0x0
[0334.855] IUnknown:Release (This=0x569238) returned 0x5
[0334.855] IUnknown:AddRef (This=0x56adec) returned 0x2
[0334.855] ITypeInfo:RemoteGetTypeAttr (in: This=0x56adec, ppTypeAttr=0x37e6e4, pDummy=0xb9cade2 | out: ppTypeAttr=0x37e6e4, pDummy=0xb9cade2) returned 0x0
[0334.856] ITypeInfo:LocalReleaseTypeAttr (This=0x56adec) returned 0x563428
[0334.856] IUnknown:Release (This=0x56adec) returned 0x1
[0334.857] CoGetContextToken (in: pToken=0x37e238 | out: pToken=0x37e238) returned 0x0
[0334.857] CoGetContextToken (in: pToken=0x37e64c | out: pToken=0x37e64c) returned 0x0
[0334.860] CoGetContextToken (in: pToken=0x37ea04 | out: pToken=0x37ea04) returned 0x0
[0334.860] LoadRegTypeLib (in: rguid=0x73ca364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x37e9f8*=0x0 | out: pptlib=0x37e9f8*=0x569238) returned 0x0
[0334.862] ITypeLib:GetTypeInfoOfGuid (in: This=0x569238, GUID=0x73ca55e4*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0x500bd40 | out: ppTInfo=0x500bd40*=0x56ae18) returned 0x0
[0334.863] IUnknown:Release (This=0x569238) returned 0x6
[0334.863] IUnknown:AddRef (This=0x56ae18) returned 0x2
[0334.863] DispGetIDsOfNames (in: ptinfo=0x56ae18, rgszNames=0x37ea70*="SerialNumber", cNames=0x1, rgdispid=0x37ea60 | out: rgdispid=0x37ea60*=-1) returned 0x80020006
[0334.871] IUnknown:AddRef (This=0x500d8a0) returned 0x3
[0334.871] IWbemClassObject:Get (in: This=0x500d8a0, wszName="SerialNumber", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0x37e980*=0 | out: pVal=0x0, pType=0x0, plFlavor=0x37e980*=0) returned 0x0
[0334.871] IUnknown:Release (This=0x500d8a0) returned 0x2
[0334.871] SysStringLen (param_1="SerialNumber") returned 0xc
[0334.871] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5000a48
[0334.871] SysStringLen (param_1="SerialNumber") returned 0xc
[0334.871] IUnknown:Release (This=0x56ae18) returned 0x1
[0334.871] IUnknown:AddRef (This=0x56ae18) returned 0x2
[0334.871] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0334.871] GetCurrentThreadId () returned 0x704
[0334.871] SysStringLen (param_1="SerialNumber") returned 0xc
[0334.871] IWbemClassObject:Get (in: This=0x500d8a0, wszName="SerialNumber", lFlags=0, pVal=0x37e800*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x37e838, varVal2=0x73ca2d81), pType=0x37e810*=1942629766, plFlavor=0x0 | out: pVal=0x37e800*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"..CN747510BO0504.\"", varVal2=0x73ca2d81), pType=0x37e810*=8, plFlavor=0x0) returned 0x0
[0334.871] IUnknown:Release (This=0x56ae18) returned 0x1
[0334.872] SysStringByteLen (bstr="\"..CN747510BO0504.\"") returned 0x26
[0334.873] SysStringByteLen (bstr="\"..CN747510BO0504.\"") returned 0x26
[0334.874] CoGetContextToken (in: pToken=0x37eb5c | out: pToken=0x37eb5c) returned 0x0
[0334.874] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0334.874] GetCurrentThreadId () returned 0x704
[0334.874] IUnknown:AddRef (This=0x500d864) returned 0x3
[0334.874] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0334.874] GetCurrentThreadId () returned 0x704
[0334.874] IEnumWbemClassObject:Next (in: This=0x500d864, lTimeout=-1, uCount=0x1, apObjects=0x37eee0, puReturned=0x37eed8 | out: apObjects=0x37eee0*=0x0, puReturned=0x37eed8*=0x0) returned 0x1
[0334.877] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x37ee94 | out: pperrinfo=0x37ee94*=0x0) returned 0x1
[0334.877] IUnknown:Release (This=0x500d864) returned 0x2
[0334.877] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x37eed8 | out: pperrinfo=0x37eed8*=0x0) returned 0x1
[0335.063] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b4
[0335.064] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b8
[0335.071] SetEvent (hEvent=0x2b8) returned 1
[0335.095] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eec8*=0x2b4, lpdwindex=0x37ecec | out: lpdwindex=0x37ecec) returned 0x0
[0335.095] CoGetContextToken (in: pToken=0x37ed9c | out: pToken=0x37ed9c) returned 0x0
[0335.095] CoGetContextToken (in: pToken=0x37ecfc | out: pToken=0x37ecfc) returned 0x0
[0335.095] WbemDefPath:IUnknown:QueryInterface (in: This=0x500fcf8, riid=0x37edcc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37edc8 | out: ppvObject=0x37edc8*=0x500fcf8) returned 0x0
[0335.096] WbemDefPath:IUnknown:AddRef (This=0x500fcf8) returned 0x3
[0335.096] WbemDefPath:IUnknown:Release (This=0x500fcf8) returned 0x2
[0335.098] WbemDefPath:IWbemPath:SetText (This=0x500fcf8, uMode=0x4, pszPath="win32_processor") returned 0x0
[0335.100] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fcf8, puCount=0x37ef48 | out: puCount=0x37ef48*=0x0) returned 0x0
[0335.101] WbemDefPath:IWbemPath:GetText (in: This=0x500fcf8, lFlags=2, puBuffLength=0x37ef44*=0x0, pszText=0x0 | out: puBuffLength=0x37ef44*=0x10, pszText=0x0) returned 0x0
[0335.101] WbemDefPath:IWbemPath:GetText (in: This=0x500fcf8, lFlags=2, puBuffLength=0x37ef44*=0x10, pszText="000000000000000" | out: puBuffLength=0x37ef44*=0x10, pszText="win32_processor") returned 0x0
[0335.101] WbemDefPath:IWbemPath:GetInfo (in: This=0x500fcf8, uRequestedInfo=0x0, puResponse=0x37ef50 | out: puResponse=0x37ef50*=0xc15) returned 0x0
[0335.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fcf8, puCount=0x37ef48 | out: puCount=0x37ef48*=0x0) returned 0x0
[0335.101] WbemDefPath:IWbemPath:GetInfo (in: This=0x500fcf8, uRequestedInfo=0x0, puResponse=0x37ef50 | out: puResponse=0x37ef50*=0xc15) returned 0x0
[0335.102] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fcf8, puCount=0x37ef38 | out: puCount=0x37ef38*=0x0) returned 0x0
[0335.102] WbemDefPath:IWbemPath:GetText (in: This=0x500fcf8, lFlags=2, puBuffLength=0x37ef34*=0x0, pszText=0x0 | out: puBuffLength=0x37ef34*=0x10, pszText=0x0) returned 0x0
[0335.102] WbemDefPath:IWbemPath:GetText (in: This=0x500fcf8, lFlags=2, puBuffLength=0x37ef34*=0x10, pszText="000000000000000" | out: puBuffLength=0x37ef34*=0x10, pszText="win32_processor") returned 0x0
[0335.102] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fcf8, puCount=0x37ef38 | out: puCount=0x37ef38*=0x0) returned 0x0
[0335.102] WbemDefPath:IWbemPath:GetText (in: This=0x500fcf8, lFlags=2, puBuffLength=0x37ef34*=0x0, pszText=0x0 | out: puBuffLength=0x37ef34*=0x10, pszText=0x0) returned 0x0
[0335.102] WbemDefPath:IWbemPath:GetText (in: This=0x500fcf8, lFlags=2, puBuffLength=0x37ef34*=0x10, pszText="000000000000000" | out: puBuffLength=0x37ef34*=0x10, pszText="win32_processor") returned 0x0
[0335.102] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fcf8, puCount=0x37eec8 | out: puCount=0x37eec8*=0x0) returned 0x0
[0335.102] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e8
[0335.103] SetEvent (hEvent=0x2b8) returned 1
[0335.103] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37e724*=0x2e8, lpdwindex=0x37e548 | out: lpdwindex=0x37e548) returned 0x0
[0335.105] CoGetContextToken (in: pToken=0x37e5fc | out: pToken=0x37e5fc) returned 0x0
[0335.105] CoGetContextToken (in: pToken=0x37e55c | out: pToken=0x37e55c) returned 0x0
[0335.105] WbemDefPath:IUnknown:QueryInterface (in: This=0x500fe30, riid=0x37e62c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37e628 | out: ppvObject=0x37e628*=0x500fe30) returned 0x0
[0335.105] WbemDefPath:IUnknown:AddRef (This=0x500fe30) returned 0x3
[0335.105] WbemDefPath:IUnknown:Release (This=0x500fe30) returned 0x2
[0335.105] WbemDefPath:IWbemPath:SetText (This=0x500fe30, uMode=0x4, pszPath="//./root/cimv2") returned 0x0
[0335.106] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fe30, puCount=0x37eeb4 | out: puCount=0x37eeb4*=0x2) returned 0x0
[0335.106] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37eeb0*=0x0, pszText=0x0 | out: puBuffLength=0x37eeb0*=0xf, pszText=0x0) returned 0x0
[0335.106] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37eeb0*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeb0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0335.106] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2ec
[0335.106] SetEvent (hEvent=0x2b8) returned 1
[0335.106] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37ee10*=0x2ec, lpdwindex=0x37ec34 | out: lpdwindex=0x37ec34) returned 0x0
[0335.108] CoGetContextToken (in: pToken=0x37ece4 | out: pToken=0x37ece4) returned 0x0
[0335.108] CoGetContextToken (in: pToken=0x37ec44 | out: pToken=0x37ec44) returned 0x0
[0335.108] WbemDefPath:IUnknown:QueryInterface (in: This=0x500da38, riid=0x37ed14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ed10 | out: ppvObject=0x37ed10*=0x500da38) returned 0x0
[0335.108] WbemDefPath:IUnknown:AddRef (This=0x500da38) returned 0x3
[0335.108] WbemDefPath:IUnknown:Release (This=0x500da38) returned 0x2
[0335.108] WbemDefPath:IWbemPath:SetText (This=0x500da38, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0
[0335.108] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500da38, puCount=0x37ee8c | out: puCount=0x37ee8c*=0x2) returned 0x0
[0335.108] WbemDefPath:IWbemPath:GetText (in: This=0x500da38, lFlags=4, puBuffLength=0x37ee88*=0x0, pszText=0x0 | out: puBuffLength=0x37ee88*=0xf, pszText=0x0) returned 0x0
[0335.108] WbemDefPath:IWbemPath:GetText (in: This=0x500da38, lFlags=4, puBuffLength=0x37ee88*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ee88*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0335.117] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37edac*=0x300, lpdwindex=0x37ec64 | out: lpdwindex=0x37ec64) returned 0x0
[0335.692] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500da38, puCount=0x37eeb0 | out: puCount=0x37eeb0*=0x2) returned 0x0
[0335.692] WbemDefPath:IWbemPath:GetText (in: This=0x500da38, lFlags=4, puBuffLength=0x37eeac*=0x0, pszText=0x0 | out: puBuffLength=0x37eeac*=0xf, pszText=0x0) returned 0x0
[0335.692] WbemDefPath:IWbemPath:GetText (in: This=0x500da38, lFlags=4, puBuffLength=0x37eeac*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0335.692] WbemDefPath:IWbemPath:GetText (in: This=0x500fcf8, lFlags=2, puBuffLength=0x37eeb4*=0x0, pszText=0x0 | out: puBuffLength=0x37eeb4*=0x10, pszText=0x0) returned 0x0
[0335.692] WbemDefPath:IWbemPath:GetText (in: This=0x500fcf8, lFlags=2, puBuffLength=0x37eeb4*=0x10, pszText="000000000000000" | out: puBuffLength=0x37eeb4*=0x10, pszText="win32_processor") returned 0x0
[0335.695] CoGetContextToken (in: pToken=0x37ec54 | out: pToken=0x37ec54) returned 0x0
[0335.695] CoGetContextToken (in: pToken=0x37ebb4 | out: pToken=0x37ebb4) returned 0x0
[0335.695] CoGetContextToken (in: pToken=0x37ebb4 | out: pToken=0x37ebb4) returned 0x0
[0335.695] CoGetContextToken (in: pToken=0x37eb54 | out: pToken=0x37eb54) returned 0x0
[0335.695] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x74618ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37eb2c | out: ppvObject=0x37eb2c*=0x5233f8) returned 0x0
[0335.695] CObjectContext::ContextCallback () returned 0x0
[0335.702] IUnknown:Release (This=0x5233f8) returned 0x1
[0335.703] CoUnmarshalInterface (in: pStm=0x551a00, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37eba8 | out: ppv=0x37eba8*=0x57ea5c) returned 0x0
[0335.703] CoMarshalInterface (pStm=0x551a00, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x57ea5c, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0335.703] WbemLocator:IUnknown:QueryInterface (in: This=0x57ea5c, riid=0x37ec84*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x37ec80 | out: ppvObject=0x37ec80*=0x500dc64) returned 0x0
[0335.709] WbemLocator:IUnknown:Release (This=0x57ea5c) returned 0x1
[0335.709] IWbemServices:GetObject (in: This=0x500dc64, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x37ee68*=0x0, ppCallResult=0x0 | out: ppObject=0x37ee68*=0x5014708, ppCallResult=0x0) returned 0x0
[0335.729] WbemLocator:IUnknown:Release (This=0x500dc64) returned 0x0
[0335.730] IWbemClassObject:Get (in: This=0x5014708, wszName="__PATH", lFlags=0, pVal=0x37ee50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37eef8*=0, plFlavor=0x37eef4*=0 | out: pVal=0x37ee50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_Processor", varVal2=0x0), pType=0x37eef8*=8, plFlavor=0x37eef4*=64) returned 0x0
[0335.730] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_Processor") returned 0x4e
[0335.730] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_Processor") returned 0x4e
[0335.730] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x344
[0335.730] SetEvent (hEvent=0x2b8) returned 1
[0335.730] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37ee0c*=0x344, lpdwindex=0x37ec30 | out: lpdwindex=0x37ec30) returned 0x0
[0335.733] CoGetContextToken (in: pToken=0x37ece4 | out: pToken=0x37ece4) returned 0x0
[0335.733] CoGetContextToken (in: pToken=0x37ec44 | out: pToken=0x37ec44) returned 0x0
[0335.733] WbemDefPath:IUnknown:QueryInterface (in: This=0x500dc20, riid=0x37ed14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ed10 | out: ppvObject=0x37ed10*=0x500dc20) returned 0x0
[0335.733] WbemDefPath:IUnknown:AddRef (This=0x500dc20) returned 0x3
[0335.733] WbemDefPath:IUnknown:Release (This=0x500dc20) returned 0x2
[0335.733] WbemDefPath:IWbemPath:SetText (This=0x500dc20, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_Processor") returned 0x0
[0335.734] IWbemClassObject:Get (in: This=0x5014708, wszName="__CLASS", lFlags=0, pVal=0x37eec0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef40*=0, plFlavor=0x37ef3c*=0 | out: pVal=0x37eec0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Processor", varVal2=0x0), pType=0x37ef40*=8, plFlavor=0x37ef3c*=64) returned 0x0
[0335.734] SysStringByteLen (bstr="Win32_Processor") returned 0x1e
[0335.734] SysStringByteLen (bstr="Win32_Processor") returned 0x1e
[0335.734] CoGetContextToken (in: pToken=0x37ece4 | out: pToken=0x37ece4) returned 0x0
[0335.734] CoGetContextToken (in: pToken=0x37ec44 | out: pToken=0x37ec44) returned 0x0
[0335.734] CoGetContextToken (in: pToken=0x37ec44 | out: pToken=0x37ec44) returned 0x0
[0335.734] CoUnmarshalInterface (in: pStm=0x551a00, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37ec38 | out: ppv=0x37ec38*=0x57ea5c) returned 0x0
[0335.734] CoMarshalInterface (pStm=0x551a00, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x57ea5c, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0335.735] WbemLocator:IUnknown:QueryInterface (in: This=0x57ea5c, riid=0x37ed14*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x37ed10 | out: ppvObject=0x37ed10*=0x5014abc) returned 0x0
[0335.735] WbemLocator:IUnknown:Release (This=0x57ea5c) returned 0x1
[0335.735] IWbemServices:CreateInstanceEnum (in: This=0x5014abc, strFilter="Win32_Processor", lFlags=17, pCtx=0x0, ppEnum=0x37eebc | out: ppEnum=0x37eebc*=0x5014b5c) returned 0x0
[0335.931] IUnknown:QueryInterface (in: This=0x5014b5c, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ed48 | out: ppvObject=0x37ed48*=0x5014b60) returned 0x0
[0335.974] IClientSecurity:QueryBlanket (in: This=0x5014b60, pProxy=0x5014b5c, pAuthnSvc=0x37ed98, pAuthzSvc=0x37ed94, pServerPrincName=0x37ed8c, pAuthnLevel=0x37ed90, pImpLevel=0x37ed80, pAuthInfo=0x37ed84, pCapabilites=0x37ed88 | out: pAuthnSvc=0x37ed98*=0xa, pAuthzSvc=0x37ed94*=0x0, pServerPrincName=0x37ed8c, pAuthnLevel=0x37ed90*=0x6, pImpLevel=0x37ed80*=0x2, pAuthInfo=0x37ed84, pCapabilites=0x37ed88*=0x1) returned 0x0
[0335.974] IUnknown:Release (This=0x5014b60) returned 0x1
[0335.974] IUnknown:QueryInterface (in: This=0x5014b5c, riid=0x6fc635a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ed3c | out: ppvObject=0x37ed3c*=0x57eb4c) returned 0x0
[0336.437] IUnknown:QueryInterface (in: This=0x5014b5c, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ed28 | out: ppvObject=0x37ed28*=0x5014b60) returned 0x0
[0336.437] IClientSecurity:SetBlanket (This=0x5014b60, pProxy=0x5014b5c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0338.544] IUnknown:Release (This=0x5014b60) returned 0x2
[0338.544] WbemLocator:IUnknown:Release (This=0x57eb4c) returned 0x1
[0338.544] CoTaskMemFree (pv=0x591010)
[0338.544] IUnknown:AddRef (This=0x5014b5c) returned 0x2
[0338.544] CoGetContextToken (in: pToken=0x37e264 | out: pToken=0x37e264) returned 0x0
[0338.544] CoGetContextToken (in: pToken=0x37e674 | out: pToken=0x37e674) returned 0x0
[0338.544] IUnknown:QueryInterface (in: This=0x5014b5c, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e610 | out: ppvObject=0x37e610*=0x57eb34) returned 0x0
[0338.545] WbemLocator:IRpcOptions:Query (in: This=0x57eb34, pPrx=0x583d00, dwProperty=2, pdwValue=0x37e704 | out: pdwValue=0x37e704) returned 0x80004002
[0338.545] WbemLocator:IUnknown:Release (This=0x57eb34) returned 0x2
[0338.545] CoGetContextToken (in: pToken=0x37ec44 | out: pToken=0x37ec44) returned 0x0
[0338.545] CoGetContextToken (in: pToken=0x37eba4 | out: pToken=0x37eba4) returned 0x0
[0338.545] IUnknown:QueryInterface (in: This=0x5014b5c, riid=0x37ec74*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37eb40 | out: ppvObject=0x37eb40*=0x5014b5c) returned 0x0
[0338.546] IUnknown:Release (This=0x5014b5c) returned 0x2
[0338.546] WbemLocator:IUnknown:Release (This=0x5014abc) returned 0x0
[0338.546] SysStringLen (param_1=0x0) returned 0x0
[0338.546] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500da38, puCount=0x37eef8 | out: puCount=0x37eef8*=0x2) returned 0x0
[0338.546] WbemDefPath:IWbemPath:GetText (in: This=0x500da38, lFlags=4, puBuffLength=0x37eef4*=0x0, pszText=0x0 | out: puBuffLength=0x37eef4*=0xf, pszText=0x0) returned 0x0
[0338.546] WbemDefPath:IWbemPath:GetText (in: This=0x500da38, lFlags=4, puBuffLength=0x37eef4*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eef4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0338.546] CoGetContextToken (in: pToken=0x37ed44 | out: pToken=0x37ed44) returned 0x0
[0338.547] IEnumWbemClassObject:Clone (in: This=0x5014b5c, ppEnum=0x37eef8 | out: ppEnum=0x37eef8*=0x5014c24) returned 0x0
[0338.549] IUnknown:QueryInterface (in: This=0x5014c24, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37edb4 | out: ppvObject=0x37edb4*=0x5014c28) returned 0x0
[0338.549] IClientSecurity:QueryBlanket (in: This=0x5014c28, pProxy=0x5014c24, pAuthnSvc=0x37ee04, pAuthzSvc=0x37ee00, pServerPrincName=0x37edf8, pAuthnLevel=0x37edfc, pImpLevel=0x37edec, pAuthInfo=0x37edf0, pCapabilites=0x37edf4 | out: pAuthnSvc=0x37ee04*=0xa, pAuthzSvc=0x37ee00*=0x0, pServerPrincName=0x37edf8, pAuthnLevel=0x37edfc*=0x6, pImpLevel=0x37edec*=0x2, pAuthInfo=0x37edf0, pCapabilites=0x37edf4*=0x1) returned 0x0
[0338.549] IUnknown:Release (This=0x5014c28) returned 0x1
[0338.549] IUnknown:QueryInterface (in: This=0x5014c24, riid=0x6fc635a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37eda8 | out: ppvObject=0x37eda8*=0x57ea5c) returned 0x0
[0338.549] IUnknown:QueryInterface (in: This=0x5014c24, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ed94 | out: ppvObject=0x37ed94*=0x5014c28) returned 0x0
[0338.549] IClientSecurity:SetBlanket (This=0x5014c28, pProxy=0x5014c24, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0338.552] IUnknown:Release (This=0x5014c28) returned 0x2
[0338.552] WbemLocator:IUnknown:Release (This=0x57ea5c) returned 0x1
[0338.552] CoTaskMemFree (pv=0x591010)
[0338.552] IUnknown:AddRef (This=0x5014c24) returned 0x2
[0338.553] CoGetContextToken (in: pToken=0x37e2c4 | out: pToken=0x37e2c4) returned 0x0
[0338.553] CoGetContextToken (in: pToken=0x37e6d4 | out: pToken=0x37e6d4) returned 0x0
[0338.553] IUnknown:QueryInterface (in: This=0x5014c24, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x57ea44) returned 0x0
[0338.553] WbemLocator:IRpcOptions:Query (in: This=0x57ea44, pPrx=0x583fb8, dwProperty=2, pdwValue=0x37e764 | out: pdwValue=0x37e764) returned 0x80004002
[0338.553] WbemLocator:IUnknown:Release (This=0x57ea44) returned 0x2
[0338.553] CoGetContextToken (in: pToken=0x37eca4 | out: pToken=0x37eca4) returned 0x0
[0338.553] CoGetContextToken (in: pToken=0x37ec04 | out: pToken=0x37ec04) returned 0x0
[0338.553] IUnknown:QueryInterface (in: This=0x5014c24, riid=0x37ecd4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37eba0 | out: ppvObject=0x37eba0*=0x5014c24) returned 0x0
[0338.553] IUnknown:Release (This=0x5014c24) returned 0x2
[0338.554] SysStringLen (param_1=0x0) returned 0x0
[0338.554] IEnumWbemClassObject:Reset (This=0x5014c24) returned 0x0
[0338.557] CoTaskMemAlloc (cb=0x4) returned 0x56cc28
[0338.558] IEnumWbemClassObject:Next (in: This=0x5014c24, lTimeout=-1, uCount=0x1, apObjects=0x56cc28, puReturned=0x22ad7a0 | out: apObjects=0x56cc28*=0x5014c60, puReturned=0x22ad7a0*=0x1) returned 0x0
[0339.363] IUnknown:QueryInterface (in: This=0x5014c60, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e54c | out: ppvObject=0x37e54c*=0x5014c60) returned 0x0
[0339.363] IUnknown:QueryInterface (in: This=0x5014c60, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e500 | out: ppvObject=0x37e500*=0x0) returned 0x80004002
[0339.414] IUnknown:QueryInterface (in: This=0x5014c60, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e328 | out: ppvObject=0x37e328*=0x0) returned 0x80004002
[0339.414] IUnknown:AddRef (This=0x5014c60) returned 0x3
[0339.414] IUnknown:QueryInterface (in: This=0x5014c60, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37de5c | out: ppvObject=0x37de5c*=0x0) returned 0x80004002
[0339.414] IUnknown:QueryInterface (in: This=0x5014c60, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37de0c | out: ppvObject=0x37de0c*=0x0) returned 0x80004002
[0339.414] IUnknown:QueryInterface (in: This=0x5014c60, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37de18 | out: ppvObject=0x37de18*=0x5014c64) returned 0x0
[0339.415] IMarshal:GetUnmarshalClass (in: This=0x5014c64, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37de20 | out: pCid=0x37de20*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0339.415] IUnknown:Release (This=0x5014c64) returned 0x3
[0339.415] CoGetContextToken (in: pToken=0x37de78 | out: pToken=0x37de78) returned 0x0
[0339.415] CoGetContextToken (in: pToken=0x37e28c | out: pToken=0x37e28c) returned 0x0
[0339.415] IUnknown:QueryInterface (in: This=0x5014c60, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e30c | out: ppvObject=0x37e30c*=0x0) returned 0x80004002
[0339.415] IUnknown:Release (This=0x5014c60) returned 0x2
[0339.415] CoGetContextToken (in: pToken=0x37e87c | out: pToken=0x37e87c) returned 0x0
[0339.415] CoGetContextToken (in: pToken=0x37e7dc | out: pToken=0x37e7dc) returned 0x0
[0339.415] IUnknown:QueryInterface (in: This=0x5014c60, riid=0x37e8ac*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e8a8 | out: ppvObject=0x37e8a8*=0x5014c60) returned 0x0
[0339.415] IUnknown:AddRef (This=0x5014c60) returned 0x4
[0339.415] IUnknown:Release (This=0x5014c60) returned 0x3
[0339.416] IUnknown:Release (This=0x5014c60) returned 0x2
[0339.416] CoTaskMemFree (pv=0x56cc28)
[0339.416] CoGetContextToken (in: pToken=0x37ebec | out: pToken=0x37ebec) returned 0x0
[0339.416] IUnknown:AddRef (This=0x5014c60) returned 0x3
[0339.417] IWbemClassObject:Get (in: This=0x5014c60, wszName="__GENUS", lFlags=0, pVal=0x37eee8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef68*=0, plFlavor=0x37ef64*=0 | out: pVal=0x37eee8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37ef68*=3, plFlavor=0x37ef64*=64) returned 0x0
[0339.418] IWbemClassObject:Get (in: This=0x5014c60, wszName="__PATH", lFlags=0, pVal=0x37eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef50*=0, plFlavor=0x37ef4c*=0 | out: pVal=0x37eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x37ef50*=8, plFlavor=0x37ef4c*=64) returned 0x0
[0339.418] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e
[0339.418] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e
[0339.418] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x34c
[0339.418] SetEvent (hEvent=0x2b8) returned 1
[0339.419] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eea4*=0x34c, lpdwindex=0x37ecc8 | out: lpdwindex=0x37ecc8) returned 0x0
[0339.423] CoGetContextToken (in: pToken=0x37ed7c | out: pToken=0x37ed7c) returned 0x0
[0339.423] CoGetContextToken (in: pToken=0x37ecdc | out: pToken=0x37ecdc) returned 0x0
[0339.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e158, riid=0x37edac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37eda8 | out: ppvObject=0x37eda8*=0x500e158) returned 0x0
[0339.423] WbemDefPath:IUnknown:AddRef (This=0x500e158) returned 0x3
[0339.423] WbemDefPath:IUnknown:Release (This=0x500e158) returned 0x2
[0339.423] WbemDefPath:IWbemPath:SetText (This=0x500e158, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0
[0339.423] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500da38, puCount=0x37ef24 | out: puCount=0x37ef24*=0x2) returned 0x0
[0339.423] WbemDefPath:IWbemPath:GetText (in: This=0x500da38, lFlags=4, puBuffLength=0x37ef20*=0x0, pszText=0x0 | out: puBuffLength=0x37ef20*=0xf, pszText=0x0) returned 0x0
[0339.423] WbemDefPath:IWbemPath:GetText (in: This=0x500da38, lFlags=4, puBuffLength=0x37ef20*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ef20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.423] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500da38, puCount=0x37ef04 | out: puCount=0x37ef04*=0x2) returned 0x0
[0339.423] WbemDefPath:IWbemPath:GetText (in: This=0x500da38, lFlags=4, puBuffLength=0x37ef00*=0x0, pszText=0x0 | out: puBuffLength=0x37ef00*=0xf, pszText=0x0) returned 0x0
[0339.423] WbemDefPath:IWbemPath:GetText (in: This=0x500da38, lFlags=4, puBuffLength=0x37ef00*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ef00*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.426] IWbemClassObject:Get (in: This=0x5014c60, wszName="processorID", lFlags=0, pVal=0x37ef00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22adc08*=0, plFlavor=0x22adc0c*=0 | out: pVal=0x37ef00*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050657", varVal2=0x0), pType=0x22adc08*=8, plFlavor=0x22adc0c*=0) returned 0x0
[0339.426] SysStringByteLen (bstr="0F8BFBFF00050657") returned 0x20
[0339.426] SysStringByteLen (bstr="0F8BFBFF00050657") returned 0x20
[0339.426] IWbemClassObject:Get (in: This=0x5014c60, wszName="processorID", lFlags=0, pVal=0x37ef08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22adc08*=8, plFlavor=0x22adc0c*=0 | out: pVal=0x37ef08*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050657", varVal2=0x0), pType=0x22adc08*=8, plFlavor=0x22adc0c*=0) returned 0x0
[0339.426] SysStringByteLen (bstr="0F8BFBFF00050657") returned 0x20
[0339.426] SysStringByteLen (bstr="0F8BFBFF00050657") returned 0x20
[0339.428] CoTaskMemAlloc (cb=0x4) returned 0x56cc68
[0339.428] IEnumWbemClassObject:Next (in: This=0x5014c24, lTimeout=-1, uCount=0x1, apObjects=0x56cc68, puReturned=0x22ad7a0 | out: apObjects=0x56cc68*=0x0, puReturned=0x22ad7a0*=0x0) returned 0x1
[0339.431] CoTaskMemFree (pv=0x56cc68)
[0339.431] CoGetContextToken (in: pToken=0x37ee1c | out: pToken=0x37ee1c) returned 0x0
[0339.432] IUnknown:Release (This=0x5014c24) returned 0x1
[0339.432] IUnknown:Release (This=0x5014c24) returned 0x0
[0339.449] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x350
[0339.449] SetEvent (hEvent=0x2b8) returned 1
[0339.449] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eec8*=0x350, lpdwindex=0x37ecec | out: lpdwindex=0x37ecec) returned 0x0
[0339.452] CoGetContextToken (in: pToken=0x37ed9c | out: pToken=0x37ed9c) returned 0x0
[0339.452] CoGetContextToken (in: pToken=0x37ecfc | out: pToken=0x37ecfc) returned 0x0
[0339.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x5014b98, riid=0x37edcc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37edc8 | out: ppvObject=0x37edc8*=0x5014b98) returned 0x0
[0339.452] WbemDefPath:IUnknown:AddRef (This=0x5014b98) returned 0x3
[0339.452] WbemDefPath:IUnknown:Release (This=0x5014b98) returned 0x2
[0339.452] WbemDefPath:IWbemPath:SetText (This=0x5014b98, uMode=0x4, pszPath="Win32_NetworkAdapterConfiguration") returned 0x0
[0339.452] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5014b98, puCount=0x37ef48 | out: puCount=0x37ef48*=0x0) returned 0x0
[0339.452] WbemDefPath:IWbemPath:GetText (in: This=0x5014b98, lFlags=2, puBuffLength=0x37ef44*=0x0, pszText=0x0 | out: puBuffLength=0x37ef44*=0x22, pszText=0x0) returned 0x0
[0339.452] WbemDefPath:IWbemPath:GetText (in: This=0x5014b98, lFlags=2, puBuffLength=0x37ef44*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x37ef44*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0
[0339.452] WbemDefPath:IWbemPath:GetInfo (in: This=0x5014b98, uRequestedInfo=0x0, puResponse=0x37ef50 | out: puResponse=0x37ef50*=0xc15) returned 0x0
[0339.452] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5014b98, puCount=0x37ef48 | out: puCount=0x37ef48*=0x0) returned 0x0
[0339.452] WbemDefPath:IWbemPath:GetInfo (in: This=0x5014b98, uRequestedInfo=0x0, puResponse=0x37ef50 | out: puResponse=0x37ef50*=0xc15) returned 0x0
[0339.453] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5014b98, puCount=0x37ef38 | out: puCount=0x37ef38*=0x0) returned 0x0
[0339.453] WbemDefPath:IWbemPath:GetText (in: This=0x5014b98, lFlags=2, puBuffLength=0x37ef34*=0x0, pszText=0x0 | out: puBuffLength=0x37ef34*=0x22, pszText=0x0) returned 0x0
[0339.453] WbemDefPath:IWbemPath:GetText (in: This=0x5014b98, lFlags=2, puBuffLength=0x37ef34*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x37ef34*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0
[0339.453] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5014b98, puCount=0x37ef38 | out: puCount=0x37ef38*=0x0) returned 0x0
[0339.453] WbemDefPath:IWbemPath:GetText (in: This=0x5014b98, lFlags=2, puBuffLength=0x37ef34*=0x0, pszText=0x0 | out: puBuffLength=0x37ef34*=0x22, pszText=0x0) returned 0x0
[0339.453] WbemDefPath:IWbemPath:GetText (in: This=0x5014b98, lFlags=2, puBuffLength=0x37ef34*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x37ef34*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0
[0339.453] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5014b98, puCount=0x37eec8 | out: puCount=0x37eec8*=0x0) returned 0x0
[0339.453] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fe30, puCount=0x37eeb4 | out: puCount=0x37eeb4*=0x2) returned 0x0
[0339.453] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37eeb0*=0x0, pszText=0x0 | out: puBuffLength=0x37eeb0*=0xf, pszText=0x0) returned 0x0
[0339.453] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37eeb0*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeb0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.453] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x354
[0339.453] SetEvent (hEvent=0x2b8) returned 1
[0339.453] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37ee10*=0x354, lpdwindex=0x37ec34 | out: lpdwindex=0x37ec34) returned 0x0
[0339.456] CoGetContextToken (in: pToken=0x37ece4 | out: pToken=0x37ece4) returned 0x0
[0339.456] CoGetContextToken (in: pToken=0x37ec44 | out: pToken=0x37ec44) returned 0x0
[0339.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e790, riid=0x37ed14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ed10 | out: ppvObject=0x37ed10*=0x500e790) returned 0x0
[0339.456] WbemDefPath:IUnknown:AddRef (This=0x500e790) returned 0x3
[0339.456] WbemDefPath:IUnknown:Release (This=0x500e790) returned 0x2
[0339.456] WbemDefPath:IWbemPath:SetText (This=0x500e790, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0
[0339.456] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37ee8c | out: puCount=0x37ee8c*=0x2) returned 0x0
[0339.456] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ee88*=0x0, pszText=0x0 | out: puBuffLength=0x37ee88*=0xf, pszText=0x0) returned 0x0
[0339.456] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ee88*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ee88*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.473] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37edac*=0x368, lpdwindex=0x37ec64 | out: lpdwindex=0x37ec64) returned 0x0
[0339.490] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37eeb0 | out: puCount=0x37eeb0*=0x2) returned 0x0
[0339.490] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeac*=0x0, pszText=0x0 | out: puBuffLength=0x37eeac*=0xf, pszText=0x0) returned 0x0
[0339.490] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeac*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.490] WbemDefPath:IWbemPath:GetText (in: This=0x5014b98, lFlags=2, puBuffLength=0x37eeb4*=0x0, pszText=0x0 | out: puBuffLength=0x37eeb4*=0x22, pszText=0x0) returned 0x0
[0339.490] WbemDefPath:IWbemPath:GetText (in: This=0x5014b98, lFlags=2, puBuffLength=0x37eeb4*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x37eeb4*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0
[0339.491] CoGetContextToken (in: pToken=0x37ec34 | out: pToken=0x37ec34) returned 0x0
[0339.491] CoGetContextToken (in: pToken=0x37eb94 | out: pToken=0x37eb94) returned 0x0
[0339.491] CoGetContextToken (in: pToken=0x37eb94 | out: pToken=0x37eb94) returned 0x0
[0339.491] CoGetContextToken (in: pToken=0x37eb34 | out: pToken=0x37eb34) returned 0x0
[0339.491] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x74618ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37eb0c | out: ppvObject=0x37eb0c*=0x5233f8) returned 0x0
[0339.491] CObjectContext::ContextCallback () returned 0x0
[0339.494] IUnknown:Release (This=0x5233f8) returned 0x1
[0339.494] CoUnmarshalInterface (in: pStm=0x551640, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37eb88 | out: ppv=0x37eb88*=0x57ee1c) returned 0x0
[0339.495] CoMarshalInterface (pStm=0x551640, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x57ee1c, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0339.495] WbemLocator:IUnknown:QueryInterface (in: This=0x57ee1c, riid=0x37ec64*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x37ec60 | out: ppvObject=0x37ec60*=0x500e844) returned 0x0
[0339.496] WbemLocator:IUnknown:Release (This=0x57ee1c) returned 0x1
[0339.496] IWbemServices:GetObject (in: This=0x500e844, strObjectPath="Win32_NetworkAdapterConfiguration", lFlags=0, pCtx=0x0, ppObject=0x37ee68*=0x0, ppCallResult=0x0 | out: ppObject=0x37ee68*=0x5019520, ppCallResult=0x0) returned 0x0
[0339.520] WbemLocator:IUnknown:Release (This=0x500e844) returned 0x0
[0339.521] IWbemClassObject:Get (in: This=0x5019520, wszName="__PATH", lFlags=0, pVal=0x37ee50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37eef8*=0, plFlavor=0x37eef4*=0 | out: pVal=0x37ee50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x37eef8*=8, plFlavor=0x37eef4*=64) returned 0x0
[0339.521] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x72
[0339.521] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x72
[0339.521] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x384
[0339.521] SetEvent (hEvent=0x2b8) returned 1
[0339.521] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37ee0c*=0x384, lpdwindex=0x37ec30 | out: lpdwindex=0x37ec30) returned 0x0
[0339.523] CoGetContextToken (in: pToken=0x37ece4 | out: pToken=0x37ece4) returned 0x0
[0339.523] CoGetContextToken (in: pToken=0x37ec44 | out: pToken=0x37ec44) returned 0x0
[0339.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e800, riid=0x37ed14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ed10 | out: ppvObject=0x37ed10*=0x500e800) returned 0x0
[0339.523] WbemDefPath:IUnknown:AddRef (This=0x500e800) returned 0x3
[0339.523] WbemDefPath:IUnknown:Release (This=0x500e800) returned 0x2
[0339.523] WbemDefPath:IWbemPath:SetText (This=0x500e800, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x0
[0339.523] IWbemClassObject:Get (in: This=0x5019520, wszName="__CLASS", lFlags=0, pVal=0x37eec0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef40*=0, plFlavor=0x37ef3c*=0 | out: pVal=0x37eec0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x37ef40*=8, plFlavor=0x37ef3c*=64) returned 0x0
[0339.524] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42
[0339.524] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42
[0339.524] CoGetContextToken (in: pToken=0x37ecbc | out: pToken=0x37ecbc) returned 0x0
[0339.524] CoGetContextToken (in: pToken=0x37ec1c | out: pToken=0x37ec1c) returned 0x0
[0339.524] CoGetContextToken (in: pToken=0x37ec1c | out: pToken=0x37ec1c) returned 0x0
[0339.524] CoUnmarshalInterface (in: pStm=0x551640, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37ec10 | out: ppv=0x37ec10*=0x57ee1c) returned 0x0
[0339.524] CoMarshalInterface (pStm=0x551640, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x57ee1c, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0339.524] WbemLocator:IUnknown:QueryInterface (in: This=0x57ee1c, riid=0x37ecec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x37ece8 | out: ppvObject=0x37ece8*=0x500e99c) returned 0x0
[0339.525] WbemLocator:IUnknown:Release (This=0x57ee1c) returned 0x1
[0339.525] IWbemServices:CreateInstanceEnum (in: This=0x500e99c, strFilter="Win32_NetworkAdapterConfiguration", lFlags=17, pCtx=0x0, ppEnum=0x37eebc | out: ppEnum=0x37eebc*=0x50197a4) returned 0x0
[0339.707] IUnknown:QueryInterface (in: This=0x50197a4, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ed24 | out: ppvObject=0x37ed24*=0x50197a8) returned 0x0
[0339.708] IClientSecurity:QueryBlanket (in: This=0x50197a8, pProxy=0x50197a4, pAuthnSvc=0x37ed74, pAuthzSvc=0x37ed70, pServerPrincName=0x37ed68, pAuthnLevel=0x37ed6c, pImpLevel=0x37ed5c, pAuthInfo=0x37ed60, pCapabilites=0x37ed64 | out: pAuthnSvc=0x37ed74*=0xa, pAuthzSvc=0x37ed70*=0x0, pServerPrincName=0x37ed68, pAuthnLevel=0x37ed6c*=0x6, pImpLevel=0x37ed5c*=0x2, pAuthInfo=0x37ed60, pCapabilites=0x37ed64*=0x1) returned 0x0
[0339.708] IUnknown:Release (This=0x50197a8) returned 0x1
[0339.708] IUnknown:QueryInterface (in: This=0x50197a4, riid=0x6fc635a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ed18 | out: ppvObject=0x37ed18*=0x57ef0c) returned 0x0
[0339.708] IUnknown:QueryInterface (in: This=0x50197a4, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ed04 | out: ppvObject=0x37ed04*=0x50197a8) returned 0x0
[0339.708] IClientSecurity:SetBlanket (This=0x50197a8, pProxy=0x50197a4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0339.710] IUnknown:Release (This=0x50197a8) returned 0x2
[0339.710] WbemLocator:IUnknown:Release (This=0x57ef0c) returned 0x1
[0339.710] CoTaskMemFree (pv=0x5958e0)
[0339.710] IUnknown:AddRef (This=0x50197a4) returned 0x2
[0339.711] CoGetContextToken (in: pToken=0x37e240 | out: pToken=0x37e240) returned 0x0
[0339.711] CoGetContextToken (in: pToken=0x37e654 | out: pToken=0x37e654) returned 0x0
[0339.711] IUnknown:QueryInterface (in: This=0x50197a4, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e5ec | out: ppvObject=0x37e5ec*=0x57eef4) returned 0x0
[0339.711] WbemLocator:IRpcOptions:Query (in: This=0x57eef4, pPrx=0x593148, dwProperty=2, pdwValue=0x37e6e0 | out: pdwValue=0x37e6e0) returned 0x80004002
[0339.711] WbemLocator:IUnknown:Release (This=0x57eef4) returned 0x2
[0339.711] CoGetContextToken (in: pToken=0x37ec24 | out: pToken=0x37ec24) returned 0x0
[0339.711] CoGetContextToken (in: pToken=0x37eb84 | out: pToken=0x37eb84) returned 0x0
[0339.712] IUnknown:QueryInterface (in: This=0x50197a4, riid=0x37ec54*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37eb20 | out: ppvObject=0x37eb20*=0x50197a4) returned 0x0
[0339.712] IUnknown:Release (This=0x50197a4) returned 0x2
[0339.712] WbemLocator:IUnknown:Release (This=0x500e99c) returned 0x0
[0339.712] SysStringLen (param_1=0x0) returned 0x0
[0339.712] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37eef8 | out: puCount=0x37eef8*=0x2) returned 0x0
[0339.712] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eef4*=0x0, pszText=0x0 | out: puBuffLength=0x37eef4*=0xf, pszText=0x0) returned 0x0
[0339.712] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eef4*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eef4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.712] CoGetContextToken (in: pToken=0x37ed44 | out: pToken=0x37ed44) returned 0x0
[0339.712] IEnumWbemClassObject:Clone (in: This=0x50197a4, ppEnum=0x37eef8 | out: ppEnum=0x37eef8*=0x501986c) returned 0x0
[0339.714] IUnknown:QueryInterface (in: This=0x501986c, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37edb4 | out: ppvObject=0x37edb4*=0x5019870) returned 0x0
[0339.714] IClientSecurity:QueryBlanket (in: This=0x5019870, pProxy=0x501986c, pAuthnSvc=0x37ee04, pAuthzSvc=0x37ee00, pServerPrincName=0x37edf8, pAuthnLevel=0x37edfc, pImpLevel=0x37edec, pAuthInfo=0x37edf0, pCapabilites=0x37edf4 | out: pAuthnSvc=0x37ee04*=0xa, pAuthzSvc=0x37ee00*=0x0, pServerPrincName=0x37edf8, pAuthnLevel=0x37edfc*=0x6, pImpLevel=0x37edec*=0x2, pAuthInfo=0x37edf0, pCapabilites=0x37edf4*=0x1) returned 0x0
[0339.714] IUnknown:Release (This=0x5019870) returned 0x1
[0339.714] IUnknown:QueryInterface (in: This=0x501986c, riid=0x6fc635a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37eda8 | out: ppvObject=0x37eda8*=0x57ee1c) returned 0x0
[0339.714] IUnknown:QueryInterface (in: This=0x501986c, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ed94 | out: ppvObject=0x37ed94*=0x5019870) returned 0x0
[0339.714] IClientSecurity:SetBlanket (This=0x5019870, pProxy=0x501986c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0339.717] IUnknown:Release (This=0x5019870) returned 0x2
[0339.717] WbemLocator:IUnknown:Release (This=0x57ee1c) returned 0x1
[0339.717] CoTaskMemFree (pv=0x5958e0)
[0339.718] IUnknown:AddRef (This=0x501986c) returned 0x2
[0339.718] CoGetContextToken (in: pToken=0x37e2c4 | out: pToken=0x37e2c4) returned 0x0
[0339.718] CoGetContextToken (in: pToken=0x37e6d4 | out: pToken=0x37e6d4) returned 0x0
[0339.718] IUnknown:QueryInterface (in: This=0x501986c, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x57ee04) returned 0x0
[0339.718] WbemLocator:IRpcOptions:Query (in: This=0x57ee04, pPrx=0x593178, dwProperty=2, pdwValue=0x37e764 | out: pdwValue=0x37e764) returned 0x80004002
[0339.718] WbemLocator:IUnknown:Release (This=0x57ee04) returned 0x2
[0339.719] CoGetContextToken (in: pToken=0x37eca4 | out: pToken=0x37eca4) returned 0x0
[0339.719] CoGetContextToken (in: pToken=0x37ec04 | out: pToken=0x37ec04) returned 0x0
[0339.719] IUnknown:QueryInterface (in: This=0x501986c, riid=0x37ecd4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37eba0 | out: ppvObject=0x37eba0*=0x501986c) returned 0x0
[0339.719] IUnknown:Release (This=0x501986c) returned 0x2
[0339.719] SysStringLen (param_1=0x0) returned 0x0
[0339.719] IEnumWbemClassObject:Reset (This=0x501986c) returned 0x0
[0339.720] CoTaskMemAlloc (cb=0x4) returned 0x595520
[0339.720] IEnumWbemClassObject:Next (in: This=0x501986c, lTimeout=-1, uCount=0x1, apObjects=0x595520, puReturned=0x22b48dc | out: apObjects=0x595520*=0x50198a8, puReturned=0x22b48dc*=0x1) returned 0x0
[0339.724] IUnknown:QueryInterface (in: This=0x50198a8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e54c | out: ppvObject=0x37e54c*=0x50198a8) returned 0x0
[0339.724] IUnknown:QueryInterface (in: This=0x50198a8, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e500 | out: ppvObject=0x37e500*=0x0) returned 0x80004002
[0339.725] IUnknown:QueryInterface (in: This=0x50198a8, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e328 | out: ppvObject=0x37e328*=0x0) returned 0x80004002
[0339.725] IUnknown:AddRef (This=0x50198a8) returned 0x3
[0339.725] IUnknown:QueryInterface (in: This=0x50198a8, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37de5c | out: ppvObject=0x37de5c*=0x0) returned 0x80004002
[0339.725] IUnknown:QueryInterface (in: This=0x50198a8, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37de0c | out: ppvObject=0x37de0c*=0x0) returned 0x80004002
[0339.725] IUnknown:QueryInterface (in: This=0x50198a8, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37de18 | out: ppvObject=0x37de18*=0x50198ac) returned 0x0
[0339.725] IMarshal:GetUnmarshalClass (in: This=0x50198ac, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37de20 | out: pCid=0x37de20*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0339.725] IUnknown:Release (This=0x50198ac) returned 0x3
[0339.725] CoGetContextToken (in: pToken=0x37de78 | out: pToken=0x37de78) returned 0x0
[0339.725] CoGetContextToken (in: pToken=0x37e28c | out: pToken=0x37e28c) returned 0x0
[0339.725] IUnknown:QueryInterface (in: This=0x50198a8, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e30c | out: ppvObject=0x37e30c*=0x0) returned 0x80004002
[0339.725] IUnknown:Release (This=0x50198a8) returned 0x2
[0339.725] CoGetContextToken (in: pToken=0x37e87c | out: pToken=0x37e87c) returned 0x0
[0339.725] CoGetContextToken (in: pToken=0x37e7dc | out: pToken=0x37e7dc) returned 0x0
[0339.725] IUnknown:QueryInterface (in: This=0x50198a8, riid=0x37e8ac*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e8a8 | out: ppvObject=0x37e8a8*=0x50198a8) returned 0x0
[0339.725] IUnknown:AddRef (This=0x50198a8) returned 0x4
[0339.725] IUnknown:Release (This=0x50198a8) returned 0x3
[0339.725] IUnknown:Release (This=0x50198a8) returned 0x2
[0339.726] CoTaskMemFree (pv=0x595520)
[0339.726] CoGetContextToken (in: pToken=0x37ebec | out: pToken=0x37ebec) returned 0x0
[0339.726] IUnknown:AddRef (This=0x50198a8) returned 0x3
[0339.726] IWbemClassObject:Get (in: This=0x50198a8, wszName="__GENUS", lFlags=0, pVal=0x37eee8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef68*=0, plFlavor=0x37ef64*=0 | out: pVal=0x37eee8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37ef68*=3, plFlavor=0x37ef64*=64) returned 0x0
[0339.726] IWbemClassObject:Get (in: This=0x50198a8, wszName="__PATH", lFlags=0, pVal=0x37eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef50*=0, plFlavor=0x37ef4c*=0 | out: pVal=0x37eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0", varVal2=0x0), pType=0x37ef50*=8, plFlavor=0x37ef4c*=64) returned 0x0
[0339.726] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x82
[0339.726] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x82
[0339.726] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388
[0339.726] SetEvent (hEvent=0x2b8) returned 1
[0339.726] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eea4*=0x388, lpdwindex=0x37ecc8 | out: lpdwindex=0x37ecc8) returned 0x0
[0339.729] CoGetContextToken (in: pToken=0x37ed7c | out: pToken=0x37ed7c) returned 0x0
[0339.729] CoGetContextToken (in: pToken=0x37ecdc | out: pToken=0x37ecdc) returned 0x0
[0339.729] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e958, riid=0x37edac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37eda8 | out: ppvObject=0x37eda8*=0x500e958) returned 0x0
[0339.729] WbemDefPath:IUnknown:AddRef (This=0x500e958) returned 0x3
[0339.729] WbemDefPath:IUnknown:Release (This=0x500e958) returned 0x2
[0339.729] WbemDefPath:IWbemPath:SetText (This=0x500e958, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x0
[0339.788] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37ef24 | out: puCount=0x37ef24*=0x2) returned 0x0
[0339.788] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0x0, pszText=0x0 | out: puBuffLength=0x37ef20*=0xf, pszText=0x0) returned 0x0
[0339.788] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ef20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.791] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37eef0 | out: puCount=0x37eef0*=0x2) returned 0x0
[0339.791] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0x0, pszText=0x0 | out: puBuffLength=0x37eeec*=0xf, pszText=0x0) returned 0x0
[0339.791] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.791] IWbemClassObject:Get (in: This=0x50198a8, wszName="IPEnabled", lFlags=0, pVal=0x37eeec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22b4d2c*=0, plFlavor=0x22b4d30*=0 | out: pVal=0x37eeec*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22b4d2c*=11, plFlavor=0x22b4d30*=0) returned 0x0
[0339.791] IWbemClassObject:Get (in: This=0x50198a8, wszName="IPEnabled", lFlags=0, pVal=0x37eef4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22b4d2c*=11, plFlavor=0x22b4d30*=0 | out: pVal=0x37eef4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22b4d2c*=11, plFlavor=0x22b4d30*=0) returned 0x0
[0339.797] IUnknown:Release (This=0x50198a8) returned 0x2
[0339.799] CoTaskMemAlloc (cb=0x4) returned 0x595560
[0339.799] IEnumWbemClassObject:Next (in: This=0x501986c, lTimeout=-1, uCount=0x1, apObjects=0x595560, puReturned=0x22b48dc | out: apObjects=0x595560*=0x50333b8, puReturned=0x22b48dc*=0x1) returned 0x0
[0339.801] IUnknown:QueryInterface (in: This=0x50333b8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e54c | out: ppvObject=0x37e54c*=0x50333b8) returned 0x0
[0339.801] IUnknown:QueryInterface (in: This=0x50333b8, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e500 | out: ppvObject=0x37e500*=0x0) returned 0x80004002
[0339.801] IUnknown:QueryInterface (in: This=0x50333b8, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e328 | out: ppvObject=0x37e328*=0x0) returned 0x80004002
[0339.802] IUnknown:AddRef (This=0x50333b8) returned 0x3
[0339.802] IUnknown:QueryInterface (in: This=0x50333b8, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37de5c | out: ppvObject=0x37de5c*=0x0) returned 0x80004002
[0339.802] IUnknown:QueryInterface (in: This=0x50333b8, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37de0c | out: ppvObject=0x37de0c*=0x0) returned 0x80004002
[0339.802] IUnknown:QueryInterface (in: This=0x50333b8, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37de18 | out: ppvObject=0x37de18*=0x50333bc) returned 0x0
[0339.802] IMarshal:GetUnmarshalClass (in: This=0x50333bc, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37de20 | out: pCid=0x37de20*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0339.802] IUnknown:Release (This=0x50333bc) returned 0x3
[0339.802] CoGetContextToken (in: pToken=0x37de78 | out: pToken=0x37de78) returned 0x0
[0339.802] CoGetContextToken (in: pToken=0x37e28c | out: pToken=0x37e28c) returned 0x0
[0339.802] IUnknown:QueryInterface (in: This=0x50333b8, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e30c | out: ppvObject=0x37e30c*=0x0) returned 0x80004002
[0339.802] IUnknown:Release (This=0x50333b8) returned 0x2
[0339.802] CoGetContextToken (in: pToken=0x37e87c | out: pToken=0x37e87c) returned 0x0
[0339.802] CoGetContextToken (in: pToken=0x37e7dc | out: pToken=0x37e7dc) returned 0x0
[0339.802] IUnknown:QueryInterface (in: This=0x50333b8, riid=0x37e8ac*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e8a8 | out: ppvObject=0x37e8a8*=0x50333b8) returned 0x0
[0339.803] IUnknown:AddRef (This=0x50333b8) returned 0x4
[0339.803] IUnknown:Release (This=0x50333b8) returned 0x3
[0339.803] IUnknown:Release (This=0x50333b8) returned 0x2
[0339.803] CoTaskMemFree (pv=0x595560)
[0339.803] CoGetContextToken (in: pToken=0x37ebec | out: pToken=0x37ebec) returned 0x0
[0339.803] IUnknown:AddRef (This=0x50333b8) returned 0x3
[0339.803] IWbemClassObject:Get (in: This=0x50333b8, wszName="__GENUS", lFlags=0, pVal=0x37eee8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef68*=0, plFlavor=0x37ef64*=0 | out: pVal=0x37eee8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37ef68*=3, plFlavor=0x37ef64*=64) returned 0x0
[0339.803] IWbemClassObject:Get (in: This=0x50333b8, wszName="__PATH", lFlags=0, pVal=0x37eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef50*=0, plFlavor=0x37ef4c*=0 | out: pVal=0x37eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x37ef50*=8, plFlavor=0x37ef4c*=64) returned 0x0
[0339.803] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x82
[0339.803] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x82
[0339.803] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x38c
[0339.803] SetEvent (hEvent=0x2b8) returned 1
[0339.803] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eea4*=0x38c, lpdwindex=0x37ecc8 | out: lpdwindex=0x37ecc8) returned 0x0
[0339.806] CoGetContextToken (in: pToken=0x37ed7c | out: pToken=0x37ed7c) returned 0x0
[0339.806] CoGetContextToken (in: pToken=0x37ecdc | out: pToken=0x37ecdc) returned 0x0
[0339.806] WbemDefPath:IUnknown:QueryInterface (in: This=0x5019c68, riid=0x37edac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37eda8 | out: ppvObject=0x37eda8*=0x5019c68) returned 0x0
[0339.806] WbemDefPath:IUnknown:AddRef (This=0x5019c68) returned 0x3
[0339.806] WbemDefPath:IUnknown:Release (This=0x5019c68) returned 0x2
[0339.806] WbemDefPath:IWbemPath:SetText (This=0x5019c68, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x0
[0339.806] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37ef24 | out: puCount=0x37ef24*=0x2) returned 0x0
[0339.806] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0x0, pszText=0x0 | out: puBuffLength=0x37ef20*=0xf, pszText=0x0) returned 0x0
[0339.806] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ef20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.806] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37eef0 | out: puCount=0x37eef0*=0x2) returned 0x0
[0339.806] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0x0, pszText=0x0 | out: puBuffLength=0x37eeec*=0xf, pszText=0x0) returned 0x0
[0339.806] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.806] IWbemClassObject:Get (in: This=0x50333b8, wszName="IPEnabled", lFlags=0, pVal=0x37eeec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22b53a0*=0, plFlavor=0x22b53a4*=0 | out: pVal=0x37eeec*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22b53a0*=11, plFlavor=0x22b53a4*=0) returned 0x0
[0339.807] IWbemClassObject:Get (in: This=0x50333b8, wszName="IPEnabled", lFlags=0, pVal=0x37eef4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22b53a0*=11, plFlavor=0x22b53a4*=0 | out: pVal=0x37eef4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22b53a0*=11, plFlavor=0x22b53a4*=0) returned 0x0
[0339.807] IUnknown:Release (This=0x50333b8) returned 0x2
[0339.807] CoTaskMemAlloc (cb=0x4) returned 0x5955a0
[0339.807] IEnumWbemClassObject:Next (in: This=0x501986c, lTimeout=-1, uCount=0x1, apObjects=0x5955a0, puReturned=0x22b48dc | out: apObjects=0x5955a0*=0x5033830, puReturned=0x22b48dc*=0x1) returned 0x0
[0339.808] IUnknown:QueryInterface (in: This=0x5033830, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e54c | out: ppvObject=0x37e54c*=0x5033830) returned 0x0
[0339.808] IUnknown:QueryInterface (in: This=0x5033830, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e500 | out: ppvObject=0x37e500*=0x0) returned 0x80004002
[0339.808] IUnknown:QueryInterface (in: This=0x5033830, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e328 | out: ppvObject=0x37e328*=0x0) returned 0x80004002
[0339.808] IUnknown:AddRef (This=0x5033830) returned 0x3
[0339.809] IUnknown:QueryInterface (in: This=0x5033830, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37de5c | out: ppvObject=0x37de5c*=0x0) returned 0x80004002
[0339.809] IUnknown:QueryInterface (in: This=0x5033830, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37de0c | out: ppvObject=0x37de0c*=0x0) returned 0x80004002
[0339.809] IUnknown:QueryInterface (in: This=0x5033830, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37de18 | out: ppvObject=0x37de18*=0x5033834) returned 0x0
[0339.809] IMarshal:GetUnmarshalClass (in: This=0x5033834, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37de20 | out: pCid=0x37de20*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0339.809] IUnknown:Release (This=0x5033834) returned 0x3
[0339.809] CoGetContextToken (in: pToken=0x37de78 | out: pToken=0x37de78) returned 0x0
[0339.809] CoGetContextToken (in: pToken=0x37e28c | out: pToken=0x37e28c) returned 0x0
[0339.809] IUnknown:QueryInterface (in: This=0x5033830, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e30c | out: ppvObject=0x37e30c*=0x0) returned 0x80004002
[0339.809] IUnknown:Release (This=0x5033830) returned 0x2
[0339.809] CoGetContextToken (in: pToken=0x37e87c | out: pToken=0x37e87c) returned 0x0
[0339.809] CoGetContextToken (in: pToken=0x37e7dc | out: pToken=0x37e7dc) returned 0x0
[0339.809] IUnknown:QueryInterface (in: This=0x5033830, riid=0x37e8ac*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e8a8 | out: ppvObject=0x37e8a8*=0x5033830) returned 0x0
[0339.809] IUnknown:AddRef (This=0x5033830) returned 0x4
[0339.809] IUnknown:Release (This=0x5033830) returned 0x3
[0339.809] IUnknown:Release (This=0x5033830) returned 0x2
[0339.809] CoTaskMemFree (pv=0x5955a0)
[0339.809] CoGetContextToken (in: pToken=0x37ebec | out: pToken=0x37ebec) returned 0x0
[0339.809] IUnknown:AddRef (This=0x5033830) returned 0x3
[0339.809] IWbemClassObject:Get (in: This=0x5033830, wszName="__GENUS", lFlags=0, pVal=0x37eee8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef68*=0, plFlavor=0x37ef64*=0 | out: pVal=0x37eee8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37ef68*=3, plFlavor=0x37ef64*=64) returned 0x0
[0339.809] IWbemClassObject:Get (in: This=0x5033830, wszName="__PATH", lFlags=0, pVal=0x37eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef50*=0, plFlavor=0x37ef4c*=0 | out: pVal=0x37eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2", varVal2=0x0), pType=0x37ef50*=8, plFlavor=0x37ef4c*=64) returned 0x0
[0339.810] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x82
[0339.810] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x82
[0339.810] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x390
[0339.810] SetEvent (hEvent=0x2b8) returned 1
[0339.810] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eea4*=0x390, lpdwindex=0x37ecc8 | out: lpdwindex=0x37ecc8) returned 0x0
[0339.812] CoGetContextToken (in: pToken=0x37ed7c | out: pToken=0x37ed7c) returned 0x0
[0339.812] CoGetContextToken (in: pToken=0x37ecdc | out: pToken=0x37ecdc) returned 0x0
[0339.812] WbemDefPath:IUnknown:QueryInterface (in: This=0x5033b68, riid=0x37edac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37eda8 | out: ppvObject=0x37eda8*=0x5033b68) returned 0x0
[0339.812] WbemDefPath:IUnknown:AddRef (This=0x5033b68) returned 0x3
[0339.812] WbemDefPath:IUnknown:Release (This=0x5033b68) returned 0x2
[0339.812] WbemDefPath:IWbemPath:SetText (This=0x5033b68, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x0
[0339.813] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37ef24 | out: puCount=0x37ef24*=0x2) returned 0x0
[0339.813] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0x0, pszText=0x0 | out: puBuffLength=0x37ef20*=0xf, pszText=0x0) returned 0x0
[0339.813] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ef20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.813] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37eef0 | out: puCount=0x37eef0*=0x2) returned 0x0
[0339.813] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0x0, pszText=0x0 | out: puBuffLength=0x37eeec*=0xf, pszText=0x0) returned 0x0
[0339.813] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.813] IWbemClassObject:Get (in: This=0x5033830, wszName="IPEnabled", lFlags=0, pVal=0x37eeec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22b57cc*=0, plFlavor=0x22b57d0*=0 | out: pVal=0x37eeec*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22b57cc*=11, plFlavor=0x22b57d0*=0) returned 0x0
[0339.813] IWbemClassObject:Get (in: This=0x5033830, wszName="IPEnabled", lFlags=0, pVal=0x37eef4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22b57cc*=11, plFlavor=0x22b57d0*=0 | out: pVal=0x37eef4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22b57cc*=11, plFlavor=0x22b57d0*=0) returned 0x0
[0339.813] IUnknown:Release (This=0x5033830) returned 0x2
[0339.813] CoTaskMemAlloc (cb=0x4) returned 0x5955e0
[0339.813] IEnumWbemClassObject:Next (in: This=0x501986c, lTimeout=-1, uCount=0x1, apObjects=0x5955e0, puReturned=0x22b48dc | out: apObjects=0x5955e0*=0x5033c68, puReturned=0x22b48dc*=0x1) returned 0x0
[0339.814] IUnknown:QueryInterface (in: This=0x5033c68, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e54c | out: ppvObject=0x37e54c*=0x5033c68) returned 0x0
[0339.814] IUnknown:QueryInterface (in: This=0x5033c68, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e500 | out: ppvObject=0x37e500*=0x0) returned 0x80004002
[0339.814] IUnknown:QueryInterface (in: This=0x5033c68, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e328 | out: ppvObject=0x37e328*=0x0) returned 0x80004002
[0339.815] IUnknown:AddRef (This=0x5033c68) returned 0x3
[0339.815] IUnknown:QueryInterface (in: This=0x5033c68, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37de5c | out: ppvObject=0x37de5c*=0x0) returned 0x80004002
[0339.815] IUnknown:QueryInterface (in: This=0x5033c68, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37de0c | out: ppvObject=0x37de0c*=0x0) returned 0x80004002
[0339.815] IUnknown:QueryInterface (in: This=0x5033c68, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37de18 | out: ppvObject=0x37de18*=0x5033c6c) returned 0x0
[0339.815] IMarshal:GetUnmarshalClass (in: This=0x5033c6c, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37de20 | out: pCid=0x37de20*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0339.815] IUnknown:Release (This=0x5033c6c) returned 0x3
[0339.815] CoGetContextToken (in: pToken=0x37de78 | out: pToken=0x37de78) returned 0x0
[0339.815] CoGetContextToken (in: pToken=0x37e28c | out: pToken=0x37e28c) returned 0x0
[0339.815] IUnknown:QueryInterface (in: This=0x5033c68, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e30c | out: ppvObject=0x37e30c*=0x0) returned 0x80004002
[0339.815] IUnknown:Release (This=0x5033c68) returned 0x2
[0339.815] CoGetContextToken (in: pToken=0x37e87c | out: pToken=0x37e87c) returned 0x0
[0339.815] CoGetContextToken (in: pToken=0x37e7dc | out: pToken=0x37e7dc) returned 0x0
[0339.815] IUnknown:QueryInterface (in: This=0x5033c68, riid=0x37e8ac*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e8a8 | out: ppvObject=0x37e8a8*=0x5033c68) returned 0x0
[0339.815] IUnknown:AddRef (This=0x5033c68) returned 0x4
[0339.815] IUnknown:Release (This=0x5033c68) returned 0x3
[0339.815] IUnknown:Release (This=0x5033c68) returned 0x2
[0339.815] CoTaskMemFree (pv=0x5955e0)
[0339.815] CoGetContextToken (in: pToken=0x37ebec | out: pToken=0x37ebec) returned 0x0
[0339.815] IUnknown:AddRef (This=0x5033c68) returned 0x3
[0339.815] IWbemClassObject:Get (in: This=0x5033c68, wszName="__GENUS", lFlags=0, pVal=0x37eee8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef68*=0, plFlavor=0x37ef64*=0 | out: pVal=0x37eee8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37ef68*=3, plFlavor=0x37ef64*=64) returned 0x0
[0339.815] IWbemClassObject:Get (in: This=0x5033c68, wszName="__PATH", lFlags=0, pVal=0x37eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef50*=0, plFlavor=0x37ef4c*=0 | out: pVal=0x37eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3", varVal2=0x0), pType=0x37ef50*=8, plFlavor=0x37ef4c*=64) returned 0x0
[0339.816] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x82
[0339.816] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x82
[0339.816] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394
[0339.816] SetEvent (hEvent=0x2b8) returned 1
[0339.816] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eea4*=0x394, lpdwindex=0x37ecc8 | out: lpdwindex=0x37ecc8) returned 0x0
[0339.818] CoGetContextToken (in: pToken=0x37ed7c | out: pToken=0x37ed7c) returned 0x0
[0339.818] CoGetContextToken (in: pToken=0x37ecdc | out: pToken=0x37ecdc) returned 0x0
[0339.818] WbemDefPath:IUnknown:QueryInterface (in: This=0x50155f8, riid=0x37edac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37eda8 | out: ppvObject=0x37eda8*=0x50155f8) returned 0x0
[0339.818] WbemDefPath:IUnknown:AddRef (This=0x50155f8) returned 0x3
[0339.818] WbemDefPath:IUnknown:Release (This=0x50155f8) returned 0x2
[0339.818] WbemDefPath:IWbemPath:SetText (This=0x50155f8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x0
[0339.818] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37ef24 | out: puCount=0x37ef24*=0x2) returned 0x0
[0339.819] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0x0, pszText=0x0 | out: puBuffLength=0x37ef20*=0xf, pszText=0x0) returned 0x0
[0339.819] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ef20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.819] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37eef0 | out: puCount=0x37eef0*=0x2) returned 0x0
[0339.819] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0x0, pszText=0x0 | out: puBuffLength=0x37eeec*=0xf, pszText=0x0) returned 0x0
[0339.819] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.819] IWbemClassObject:Get (in: This=0x5033c68, wszName="IPEnabled", lFlags=0, pVal=0x37eeec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22b5bf8*=0, plFlavor=0x22b5bfc*=0 | out: pVal=0x37eeec*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22b5bf8*=11, plFlavor=0x22b5bfc*=0) returned 0x0
[0339.819] IWbemClassObject:Get (in: This=0x5033c68, wszName="IPEnabled", lFlags=0, pVal=0x37eef4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22b5bf8*=11, plFlavor=0x22b5bfc*=0 | out: pVal=0x37eef4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22b5bf8*=11, plFlavor=0x22b5bfc*=0) returned 0x0
[0339.819] IUnknown:Release (This=0x5033c68) returned 0x2
[0339.819] CoTaskMemAlloc (cb=0x4) returned 0x595620
[0339.819] IEnumWbemClassObject:Next (in: This=0x501986c, lTimeout=-1, uCount=0x1, apObjects=0x595620, puReturned=0x22b48dc | out: apObjects=0x595620*=0x50156f8, puReturned=0x22b48dc*=0x1) returned 0x0
[0339.820] IUnknown:QueryInterface (in: This=0x50156f8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e54c | out: ppvObject=0x37e54c*=0x50156f8) returned 0x0
[0339.820] IUnknown:QueryInterface (in: This=0x50156f8, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e500 | out: ppvObject=0x37e500*=0x0) returned 0x80004002
[0339.820] IUnknown:QueryInterface (in: This=0x50156f8, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e328 | out: ppvObject=0x37e328*=0x0) returned 0x80004002
[0339.821] IUnknown:AddRef (This=0x50156f8) returned 0x3
[0339.821] IUnknown:QueryInterface (in: This=0x50156f8, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37de5c | out: ppvObject=0x37de5c*=0x0) returned 0x80004002
[0339.821] IUnknown:QueryInterface (in: This=0x50156f8, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37de0c | out: ppvObject=0x37de0c*=0x0) returned 0x80004002
[0339.821] IUnknown:QueryInterface (in: This=0x50156f8, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37de18 | out: ppvObject=0x37de18*=0x50156fc) returned 0x0
[0339.821] IMarshal:GetUnmarshalClass (in: This=0x50156fc, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37de20 | out: pCid=0x37de20*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0339.821] IUnknown:Release (This=0x50156fc) returned 0x3
[0339.821] CoGetContextToken (in: pToken=0x37de78 | out: pToken=0x37de78) returned 0x0
[0339.821] CoGetContextToken (in: pToken=0x37e28c | out: pToken=0x37e28c) returned 0x0
[0339.821] IUnknown:QueryInterface (in: This=0x50156f8, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e30c | out: ppvObject=0x37e30c*=0x0) returned 0x80004002
[0339.821] IUnknown:Release (This=0x50156f8) returned 0x2
[0339.821] CoGetContextToken (in: pToken=0x37e87c | out: pToken=0x37e87c) returned 0x0
[0339.821] CoGetContextToken (in: pToken=0x37e7dc | out: pToken=0x37e7dc) returned 0x0
[0339.821] IUnknown:QueryInterface (in: This=0x50156f8, riid=0x37e8ac*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e8a8 | out: ppvObject=0x37e8a8*=0x50156f8) returned 0x0
[0339.821] IUnknown:AddRef (This=0x50156f8) returned 0x4
[0339.821] IUnknown:Release (This=0x50156f8) returned 0x3
[0339.821] IUnknown:Release (This=0x50156f8) returned 0x2
[0339.821] CoTaskMemFree (pv=0x595620)
[0339.821] CoGetContextToken (in: pToken=0x37ebec | out: pToken=0x37ebec) returned 0x0
[0339.821] IUnknown:AddRef (This=0x50156f8) returned 0x3
[0339.821] IWbemClassObject:Get (in: This=0x50156f8, wszName="__GENUS", lFlags=0, pVal=0x37eee8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef68*=0, plFlavor=0x37ef64*=0 | out: pVal=0x37eee8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37ef68*=3, plFlavor=0x37ef64*=64) returned 0x0
[0339.821] IWbemClassObject:Get (in: This=0x50156f8, wszName="__PATH", lFlags=0, pVal=0x37eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef50*=0, plFlavor=0x37ef4c*=0 | out: pVal=0x37eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4", varVal2=0x0), pType=0x37ef50*=8, plFlavor=0x37ef4c*=64) returned 0x0
[0339.822] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x82
[0339.822] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x82
[0339.822] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
[0339.822] SetEvent (hEvent=0x2b8) returned 1
[0339.822] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eea4*=0x398, lpdwindex=0x37ecc8 | out: lpdwindex=0x37ecc8) returned 0x0
[0339.824] CoGetContextToken (in: pToken=0x37ed7c | out: pToken=0x37ed7c) returned 0x0
[0339.824] CoGetContextToken (in: pToken=0x37ecdc | out: pToken=0x37ecdc) returned 0x0
[0339.824] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015e30, riid=0x37edac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37eda8 | out: ppvObject=0x37eda8*=0x5015e30) returned 0x0
[0339.824] WbemDefPath:IUnknown:AddRef (This=0x5015e30) returned 0x3
[0339.824] WbemDefPath:IUnknown:Release (This=0x5015e30) returned 0x2
[0339.824] WbemDefPath:IWbemPath:SetText (This=0x5015e30, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x0
[0339.824] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37ef24 | out: puCount=0x37ef24*=0x2) returned 0x0
[0339.824] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0x0, pszText=0x0 | out: puBuffLength=0x37ef20*=0xf, pszText=0x0) returned 0x0
[0339.824] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ef20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.824] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37eef0 | out: puCount=0x37eef0*=0x2) returned 0x0
[0339.824] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0x0, pszText=0x0 | out: puBuffLength=0x37eeec*=0xf, pszText=0x0) returned 0x0
[0339.824] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.825] IWbemClassObject:Get (in: This=0x50156f8, wszName="IPEnabled", lFlags=0, pVal=0x37eeec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22ba04c*=0, plFlavor=0x22ba050*=0 | out: pVal=0x37eeec*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22ba04c*=11, plFlavor=0x22ba050*=0) returned 0x0
[0339.825] IWbemClassObject:Get (in: This=0x50156f8, wszName="IPEnabled", lFlags=0, pVal=0x37eef4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22ba04c*=11, plFlavor=0x22ba050*=0 | out: pVal=0x37eef4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22ba04c*=11, plFlavor=0x22ba050*=0) returned 0x0
[0339.825] IUnknown:Release (This=0x50156f8) returned 0x2
[0339.825] CoTaskMemAlloc (cb=0x4) returned 0x595660
[0339.825] IEnumWbemClassObject:Next (in: This=0x501986c, lTimeout=-1, uCount=0x1, apObjects=0x595660, puReturned=0x22b48dc | out: apObjects=0x595660*=0x5015f30, puReturned=0x22b48dc*=0x1) returned 0x0
[0339.829] IUnknown:QueryInterface (in: This=0x5015f30, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e54c | out: ppvObject=0x37e54c*=0x5015f30) returned 0x0
[0339.829] IUnknown:QueryInterface (in: This=0x5015f30, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e500 | out: ppvObject=0x37e500*=0x0) returned 0x80004002
[0339.829] IUnknown:QueryInterface (in: This=0x5015f30, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e328 | out: ppvObject=0x37e328*=0x0) returned 0x80004002
[0339.829] IUnknown:AddRef (This=0x5015f30) returned 0x3
[0339.829] IUnknown:QueryInterface (in: This=0x5015f30, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37de5c | out: ppvObject=0x37de5c*=0x0) returned 0x80004002
[0339.829] IUnknown:QueryInterface (in: This=0x5015f30, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37de0c | out: ppvObject=0x37de0c*=0x0) returned 0x80004002
[0339.829] IUnknown:QueryInterface (in: This=0x5015f30, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37de18 | out: ppvObject=0x37de18*=0x5015f34) returned 0x0
[0339.829] IMarshal:GetUnmarshalClass (in: This=0x5015f34, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37de20 | out: pCid=0x37de20*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0339.829] IUnknown:Release (This=0x5015f34) returned 0x3
[0339.829] CoGetContextToken (in: pToken=0x37de78 | out: pToken=0x37de78) returned 0x0
[0339.829] CoGetContextToken (in: pToken=0x37e28c | out: pToken=0x37e28c) returned 0x0
[0339.829] IUnknown:QueryInterface (in: This=0x5015f30, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e30c | out: ppvObject=0x37e30c*=0x0) returned 0x80004002
[0339.830] IUnknown:Release (This=0x5015f30) returned 0x2
[0339.830] CoGetContextToken (in: pToken=0x37e87c | out: pToken=0x37e87c) returned 0x0
[0339.830] CoGetContextToken (in: pToken=0x37e7dc | out: pToken=0x37e7dc) returned 0x0
[0339.830] IUnknown:QueryInterface (in: This=0x5015f30, riid=0x37e8ac*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e8a8 | out: ppvObject=0x37e8a8*=0x5015f30) returned 0x0
[0339.830] IUnknown:AddRef (This=0x5015f30) returned 0x4
[0339.830] IUnknown:Release (This=0x5015f30) returned 0x3
[0339.830] IUnknown:Release (This=0x5015f30) returned 0x2
[0339.830] CoTaskMemFree (pv=0x595660)
[0339.830] CoGetContextToken (in: pToken=0x37ebec | out: pToken=0x37ebec) returned 0x0
[0339.830] IUnknown:AddRef (This=0x5015f30) returned 0x3
[0339.830] IWbemClassObject:Get (in: This=0x5015f30, wszName="__GENUS", lFlags=0, pVal=0x37eee8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef68*=0, plFlavor=0x37ef64*=0 | out: pVal=0x37eee8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37ef68*=3, plFlavor=0x37ef64*=64) returned 0x0
[0339.830] IWbemClassObject:Get (in: This=0x5015f30, wszName="__PATH", lFlags=0, pVal=0x37eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef50*=0, plFlavor=0x37ef4c*=0 | out: pVal=0x37eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5", varVal2=0x0), pType=0x37ef50*=8, plFlavor=0x37ef4c*=64) returned 0x0
[0339.830] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5") returned 0x82
[0339.830] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5") returned 0x82
[0339.830] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x39c
[0339.830] SetEvent (hEvent=0x2b8) returned 1
[0339.830] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eea4*=0x39c, lpdwindex=0x37ecc8 | out: lpdwindex=0x37ecc8) returned 0x0
[0339.833] CoGetContextToken (in: pToken=0x37ed7c | out: pToken=0x37ed7c) returned 0x0
[0339.833] CoGetContextToken (in: pToken=0x37ecdc | out: pToken=0x37ecdc) returned 0x0
[0339.833] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016280, riid=0x37edac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37eda8 | out: ppvObject=0x37eda8*=0x5016280) returned 0x0
[0339.833] WbemDefPath:IUnknown:AddRef (This=0x5016280) returned 0x3
[0339.833] WbemDefPath:IUnknown:Release (This=0x5016280) returned 0x2
[0339.833] WbemDefPath:IWbemPath:SetText (This=0x5016280, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5") returned 0x0
[0339.833] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37ef24 | out: puCount=0x37ef24*=0x2) returned 0x0
[0339.833] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0x0, pszText=0x0 | out: puBuffLength=0x37ef20*=0xf, pszText=0x0) returned 0x0
[0339.834] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ef20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.834] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37eef0 | out: puCount=0x37eef0*=0x2) returned 0x0
[0339.834] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0x0, pszText=0x0 | out: puBuffLength=0x37eeec*=0xf, pszText=0x0) returned 0x0
[0339.834] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.834] IWbemClassObject:Get (in: This=0x5015f30, wszName="IPEnabled", lFlags=0, pVal=0x37eeec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22ba478*=0, plFlavor=0x22ba47c*=0 | out: pVal=0x37eeec*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22ba478*=11, plFlavor=0x22ba47c*=0) returned 0x0
[0339.834] IWbemClassObject:Get (in: This=0x5015f30, wszName="IPEnabled", lFlags=0, pVal=0x37eef4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22ba478*=11, plFlavor=0x22ba47c*=0 | out: pVal=0x37eef4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22ba478*=11, plFlavor=0x22ba47c*=0) returned 0x0
[0339.834] IUnknown:Release (This=0x5015f30) returned 0x2
[0339.834] CoTaskMemAlloc (cb=0x4) returned 0x5956a0
[0339.834] IEnumWbemClassObject:Next (in: This=0x501986c, lTimeout=-1, uCount=0x1, apObjects=0x5956a0, puReturned=0x22b48dc | out: apObjects=0x5956a0*=0x502dba8, puReturned=0x22b48dc*=0x1) returned 0x0
[0339.845] IUnknown:QueryInterface (in: This=0x502dba8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e54c | out: ppvObject=0x37e54c*=0x502dba8) returned 0x0
[0339.845] IUnknown:QueryInterface (in: This=0x502dba8, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e500 | out: ppvObject=0x37e500*=0x0) returned 0x80004002
[0339.845] IUnknown:QueryInterface (in: This=0x502dba8, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e328 | out: ppvObject=0x37e328*=0x0) returned 0x80004002
[0339.845] IUnknown:AddRef (This=0x502dba8) returned 0x3
[0339.845] IUnknown:QueryInterface (in: This=0x502dba8, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37de5c | out: ppvObject=0x37de5c*=0x0) returned 0x80004002
[0339.845] IUnknown:QueryInterface (in: This=0x502dba8, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37de0c | out: ppvObject=0x37de0c*=0x0) returned 0x80004002
[0339.845] IUnknown:QueryInterface (in: This=0x502dba8, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37de18 | out: ppvObject=0x37de18*=0x502dbac) returned 0x0
[0339.845] IMarshal:GetUnmarshalClass (in: This=0x502dbac, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37de20 | out: pCid=0x37de20*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0339.845] IUnknown:Release (This=0x502dbac) returned 0x3
[0339.845] CoGetContextToken (in: pToken=0x37de78 | out: pToken=0x37de78) returned 0x0
[0339.845] CoGetContextToken (in: pToken=0x37e28c | out: pToken=0x37e28c) returned 0x0
[0339.845] IUnknown:QueryInterface (in: This=0x502dba8, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e30c | out: ppvObject=0x37e30c*=0x0) returned 0x80004002
[0339.845] IUnknown:Release (This=0x502dba8) returned 0x2
[0339.845] CoGetContextToken (in: pToken=0x37e87c | out: pToken=0x37e87c) returned 0x0
[0339.845] CoGetContextToken (in: pToken=0x37e7dc | out: pToken=0x37e7dc) returned 0x0
[0339.845] IUnknown:QueryInterface (in: This=0x502dba8, riid=0x37e8ac*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e8a8 | out: ppvObject=0x37e8a8*=0x502dba8) returned 0x0
[0339.846] IUnknown:AddRef (This=0x502dba8) returned 0x4
[0339.846] IUnknown:Release (This=0x502dba8) returned 0x3
[0339.846] IUnknown:Release (This=0x502dba8) returned 0x2
[0339.846] CoTaskMemFree (pv=0x5956a0)
[0339.846] CoGetContextToken (in: pToken=0x37ebec | out: pToken=0x37ebec) returned 0x0
[0339.846] IUnknown:AddRef (This=0x502dba8) returned 0x3
[0339.846] IWbemClassObject:Get (in: This=0x502dba8, wszName="__GENUS", lFlags=0, pVal=0x37eee8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef68*=0, plFlavor=0x37ef64*=0 | out: pVal=0x37eee8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37ef68*=3, plFlavor=0x37ef64*=64) returned 0x0
[0339.846] IWbemClassObject:Get (in: This=0x502dba8, wszName="__PATH", lFlags=0, pVal=0x37eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef50*=0, plFlavor=0x37ef4c*=0 | out: pVal=0x37eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6", varVal2=0x0), pType=0x37ef50*=8, plFlavor=0x37ef4c*=64) returned 0x0
[0339.846] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6") returned 0x82
[0339.846] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6") returned 0x82
[0339.846] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a0
[0339.846] SetEvent (hEvent=0x2b8) returned 1
[0339.846] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eea4*=0x3a0, lpdwindex=0x37ecc8 | out: lpdwindex=0x37ecc8) returned 0x0
[0339.849] CoGetContextToken (in: pToken=0x37ed7c | out: pToken=0x37ed7c) returned 0x0
[0339.849] CoGetContextToken (in: pToken=0x37ecdc | out: pToken=0x37ecdc) returned 0x0
[0339.849] WbemDefPath:IUnknown:QueryInterface (in: This=0x50162f0, riid=0x37edac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37eda8 | out: ppvObject=0x37eda8*=0x50162f0) returned 0x0
[0339.849] WbemDefPath:IUnknown:AddRef (This=0x50162f0) returned 0x3
[0339.849] WbemDefPath:IUnknown:Release (This=0x50162f0) returned 0x2
[0339.849] WbemDefPath:IWbemPath:SetText (This=0x50162f0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6") returned 0x0
[0339.849] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37ef24 | out: puCount=0x37ef24*=0x2) returned 0x0
[0339.849] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0x0, pszText=0x0 | out: puBuffLength=0x37ef20*=0xf, pszText=0x0) returned 0x0
[0339.849] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ef20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.849] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37eef0 | out: puCount=0x37eef0*=0x2) returned 0x0
[0339.849] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0x0, pszText=0x0 | out: puBuffLength=0x37eeec*=0xf, pszText=0x0) returned 0x0
[0339.849] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.849] IWbemClassObject:Get (in: This=0x502dba8, wszName="IPEnabled", lFlags=0, pVal=0x37eeec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22ba8a4*=0, plFlavor=0x22ba8a8*=0 | out: pVal=0x37eeec*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22ba8a4*=11, plFlavor=0x22ba8a8*=0) returned 0x0
[0339.849] IWbemClassObject:Get (in: This=0x502dba8, wszName="IPEnabled", lFlags=0, pVal=0x37eef4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22ba8a4*=11, plFlavor=0x22ba8a8*=0 | out: pVal=0x37eef4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22ba8a4*=11, plFlavor=0x22ba8a8*=0) returned 0x0
[0339.849] IUnknown:Release (This=0x502dba8) returned 0x2
[0339.849] CoTaskMemAlloc (cb=0x4) returned 0x5956e0
[0339.849] IEnumWbemClassObject:Next (in: This=0x501986c, lTimeout=-1, uCount=0x1, apObjects=0x5956e0, puReturned=0x22b48dc | out: apObjects=0x5956e0*=0x502e028, puReturned=0x22b48dc*=0x1) returned 0x0
[0339.851] IUnknown:QueryInterface (in: This=0x502e028, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e54c | out: ppvObject=0x37e54c*=0x502e028) returned 0x0
[0339.851] IUnknown:QueryInterface (in: This=0x502e028, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e500 | out: ppvObject=0x37e500*=0x0) returned 0x80004002
[0339.851] IUnknown:QueryInterface (in: This=0x502e028, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e328 | out: ppvObject=0x37e328*=0x0) returned 0x80004002
[0339.851] IUnknown:AddRef (This=0x502e028) returned 0x3
[0339.851] IUnknown:QueryInterface (in: This=0x502e028, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37de5c | out: ppvObject=0x37de5c*=0x0) returned 0x80004002
[0339.851] IUnknown:QueryInterface (in: This=0x502e028, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37de0c | out: ppvObject=0x37de0c*=0x0) returned 0x80004002
[0339.851] IUnknown:QueryInterface (in: This=0x502e028, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37de18 | out: ppvObject=0x37de18*=0x502e02c) returned 0x0
[0339.851] IMarshal:GetUnmarshalClass (in: This=0x502e02c, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37de20 | out: pCid=0x37de20*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0339.851] IUnknown:Release (This=0x502e02c) returned 0x3
[0339.851] CoGetContextToken (in: pToken=0x37de78 | out: pToken=0x37de78) returned 0x0
[0339.851] CoGetContextToken (in: pToken=0x37e28c | out: pToken=0x37e28c) returned 0x0
[0339.851] IUnknown:QueryInterface (in: This=0x502e028, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e30c | out: ppvObject=0x37e30c*=0x0) returned 0x80004002
[0339.851] IUnknown:Release (This=0x502e028) returned 0x2
[0339.851] CoGetContextToken (in: pToken=0x37e87c | out: pToken=0x37e87c) returned 0x0
[0339.851] CoGetContextToken (in: pToken=0x37e7dc | out: pToken=0x37e7dc) returned 0x0
[0339.851] IUnknown:QueryInterface (in: This=0x502e028, riid=0x37e8ac*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e8a8 | out: ppvObject=0x37e8a8*=0x502e028) returned 0x0
[0339.851] IUnknown:AddRef (This=0x502e028) returned 0x4
[0339.851] IUnknown:Release (This=0x502e028) returned 0x3
[0339.851] IUnknown:Release (This=0x502e028) returned 0x2
[0339.851] CoTaskMemFree (pv=0x5956e0)
[0339.851] CoGetContextToken (in: pToken=0x37ebec | out: pToken=0x37ebec) returned 0x0
[0339.852] IUnknown:AddRef (This=0x502e028) returned 0x3
[0339.852] IWbemClassObject:Get (in: This=0x502e028, wszName="__GENUS", lFlags=0, pVal=0x37eee8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef68*=0, plFlavor=0x37ef64*=0 | out: pVal=0x37eee8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37ef68*=3, plFlavor=0x37ef64*=64) returned 0x0
[0339.852] IWbemClassObject:Get (in: This=0x502e028, wszName="__PATH", lFlags=0, pVal=0x37eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef50*=0, plFlavor=0x37ef4c*=0 | out: pVal=0x37eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7", varVal2=0x0), pType=0x37ef50*=8, plFlavor=0x37ef4c*=64) returned 0x0
[0339.852] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7") returned 0x82
[0339.852] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7") returned 0x82
[0339.852] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a4
[0339.852] SetEvent (hEvent=0x2b8) returned 1
[0339.852] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eea4*=0x3a4, lpdwindex=0x37ecc8 | out: lpdwindex=0x37ecc8) returned 0x0
[0339.854] CoGetContextToken (in: pToken=0x37ed7c | out: pToken=0x37ed7c) returned 0x0
[0339.854] CoGetContextToken (in: pToken=0x37ecdc | out: pToken=0x37ecdc) returned 0x0
[0339.854] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016360, riid=0x37edac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37eda8 | out: ppvObject=0x37eda8*=0x5016360) returned 0x0
[0339.854] WbemDefPath:IUnknown:AddRef (This=0x5016360) returned 0x3
[0339.854] WbemDefPath:IUnknown:Release (This=0x5016360) returned 0x2
[0339.854] WbemDefPath:IWbemPath:SetText (This=0x5016360, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7") returned 0x0
[0339.854] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37ef24 | out: puCount=0x37ef24*=0x2) returned 0x0
[0339.855] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0x0, pszText=0x0 | out: puBuffLength=0x37ef20*=0xf, pszText=0x0) returned 0x0
[0339.855] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ef20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.855] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37eef0 | out: puCount=0x37eef0*=0x2) returned 0x0
[0339.855] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0x0, pszText=0x0 | out: puBuffLength=0x37eeec*=0xf, pszText=0x0) returned 0x0
[0339.855] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.855] IWbemClassObject:Get (in: This=0x502e028, wszName="IPEnabled", lFlags=0, pVal=0x37eeec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bacd0*=0, plFlavor=0x22bacd4*=0 | out: pVal=0x37eeec*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bacd0*=11, plFlavor=0x22bacd4*=0) returned 0x0
[0339.855] IWbemClassObject:Get (in: This=0x502e028, wszName="IPEnabled", lFlags=0, pVal=0x37eef4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bacd0*=11, plFlavor=0x22bacd4*=0 | out: pVal=0x37eef4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bacd0*=11, plFlavor=0x22bacd4*=0) returned 0x0
[0339.855] IUnknown:Release (This=0x502e028) returned 0x2
[0339.855] CoTaskMemAlloc (cb=0x4) returned 0x595720
[0339.855] IEnumWbemClassObject:Next (in: This=0x501986c, lTimeout=-1, uCount=0x1, apObjects=0x595720, puReturned=0x22b48dc | out: apObjects=0x595720*=0x502e4c0, puReturned=0x22b48dc*=0x1) returned 0x0
[0339.856] IUnknown:QueryInterface (in: This=0x502e4c0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e54c | out: ppvObject=0x37e54c*=0x502e4c0) returned 0x0
[0339.856] IUnknown:QueryInterface (in: This=0x502e4c0, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e500 | out: ppvObject=0x37e500*=0x0) returned 0x80004002
[0339.856] IUnknown:QueryInterface (in: This=0x502e4c0, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e328 | out: ppvObject=0x37e328*=0x0) returned 0x80004002
[0339.856] IUnknown:AddRef (This=0x502e4c0) returned 0x3
[0339.857] IUnknown:QueryInterface (in: This=0x502e4c0, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37de5c | out: ppvObject=0x37de5c*=0x0) returned 0x80004002
[0339.857] IUnknown:QueryInterface (in: This=0x502e4c0, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37de0c | out: ppvObject=0x37de0c*=0x0) returned 0x80004002
[0339.857] IUnknown:QueryInterface (in: This=0x502e4c0, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37de18 | out: ppvObject=0x37de18*=0x502e4c4) returned 0x0
[0339.857] IMarshal:GetUnmarshalClass (in: This=0x502e4c4, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37de20 | out: pCid=0x37de20*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0339.857] IUnknown:Release (This=0x502e4c4) returned 0x3
[0339.857] CoGetContextToken (in: pToken=0x37de78 | out: pToken=0x37de78) returned 0x0
[0339.857] CoGetContextToken (in: pToken=0x37e28c | out: pToken=0x37e28c) returned 0x0
[0339.857] IUnknown:QueryInterface (in: This=0x502e4c0, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e30c | out: ppvObject=0x37e30c*=0x0) returned 0x80004002
[0339.857] IUnknown:Release (This=0x502e4c0) returned 0x2
[0339.857] CoGetContextToken (in: pToken=0x37e87c | out: pToken=0x37e87c) returned 0x0
[0339.857] CoGetContextToken (in: pToken=0x37e7dc | out: pToken=0x37e7dc) returned 0x0
[0339.857] IUnknown:QueryInterface (in: This=0x502e4c0, riid=0x37e8ac*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e8a8 | out: ppvObject=0x37e8a8*=0x502e4c0) returned 0x0
[0339.857] IUnknown:AddRef (This=0x502e4c0) returned 0x4
[0339.857] IUnknown:Release (This=0x502e4c0) returned 0x3
[0339.857] IUnknown:Release (This=0x502e4c0) returned 0x2
[0339.857] CoTaskMemFree (pv=0x595720)
[0339.857] CoGetContextToken (in: pToken=0x37ebec | out: pToken=0x37ebec) returned 0x0
[0339.857] IUnknown:AddRef (This=0x502e4c0) returned 0x3
[0339.857] IWbemClassObject:Get (in: This=0x502e4c0, wszName="__GENUS", lFlags=0, pVal=0x37eee8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef68*=0, plFlavor=0x37ef64*=0 | out: pVal=0x37eee8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37ef68*=3, plFlavor=0x37ef64*=64) returned 0x0
[0339.857] IWbemClassObject:Get (in: This=0x502e4c0, wszName="__PATH", lFlags=0, pVal=0x37eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef50*=0, plFlavor=0x37ef4c*=0 | out: pVal=0x37eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8", varVal2=0x0), pType=0x37ef50*=8, plFlavor=0x37ef4c*=64) returned 0x0
[0339.857] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8") returned 0x82
[0339.857] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8") returned 0x82
[0339.857] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a8
[0339.858] SetEvent (hEvent=0x2b8) returned 1
[0339.858] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eea4*=0x3a8, lpdwindex=0x37ecc8 | out: lpdwindex=0x37ecc8) returned 0x0
[0339.860] CoGetContextToken (in: pToken=0x37ed7c | out: pToken=0x37ed7c) returned 0x0
[0339.860] CoGetContextToken (in: pToken=0x37ecdc | out: pToken=0x37ecdc) returned 0x0
[0339.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x50163d0, riid=0x37edac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37eda8 | out: ppvObject=0x37eda8*=0x50163d0) returned 0x0
[0339.860] WbemDefPath:IUnknown:AddRef (This=0x50163d0) returned 0x3
[0339.860] WbemDefPath:IUnknown:Release (This=0x50163d0) returned 0x2
[0339.860] WbemDefPath:IWbemPath:SetText (This=0x50163d0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8") returned 0x0
[0339.860] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37ef24 | out: puCount=0x37ef24*=0x2) returned 0x0
[0339.860] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0x0, pszText=0x0 | out: puBuffLength=0x37ef20*=0xf, pszText=0x0) returned 0x0
[0339.860] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ef20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.860] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37eef0 | out: puCount=0x37eef0*=0x2) returned 0x0
[0339.860] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0x0, pszText=0x0 | out: puBuffLength=0x37eeec*=0xf, pszText=0x0) returned 0x0
[0339.860] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.860] IWbemClassObject:Get (in: This=0x502e4c0, wszName="IPEnabled", lFlags=0, pVal=0x37eeec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bb0fc*=0, plFlavor=0x22bb100*=0 | out: pVal=0x37eeec*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bb0fc*=11, plFlavor=0x22bb100*=0) returned 0x0
[0339.860] IWbemClassObject:Get (in: This=0x502e4c0, wszName="IPEnabled", lFlags=0, pVal=0x37eef4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bb0fc*=11, plFlavor=0x22bb100*=0 | out: pVal=0x37eef4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bb0fc*=11, plFlavor=0x22bb100*=0) returned 0x0
[0339.860] IUnknown:Release (This=0x502e4c0) returned 0x2
[0339.860] CoTaskMemAlloc (cb=0x4) returned 0x595760
[0339.861] IEnumWbemClassObject:Next (in: This=0x501986c, lTimeout=-1, uCount=0x1, apObjects=0x595760, puReturned=0x22b48dc | out: apObjects=0x595760*=0x502e888, puReturned=0x22b48dc*=0x1) returned 0x0
[0339.862] IUnknown:QueryInterface (in: This=0x502e888, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e54c | out: ppvObject=0x37e54c*=0x502e888) returned 0x0
[0339.862] IUnknown:QueryInterface (in: This=0x502e888, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e500 | out: ppvObject=0x37e500*=0x0) returned 0x80004002
[0339.862] IUnknown:QueryInterface (in: This=0x502e888, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e328 | out: ppvObject=0x37e328*=0x0) returned 0x80004002
[0339.862] IUnknown:AddRef (This=0x502e888) returned 0x3
[0339.862] IUnknown:QueryInterface (in: This=0x502e888, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37de5c | out: ppvObject=0x37de5c*=0x0) returned 0x80004002
[0339.862] IUnknown:QueryInterface (in: This=0x502e888, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37de0c | out: ppvObject=0x37de0c*=0x0) returned 0x80004002
[0339.862] IUnknown:QueryInterface (in: This=0x502e888, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37de18 | out: ppvObject=0x37de18*=0x502e88c) returned 0x0
[0339.862] IMarshal:GetUnmarshalClass (in: This=0x502e88c, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37de20 | out: pCid=0x37de20*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0339.862] IUnknown:Release (This=0x502e88c) returned 0x3
[0339.862] CoGetContextToken (in: pToken=0x37de78 | out: pToken=0x37de78) returned 0x0
[0339.862] CoGetContextToken (in: pToken=0x37e28c | out: pToken=0x37e28c) returned 0x0
[0339.862] IUnknown:QueryInterface (in: This=0x502e888, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e30c | out: ppvObject=0x37e30c*=0x0) returned 0x80004002
[0339.862] IUnknown:Release (This=0x502e888) returned 0x2
[0339.862] CoGetContextToken (in: pToken=0x37e87c | out: pToken=0x37e87c) returned 0x0
[0339.862] CoGetContextToken (in: pToken=0x37e7dc | out: pToken=0x37e7dc) returned 0x0
[0339.862] IUnknown:QueryInterface (in: This=0x502e888, riid=0x37e8ac*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e8a8 | out: ppvObject=0x37e8a8*=0x502e888) returned 0x0
[0339.863] IUnknown:AddRef (This=0x502e888) returned 0x4
[0339.863] IUnknown:Release (This=0x502e888) returned 0x3
[0339.863] IUnknown:Release (This=0x502e888) returned 0x2
[0339.863] CoTaskMemFree (pv=0x595760)
[0339.863] CoGetContextToken (in: pToken=0x37ebec | out: pToken=0x37ebec) returned 0x0
[0339.863] IUnknown:AddRef (This=0x502e888) returned 0x3
[0339.863] IWbemClassObject:Get (in: This=0x502e888, wszName="__GENUS", lFlags=0, pVal=0x37eee8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef68*=0, plFlavor=0x37ef64*=0 | out: pVal=0x37eee8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37ef68*=3, plFlavor=0x37ef64*=64) returned 0x0
[0339.863] IWbemClassObject:Get (in: This=0x502e888, wszName="__PATH", lFlags=0, pVal=0x37eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef50*=0, plFlavor=0x37ef4c*=0 | out: pVal=0x37eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9", varVal2=0x0), pType=0x37ef50*=8, plFlavor=0x37ef4c*=64) returned 0x0
[0339.863] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9") returned 0x82
[0339.863] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9") returned 0x82
[0339.863] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3ac
[0339.863] SetEvent (hEvent=0x2b8) returned 1
[0339.863] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eea4*=0x3ac, lpdwindex=0x37ecc8 | out: lpdwindex=0x37ecc8) returned 0x0
[0339.866] CoGetContextToken (in: pToken=0x37ed7c | out: pToken=0x37ed7c) returned 0x0
[0339.866] CoGetContextToken (in: pToken=0x37ecdc | out: pToken=0x37ecdc) returned 0x0
[0339.866] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016440, riid=0x37edac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37eda8 | out: ppvObject=0x37eda8*=0x5016440) returned 0x0
[0339.866] WbemDefPath:IUnknown:AddRef (This=0x5016440) returned 0x3
[0339.866] WbemDefPath:IUnknown:Release (This=0x5016440) returned 0x2
[0339.866] WbemDefPath:IWbemPath:SetText (This=0x5016440, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9") returned 0x0
[0339.866] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37ef24 | out: puCount=0x37ef24*=0x2) returned 0x0
[0339.866] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0x0, pszText=0x0 | out: puBuffLength=0x37ef20*=0xf, pszText=0x0) returned 0x0
[0339.866] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ef20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.866] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37eef0 | out: puCount=0x37eef0*=0x2) returned 0x0
[0339.866] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0x0, pszText=0x0 | out: puBuffLength=0x37eeec*=0xf, pszText=0x0) returned 0x0
[0339.866] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.866] IWbemClassObject:Get (in: This=0x502e888, wszName="IPEnabled", lFlags=0, pVal=0x37eeec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bb528*=0, plFlavor=0x22bb52c*=0 | out: pVal=0x37eeec*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bb528*=11, plFlavor=0x22bb52c*=0) returned 0x0
[0339.866] IWbemClassObject:Get (in: This=0x502e888, wszName="IPEnabled", lFlags=0, pVal=0x37eef4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bb528*=11, plFlavor=0x22bb52c*=0 | out: pVal=0x37eef4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bb528*=11, plFlavor=0x22bb52c*=0) returned 0x0
[0339.866] IUnknown:Release (This=0x502e888) returned 0x2
[0339.866] CoTaskMemAlloc (cb=0x4) returned 0x5957a0
[0339.866] IEnumWbemClassObject:Next (in: This=0x501986c, lTimeout=-1, uCount=0x1, apObjects=0x5957a0, puReturned=0x22b48dc | out: apObjects=0x5957a0*=0x502ed00, puReturned=0x22b48dc*=0x1) returned 0x0
[0339.867] IUnknown:QueryInterface (in: This=0x502ed00, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e54c | out: ppvObject=0x37e54c*=0x502ed00) returned 0x0
[0339.868] IUnknown:QueryInterface (in: This=0x502ed00, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e500 | out: ppvObject=0x37e500*=0x0) returned 0x80004002
[0339.868] IUnknown:QueryInterface (in: This=0x502ed00, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e328 | out: ppvObject=0x37e328*=0x0) returned 0x80004002
[0339.868] IUnknown:AddRef (This=0x502ed00) returned 0x3
[0339.868] IUnknown:QueryInterface (in: This=0x502ed00, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37de5c | out: ppvObject=0x37de5c*=0x0) returned 0x80004002
[0339.868] IUnknown:QueryInterface (in: This=0x502ed00, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37de0c | out: ppvObject=0x37de0c*=0x0) returned 0x80004002
[0339.868] IUnknown:QueryInterface (in: This=0x502ed00, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37de18 | out: ppvObject=0x37de18*=0x502ed04) returned 0x0
[0339.868] IMarshal:GetUnmarshalClass (in: This=0x502ed04, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37de20 | out: pCid=0x37de20*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0339.868] IUnknown:Release (This=0x502ed04) returned 0x3
[0339.868] CoGetContextToken (in: pToken=0x37de78 | out: pToken=0x37de78) returned 0x0
[0339.868] CoGetContextToken (in: pToken=0x37e28c | out: pToken=0x37e28c) returned 0x0
[0339.868] IUnknown:QueryInterface (in: This=0x502ed00, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e30c | out: ppvObject=0x37e30c*=0x0) returned 0x80004002
[0339.868] IUnknown:Release (This=0x502ed00) returned 0x2
[0339.868] CoGetContextToken (in: pToken=0x37e87c | out: pToken=0x37e87c) returned 0x0
[0339.868] CoGetContextToken (in: pToken=0x37e7dc | out: pToken=0x37e7dc) returned 0x0
[0339.868] IUnknown:QueryInterface (in: This=0x502ed00, riid=0x37e8ac*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e8a8 | out: ppvObject=0x37e8a8*=0x502ed00) returned 0x0
[0339.868] IUnknown:AddRef (This=0x502ed00) returned 0x4
[0339.868] IUnknown:Release (This=0x502ed00) returned 0x3
[0339.868] IUnknown:Release (This=0x502ed00) returned 0x2
[0339.868] CoTaskMemFree (pv=0x5957a0)
[0339.868] CoGetContextToken (in: pToken=0x37ebec | out: pToken=0x37ebec) returned 0x0
[0339.868] IUnknown:AddRef (This=0x502ed00) returned 0x3
[0339.868] IWbemClassObject:Get (in: This=0x502ed00, wszName="__GENUS", lFlags=0, pVal=0x37eee8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef68*=0, plFlavor=0x37ef64*=0 | out: pVal=0x37eee8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37ef68*=3, plFlavor=0x37ef64*=64) returned 0x0
[0339.869] IWbemClassObject:Get (in: This=0x502ed00, wszName="__PATH", lFlags=0, pVal=0x37eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef50*=0, plFlavor=0x37ef4c*=0 | out: pVal=0x37eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10", varVal2=0x0), pType=0x37ef50*=8, plFlavor=0x37ef4c*=64) returned 0x0
[0339.869] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10") returned 0x84
[0339.869] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10") returned 0x84
[0339.869] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b0
[0339.869] SetEvent (hEvent=0x2b8) returned 1
[0339.869] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eea4*=0x3b0, lpdwindex=0x37ecc8 | out: lpdwindex=0x37ecc8) returned 0x0
[0339.871] CoGetContextToken (in: pToken=0x37ed7c | out: pToken=0x37ed7c) returned 0x0
[0339.871] CoGetContextToken (in: pToken=0x37ecdc | out: pToken=0x37ecdc) returned 0x0
[0339.871] WbemDefPath:IUnknown:QueryInterface (in: This=0x50164b0, riid=0x37edac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37eda8 | out: ppvObject=0x37eda8*=0x50164b0) returned 0x0
[0339.871] WbemDefPath:IUnknown:AddRef (This=0x50164b0) returned 0x3
[0339.871] WbemDefPath:IUnknown:Release (This=0x50164b0) returned 0x2
[0339.871] WbemDefPath:IWbemPath:SetText (This=0x50164b0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10") returned 0x0
[0339.871] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37ef24 | out: puCount=0x37ef24*=0x2) returned 0x0
[0339.871] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0x0, pszText=0x0 | out: puBuffLength=0x37ef20*=0xf, pszText=0x0) returned 0x0
[0339.871] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ef20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.871] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37eef0 | out: puCount=0x37eef0*=0x2) returned 0x0
[0339.871] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0x0, pszText=0x0 | out: puBuffLength=0x37eeec*=0xf, pszText=0x0) returned 0x0
[0339.871] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.871] IWbemClassObject:Get (in: This=0x502ed00, wszName="IPEnabled", lFlags=0, pVal=0x37eeec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bb958*=0, plFlavor=0x22bb95c*=0 | out: pVal=0x37eeec*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bb958*=11, plFlavor=0x22bb95c*=0) returned 0x0
[0339.872] IWbemClassObject:Get (in: This=0x502ed00, wszName="IPEnabled", lFlags=0, pVal=0x37eef4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bb958*=11, plFlavor=0x22bb95c*=0 | out: pVal=0x37eef4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bb958*=11, plFlavor=0x22bb95c*=0) returned 0x0
[0339.872] IUnknown:Release (This=0x502ed00) returned 0x2
[0339.872] CoTaskMemAlloc (cb=0x4) returned 0x5957e0
[0339.872] IEnumWbemClassObject:Next (in: This=0x501986c, lTimeout=-1, uCount=0x1, apObjects=0x5957e0, puReturned=0x22b48dc | out: apObjects=0x5957e0*=0x502f0c8, puReturned=0x22b48dc*=0x1) returned 0x0
[0339.873] IUnknown:QueryInterface (in: This=0x502f0c8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e54c | out: ppvObject=0x37e54c*=0x502f0c8) returned 0x0
[0339.873] IUnknown:QueryInterface (in: This=0x502f0c8, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e500 | out: ppvObject=0x37e500*=0x0) returned 0x80004002
[0339.873] IUnknown:QueryInterface (in: This=0x502f0c8, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e328 | out: ppvObject=0x37e328*=0x0) returned 0x80004002
[0339.873] IUnknown:AddRef (This=0x502f0c8) returned 0x3
[0339.873] IUnknown:QueryInterface (in: This=0x502f0c8, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37de5c | out: ppvObject=0x37de5c*=0x0) returned 0x80004002
[0339.873] IUnknown:QueryInterface (in: This=0x502f0c8, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37de0c | out: ppvObject=0x37de0c*=0x0) returned 0x80004002
[0339.873] IUnknown:QueryInterface (in: This=0x502f0c8, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37de18 | out: ppvObject=0x37de18*=0x502f0cc) returned 0x0
[0339.873] IMarshal:GetUnmarshalClass (in: This=0x502f0cc, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37de20 | out: pCid=0x37de20*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0339.873] IUnknown:Release (This=0x502f0cc) returned 0x3
[0339.873] CoGetContextToken (in: pToken=0x37de78 | out: pToken=0x37de78) returned 0x0
[0339.873] CoGetContextToken (in: pToken=0x37e28c | out: pToken=0x37e28c) returned 0x0
[0339.873] IUnknown:QueryInterface (in: This=0x502f0c8, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e30c | out: ppvObject=0x37e30c*=0x0) returned 0x80004002
[0339.873] IUnknown:Release (This=0x502f0c8) returned 0x2
[0339.873] CoGetContextToken (in: pToken=0x37e87c | out: pToken=0x37e87c) returned 0x0
[0339.874] CoGetContextToken (in: pToken=0x37e7dc | out: pToken=0x37e7dc) returned 0x0
[0339.874] IUnknown:QueryInterface (in: This=0x502f0c8, riid=0x37e8ac*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e8a8 | out: ppvObject=0x37e8a8*=0x502f0c8) returned 0x0
[0339.874] IUnknown:AddRef (This=0x502f0c8) returned 0x4
[0339.874] IUnknown:Release (This=0x502f0c8) returned 0x3
[0339.874] IUnknown:Release (This=0x502f0c8) returned 0x2
[0339.874] CoTaskMemFree (pv=0x5957e0)
[0339.874] CoGetContextToken (in: pToken=0x37ebec | out: pToken=0x37ebec) returned 0x0
[0339.874] IUnknown:AddRef (This=0x502f0c8) returned 0x3
[0339.874] IWbemClassObject:Get (in: This=0x502f0c8, wszName="__GENUS", lFlags=0, pVal=0x37eee8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef68*=0, plFlavor=0x37ef64*=0 | out: pVal=0x37eee8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37ef68*=3, plFlavor=0x37ef64*=64) returned 0x0
[0339.874] IWbemClassObject:Get (in: This=0x502f0c8, wszName="__PATH", lFlags=0, pVal=0x37eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef50*=0, plFlavor=0x37ef4c*=0 | out: pVal=0x37eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11", varVal2=0x0), pType=0x37ef50*=8, plFlavor=0x37ef4c*=64) returned 0x0
[0339.874] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11") returned 0x84
[0339.874] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11") returned 0x84
[0339.874] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b4
[0339.874] SetEvent (hEvent=0x2b8) returned 1
[0339.874] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eea4*=0x3b4, lpdwindex=0x37ecc8 | out: lpdwindex=0x37ecc8) returned 0x0
[0339.876] CoGetContextToken (in: pToken=0x37ed7c | out: pToken=0x37ed7c) returned 0x0
[0339.876] CoGetContextToken (in: pToken=0x37ecdc | out: pToken=0x37ecdc) returned 0x0
[0339.877] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016520, riid=0x37edac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37eda8 | out: ppvObject=0x37eda8*=0x5016520) returned 0x0
[0339.877] WbemDefPath:IUnknown:AddRef (This=0x5016520) returned 0x3
[0339.877] WbemDefPath:IUnknown:Release (This=0x5016520) returned 0x2
[0339.877] WbemDefPath:IWbemPath:SetText (This=0x5016520, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11") returned 0x0
[0339.877] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37ef24 | out: puCount=0x37ef24*=0x2) returned 0x0
[0339.877] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0x0, pszText=0x0 | out: puBuffLength=0x37ef20*=0xf, pszText=0x0) returned 0x0
[0339.877] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ef20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.877] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37eef0 | out: puCount=0x37eef0*=0x2) returned 0x0
[0339.877] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0x0, pszText=0x0 | out: puBuffLength=0x37eeec*=0xf, pszText=0x0) returned 0x0
[0339.877] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.877] IWbemClassObject:Get (in: This=0x502f0c8, wszName="IPEnabled", lFlags=0, pVal=0x37eeec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bbd88*=0, plFlavor=0x22bbd8c*=0 | out: pVal=0x37eeec*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bbd88*=11, plFlavor=0x22bbd8c*=0) returned 0x0
[0339.877] IWbemClassObject:Get (in: This=0x502f0c8, wszName="IPEnabled", lFlags=0, pVal=0x37eef4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bbd88*=11, plFlavor=0x22bbd8c*=0 | out: pVal=0x37eef4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22bbd88*=11, plFlavor=0x22bbd8c*=0) returned 0x0
[0339.877] IUnknown:Release (This=0x502f0c8) returned 0x2
[0339.877] CoTaskMemAlloc (cb=0x4) returned 0x595820
[0339.877] IEnumWbemClassObject:Next (in: This=0x501986c, lTimeout=-1, uCount=0x1, apObjects=0x595820, puReturned=0x22b48dc | out: apObjects=0x595820*=0x5033fb8, puReturned=0x22b48dc*=0x1) returned 0x0
[0339.879] IUnknown:QueryInterface (in: This=0x5033fb8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e54c | out: ppvObject=0x37e54c*=0x5033fb8) returned 0x0
[0339.879] IUnknown:QueryInterface (in: This=0x5033fb8, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e500 | out: ppvObject=0x37e500*=0x0) returned 0x80004002
[0339.879] IUnknown:QueryInterface (in: This=0x5033fb8, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e328 | out: ppvObject=0x37e328*=0x0) returned 0x80004002
[0339.879] IUnknown:AddRef (This=0x5033fb8) returned 0x3
[0339.879] IUnknown:QueryInterface (in: This=0x5033fb8, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37de5c | out: ppvObject=0x37de5c*=0x0) returned 0x80004002
[0339.879] IUnknown:QueryInterface (in: This=0x5033fb8, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37de0c | out: ppvObject=0x37de0c*=0x0) returned 0x80004002
[0339.879] IUnknown:QueryInterface (in: This=0x5033fb8, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37de18 | out: ppvObject=0x37de18*=0x5033fbc) returned 0x0
[0339.879] IMarshal:GetUnmarshalClass (in: This=0x5033fbc, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37de20 | out: pCid=0x37de20*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0339.879] IUnknown:Release (This=0x5033fbc) returned 0x3
[0339.879] CoGetContextToken (in: pToken=0x37de78 | out: pToken=0x37de78) returned 0x0
[0339.879] CoGetContextToken (in: pToken=0x37e28c | out: pToken=0x37e28c) returned 0x0
[0339.879] IUnknown:QueryInterface (in: This=0x5033fb8, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e30c | out: ppvObject=0x37e30c*=0x0) returned 0x80004002
[0339.879] IUnknown:Release (This=0x5033fb8) returned 0x2
[0339.880] CoGetContextToken (in: pToken=0x37e87c | out: pToken=0x37e87c) returned 0x0
[0339.880] CoGetContextToken (in: pToken=0x37e7dc | out: pToken=0x37e7dc) returned 0x0
[0339.880] IUnknown:QueryInterface (in: This=0x5033fb8, riid=0x37e8ac*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e8a8 | out: ppvObject=0x37e8a8*=0x5033fb8) returned 0x0
[0339.880] IUnknown:AddRef (This=0x5033fb8) returned 0x4
[0339.880] IUnknown:Release (This=0x5033fb8) returned 0x3
[0339.880] IUnknown:Release (This=0x5033fb8) returned 0x2
[0339.880] CoTaskMemFree (pv=0x595820)
[0339.880] CoGetContextToken (in: pToken=0x37ebec | out: pToken=0x37ebec) returned 0x0
[0339.880] IUnknown:AddRef (This=0x5033fb8) returned 0x3
[0339.880] IWbemClassObject:Get (in: This=0x5033fb8, wszName="__GENUS", lFlags=0, pVal=0x37eee8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef68*=0, plFlavor=0x37ef64*=0 | out: pVal=0x37eee8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37ef68*=3, plFlavor=0x37ef64*=64) returned 0x0
[0339.880] IWbemClassObject:Get (in: This=0x5033fb8, wszName="__PATH", lFlags=0, pVal=0x37eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ef50*=0, plFlavor=0x37ef4c*=0 | out: pVal=0x37eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12", varVal2=0x0), pType=0x37ef50*=8, plFlavor=0x37ef4c*=64) returned 0x0
[0339.880] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12") returned 0x84
[0339.880] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12") returned 0x84
[0339.880] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b8
[0339.880] SetEvent (hEvent=0x2b8) returned 1
[0339.881] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eea4*=0x3b8, lpdwindex=0x37ecc8 | out: lpdwindex=0x37ecc8) returned 0x0
[0339.883] CoGetContextToken (in: pToken=0x37ed7c | out: pToken=0x37ed7c) returned 0x0
[0339.883] CoGetContextToken (in: pToken=0x37ecdc | out: pToken=0x37ecdc) returned 0x0
[0339.883] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016590, riid=0x37edac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37eda8 | out: ppvObject=0x37eda8*=0x5016590) returned 0x0
[0339.883] WbemDefPath:IUnknown:AddRef (This=0x5016590) returned 0x3
[0339.883] WbemDefPath:IUnknown:Release (This=0x5016590) returned 0x2
[0339.883] WbemDefPath:IWbemPath:SetText (This=0x5016590, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12") returned 0x0
[0339.883] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37ef24 | out: puCount=0x37ef24*=0x2) returned 0x0
[0339.883] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0x0, pszText=0x0 | out: puBuffLength=0x37ef20*=0xf, pszText=0x0) returned 0x0
[0339.884] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37ef20*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ef20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.884] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37eef0 | out: puCount=0x37eef0*=0x2) returned 0x0
[0339.884] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0x0, pszText=0x0 | out: puBuffLength=0x37eeec*=0xf, pszText=0x0) returned 0x0
[0339.884] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.884] IWbemClassObject:Get (in: This=0x5033fb8, wszName="IPEnabled", lFlags=0, pVal=0x37eeec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22be1d4*=0, plFlavor=0x22be1d8*=0 | out: pVal=0x37eeec*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x22be1d4*=11, plFlavor=0x22be1d8*=0) returned 0x0
[0339.884] IWbemClassObject:Get (in: This=0x5033fb8, wszName="IPEnabled", lFlags=0, pVal=0x37eef4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22be1d4*=11, plFlavor=0x22be1d8*=0 | out: pVal=0x37eef4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x22be1d4*=11, plFlavor=0x22be1d8*=0) returned 0x0
[0339.886] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x37eef0 | out: puCount=0x37eef0*=0x2) returned 0x0
[0339.886] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0x0, pszText=0x0 | out: puBuffLength=0x37eeec*=0xf, pszText=0x0) returned 0x0
[0339.887] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=4, puBuffLength=0x37eeec*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eeec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.887] IWbemClassObject:Get (in: This=0x5033fb8, wszName="MacAddress", lFlags=0, pVal=0x37eeec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22be270*=0, plFlavor=0x22be274*=0 | out: pVal=0x37eeec*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:06:6F:27:51:4C", varVal2=0x0), pType=0x22be270*=8, plFlavor=0x22be274*=0) returned 0x0
[0339.887] SysStringByteLen (bstr="00:06:6F:27:51:4C") returned 0x22
[0339.887] SysStringByteLen (bstr="00:06:6F:27:51:4C") returned 0x22
[0339.887] IWbemClassObject:Get (in: This=0x5033fb8, wszName="MacAddress", lFlags=0, pVal=0x37eef4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22be270*=8, plFlavor=0x22be274*=0 | out: pVal=0x37eef4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:06:6F:27:51:4C", varVal2=0x0), pType=0x22be270*=8, plFlavor=0x22be274*=0) returned 0x0
[0339.887] SysStringByteLen (bstr="00:06:6F:27:51:4C") returned 0x22
[0339.887] SysStringByteLen (bstr="00:06:6F:27:51:4C") returned 0x22
[0339.887] IUnknown:Release (This=0x5033fb8) returned 0x2
[0339.887] CoTaskMemAlloc (cb=0x4) returned 0x595860
[0339.887] IEnumWbemClassObject:Next (in: This=0x501986c, lTimeout=-1, uCount=0x1, apObjects=0x595860, puReturned=0x22b48dc | out: apObjects=0x595860*=0x0, puReturned=0x22b48dc*=0x0) returned 0x1
[0339.888] CoTaskMemFree (pv=0x595860)
[0339.888] CoGetContextToken (in: pToken=0x37ee1c | out: pToken=0x37ee1c) returned 0x0
[0339.889] IUnknown:Release (This=0x501986c) returned 0x1
[0339.889] IUnknown:Release (This=0x501986c) returned 0x0
[0339.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x37ea18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0339.923] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x37eda8, nSize=0xd8 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x22
[0339.930] GetUserNameW (in: lpBuffer=0x37ed58, pcbBuffer=0x22bef38 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x22bef38) returned 1
[0339.934] GetComputerNameW (in: lpBuffer=0x37ed58, nSize=0x22bf3ac | out: lpBuffer="Q9IATRKPRH", nSize=0x22bf3ac) returned 1
[0339.939] EtwEventRegister () returned 0x0
[0349.116] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x37eda8, nSize=0xd8 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x22
[0349.121] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\", nBufferLength=0x105, lpBuffer=0x37ea8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\", lpFilePart=0x0) returned 0x2b
[0349.122] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ecc8) returned 1
[0349.122] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\csglckr"), fInfoLevelId=0x0, lpFileInformation=0x37ef8c | out: lpFileInformation=0x37ef8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0349.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ecc4) returned 1
[0349.123] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x37eda8, nSize=0xd8 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x22
[0349.124] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\", nBufferLength=0x105, lpBuffer=0x37ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\", lpFilePart=0x0) returned 0x2b
[0349.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ec58) returned 1
[0349.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\csglckr"), fInfoLevelId=0x0, lpFileInformation=0x37ef1c | out: lpFileInformation=0x37ef1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0349.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ec54) returned 1
[0349.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ec58) returned 1
[0349.126] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\csglckr"), fInfoLevelId=0x0, lpFileInformation=0x37ef1c | out: lpFileInformation=0x37ef1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0349.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ec54) returned 1
[0349.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ec58) returned 1
[0349.126] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming"), fInfoLevelId=0x0, lpFileInformation=0x37ef1c | out: lpFileInformation=0x37ef1c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x372cfae0, ftLastAccessTime.dwHighDateTime=0x1d71a55, ftLastWriteTime.dwLowDateTime=0x372cfae0, ftLastWriteTime.dwHighDateTime=0x1d71a55, nFileSizeHigh=0x0, nFileSizeLow=0x3000)) returned 1
[0349.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ec54) returned 1
[0349.152] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\csglckr"), lpSecurityAttributes=0x0) returned 1
[0349.155] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\CsGlckR.exe", nBufferLength=0x105, lpBuffer=0x37ea94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\CsGlckR.exe", lpFilePart=0x0) returned 0x36
[0349.156] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ecd4) returned 1
[0349.156] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\CsGlckR.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\csglckr\\csglckr.exe"), fInfoLevelId=0x0, lpFileInformation=0x37ef98 | out: lpFileInformation=0x37ef98*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0349.156] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ecd0) returned 1
[0349.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x37ea94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0349.156] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ecd4) returned 1
[0349.156] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe"), fInfoLevelId=0x0, lpFileInformation=0x37ef98 | out: lpFileInformation=0x37ef98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23456500, ftCreationTime.dwHighDateTime=0x1d4e503, ftLastAccessTime.dwLowDateTime=0xc1959990, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0x23456500, ftLastWriteTime.dwHighDateTime=0x1d4e503, nFileSizeHigh=0x0, nFileSizeLow=0xb0c0)) returned 1
[0349.156] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ecd0) returned 1
[0349.156] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\CsGlckR.exe", nBufferLength=0x105, lpBuffer=0x37ea94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\CsGlckR.exe", lpFilePart=0x0) returned 0x36
[0349.156] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ecd4) returned 1
[0349.156] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\CsGlckR.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\csglckr\\csglckr.exe"), fInfoLevelId=0x0, lpFileInformation=0x37ef98 | out: lpFileInformation=0x37ef98*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0349.156] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ecd0) returned 1
[0349.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", nBufferLength=0x105, lpBuffer=0x37ea44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", lpFilePart=0x0) returned 0x39
[0349.156] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\CsGlckR.exe", nBufferLength=0x105, lpBuffer=0x37ea44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\CsGlckR.exe", lpFilePart=0x0) returned 0x36
[0349.157] CopyFileW (lpExistingFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\CsGlckR.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\csglckr\\csglckr.exe"), bFailIfExists=0) returned 1
[0349.317] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x37ef88 | out: phkResult=0x37ef88*=0x408) returned 0x0
[0349.322] RegQueryValueExW (in: hKey=0x408, lpValueName="CsGlckR", lpReserved=0x0, lpType=0x37ef7c, lpData=0x0, lpcbData=0x37ef78*=0x0 | out: lpType=0x37ef7c*=0x0, lpData=0x0, lpcbData=0x37ef78*=0x0) returned 0x2
[0349.322] RegSetValueExW (in: hKey=0x408, lpValueName="CsGlckR", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\CsGlckR.exe", cbData=0x6e | out: lpData="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\CsGlckR.exe") returned 0x0
[0349.326] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x37ef88 | out: phkResult=0x37ef88*=0x0) returned 0x2
[0349.331] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\CsGlckR.exe", nBufferLength=0x105, lpBuffer=0x37ea74, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\CsGlckR.exe", lpFilePart=0x0) returned 0x36
[0349.331] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ecb4) returned 1
[0349.331] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\CsGlckR.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\csglckr\\csglckr.exe"), fInfoLevelId=0x0, lpFileInformation=0x37ef78 | out: lpFileInformation=0x37ef78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbb8cdbc0, ftCreationTime.dwHighDateTime=0x1d71a55, ftLastAccessTime.dwLowDateTime=0xbb8cdbc0, ftLastAccessTime.dwHighDateTime=0x1d71a55, ftLastWriteTime.dwLowDateTime=0x23456500, ftLastWriteTime.dwHighDateTime=0x1d4e503, nFileSizeHigh=0x0, nFileSizeLow=0xb0c0)) returned 1
[0349.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ecb0) returned 1
[0349.342] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CsGlckR\\CsGlckR.exe:Zone.Identifier" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\csglckr\\csglckr.exe:zone.identifier")) returned 0
[0369.206] CoTaskMemAlloc (cb=0x20c) returned 0x59ac38
[0369.206] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x59ac38 | out: pszPath="C:\\Windows\\system32") returned 0x0
[0369.208] CoTaskMemFree (pv=0x59ac38)
[0369.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x37e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
[0369.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\drivers\\etc\\hosts", nBufferLength=0x105, lpBuffer=0x37e944, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\drivers\\etc\\hosts", lpFilePart=0x0) returned 0x25
[0369.216] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ee5c) returned 1
[0369.216] CreateFileW (lpFileName="C:\\Windows\\system32\\drivers\\etc\\hosts" (normalized: "c:\\windows\\system32\\drivers\\etc\\hosts"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0369.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37dc78) returned 1
[0421.497] GetCurrentProcess () returned 0xffffffff
[0421.497] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37eb84 | out: TokenHandle=0x37eb84*=0x380) returned 1
[0421.501] CloseHandle (hObject=0x380) returned 1
[0421.501] GetCurrentProcess () returned 0xffffffff
[0421.501] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37eb9c | out: TokenHandle=0x37eb9c*=0x380) returned 1
[0421.502] CloseHandle (hObject=0x380) returned 1
[0421.505] GetCurrentProcess () returned 0xffffffff
[0421.505] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37eb8c | out: TokenHandle=0x37eb8c*=0x380) returned 1
[0421.509] CloseHandle (hObject=0x380) returned 1
[0421.509] GetCurrentProcess () returned 0xffffffff
[0421.509] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37eba4 | out: TokenHandle=0x37eba4*=0x380) returned 1
[0421.509] CloseHandle (hObject=0x380) returned 1
[0421.526] QueryPerformanceFrequency (in: lpFrequency=0x1b69e8 | out: lpFrequency=0x1b69e8*=100000000) returned 1
[0421.529] QueryPerformanceCounter (in: lpPerformanceCount=0x37ef4c | out: lpPerformanceCount=0x37ef4c*=2799439539071) returned 1
[0421.535] GetCurrentProcess () returned 0xffffffff
[0421.535] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37eb60 | out: TokenHandle=0x37eb60*=0x380) returned 1
[0421.538] CloseHandle (hObject=0x380) returned 1
[0421.538] GetCurrentProcess () returned 0xffffffff
[0421.538] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37eb78 | out: TokenHandle=0x37eb78*=0x380) returned 1
[0421.538] CloseHandle (hObject=0x380) returned 1
[0421.544] GetCurrentProcess () returned 0xffffffff
[0421.544] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37ee30 | out: TokenHandle=0x37ee30*=0x380) returned 1
[0422.090] CoTaskMemAlloc (cb=0xcc0) returned 0x5a5408
[0422.091] RasEnumConnectionsW (in: param_1=0x5a5408, param_2=0x37ee40, param_3=0x37ee44 | out: param_1=0x5a5408, param_2=0x37ee40, param_3=0x37ee44) returned 0x0
[0422.315] CoTaskMemFree (pv=0x5a5408)
[0422.322] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x37ec28 | out: lpWSAData=0x37ec28) returned 0
[0422.460] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x414
[0422.908] setsockopt (s=0x414, level=65535, optname=128, optval="\x01", optlen=4) returned -1
[0422.908] closesocket (s=0x414) returned 0
[0422.908] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x414
[0423.016] setsockopt (s=0x414, level=65535, optname=128, optval="\x01", optlen=4) returned -1
[0423.016] closesocket (s=0x414) returned 0
[0423.016] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x414
[0423.017] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x418
[0423.017] ioctlsocket (in: s=0x414, cmd=-2147195266, argp=0x37ee48 | out: argp=0x37ee48) returned 0
[0423.017] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x41c
[0423.018] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x420
[0423.018] ioctlsocket (in: s=0x41c, cmd=-2147195266, argp=0x37ee48 | out: argp=0x37ee48) returned 0
[0423.019] WSAIoctl (in: s=0x414, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x37ee30, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x37ee30, lpOverlapped=0x0) returned -1
[0423.019] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x37eb60, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
[0423.021] WSAEventSelect (s=0x414, hEventObject=0x418, lNetworkEvents=512) returned 0
[0423.021] WSAIoctl (in: s=0x41c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x37ee30, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x37ee30, lpOverlapped=0x0) returned -1
[0423.021] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x37eb60, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
[0423.022] WSAEventSelect (s=0x41c, hEventObject=0x420, lNetworkEvents=512) returned 0
[0423.022] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x424
[0423.022] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x424, param_3=0x3) returned 0x0
[0423.029] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x37ee5c | out: phkResult=0x37ee5c*=0x43c) returned 0x0
[0423.030] RegOpenKeyExW (in: hKey=0x43c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ee10 | out: phkResult=0x37ee10*=0x440) returned 0x0
[0423.030] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x444
[0423.030] RegNotifyChangeKeyValue (hKey=0x440, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x444, fAsynchronous=1) returned 0x0
[0423.031] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ee14 | out: phkResult=0x37ee14*=0x448) returned 0x0
[0423.031] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x44c
[0423.031] RegNotifyChangeKeyValue (hKey=0x448, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x44c, fAsynchronous=1) returned 0x0
[0423.032] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ee14 | out: phkResult=0x37ee14*=0x450) returned 0x0
[0423.032] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x454
[0423.032] RegNotifyChangeKeyValue (hKey=0x450, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x454, fAsynchronous=1) returned 0x0
[0423.032] GetCurrentProcess () returned 0xffffffff
[0423.032] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37ee04 | out: TokenHandle=0x37ee04*=0x458) returned 1
[0423.036] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e708 | out: phkResult=0x37e708*=0x45c) returned 0x0
[0423.036] RegQueryValueExW (in: hKey=0x45c, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x37e724, lpData=0x0, lpcbData=0x37e720*=0x0 | out: lpType=0x37e724*=0x0, lpData=0x0, lpcbData=0x37e720*=0x0) returned 0x2
[0423.036] RegCloseKey (hKey=0x45c) returned 0x0
[0423.596] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x56d160
[0423.879] WinHttpSetTimeouts (hInternet=0x56d160, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
[0423.880] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x37ee10 | out: pProxyConfig=0x37ee10) returned 1
[0424.748] CloseHandle (hObject=0x380) returned 1
[0424.753] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x37e5d0, nSize=0xd8 | out: lpBuffer="蘓瑆쮠O\x1c") returned 0x0
[0424.753] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x37e5d0, nSize=0xd8 | out: lpBuffer="蘓瑆쮠O\x1c") returned 0x0
[0424.757] EtwEventRegister () returned 0x0
[0424.779] GetCurrentProcess () returned 0xffffffff
[0424.779] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37eb28 | out: TokenHandle=0x37eb28*=0x49c) returned 1
[0424.781] CloseHandle (hObject=0x49c) returned 1
[0424.781] GetCurrentProcess () returned 0xffffffff
[0424.781] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37eb40 | out: TokenHandle=0x37eb40*=0x49c) returned 1
[0424.781] CloseHandle (hObject=0x49c) returned 1
[0424.785] SystemFunction041 (in: Memory=0x58f094, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x58f094) returned 0x0
[0424.802] SetEvent (hEvent=0x238) returned 1
[0424.812] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x37ed6c*=0x424, lpdwindex=0x37eb90 | out: lpdwindex=0x37eb90) returned 0x80010115
[0424.813] CallWindowProcW (lpPrevWndFunc=0x773c25dd, hWnd=0x50132, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1
[0424.815] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x37ed4c*=0x418, lpdwindex=0x37eb70 | out: lpdwindex=0x37eb70) returned 0x80010115
[0424.815] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x37ed4c*=0x420, lpdwindex=0x37eb70 | out: lpdwindex=0x37eb70) returned 0x80010115
[0424.815] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x37eda0*=0x444, lpdwindex=0x37ebc4 | out: lpdwindex=0x37ebc4) returned 0x80010115
[0424.815] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x37eda0*=0x44c, lpdwindex=0x37ebc4 | out: lpdwindex=0x37ebc4) returned 0x80010115
[0424.816] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x37eda0*=0x454, lpdwindex=0x37ebc4 | out: lpdwindex=0x37ebc4) returned 0x80010115
[0424.819] GetCurrentProcess () returned 0xffffffff
[0424.819] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37eaa8 | out: TokenHandle=0x37eaa8*=0x4b0) returned 1
[0424.819] CloseHandle (hObject=0x4b0) returned 1
[0424.820] GetCurrentProcess () returned 0xffffffff
[0424.820] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37eac0 | out: TokenHandle=0x37eac0*=0x4b0) returned 1
[0424.820] CloseHandle (hObject=0x4b0) returned 1
[0424.821] GetTimeZoneInformation (in: lpTimeZoneInformation=0x37ec70 | out: lpTimeZoneInformation=0x37ec70) returned 0x1
[0424.821] SetEvent (hEvent=0x238) returned 1
[0424.822] GetACP () returned 0x4e4
[0424.836] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x37edcc | out: pFixedInfo=0x0, pOutBufLen=0x37edcc) returned 0x6f
[0425.147] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x5b5858
[0425.147] GetNetworkParams (in: pFixedInfo=0x5b5858, pOutBufLen=0x37edcc | out: pFixedInfo=0x5b5858, pOutBufLen=0x37edcc) returned 0x0
[0425.166] LocalFree (hMem=0x5b5858) returned 0x0
[0425.167] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x37e50c, nSize=0xd8 | out: lpBuffer="쮠O\x1c") returned 0x0
[0425.167] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x37e50c, nSize=0xd8 | out: lpBuffer="쮠O\x1c") returned 0x0
[0425.174] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c4
[0425.176] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c0
[0425.177] GetAddrInfoW (in: pNodeName="api.ipify.org", pServiceName=0x0, pHints=0x37eca8*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x37ec50 | out: ppResult=0x37ec50*=0x4849a8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="elb097307-934924932.us-east-1.elb.amazonaws.com", ai_addr=0x484a70*(sa_family=2, sin_port=0x0, sin_addr="54.243.164.148"), ai_next=0x4849d0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4849f8*(sa_family=2, sin_port=0x0, sin_addr="54.235.83.248"), ai_next=0x484c00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484c28*(sa_family=2, sin_port=0x0, sin_addr="54.221.253.252"), ai_next=0x484c40*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484c68*(sa_family=2, sin_port=0x0, sin_addr="54.235.189.250"), ai_next=0x484c80*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484ca8*(sa_family=2, sin_port=0x0, sin_addr="54.225.214.197"), ai_next=0x484cc0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484ce8*(sa_family=2, sin_port=0x0, sin_addr="54.225.129.141"), ai_next=0x484d00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484d28*(sa_family=2, sin_port=0x0, sin_addr="23.21.140.41"), ai_next=0x484d40*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484d68*(sa_family=2, sin_port=0x0, sin_addr="23.21.252.4"), ai_next=0x0))))))))) returned 0
[0425.713] FreeAddrInfoW (pAddrInfo=0x4849a8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="elb097307-934924932.us-east-1.elb.amazonaws.com", ai_addr=0x484a70*(sa_family=2, sin_port=0x0, sin_addr="54.243.164.148"), ai_next=0x4849d0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4849f8*(sa_family=2, sin_port=0x0, sin_addr="54.235.83.248"), ai_next=0x484c00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484c28*(sa_family=2, sin_port=0x0, sin_addr="54.221.253.252"), ai_next=0x484c40*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484c68*(sa_family=2, sin_port=0x0, sin_addr="54.235.189.250"), ai_next=0x484c80*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484ca8*(sa_family=2, sin_port=0x0, sin_addr="54.225.214.197"), ai_next=0x484cc0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484ce8*(sa_family=2, sin_port=0x0, sin_addr="54.225.129.141"), ai_next=0x484d00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484d28*(sa_family=2, sin_port=0x0, sin_addr="23.21.140.41"), ai_next=0x484d40*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484d68*(sa_family=2, sin_port=0x0, sin_addr="23.21.252.4"), ai_next=0x0)))))))))
[0425.713] GetAddrInfoW (in: pNodeName="api.ipify.org", pServiceName=0x0, pHints=0x37eca8*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x37ec50 | out: ppResult=0x37ec50*=0x4849a8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.ipify.org", ai_addr=0x484a70*(sa_family=2, sin_port=0x0, sin_addr="54.243.164.148"), ai_next=0x4849d0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4849f8*(sa_family=2, sin_port=0x0, sin_addr="54.235.83.248"), ai_next=0x484c00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484c28*(sa_family=2, sin_port=0x0, sin_addr="54.221.253.252"), ai_next=0x484c40*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484c68*(sa_family=2, sin_port=0x0, sin_addr="54.235.189.250"), ai_next=0x484c80*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484ca8*(sa_family=2, sin_port=0x0, sin_addr="54.225.214.197"), ai_next=0x484cc0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484ce8*(sa_family=2, sin_port=0x0, sin_addr="54.225.129.141"), ai_next=0x484d00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484d28*(sa_family=2, sin_port=0x0, sin_addr="23.21.140.41"), ai_next=0x484d40*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484d68*(sa_family=2, sin_port=0x0, sin_addr="23.21.252.4"), ai_next=0x0))))))))) returned 0
[0425.716] FreeAddrInfoW (pAddrInfo=0x4849a8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.ipify.org", ai_addr=0x484a70*(sa_family=2, sin_port=0x0, sin_addr="54.243.164.148"), ai_next=0x4849d0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x4849f8*(sa_family=2, sin_port=0x0, sin_addr="54.235.83.248"), ai_next=0x484c00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484c28*(sa_family=2, sin_port=0x0, sin_addr="54.221.253.252"), ai_next=0x484c40*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484c68*(sa_family=2, sin_port=0x0, sin_addr="54.235.189.250"), ai_next=0x484c80*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484ca8*(sa_family=2, sin_port=0x0, sin_addr="54.225.214.197"), ai_next=0x484cc0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484ce8*(sa_family=2, sin_port=0x0, sin_addr="54.225.129.141"), ai_next=0x484d00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484d28*(sa_family=2, sin_port=0x0, sin_addr="23.21.140.41"), ai_next=0x484d40*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x484d68*(sa_family=2, sin_port=0x0, sin_addr="23.21.252.4"), ai_next=0x0)))))))))
[0425.716] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4d8
[0425.716] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4dc
[0425.716] ioctlsocket (in: s=0x4d8, cmd=-2147195266, argp=0x37ec80 | out: argp=0x37ec80) returned 0
[0425.716] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e0
[0425.717] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4e4
[0425.717] ioctlsocket (in: s=0x4e0, cmd=-2147195266, argp=0x37ec80 | out: argp=0x37ec80) returned 0
[0425.717] WSAIoctl (in: s=0x4d8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x37ec68, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x37ec68, lpOverlapped=0x0) returned -1
[0425.717] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x37e998, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
[0425.718] WSAEventSelect (s=0x4d8, hEventObject=0x4dc, lNetworkEvents=512) returned 0
[0425.718] WSAIoctl (in: s=0x4e0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x37ec68, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x37ec68, lpOverlapped=0x0) returned -1
[0425.718] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x37e998, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
[0425.718] WSAEventSelect (s=0x4e0, hEventObject=0x4e4, lNetworkEvents=512) returned 0
[0425.718] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x37ec64*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x37ec64*=0x7ec) returned 0x6f
[0425.724] LocalAlloc (uFlags=0x0, uBytes=0x7ec) returned 0x5ba6f8
[0425.724] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x5ba6f8, SizePointer=0x37ec64*=0x7ec | out: AdapterAddresses=0x5ba6f8*(Alignment=0xe00000178, Length=0x178, IfIndex=0xe, Next=0x5ba9c4, AdapterName="{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}", FirstUnicastAddress=0x5ba938, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #3", FriendlyName="Local Area Connection 3", PhysicalAddress=([0]=0x0, [1]=0x6, [2]=0x6f, [3]=0x27, [4]=0x51, [5]=0x4c, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000008000000, Dhcpv4Server.lpSockaddr=0x5ba870*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x116cc217, FirstDnsSuffix=0x0), SizePointer=0x37ec64*=0x7ec) returned 0x0
[0425.792] LocalFree (hMem=0x5ba6f8) returned 0x0
[0425.794] WSAConnect (in: s=0x4c4, name=0x22e6360*(sa_family=2, sin_port=0x1bb, sin_addr="54.243.164.148"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
[0425.960] closesocket (s=0x4c0) returned 0
[0426.118] EnumerateSecurityPackagesW (in: pcPackages=0x37ebd4, ppPackageInfo=0x37eb68 | out: pcPackages=0x37ebd4, ppPackageInfo=0x37eb68) returned 0x0
[0426.123] FreeContextBuffer (in: pvContextBuffer=0x585d38 | out: pvContextBuffer=0x585d38) returned 0x0
[0426.131] GetCurrentProcess () returned 0xffffffff
[0426.131] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37e990 | out: TokenHandle=0x37e990*=0x4c0) returned 1
[0426.133] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x22e76b0, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x37e9e4, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x22e8d40, ptsExpiry=0x37e968 | out: phCredential=0x22e8d40, ptsExpiry=0x37e968) returned 0x0
[0426.509] CloseHandle (hObject=0x4c0) returned 1
[0426.511] InitializeSecurityContextW (in: phCredential=0x37e9b4, phContext=0x0, pTargetName=0x22e6450, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x22e8f44, pOutput=0x22e8edc, pfContextAttr=0x22e7684, ptsExpiry=0x37e9ac | out: phNewContext=0x22e8f44, pOutput=0x22e8edc, pfContextAttr=0x22e7684, ptsExpiry=0x37e9ac) returned 0x90312
[0426.512] FreeContextBuffer (in: pvContextBuffer=0x581028 | out: pvContextBuffer=0x581028) returned 0x0
[0426.514] send (s=0x4c4, buf=0x22e8f58*, len=155, flags=0) returned 155
[0426.516] recv (in: s=0x4c4, buf=0x22e8f58, len=5, flags=0 | out: buf=0x22e8f58*) returned 5
[0426.676] recv (in: s=0x4c4, buf=0x22e8f5d, len=89, flags=0 | out: buf=0x22e8f5d*) returned 89
[0426.677] InitializeSecurityContextW (in: phCredential=0x37e910, phContext=0x37e900, pTargetName=0x22e6450, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22e91b4, Reserved2=0x0, phNewContext=0x22e8f44, pOutput=0x22e91c8, pfContextAttr=0x22e7684, ptsExpiry=0x37e908 | out: phNewContext=0x22e8f44, pOutput=0x22e91c8, pfContextAttr=0x22e7684, ptsExpiry=0x37e908) returned 0x90312
[0426.680] recv (in: s=0x4c4, buf=0x22e9258, len=5, flags=0 | out: buf=0x22e9258*) returned 5
[0426.681] recv (in: s=0x4c4, buf=0x22e927d, len=5528, flags=0 | out: buf=0x22e927d*) returned 5528
[0426.681] InitializeSecurityContextW (in: phCredential=0x37e870, phContext=0x37e860, pTargetName=0x22e6450, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22ea888, Reserved2=0x0, phNewContext=0x22e8f44, pOutput=0x22ea89c, pfContextAttr=0x22e7684, ptsExpiry=0x37e868 | out: phNewContext=0x22e8f44, pOutput=0x22ea89c, pfContextAttr=0x22e7684, ptsExpiry=0x37e868) returned 0x90312
[0426.683] recv (in: s=0x4c4, buf=0x22ea92c, len=5, flags=0 | out: buf=0x22ea92c*) returned 5
[0426.683] recv (in: s=0x4c4, buf=0x22ea945, len=333, flags=0 | out: buf=0x22ea945*) returned 333
[0426.683] InitializeSecurityContextW (in: phCredential=0x37e7d0, phContext=0x37e7c0, pTargetName=0x22e6450, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22eab04, Reserved2=0x0, phNewContext=0x22e8f44, pOutput=0x22eab18, pfContextAttr=0x22e7684, ptsExpiry=0x37e7c8 | out: phNewContext=0x22e8f44, pOutput=0x22eab18, pfContextAttr=0x22e7684, ptsExpiry=0x37e7c8) returned 0x90312
[0426.684] recv (in: s=0x4c4, buf=0x22eaba8, len=5, flags=0 | out: buf=0x22eaba8*) returned 5
[0426.684] recv (in: s=0x4c4, buf=0x22eabc1, len=4, flags=0 | out: buf=0x22eabc1*) returned 4
[0426.684] InitializeSecurityContextW (in: phCredential=0x37e730, phContext=0x37e720, pTargetName=0x22e6450, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22eac38, Reserved2=0x0, phNewContext=0x22e8f44, pOutput=0x22eac4c, pfContextAttr=0x22e7684, ptsExpiry=0x37e728 | out: phNewContext=0x22e8f44, pOutput=0x22eac4c, pfContextAttr=0x22e7684, ptsExpiry=0x37e728) returned 0x90312
[0426.692] FreeContextBuffer (in: pvContextBuffer=0x558f70 | out: pvContextBuffer=0x558f70) returned 0x0
[0426.692] send (s=0x4c4, buf=0x22eacc8*, len=166, flags=0) returned 166
[0426.693] recv (in: s=0x4c4, buf=0x22eacc8, len=5, flags=0 | out: buf=0x22eacc8*) returned 5
[0426.856] recv (in: s=0x4c4, buf=0x22eaccd, len=1, flags=0 | out: buf=0x22eaccd*) returned 1
[0426.856] InitializeSecurityContextW (in: phCredential=0x37e690, phContext=0x37e680, pTargetName=0x22e6450, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22eadf4, Reserved2=0x0, phNewContext=0x22e8f44, pOutput=0x22eae08, pfContextAttr=0x22e7684, ptsExpiry=0x37e688 | out: phNewContext=0x22e8f44, pOutput=0x22eae08, pfContextAttr=0x22e7684, ptsExpiry=0x37e688) returned 0x90312
[0426.857] recv (in: s=0x4c4, buf=0x22eae98, len=5, flags=0 | out: buf=0x22eae98*) returned 5
[0426.857] recv (in: s=0x4c4, buf=0x22eaeb1, len=80, flags=0 | out: buf=0x22eaeb1*) returned 80
[0426.857] InitializeSecurityContextW (in: phCredential=0x37e5f0, phContext=0x37e5e0, pTargetName=0x22e6450, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22eaf74, Reserved2=0x0, phNewContext=0x22e8f44, pOutput=0x22eaf88, pfContextAttr=0x22e7684, ptsExpiry=0x37e5e8 | out: phNewContext=0x22e8f44, pOutput=0x22eaf88, pfContextAttr=0x22e7684, ptsExpiry=0x37e5e8) returned 0x0
[0427.349] QueryContextAttributesW (in: phContext=0x22e8f44, ulAttribute=0x4, pBuffer=0x22eb034 | out: pBuffer=0x22eb034) returned 0x0
[0427.353] QueryContextAttributesW (in: phContext=0x22e8f44, ulAttribute=0x5a, pBuffer=0x22eb08c | out: pBuffer=0x22eb08c) returned 0x0
[0427.362] QueryContextAttributesW (in: phContext=0x22e8f44, ulAttribute=0x53, pBuffer=0x22eb138 | out: pBuffer=0x22eb138) returned 0x0
[0427.379] CertDuplicateCRLContext (pCrlContext=0x5afc80) returned 0x5afc80
[0427.380] CertDuplicateStore (hCertStore=0x58ef20) returned 0x58ef20
[0427.380] CertEnumCertificatesInStore (hCertStore=0x58ef20, pPrevCertContext=0x0) returned 0x5afd70
[0427.380] CertDuplicateCRLContext (pCrlContext=0x5afd70) returned 0x5afd70
[0427.381] CertEnumCertificatesInStore (hCertStore=0x58ef20, pPrevCertContext=0x5afd70) returned 0x5afd20
[0427.381] CertDuplicateCRLContext (pCrlContext=0x5afd20) returned 0x5afd20
[0427.381] CertEnumCertificatesInStore (hCertStore=0x58ef20, pPrevCertContext=0x5afd20) returned 0x5afcd0
[0427.381] CertDuplicateCRLContext (pCrlContext=0x5afcd0) returned 0x5afcd0
[0427.381] CertEnumCertificatesInStore (hCertStore=0x58ef20, pPrevCertContext=0x5afcd0) returned 0x5afc80
[0427.381] CertDuplicateCRLContext (pCrlContext=0x5afc80) returned 0x5afc80
[0427.381] CertEnumCertificatesInStore (hCertStore=0x58ef20, pPrevCertContext=0x5afc80) returned 0x0
[0427.381] CertCloseStore (hCertStore=0x58ef20, dwFlags=0x0) returned 1
[0427.381] CertFreeCRLContext (pCrlContext=0x5afc80) returned 1
[0427.396] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x54e0f0
[0427.401] CertAddCRLLinkToStore (in: hCertStore=0x54e0f0, pCrlContext=0x5afd70, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
[0427.402] CertAddCRLLinkToStore (in: hCertStore=0x54e0f0, pCrlContext=0x5afd20, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
[0427.402] CertAddCRLLinkToStore (in: hCertStore=0x54e0f0, pCrlContext=0x5afcd0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
[0427.402] CertAddCRLLinkToStore (in: hCertStore=0x54e0f0, pCrlContext=0x5afc80, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
[0427.403] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x551a20
[0427.405] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x5afc80, pTime=0x37e5fc, hAdditionalStore=0x54e0f0, pChainPara=0x37e53c, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x37e530 | out: ppChainContext=0x37e530) returned 1
[0429.352] LocalFree (hMem=0x551a20) returned 0x0
[0429.352] CertDuplicateCertificateChain (pChainContext=0x5760f8) returned 0x5760f8
[0429.353] CertDuplicateCRLContext (pCrlContext=0x5afc80) returned 0x5afc80
[0429.353] CertDuplicateCRLContext (pCrlContext=0x55840e0) returned 0x55840e0
[0429.353] CertDuplicateCRLContext (pCrlContext=0x5584090) returned 0x5584090
[0429.353] CertDuplicateCRLContext (pCrlContext=0x5584180) returned 0x5584180
[0429.353] CertFreeCertificateChain (pChainContext=0x5760f8)
[0429.354] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x5760f8, pPolicyPara=0x37e6dc, pPolicyStatus=0x37e6c8 | out: pPolicyStatus=0x37e6c8) returned 1
[0429.354] SetLastError (dwErrCode=0x0)
[0429.355] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x5760f8, pPolicyPara=0x37e73c, pPolicyStatus=0x37e6f0 | out: pPolicyStatus=0x37e6f0) returned 1
[0429.356] CertFreeCertificateChain (pChainContext=0x5760f8)
[0429.356] CertFreeCRLContext (pCrlContext=0x5afc80) returned 1
[0429.361] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x37e304, nSize=0xd8 | out: lpBuffer="쮠O\x1c") returned 0x0
[0429.361] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x37e304, nSize=0xd8 | out: lpBuffer="쮠O\x1c") returned 0x0
[0429.361] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x37e304, nSize=0xd8 | out: lpBuffer="쮠O\x1c") returned 0x0
[0429.361] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x37e304, nSize=0xd8 | out: lpBuffer="쮠O\x1c") returned 0x0
[0429.363] EncryptMessage (in: phContext=0x22e8f44, fQOP=0x0, pMessage=0x22f355c, MessageSeqNo=0x0 | out: pMessage=0x22f355c) returned 0x0
[0429.367] send (s=0x4c4, buf=0x22f2034*, len=213, flags=0) returned 213
[0429.370] setsockopt (s=0x4c4, level=65535, optname=4102, optval="\x10'", optlen=4) returned 0
[0429.372] recv (in: s=0x4c4, buf=0x22ff89c, len=5, flags=0 | out: buf=0x22ff89c*) returned 5
[0429.534] recv (in: s=0x4c4, buf=0x22ff8a1, len=240, flags=0 | out: buf=0x22ff8a1*) returned 240
[0429.535] DecryptMessage (in: phContext=0x22e8f44, pMessage=0x230395c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x230395c, pfQOP=0x0) returned 0x0
[0429.547] setsockopt (s=0x4c4, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
[0429.547] SetEvent (hEvent=0x238) returned 1
[0429.713] CoTaskMemAlloc (cb=0x20c) returned 0x5590648
[0429.713] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5590648 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0
[0429.715] CoTaskMemFree (pv=0x5590648)
[0429.715] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20
[0429.718] CoTaskMemAlloc (cb=0x20c) returned 0x5590648
[0429.718] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5590648 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0
[0429.718] CoTaskMemFree (pv=0x5590648)
[0429.718] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22
[0429.986] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x31
[0429.986] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\kometa\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.987] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data", lpFilePart=0x0) returned 0x30
[0429.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\amigo\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.987] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x33
[0429.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\chromium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.988] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x32
[0429.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.988] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\orbitum\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.988] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3a
[0429.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.988] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\sputnik\\sputnik\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.988] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x31
[0429.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.988] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\chedot\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.988] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data", lpFilePart=0x0) returned 0x3b
[0429.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.988] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\360chrome\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.989] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x54
[0429.989] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.989] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x38
[0429.989] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\comodo\\dragon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.989] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x31
[0429.989] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\liebao\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.989] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x3f
[0429.989] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\catalinagroup\\citrio\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.990] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x41
[0429.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\maplestudio\\chromeplus\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.990] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x39
[0429.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\ucozmedia\\uran\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.990] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x33
[0429.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\qip surf\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.991] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x39
[0429.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\coccoc\\browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.991] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x32
[0429.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\vivaldi\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.991] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x36
[0429.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\7star\\7star\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.991] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x3f
[0429.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\epic privacy browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.992] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.992] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable", lpFilePart=0x0) returned 0x3e
[0429.992] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.992] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\opera software\\opera stable"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.992] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.992] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x38
[0429.992] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.992] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\coowon\\coowon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.992] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.993] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x46
[0429.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\bravesoftware\\brave-browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.993] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x3f
[0429.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yandexbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.993] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x32
[0429.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\iridium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.994] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3b
[0429.994] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.994] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\elements browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.994] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x30
[0429.994] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.994] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\torch\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0429.994] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x36
[0429.994] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0429.994] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\centbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0429.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0430.010] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x37d070, nSize=0xd8 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x22
[0430.173] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", lpFilePart=0x0) returned 0x4f
[0430.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0430.173] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0430.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0430.246] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", lpFilePart=0x0) returned 0x4f
[0430.246] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0430.246] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0430.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0430.297] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini", lpFilePart=0x0) returned 0x37
[0430.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0430.297] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\postbox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0430.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0430.302] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini", lpFilePart=0x0) returned 0x37
[0430.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0430.302] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\postbox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0430.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0430.339] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x37e850, nSize=0xd8 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x22
[0430.344] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml", nBufferLength=0x105, lpBuffer=0x37e414, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml", lpFilePart=0x0) returned 0x3e
[0430.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e92c) returned 1
[0430.344] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\filezilla\\recentservers.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0430.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d748) returned 1
[0430.394] CoTaskMemAlloc (cb=0x20c) returned 0x5590648
[0430.394] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5590648 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0
[0430.394] CoTaskMemFree (pv=0x5590648)
[0430.394] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22
[0430.396] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat", nBufferLength=0x105, lpBuffer=0x37e548, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat", lpFilePart=0x0) returned 0x45
[0430.396] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e788) returned 1
[0430.396] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\trillian\\users\\global\\accounts.dat"), fInfoLevelId=0x0, lpFileInformation=0x37ea4c | out: lpFileInformation=0x37ea4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0430.396] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e784) returned 1
[0430.409] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", lpFilePart=0x0) returned 0x40
[0430.409] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0430.409] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\comodo\\icedragon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0430.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0430.413] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", lpFilePart=0x0) returned 0x40
[0430.413] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0430.413] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\comodo\\icedragon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0430.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0430.450] CoTaskMemAlloc (cb=0x20c) returned 0x5590648
[0430.450] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5590648 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0
[0430.450] CoTaskMemFree (pv=0x5590648)
[0430.450] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e4b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20
[0430.453] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN", nBufferLength=0x105, lpBuffer=0x37e550, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN", lpFilePart=0x0) returned 0x28
[0430.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e7c4) returned 1
[0430.453] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\nordvpn"), fInfoLevelId=0x0, lpFileInformation=0x2320d10 | out: lpFileInformation=0x2320d10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0430.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e7c0) returned 1
[0430.456] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
[0430.466] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", lpFilePart=0x0) returned 0x3e
[0430.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0430.466] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\icecat\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0430.468] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0430.471] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", lpFilePart=0x0) returned 0x3e
[0430.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0430.471] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\icecat\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0430.475] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0430.487] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x37e7fc, nSize=0xd8 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x22
[0430.490] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x37e7fc, nSize=0xd8 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x22
[0430.494] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", nBufferLength=0x105, lpBuffer=0x37e4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", lpFilePart=0x0) returned 0x54
[0430.494] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", nBufferLength=0x105, lpBuffer=0x37e484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", lpFilePart=0x0) returned 0x4e
[0430.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e970) returned 1
[0430.497] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", nBufferLength=0x105, lpBuffer=0x37e450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", lpFilePart=0x0) returned 0x4e
[0430.497] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", lpFindFileData=0x37e720 | out: lpFindFileData=0x37e720*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
[0430.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e6e0) returned 1
[0430.601] SetErrorInfo (dwReserved=0x0, perrinfo=0x5a633c) returned 0x0
[0430.603] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", nBufferLength=0x105, lpBuffer=0x37e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", lpFilePart=0x0) returned 0x4f
[0430.615] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", lpFilePart=0x0) returned 0x4e
[0430.615] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0430.616] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0430.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0430.620] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", lpFilePart=0x0) returned 0x4e
[0430.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0430.620] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0430.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0430.631] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x3f
[0430.631] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0430.631] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0430.632] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0430.635] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x3f
[0430.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0430.635] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0430.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0430.672] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e3d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\profiles.ini", lpFilePart=0x0) returned 0x3d
[0430.672] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e8f0) returned 1
[0430.672] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\flock\\browser\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0430.674] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d710) returned 1
[0430.767] CoTaskMemAlloc (cb=0x20c) returned 0x5590648
[0430.767] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5590648 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0
[0430.767] CoTaskMemFree (pv=0x5590648)
[0430.767] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22
[0430.769] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail", nBufferLength=0x105, lpBuffer=0x37e478, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail", lpFilePart=0x0) returned 0x2d
[0430.769] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e6b4) returned 1
[0430.770] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\claws-mail"), fInfoLevelId=0x0, lpFileInformation=0x37e978 | out: lpFileInformation=0x37e978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0430.770] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e6b0) returned 1
[0430.772] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail\\clawsrc", nBufferLength=0x105, lpBuffer=0x37e480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail\\clawsrc", lpFilePart=0x0) returned 0x35
[0430.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e6c0) returned 1
[0430.772] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail\\clawsrc" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\claws-mail\\clawsrc"), fInfoLevelId=0x0, lpFileInformation=0x37e984 | out: lpFileInformation=0x37e984*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0430.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e6bc) returned 1
[0430.846] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\RimArts\\B2\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ea04 | out: phkResult=0x37ea04*=0x0) returned 0x2
[0430.847] GetFullPathNameW (in: lpFileName="Folder.lst", nBufferLength=0x105, lpBuffer=0x37e548, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Folder.lst", lpFilePart=0x0) returned 0x1e
[0430.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e788) returned 1
[0430.848] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\Folder.lst" (normalized: "c:\\windows\\syswow64\\folder.lst"), fInfoLevelId=0x0, lpFileInformation=0x37ea4c | out: lpFileInformation=0x37ea4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0430.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e784) returned 1
[0430.925] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Wow6432Node\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e964 | out: phkResult=0x37e964*=0x0) returned 0x2
[0430.925] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Wow6432Node\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e964 | out: phkResult=0x37e964*=0x0) returned 0x2
[0430.925] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\RealVNC\\vncserver", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e964 | out: phkResult=0x37e964*=0x0) returned 0x2
[0430.925] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\RealVNC\\vncserver", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e964 | out: phkResult=0x37e964*=0x0) returned 0x2
[0430.926] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e964 | out: phkResult=0x37e964*=0x0) returned 0x2
[0430.926] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e964 | out: phkResult=0x37e964*=0x0) returned 0x2
[0430.926] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\ORL\\WinVNC3", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e964 | out: phkResult=0x37e964*=0x0) returned 0x2
[0430.926] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\ORL\\WinVNC3", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e964 | out: phkResult=0x37e964*=0x0) returned 0x2
[0430.926] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e964 | out: phkResult=0x37e964*=0x0) returned 0x2
[0430.926] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e964 | out: phkResult=0x37e964*=0x0) returned 0x2
[0430.927] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e964 | out: phkResult=0x37e964*=0x0) returned 0x2
[0430.927] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e964 | out: phkResult=0x37e964*=0x0) returned 0x2
[0430.927] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e964 | out: phkResult=0x37e964*=0x0) returned 0x2
[0430.927] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e964 | out: phkResult=0x37e964*=0x0) returned 0x2
[0430.927] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TigerVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e964 | out: phkResult=0x37e964*=0x0) returned 0x2
[0430.927] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TigerVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e964 | out: phkResult=0x37e964*=0x0) returned 0x2
[0430.931] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x37e788, nSize=0xd8 | out: lpBuffer="C:\\Program Files (x86)") returned 0x16
[0430.933] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x37e788, nSize=0xd8 | out: lpBuffer="C:\\Program Files (x86)") returned 0x16
[0430.935] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x37e788, nSize=0xd8 | out: lpBuffer="C:\\Program Files (x86)") returned 0x16
[0430.935] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x37e788, nSize=0xd8 | out: lpBuffer="C:\\Program Files (x86)") returned 0x16
[0430.935] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x37e788, nSize=0xd8 | out: lpBuffer="C:\\Program Files (x86)") returned 0x16
[0430.936] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x37e788, nSize=0xd8 | out: lpBuffer="C:\\Program Files (x86)") returned 0x16
[0430.937] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x37e788, nSize=0xd8 | out: lpBuffer="C:\\Program Files (x86)") returned 0x16
[0430.937] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x37e788, nSize=0xd8 | out: lpBuffer="C:\\Program Files (x86)") returned 0x16
[0430.937] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x37e470, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36
[0430.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e6b0) returned 1
[0430.937] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x37e974 | out: lpFileInformation=0x37e974*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0430.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e6ac) returned 1
[0430.937] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x37e470, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36
[0430.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e6b0) returned 1
[0430.937] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x37e974 | out: lpFileInformation=0x37e974*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0430.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e6ac) returned 1
[0430.937] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x37e470, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36
[0430.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e6b0) returned 1
[0430.938] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x37e974 | out: lpFileInformation=0x37e974*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0430.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e6ac) returned 1
[0430.938] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x37e470, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36
[0430.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e6b0) returned 1
[0430.938] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x37e974 | out: lpFileInformation=0x37e974*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0430.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e6ac) returned 1
[0430.938] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x37e470, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c
[0430.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e6b0) returned 1
[0430.938] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x37e974 | out: lpFileInformation=0x37e974*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0430.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e6ac) returned 1
[0430.938] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x37e470, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c
[0430.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e6b0) returned 1
[0430.938] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x37e974 | out: lpFileInformation=0x37e974*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0430.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e6ac) returned 1
[0430.938] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x37e470, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c
[0430.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e6b0) returned 1
[0430.939] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x37e974 | out: lpFileInformation=0x37e974*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0430.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e6ac) returned 1
[0430.939] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x37e470, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c
[0430.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e6b0) returned 1
[0430.939] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x37e974 | out: lpFileInformation=0x37e974*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0430.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e6ac) returned 1
[0430.948] CoTaskMemAlloc (cb=0x20c) returned 0x5590648
[0430.948] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5590648 | out: pszPath="C:\\Program Files (x86)") returned 0x0
[0430.950] CoTaskMemFree (pv=0x5590648)
[0430.950] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x105, lpBuffer=0x37e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)", lpFilePart=0x0) returned 0x16
[0430.953] CoTaskMemAlloc (cb=0x20c) returned 0x5590648
[0430.953] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5590648 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0
[0430.953] CoTaskMemFree (pv=0x5590648)
[0430.953] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22
[0430.973] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe", nBufferLength=0x105, lpBuffer=0x37e540, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe", lpFilePart=0x0) returned 0x4e
[0430.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e780) returned 1
[0430.973] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe" (normalized: "c:\\program files (x86)\\common files\\apple\\apple application support\\plutil.exe"), fInfoLevelId=0x0, lpFileInformation=0x37ea44 | out: lpFileInformation=0x37ea44*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0430.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e77c) returned 1
[0431.005] CoTaskMemAlloc (cb=0x20c) returned 0x5590648
[0431.005] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5590648 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0
[0431.005] CoTaskMemFree (pv=0x5590648)
[0431.005] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22
[0431.007] CoTaskMemAlloc (cb=0x20c) returned 0x5590648
[0431.007] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5590648 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0
[0431.007] CoTaskMemFree (pv=0x5590648)
[0431.007] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22
[0431.008] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\eM Client", nBufferLength=0x105, lpBuffer=0x37e550, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\eM Client", lpFilePart=0x0) returned 0x2c
[0431.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e78c) returned 1
[0431.009] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\eM Client" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\em client"), fInfoLevelId=0x0, lpFileInformation=0x37ea50 | out: lpFileInformation=0x37ea50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0431.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e788) returned 1
[0431.028] CoTaskMemAlloc (cb=0x20c) returned 0x5590648
[0431.028] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5590648 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0
[0431.028] CoTaskMemFree (pv=0x5590648)
[0431.028] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e4b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20
[0431.032] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x37e544, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data", lpFilePart=0x0) returned 0x3c
[0431.032] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e780) returned 1
[0431.032] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\tencent\\qqbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea44 | out: lpFileInformation=0x37ea44*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0431.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e77c) returned 1
[0431.032] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", nBufferLength=0x105, lpBuffer=0x37e54c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", lpFilePart=0x0) returned 0x55
[0431.032] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e78c) returned 1
[0431.032] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\tencent\\qqbrowser\\user data\\default\\encryptedstorage"), fInfoLevelId=0x0, lpFileInformation=0x37ea50 | out: lpFileInformation=0x37ea50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0431.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e788) returned 1
[0431.051] CoTaskMemAlloc (cb=0x20c) returned 0x5590648
[0431.051] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5590648 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0
[0431.051] CoTaskMemFree (pv=0x5590648)
[0431.051] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22
[0431.053] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat", nBufferLength=0x105, lpBuffer=0x37e548, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat", lpFilePart=0x0) returned 0x41
[0431.053] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e788) returned 1
[0431.053] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\opera mail\\opera mail\\wand.dat"), fInfoLevelId=0x0, lpFileInformation=0x37ea4c | out: lpFileInformation=0x37ea4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0431.053] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e784) returned 1
[0431.061] CoTaskMemAlloc (cb=0x20c) returned 0x5590648
[0431.061] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5590648 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0
[0431.061] CoTaskMemFree (pv=0x5590648)
[0431.061] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20
[0431.063] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mailbird\\Store\\Store.db", nBufferLength=0x105, lpBuffer=0x37e588, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mailbird\\Store\\Store.db", lpFilePart=0x0) returned 0x38
[0431.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e7c8) returned 1
[0431.063] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mailbird\\Store\\Store.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\mailbird\\store\\store.db"), fInfoLevelId=0x0, lpFileInformation=0x37ea8c | out: lpFileInformation=0x37ea8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0431.063] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e7c4) returned 1
[0431.085] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x37e944, nSize=0x64 | out: lpDst="C:\\Program Files") returned 0x11
[0431.085] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x37e944, nSize=0x64 | out: lpDst="C:\\Program Files") returned 0x11
[0431.086] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x37e87c, nSize=0xd8 | out: lpBuffer="C:\\Program Files (x86)") returned 0x16
[0431.087] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Private Internet Access\\data", nBufferLength=0x105, lpBuffer=0x37e560, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Private Internet Access\\data", lpFilePart=0x0) returned 0x2d
[0431.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e79c) returned 1
[0431.087] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Private Internet Access\\data" (normalized: "c:\\program files\\private internet access\\data"), fInfoLevelId=0x0, lpFileInformation=0x37ea60 | out: lpFileInformation=0x37ea60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0431.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e798) returned 1
[0431.087] GetFullPathNameW (in: lpFileName="\\Private Internet Access\\data", nBufferLength=0x105, lpBuffer=0x37e560, lpFilePart=0x0 | out: lpBuffer="C:\\Private Internet Access\\data", lpFilePart=0x0) returned 0x1f
[0431.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e79c) returned 1
[0431.088] GetFileAttributesExW (in: lpFileName="C:\\Private Internet Access\\data" (normalized: "c:\\private internet access\\data"), fInfoLevelId=0x0, lpFileInformation=0x37ea60 | out: lpFileInformation=0x37ea60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0431.088] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e798) returned 1
[0431.098] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini", lpFilePart=0x0) returned 0x3b
[0431.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0431.098] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\thunderbird\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0431.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0431.102] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini", lpFilePart=0x0) returned 0x3b
[0431.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0431.102] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\thunderbird\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0431.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0431.137] CoTaskMemAlloc (cb=0x20c) returned 0x5590648
[0431.137] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5590648 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0
[0431.137] CoTaskMemFree (pv=0x5590648)
[0431.137] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e488, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20
[0431.141] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\falkon\\profiles\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\falkon\\profiles\\profiles.ini", lpFilePart=0x0) returned 0x3d
[0431.141] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e900) returned 1
[0431.141] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\falkon\\profiles\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\falkon\\profiles\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0431.142] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d720) returned 1
[0431.159] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x37e860, nSize=0xd8 | out: lpBuffer="C:") returned 0x2
[0431.160] GetFullPathNameW (in: lpFileName="C:\\FTP Navigator\\Ftplist.txt", nBufferLength=0x105, lpBuffer=0x37e408, lpFilePart=0x0 | out: lpBuffer="C:\\FTP Navigator\\Ftplist.txt", lpFilePart=0x0) returned 0x1c
[0431.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e920) returned 1
[0431.160] CreateFileW (lpFileName="C:\\FTP Navigator\\Ftplist.txt" (normalized: "c:\\ftp navigator\\ftplist.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0431.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d740) returned 1
[0431.173] CoTaskMemAlloc (cb=0x20c) returned 0x5590648
[0431.173] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5590648 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0
[0431.173] CoTaskMemFree (pv=0x5590648)
[0431.173] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e4cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20
[0431.175] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ea50) returned 1
[0431.175] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\", nBufferLength=0x105, lpBuffer=0x37e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\", lpFilePart=0x0) returned 0x2b
[0431.175] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\*", lpFindFileData=0x37e800 | out: lpFindFileData=0x37e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
[0431.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e7c0) returned 1
[0431.184] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini", lpFilePart=0x0) returned 0x38
[0431.184] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0431.184] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\waterfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0431.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0431.187] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini", lpFilePart=0x0) returned 0x38
[0431.188] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0431.188] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\waterfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0431.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0431.206] CoTaskMemAlloc (cb=0x20c) returned 0x5590648
[0431.206] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5590648 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0
[0431.206] CoTaskMemFree (pv=0x5590648)
[0431.207] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22
[0431.208] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat", nBufferLength=0x105, lpBuffer=0x37e560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat", lpFilePart=0x0) returned 0x4a
[0431.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e7a0) returned 1
[0431.208] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mysql\\workbench\\workbench_user_data.dat"), fInfoLevelId=0x0, lpFileInformation=0x37ea64 | out: lpFileInformation=0x37ea64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0431.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e79c) returned 1
[0431.208] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x37e89c, nSize=0xd8 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x22
[0431.215] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CoreFTP\\sites.idx", nBufferLength=0x105, lpBuffer=0x37e454, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CoreFTP\\sites.idx", lpFilePart=0x0) returned 0x34
[0431.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e96c) returned 1
[0431.215] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CoreFTP\\sites.idx" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\coreftp\\sites.idx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0431.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d788) returned 1
[0431.235] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x37e938 | out: lpclsid=0x37e938*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0431.243] CoGetClassObject (in: rclsid=0x559d354*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37e570 | out: ppv=0x37e570*=0x9dff28) returned 0x0
[0431.950] WshShell:IUnknown:QueryInterface (in: This=0x9dff28, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e788 | out: ppvObject=0x37e788*=0x0) returned 0x80004002
[0431.950] WshShell:IClassFactory:CreateInstance (in: This=0x9dff28, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e794 | out: ppvObject=0x37e794*=0x9dff54) returned 0x0
[0431.950] WshShell:IUnknown:Release (This=0x9dff28) returned 0x0
[0431.950] WshShell:IUnknown:QueryInterface (in: This=0x9dff54, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e3b4 | out: ppvObject=0x37e3b4*=0x9dff54) returned 0x0
[0431.951] WshShell:IUnknown:QueryInterface (in: This=0x9dff54, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e368 | out: ppvObject=0x37e368*=0x0) returned 0x80004002
[0431.951] WshShell:IUnknown:QueryInterface (in: This=0x9dff54, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e190 | out: ppvObject=0x37e190*=0x9dff44) returned 0x0
[0431.951] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x9dff44, ppTI=0x37e198 | out: ppTI=0x37e198*=0x5d3c250) returned 0x0
[0431.960] ITypeInfo:RemoteGetTypeAttr (in: This=0x5d3c250, ppTypeAttr=0x37e18c, pDummy=0xb9cab5a | out: ppTypeAttr=0x37e18c, pDummy=0xb9cab5a) returned 0x0
[0431.960] ITypeInfo:LocalReleaseTypeAttr (This=0x5d3c250) returned 0x53f600
[0431.960] WshShell:IUnknown:Release (This=0x9dff44) returned 0x2
[0431.960] IUnknown:Release (This=0x5d3c250) returned 0x1
[0431.961] WshShell:IUnknown:AddRef (This=0x9dff54) returned 0x3
[0431.961] WshShell:IUnknown:QueryInterface (in: This=0x9dff54, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dcc4 | out: ppvObject=0x37dcc4*=0x0) returned 0x80004002
[0431.961] WshShell:IUnknown:QueryInterface (in: This=0x9dff54, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37dc74 | out: ppvObject=0x37dc74*=0x0) returned 0x80004002
[0431.961] WshShell:IUnknown:QueryInterface (in: This=0x9dff54, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37dc80 | out: ppvObject=0x37dc80*=0x0) returned 0x80004002
[0431.961] CoGetContextToken (in: pToken=0x37dce0 | out: pToken=0x37dce0) returned 0x0
[0431.961] CoGetContextToken (in: pToken=0x37e0f4 | out: pToken=0x37e0f4) returned 0x0
[0431.961] WshShell:IUnknown:QueryInterface (in: This=0x9dff54, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e174 | out: ppvObject=0x37e174*=0x0) returned 0x80004002
[0431.961] WshShell:IUnknown:Release (This=0x9dff54) returned 0x2
[0431.961] WshShell:IUnknown:Release (This=0x9dff54) returned 0x1
[0431.969] CoGetContextToken (in: pToken=0x37e504 | out: pToken=0x37e504) returned 0x0
[0431.969] WshShell:IUnknown:QueryInterface (in: This=0x9dff54, riid=0x74556a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e574 | out: ppvObject=0x37e574*=0x9dff40) returned 0x0
[0431.969] WshShell:IDispatch:GetIDsOfNames (in: This=0x9dff40, riid=0x74492d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x37e570*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x37e560 | out: rgDispId=0x37e560*=2000) returned 0x0
[0431.970] WshShell:IDispatch:Invoke (in: This=0x9dff40, dispIdMember=2000, riid=0x74492d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x37e6f8*(rgvarg=([0]=0x37e580*(varType=0x4008, wReserved1=0x747e, wReserved2=0x0, wReserved3=0x0, varVal1=0x37e550*="HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites\\Host", varVal2=0x233da48)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x37e674, pExcepInfo=0x37e44c, puArgErr=0x37e4b0 | out: pDispParams=0x37e6f8*(rgvarg=([0]=0x37e580*(varType=0x4008, wReserved1=0x747e, wReserved2=0x0, wReserved3=0x0, varVal1=0x37e550*="HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites\\Host", varVal2=0x233da48)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x37e674*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x80070002, varVal2=0x14), pExcepInfo=0x37e44c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites\\Host\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070002), puArgErr=0x37e4b0*=0x744f8c8e) returned 0x80020009
[0431.996] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites\\Host\".") returned 0x55
[0431.997] SysStringLen (param_1="WshShell.RegRead") returned 0x10
[0432.009] WshShell:IUnknown:Release (This=0x9dff40) returned 0x1
[0432.014] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x37e938 | out: lpclsid=0x37e938*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0432.016] CoGetClassObject (in: rclsid=0x559d354*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37e570 | out: ppv=0x37e570*=0x9dff28) returned 0x0
[0432.017] WshShell:IUnknown:QueryInterface (in: This=0x9dff28, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e788 | out: ppvObject=0x37e788*=0x0) returned 0x80004002
[0432.017] WshShell:IClassFactory:CreateInstance (in: This=0x9dff28, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e794 | out: ppvObject=0x37e794*=0x9dff84) returned 0x0
[0432.017] WshShell:IUnknown:Release (This=0x9dff28) returned 0x0
[0432.017] WshShell:IUnknown:QueryInterface (in: This=0x9dff84, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e3b4 | out: ppvObject=0x37e3b4*=0x9dff84) returned 0x0
[0432.017] WshShell:IUnknown:QueryInterface (in: This=0x9dff84, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e368 | out: ppvObject=0x37e368*=0x0) returned 0x80004002
[0432.017] WshShell:IUnknown:QueryInterface (in: This=0x9dff84, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e190 | out: ppvObject=0x37e190*=0x9dff74) returned 0x0
[0432.017] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x9dff74, ppTI=0x37e198 | out: ppTI=0x37e198*=0x5d3c250) returned 0x0
[0432.017] ITypeInfo:RemoteGetTypeAttr (in: This=0x5d3c250, ppTypeAttr=0x37e18c, pDummy=0xb9cab5a | out: ppTypeAttr=0x37e18c, pDummy=0xb9cab5a) returned 0x0
[0432.017] ITypeInfo:LocalReleaseTypeAttr (This=0x5d3c250) returned 0x558d088
[0432.017] WshShell:IUnknown:Release (This=0x9dff74) returned 0x2
[0432.017] IUnknown:Release (This=0x5d3c250) returned 0x1
[0432.018] WshShell:IUnknown:AddRef (This=0x9dff84) returned 0x3
[0432.018] WshShell:IUnknown:QueryInterface (in: This=0x9dff84, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dcc4 | out: ppvObject=0x37dcc4*=0x0) returned 0x80004002
[0432.018] WshShell:IUnknown:QueryInterface (in: This=0x9dff84, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37dc74 | out: ppvObject=0x37dc74*=0x0) returned 0x80004002
[0432.018] WshShell:IUnknown:QueryInterface (in: This=0x9dff84, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37dc80 | out: ppvObject=0x37dc80*=0x0) returned 0x80004002
[0432.018] CoGetContextToken (in: pToken=0x37dce0 | out: pToken=0x37dce0) returned 0x0
[0432.018] CoGetContextToken (in: pToken=0x37e0f4 | out: pToken=0x37e0f4) returned 0x0
[0432.018] WshShell:IUnknown:QueryInterface (in: This=0x9dff84, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e174 | out: ppvObject=0x37e174*=0x0) returned 0x80004002
[0432.018] WshShell:IUnknown:Release (This=0x9dff84) returned 0x2
[0432.018] WshShell:IUnknown:Release (This=0x9dff84) returned 0x1
[0432.018] CoGetContextToken (in: pToken=0x37e504 | out: pToken=0x37e504) returned 0x0
[0432.018] WshShell:IUnknown:QueryInterface (in: This=0x9dff84, riid=0x74556a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e574 | out: ppvObject=0x37e574*=0x9dff70) returned 0x0
[0432.018] WshShell:IDispatch:GetIDsOfNames (in: This=0x9dff70, riid=0x74492d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x37e570*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x37e560 | out: rgDispId=0x37e560*=2000) returned 0x0
[0432.018] WshShell:IDispatch:Invoke (in: This=0x9dff70, dispIdMember=2000, riid=0x74492d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x37e6f8*(rgvarg=([0]=0x37e580*(varType=0x4008, wReserved1=0x747e, wReserved2=0x0, wReserved3=0x0, varVal1=0x37e550*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort", varVal2=0x233e290)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x37e674, pExcepInfo=0x37e44c, puArgErr=0x37e4b0 | out: pDispParams=0x37e6f8*(rgvarg=([0]=0x37e580*(varType=0x4008, wReserved1=0x747e, wReserved2=0x0, wReserved3=0x0, varVal1=0x37e550*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort", varVal2=0x233e290)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x37e674*(varType=0x0, wReserved1=0x0, wReserved2=0xd000, wReserved3=0x7efd, varVal1=0x80070003, varVal2=0x773bef5b), pExcepInfo=0x37e44c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070003), puArgErr=0x37e4b0*=0x744f8c8e) returned 0x80020009
[0432.020] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort\".") returned 0x50
[0432.020] SysStringLen (param_1="WshShell.RegRead") returned 0x10
[0432.021] WshShell:IUnknown:Release (This=0x9dff70) returned 0x1
[0432.024] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x37e938 | out: lpclsid=0x37e938*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0432.025] CoGetClassObject (in: rclsid=0x559d354*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37e570 | out: ppv=0x37e570*=0x9dff28) returned 0x0
[0432.026] WshShell:IUnknown:QueryInterface (in: This=0x9dff28, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e788 | out: ppvObject=0x37e788*=0x0) returned 0x80004002
[0432.026] WshShell:IClassFactory:CreateInstance (in: This=0x9dff28, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e794 | out: ppvObject=0x37e794*=0x9dffb4) returned 0x0
[0432.026] WshShell:IUnknown:Release (This=0x9dff28) returned 0x0
[0432.026] WshShell:IUnknown:QueryInterface (in: This=0x9dffb4, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e3b4 | out: ppvObject=0x37e3b4*=0x9dffb4) returned 0x0
[0432.026] WshShell:IUnknown:QueryInterface (in: This=0x9dffb4, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e368 | out: ppvObject=0x37e368*=0x0) returned 0x80004002
[0432.026] WshShell:IUnknown:QueryInterface (in: This=0x9dffb4, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e190 | out: ppvObject=0x37e190*=0x9dffa4) returned 0x0
[0432.026] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x9dffa4, ppTI=0x37e198 | out: ppTI=0x37e198*=0x5d3c250) returned 0x0
[0432.026] ITypeInfo:RemoteGetTypeAttr (in: This=0x5d3c250, ppTypeAttr=0x37e18c, pDummy=0xb9cab5a | out: ppTypeAttr=0x37e18c, pDummy=0xb9cab5a) returned 0x0
[0432.026] ITypeInfo:LocalReleaseTypeAttr (This=0x5d3c250) returned 0x5813c0
[0432.026] WshShell:IUnknown:Release (This=0x9dffa4) returned 0x2
[0432.026] IUnknown:Release (This=0x5d3c250) returned 0x1
[0432.026] WshShell:IUnknown:AddRef (This=0x9dffb4) returned 0x3
[0432.026] WshShell:IUnknown:QueryInterface (in: This=0x9dffb4, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dcc4 | out: ppvObject=0x37dcc4*=0x0) returned 0x80004002
[0432.026] WshShell:IUnknown:QueryInterface (in: This=0x9dffb4, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37dc74 | out: ppvObject=0x37dc74*=0x0) returned 0x80004002
[0432.026] WshShell:IUnknown:QueryInterface (in: This=0x9dffb4, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37dc80 | out: ppvObject=0x37dc80*=0x0) returned 0x80004002
[0432.026] CoGetContextToken (in: pToken=0x37dce0 | out: pToken=0x37dce0) returned 0x0
[0432.026] CoGetContextToken (in: pToken=0x37e0f4 | out: pToken=0x37e0f4) returned 0x0
[0432.026] WshShell:IUnknown:QueryInterface (in: This=0x9dffb4, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e174 | out: ppvObject=0x37e174*=0x0) returned 0x80004002
[0432.027] WshShell:IUnknown:Release (This=0x9dffb4) returned 0x2
[0432.027] WshShell:IUnknown:Release (This=0x9dffb4) returned 0x1
[0432.027] CoGetContextToken (in: pToken=0x37e504 | out: pToken=0x37e504) returned 0x0
[0432.027] WshShell:IUnknown:QueryInterface (in: This=0x9dffb4, riid=0x74556a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e574 | out: ppvObject=0x37e574*=0x9dffa0) returned 0x0
[0432.027] WshShell:IDispatch:GetIDsOfNames (in: This=0x9dffa0, riid=0x74492d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x37e570*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x37e560 | out: rgDispId=0x37e560*=2000) returned 0x0
[0432.027] WshShell:IDispatch:Invoke (in: This=0x9dffa0, dispIdMember=2000, riid=0x74492d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x37e6f8*(rgvarg=([0]=0x37e580*(varType=0x4008, wReserved1=0x747e, wReserved2=0x0, wReserved3=0x0, varVal1=0x37e550*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser", varVal2=0x233eb4c)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x37e674, pExcepInfo=0x37e44c, puArgErr=0x37e4b0 | out: pDispParams=0x37e6f8*(rgvarg=([0]=0x37e580*(varType=0x4008, wReserved1=0x747e, wReserved2=0x0, wReserved3=0x0, varVal1=0x37e550*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser", varVal2=0x233eb4c)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x37e674*(varType=0x0, wReserved1=0x0, wReserved2=0x3, wReserved3=0x300, varVal1=0x80070003, varVal2=0x773bef5b), pExcepInfo=0x37e44c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070003), puArgErr=0x37e4b0*=0x744f8c8e) returned 0x80020009
[0432.028] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser\".") returned 0x50
[0432.028] SysStringLen (param_1="WshShell.RegRead") returned 0x10
[0432.029] WshShell:IUnknown:Release (This=0x9dffa0) returned 0x1
[0432.032] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x37e938 | out: lpclsid=0x37e938*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0432.034] CoGetClassObject (in: rclsid=0x559d354*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37e570 | out: ppv=0x37e570*=0x9dff28) returned 0x0
[0432.034] WshShell:IUnknown:QueryInterface (in: This=0x9dff28, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e788 | out: ppvObject=0x37e788*=0x0) returned 0x80004002
[0432.034] WshShell:IClassFactory:CreateInstance (in: This=0x9dff28, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e794 | out: ppvObject=0x37e794*=0x5180efc) returned 0x0
[0432.034] WshShell:IUnknown:Release (This=0x9dff28) returned 0x0
[0432.034] WshShell:IUnknown:QueryInterface (in: This=0x5180efc, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e3b4 | out: ppvObject=0x37e3b4*=0x5180efc) returned 0x0
[0432.034] WshShell:IUnknown:QueryInterface (in: This=0x5180efc, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e368 | out: ppvObject=0x37e368*=0x0) returned 0x80004002
[0432.034] WshShell:IUnknown:QueryInterface (in: This=0x5180efc, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e190 | out: ppvObject=0x37e190*=0x5180eec) returned 0x0
[0432.034] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x5180eec, ppTI=0x37e198 | out: ppTI=0x37e198*=0x5d3c250) returned 0x0
[0432.034] ITypeInfo:RemoteGetTypeAttr (in: This=0x5d3c250, ppTypeAttr=0x37e18c, pDummy=0xb9cab5a | out: ppTypeAttr=0x37e18c, pDummy=0xb9cab5a) returned 0x0
[0432.034] ITypeInfo:LocalReleaseTypeAttr (This=0x5d3c250) returned 0x5813c0
[0432.034] WshShell:IUnknown:Release (This=0x5180eec) returned 0x2
[0432.034] IUnknown:Release (This=0x5d3c250) returned 0x1
[0432.034] WshShell:IUnknown:AddRef (This=0x5180efc) returned 0x3
[0432.034] WshShell:IUnknown:QueryInterface (in: This=0x5180efc, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dcc4 | out: ppvObject=0x37dcc4*=0x0) returned 0x80004002
[0432.035] WshShell:IUnknown:QueryInterface (in: This=0x5180efc, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37dc74 | out: ppvObject=0x37dc74*=0x0) returned 0x80004002
[0432.035] WshShell:IUnknown:QueryInterface (in: This=0x5180efc, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37dc80 | out: ppvObject=0x37dc80*=0x0) returned 0x80004002
[0432.035] CoGetContextToken (in: pToken=0x37dce0 | out: pToken=0x37dce0) returned 0x0
[0432.035] CoGetContextToken (in: pToken=0x37e0f4 | out: pToken=0x37e0f4) returned 0x0
[0432.035] WshShell:IUnknown:QueryInterface (in: This=0x5180efc, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e174 | out: ppvObject=0x37e174*=0x0) returned 0x80004002
[0432.035] WshShell:IUnknown:Release (This=0x5180efc) returned 0x2
[0432.035] WshShell:IUnknown:Release (This=0x5180efc) returned 0x1
[0432.035] CoGetContextToken (in: pToken=0x37e504 | out: pToken=0x37e504) returned 0x0
[0432.035] WshShell:IUnknown:QueryInterface (in: This=0x5180efc, riid=0x74556a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e574 | out: ppvObject=0x37e574*=0x5180ee8) returned 0x0
[0432.035] WshShell:IDispatch:GetIDsOfNames (in: This=0x5180ee8, riid=0x74492d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x37e570*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x37e560 | out: rgDispId=0x37e560*=2000) returned 0x0
[0432.035] WshShell:IDispatch:Invoke (in: This=0x5180ee8, dispIdMember=2000, riid=0x74492d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x37e6f8*(rgvarg=([0]=0x37e580*(varType=0x4008, wReserved1=0x747e, wReserved2=0x0, wReserved3=0x0, varVal1=0x37e550*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW", varVal2=0x233f190)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x37e674, pExcepInfo=0x37e44c, puArgErr=0x37e4b0 | out: pDispParams=0x37e6f8*(rgvarg=([0]=0x37e580*(varType=0x4008, wReserved1=0x747e, wReserved2=0x0, wReserved3=0x0, varVal1=0x37e550*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW", varVal2=0x233f190)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x37e674*(varType=0x0, wReserved1=0x0, wReserved2=0x3, wReserved3=0x300, varVal1=0x80070003, varVal2=0x773bef5b), pExcepInfo=0x37e44c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070003), puArgErr=0x37e4b0*=0x744f8c8e) returned 0x80020009
[0432.036] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW\".") returned 0x4e
[0432.036] SysStringLen (param_1="WshShell.RegRead") returned 0x10
[0432.037] WshShell:IUnknown:Release (This=0x5180ee8) returned 0x1
[0432.040] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x37e938 | out: lpclsid=0x37e938*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0432.041] CoGetClassObject (in: rclsid=0x559d354*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37e570 | out: ppv=0x37e570*=0x9dff28) returned 0x0
[0432.042] WshShell:IUnknown:QueryInterface (in: This=0x9dff28, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e788 | out: ppvObject=0x37e788*=0x0) returned 0x80004002
[0432.042] WshShell:IClassFactory:CreateInstance (in: This=0x9dff28, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e794 | out: ppvObject=0x37e794*=0x5180f2c) returned 0x0
[0432.042] WshShell:IUnknown:Release (This=0x9dff28) returned 0x0
[0432.042] WshShell:IUnknown:QueryInterface (in: This=0x5180f2c, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e3b4 | out: ppvObject=0x37e3b4*=0x5180f2c) returned 0x0
[0432.042] WshShell:IUnknown:QueryInterface (in: This=0x5180f2c, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e368 | out: ppvObject=0x37e368*=0x0) returned 0x80004002
[0432.042] WshShell:IUnknown:QueryInterface (in: This=0x5180f2c, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e190 | out: ppvObject=0x37e190*=0x5180f1c) returned 0x0
[0432.042] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x5180f1c, ppTI=0x37e198 | out: ppTI=0x37e198*=0x5d3c250) returned 0x0
[0432.042] ITypeInfo:RemoteGetTypeAttr (in: This=0x5d3c250, ppTypeAttr=0x37e18c, pDummy=0xb9cab5a | out: ppTypeAttr=0x37e18c, pDummy=0xb9cab5a) returned 0x0
[0432.042] ITypeInfo:LocalReleaseTypeAttr (This=0x5d3c250) returned 0x59b558
[0432.042] WshShell:IUnknown:Release (This=0x5180f1c) returned 0x2
[0432.042] IUnknown:Release (This=0x5d3c250) returned 0x1
[0432.042] WshShell:IUnknown:AddRef (This=0x5180f2c) returned 0x3
[0432.042] WshShell:IUnknown:QueryInterface (in: This=0x5180f2c, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dcc4 | out: ppvObject=0x37dcc4*=0x0) returned 0x80004002
[0432.042] WshShell:IUnknown:QueryInterface (in: This=0x5180f2c, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37dc74 | out: ppvObject=0x37dc74*=0x0) returned 0x80004002
[0432.042] WshShell:IUnknown:QueryInterface (in: This=0x5180f2c, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37dc80 | out: ppvObject=0x37dc80*=0x0) returned 0x80004002
[0432.042] CoGetContextToken (in: pToken=0x37dce0 | out: pToken=0x37dce0) returned 0x0
[0432.042] CoGetContextToken (in: pToken=0x37e0f4 | out: pToken=0x37e0f4) returned 0x0
[0432.042] WshShell:IUnknown:QueryInterface (in: This=0x5180f2c, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e174 | out: ppvObject=0x37e174*=0x0) returned 0x80004002
[0432.043] WshShell:IUnknown:Release (This=0x5180f2c) returned 0x2
[0432.043] WshShell:IUnknown:Release (This=0x5180f2c) returned 0x1
[0432.043] CoGetContextToken (in: pToken=0x37e504 | out: pToken=0x37e504) returned 0x0
[0432.043] WshShell:IUnknown:QueryInterface (in: This=0x5180f2c, riid=0x74556a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e574 | out: ppvObject=0x37e574*=0x5180f18) returned 0x0
[0432.043] WshShell:IDispatch:GetIDsOfNames (in: This=0x5180f18, riid=0x74492d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x37e570*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x37e560 | out: rgDispId=0x37e560*=2000) returned 0x0
[0432.043] WshShell:IDispatch:Invoke (in: This=0x5180f18, dispIdMember=2000, riid=0x74492d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x37e6f8*(rgvarg=([0]=0x37e580*(varType=0x4008, wReserved1=0x747e, wReserved2=0x0, wReserved3=0x0, varVal1=0x37e550*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName", varVal2=0x233f7d8)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x37e674, pExcepInfo=0x37e44c, puArgErr=0x37e4b0 | out: pDispParams=0x37e6f8*(rgvarg=([0]=0x37e580*(varType=0x4008, wReserved1=0x747e, wReserved2=0x0, wReserved3=0x0, varVal1=0x37e550*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName", varVal2=0x233f7d8)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x37e674*(varType=0x0, wReserved1=0x0, wReserved2=0x3, wReserved3=0x300, varVal1=0x80070003, varVal2=0x773bef5b), pExcepInfo=0x37e44c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070003), puArgErr=0x37e4b0*=0x744f8c8e) returned 0x80020009
[0432.044] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName\".") returned 0x50
[0432.044] SysStringLen (param_1="WshShell.RegRead") returned 0x10
[0432.045] WshShell:IUnknown:Release (This=0x5180f18) returned 0x1
[0432.057] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", lpFilePart=0x0) returned 0x45
[0432.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0432.057] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0432.059] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0432.062] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", lpFilePart=0x0) returned 0x45
[0432.062] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0432.062] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0432.063] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0432.116] CoTaskMemAlloc (cb=0x20c) returned 0x5590648
[0432.116] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5590648 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0
[0432.117] CoTaskMemFree (pv=0x5590648)
[0432.117] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e2dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20
[0432.117] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x37e350, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x39
[0432.117] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e58c) returned 1
[0432.118] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\edge\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37e850 | out: lpFileInformation=0x37e850*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0432.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e588) returned 1
[0432.317] VaultEnumerateVaults () returned 0x0
[0432.974] VaultOpenVault () returned 0x0
[0432.983] VaultEnumerateItems () returned 0x0
[0432.983] VaultOpenVault () returned 0x0
[0432.984] VaultEnumerateItems () returned 0x0
[0432.997] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini", lpFilePart=0x0) returned 0x38
[0432.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0432.997] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\k-meleon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0432.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0433.001] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini", lpFilePart=0x0) returned 0x38
[0433.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0433.001] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\k-meleon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0433.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0433.092] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Qualcomm\\Eudora\\CommandLine", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ea1c | out: phkResult=0x37ea1c*=0x0) returned 0x2
[0433.142] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\DownloadManager\\Passwords", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ea30 | out: phkResult=0x37ea30*=0x0) returned 0x2
[0433.187] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e9e0 | out: phkResult=0x37e9e0*=0x0) returned 0x2
[0433.190] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e9e0 | out: phkResult=0x37e9e0*=0x0) returned 0x2
[0433.192] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e9e0 | out: phkResult=0x37e9e0*=0x0) returned 0x2
[0433.194] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e9e0 | out: phkResult=0x37e9e0*=0x4d4) returned 0x0
[0433.194] RegQueryInfoKeyW (in: hKey=0x4d4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x37ea08, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x37ea04, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x37ea08*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x37ea04*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0433.195] RegEnumKeyExW (in: hKey=0x4d4, dwIndex=0x0, lpName=0x2347edc, lpcchName=0x37ea24, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000001", lpcchName=0x37ea24, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0433.195] RegEnumKeyExW (in: hKey=0x4d4, dwIndex=0x1, lpName=0x2347edc, lpcchName=0x37ea24, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000002", lpcchName=0x37ea24, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0433.195] RegEnumKeyExW (in: hKey=0x4d4, dwIndex=0x2, lpName=0x2347edc, lpcchName=0x37ea24, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000003", lpcchName=0x37ea24, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0433.195] RegOpenKeyExW (in: hKey=0x4d4, lpSubKey="00000001", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e9e0 | out: phkResult=0x37e9e0*=0x6fc) returned 0x0
[0433.197] RegQueryValueExW (in: hKey=0x6fc, lpValueName="Email", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x0, lpData=0x0, lpcbData=0x37e9fc*=0x0) returned 0x2
[0433.197] RegQueryValueExW (in: hKey=0x6fc, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x0, lpData=0x0, lpcbData=0x37e9fc*=0x0) returned 0x2
[0433.198] RegQueryValueExW (in: hKey=0x6fc, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x0, lpData=0x0, lpcbData=0x37e9fc*=0x0) returned 0x2
[0433.199] RegQueryValueExW (in: hKey=0x6fc, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x0, lpData=0x0, lpcbData=0x37e9fc*=0x0) returned 0x2
[0433.200] RegQueryValueExW (in: hKey=0x6fc, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x0, lpData=0x0, lpcbData=0x37e9fc*=0x0) returned 0x2
[0433.200] RegCloseKey (hKey=0x6fc) returned 0x0
[0433.200] RegOpenKeyExW (in: hKey=0x4d4, lpSubKey="00000002", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e9e0 | out: phkResult=0x37e9e0*=0x6fc) returned 0x0
[0433.200] RegQueryValueExW (in: hKey=0x6fc, lpValueName="Email", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x1, lpData=0x0, lpcbData=0x37e9fc*=0x1e) returned 0x0
[0433.200] RegQueryValueExW (in: hKey=0x6fc, lpValueName="Email", lpReserved=0x0, lpType=0x37ea00, lpData=0x23484d0, lpcbData=0x37e9fc*=0x1e | out: lpType=0x37ea00*=0x1, lpData="franc@gdllo.de", lpcbData=0x37e9fc*=0x1e) returned 0x0
[0433.200] RegQueryValueExW (in: hKey=0x6fc, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x0, lpData=0x0, lpcbData=0x37e9fc*=0x0) returned 0x2
[0433.200] RegQueryValueExW (in: hKey=0x6fc, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x3, lpData=0x0, lpcbData=0x37e9fc*=0x111) returned 0x0
[0433.200] RegQueryValueExW (in: hKey=0x6fc, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x2348528, lpcbData=0x37e9fc*=0x111 | out: lpType=0x37ea00*=0x3, lpData=0x2348528*, lpcbData=0x37e9fc*=0x111) returned 0x0
[0433.200] RegQueryValueExW (in: hKey=0x6fc, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x0, lpData=0x0, lpcbData=0x37e9fc*=0x0) returned 0x2
[0433.200] RegQueryValueExW (in: hKey=0x6fc, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x0, lpData=0x0, lpcbData=0x37e9fc*=0x0) returned 0x2
[0433.200] RegQueryValueExW (in: hKey=0x6fc, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x0, lpData=0x0, lpcbData=0x37e9fc*=0x0) returned 0x2
[0433.201] RegQueryValueExW (in: hKey=0x6fc, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x3, lpData=0x0, lpcbData=0x37e9fc*=0x111) returned 0x0
[0433.201] RegQueryValueExW (in: hKey=0x6fc, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x234867c, lpcbData=0x37e9fc*=0x111 | out: lpType=0x37ea00*=0x3, lpData=0x234867c*, lpcbData=0x37e9fc*=0x111) returned 0x0
[0433.201] RegQueryValueExW (in: hKey=0x6fc, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x3, lpData=0x0, lpcbData=0x37e9fc*=0x111) returned 0x0
[0433.201] RegQueryValueExW (in: hKey=0x6fc, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x234879c, lpcbData=0x37e9fc*=0x111 | out: lpType=0x37ea00*=0x3, lpData=0x234879c*, lpcbData=0x37e9fc*=0x111) returned 0x0
[0433.352] CryptUnprotectData (in: pDataIn=0x37e9e8, ppszDataDescr=0x0, pOptionalEntropy=0x37e9e0, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x37e9f0 | out: ppszDataDescr=0x0, pDataOut=0x37e9f0) returned 1
[0433.354] LocalFree (hMem=0x559da50) returned 0x0
[0433.354] RegQueryValueExW (in: hKey=0x6fc, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x0, lpData=0x0, lpcbData=0x37e9fc*=0x0) returned 0x2
[0433.354] RegQueryValueExW (in: hKey=0x6fc, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x0, lpData=0x0, lpcbData=0x37e9fc*=0x0) returned 0x2
[0433.354] RegQueryValueExW (in: hKey=0x6fc, lpValueName="Email", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x1, lpData=0x0, lpcbData=0x37e9fc*=0x1e) returned 0x0
[0433.354] RegQueryValueExW (in: hKey=0x6fc, lpValueName="Email", lpReserved=0x0, lpType=0x37ea00, lpData=0x2348a88, lpcbData=0x37e9fc*=0x1e | out: lpType=0x37ea00*=0x1, lpData="franc@gdllo.de", lpcbData=0x37e9fc*=0x1e) returned 0x0
[0433.357] RegQueryValueExW (in: hKey=0x6fc, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x1, lpData=0x0, lpcbData=0x37e9fc*=0x1c) returned 0x0
[0433.357] RegQueryValueExW (in: hKey=0x6fc, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x37ea00, lpData=0x2348b04, lpcbData=0x37e9fc*=0x1c | out: lpType=0x37ea00*=0x1, lpData="smtp.gdllo.de", lpcbData=0x37e9fc*=0x1c) returned 0x0
[0433.357] RegQueryValueExW (in: hKey=0x6fc, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x1, lpData=0x0, lpcbData=0x37e9fc*=0x1c) returned 0x0
[0433.357] RegQueryValueExW (in: hKey=0x6fc, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x37ea00, lpData=0x2348b54, lpcbData=0x37e9fc*=0x1c | out: lpType=0x37ea00*=0x1, lpData="smtp.gdllo.de", lpcbData=0x37e9fc*=0x1c) returned 0x0
[0433.361] RegCloseKey (hKey=0x6fc) returned 0x0
[0433.361] RegOpenKeyExW (in: hKey=0x4d4, lpSubKey="00000003", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e9e0 | out: phkResult=0x37e9e0*=0x6fc) returned 0x0
[0433.362] RegQueryValueExW (in: hKey=0x6fc, lpValueName="Email", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x0, lpData=0x0, lpcbData=0x37e9fc*=0x0) returned 0x2
[0433.362] RegQueryValueExW (in: hKey=0x6fc, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x0, lpData=0x0, lpcbData=0x37e9fc*=0x0) returned 0x2
[0433.362] RegQueryValueExW (in: hKey=0x6fc, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x0, lpData=0x0, lpcbData=0x37e9fc*=0x0) returned 0x2
[0433.362] RegQueryValueExW (in: hKey=0x6fc, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x0, lpData=0x0, lpcbData=0x37e9fc*=0x0) returned 0x2
[0433.362] RegQueryValueExW (in: hKey=0x6fc, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x37ea00, lpData=0x0, lpcbData=0x37e9fc*=0x0 | out: lpType=0x37ea00*=0x0, lpData=0x0, lpcbData=0x37e9fc*=0x0) returned 0x2
[0433.362] RegCloseKey (hKey=0x6fc) returned 0x0
[0433.410] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Aerofox\\FoxmailPreview", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e8d4 | out: phkResult=0x37e8d4*=0x0) returned 0x2
[0433.412] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Aerofox\\Foxmail\\V3.1", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e8d4 | out: phkResult=0x37e8d4*=0x0) returned 0x2
[0433.412] GetFullPathNameW (in: lpFileName="\\Storage\\", nBufferLength=0x105, lpBuffer=0x37e418, lpFilePart=0x0 | out: lpBuffer="C:\\Storage\\", lpFilePart=0x0) returned 0xb
[0433.413] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e654) returned 1
[0433.413] GetFileAttributesExW (in: lpFileName="C:\\Storage\\" (normalized: "c:\\storage"), fInfoLevelId=0x0, lpFileInformation=0x37e918 | out: lpFileInformation=0x37e918*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0433.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e650) returned 1
[0433.414] GetFullPathNameW (in: lpFileName="\\mail\\", nBufferLength=0x105, lpBuffer=0x37e418, lpFilePart=0x0 | out: lpBuffer="C:\\mail\\", lpFilePart=0x0) returned 0x8
[0433.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e654) returned 1
[0433.414] GetFileAttributesExW (in: lpFileName="C:\\mail\\" (normalized: "c:\\mail"), fInfoLevelId=0x0, lpFileInformation=0x37e918 | out: lpFileInformation=0x37e918*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0433.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e650) returned 1
[0433.414] CoTaskMemAlloc (cb=0x20c) returned 0x55a97e8
[0433.414] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x55a97e8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0
[0433.414] CoTaskMemFree (pv=0x55a97e8)
[0433.414] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e38c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20
[0433.417] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\", nBufferLength=0x105, lpBuffer=0x37e418, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\", lpFilePart=0x0) returned 0x49
[0433.417] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e654) returned 1
[0433.417] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\virtualstore\\program files\\foxmail\\mail"), fInfoLevelId=0x0, lpFileInformation=0x37e918 | out: lpFileInformation=0x37e918*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0433.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e650) returned 1
[0433.417] CoTaskMemAlloc (cb=0x20c) returned 0x55a97e8
[0433.417] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x55a97e8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0
[0433.417] CoTaskMemFree (pv=0x55a97e8)
[0433.417] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e38c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20
[0433.420] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\", nBufferLength=0x105, lpBuffer=0x37e418, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\", lpFilePart=0x0) returned 0x4f
[0433.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e654) returned 1
[0433.420] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\virtualstore\\program files (x86)\\foxmail\\mail"), fInfoLevelId=0x0, lpFileInformation=0x37e918 | out: lpFileInformation=0x37e918*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0433.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e650) returned 1
[0433.455] GetEnvironmentVariableW (in: lpName="Programfiles(x86)", lpBuffer=0x37e820, nSize=0xd8 | out: lpBuffer="C:\\Program Files (x86)") returned 0x16
[0433.457] GetEnvironmentVariableW (in: lpName="programfiles(x86)", lpBuffer=0x37e820, nSize=0xd8 | out: lpBuffer="C:\\Program Files (x86)") returned 0x16
[0433.459] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\jDownloader\\config\\database.script", nBufferLength=0x105, lpBuffer=0x37e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\jDownloader\\config\\database.script", lpFilePart=0x0) returned 0x39
[0433.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e75c) returned 1
[0433.459] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\jDownloader\\config\\database.script" (normalized: "c:\\program files (x86)\\jdownloader\\config\\database.script"), fInfoLevelId=0x0, lpFileInformation=0x37ea20 | out: lpFileInformation=0x37ea20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0433.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e758) returned 1
[0433.493] CoTaskMemAlloc (cb=0x20c) returned 0x55a97e8
[0433.493] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x55a97e8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0
[0433.493] CoTaskMemFree (pv=0x55a97e8)
[0433.493] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e4ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20
[0433.494] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x37e53c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x37
[0433.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e778) returned 1
[0433.494] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\credentials"), fInfoLevelId=0x0, lpFileInformation=0x37ea3c | out: lpFileInformation=0x37ea3c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1
[0433.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e774) returned 1
[0433.494] CoTaskMemAlloc (cb=0x20c) returned 0x55a97e8
[0433.494] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x55a97e8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0
[0433.494] CoTaskMemFree (pv=0x55a97e8)
[0433.494] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e4ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20
[0433.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ea38) returned 1
[0433.494] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x37e518, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x37
[0433.494] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\*", lpFindFileData=0x37e7e8 | out: lpFindFileData=0x37e7e8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5594668
[0433.495] FindNextFileW (in: hFindFile=0x5594668, lpFindFileData=0x37e7f0 | out: lpFindFileData=0x37e7f0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
[0433.495] FindNextFileW (in: hFindFile=0x5594668, lpFindFileData=0x37e7f0 | out: lpFindFileData=0x37e7f0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0
[0433.495] FindClose (in: hFindFile=0x5594668 | out: hFindFile=0x5594668) returned 1
[0433.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e7a8) returned 1
[0433.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea08) returned 1
[0433.496] CoTaskMemAlloc (cb=0x20c) returned 0x55a97e8
[0433.496] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x55a97e8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0
[0433.496] CoTaskMemFree (pv=0x55a97e8)
[0433.496] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e4ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22
[0433.496] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x37e53c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x39
[0433.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e778) returned 1
[0433.497] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\credentials"), fInfoLevelId=0x0, lpFileInformation=0x37ea3c | out: lpFileInformation=0x37ea3c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1
[0433.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e774) returned 1
[0433.497] CoTaskMemAlloc (cb=0x20c) returned 0x55a97e8
[0433.497] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x55a97e8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0
[0433.497] CoTaskMemFree (pv=0x55a97e8)
[0433.497] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e4ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22
[0433.497] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ea38) returned 1
[0433.497] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x37e518, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x39
[0433.497] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x37e7e8 | out: lpFindFileData=0x37e7e8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5594668
[0433.497] FindNextFileW (in: hFindFile=0x5594668, lpFindFileData=0x37e7f0 | out: lpFindFileData=0x37e7f0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
[0433.497] FindNextFileW (in: hFindFile=0x5594668, lpFindFileData=0x37e7f0 | out: lpFindFileData=0x37e7f0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0
[0433.497] FindClose (in: hFindFile=0x5594668 | out: hFindFile=0x5594668) returned 1
[0433.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e7a8) returned 1
[0433.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea08) returned 1
[0433.531] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x37e830, nSize=0xd8 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x22
[0433.532] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x37e830, nSize=0xd8 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x22
[0433.532] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi\\profiles", nBufferLength=0x105, lpBuffer=0x37e524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi\\profiles", lpFilePart=0x0) returned 0x2f
[0433.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e760) returned 1
[0433.533] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi\\profiles" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\psi\\profiles"), fInfoLevelId=0x0, lpFileInformation=0x37ea24 | out: lpFileInformation=0x37ea24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0433.533] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e75c) returned 1
[0433.533] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi+\\profiles", nBufferLength=0x105, lpBuffer=0x37e524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi+\\profiles", lpFilePart=0x0) returned 0x30
[0433.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e760) returned 1
[0433.533] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi+\\profiles" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\psi+\\profiles"), fInfoLevelId=0x0, lpFileInformation=0x37ea24 | out: lpFileInformation=0x37ea24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0433.533] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e75c) returned 1
[0433.543] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", lpFilePart=0x0) returned 0x41
[0433.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0433.544] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0433.545] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0433.547] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", lpFilePart=0x0) returned 0x41
[0433.547] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e91c) returned 1
[0433.548] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff
[0433.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d738) returned 1
[0433.554] CoTaskMemAlloc (cb=0x20c) returned 0x55a97e8
[0433.555] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x55a97e8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0
[0433.555] CoTaskMemFree (pv=0x55a97e8)
[0433.555] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20
[0433.559] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x37e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\", lpFilePart=0x0) returned 0x39
[0433.559] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e73c) returned 1
[0433.559] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\google\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ea00 | out: lpFileInformation=0x37ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0433.559] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e738) returned 1
[0433.582] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\IncrediMail\\Identities", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ea2c | out: phkResult=0x37ea2c*=0x0) returned 0x2
[0433.616] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x37e824, nSize=0xd8 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x22
[0433.617] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini", nBufferLength=0x105, lpBuffer=0x37e510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini", lpFilePart=0x0) returned 0x43
[0433.617] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e750) returned 1
[0433.617] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ipswitch\\ws_ftp\\sites\\ws_ftp.ini"), fInfoLevelId=0x0, lpFileInformation=0x37ea14 | out: lpFileInformation=0x37ea14*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0433.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e74c) returned 1
[0433.641] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ea40 | out: phkResult=0x37ea40*=0x0) returned 0x2
[0433.671] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\OpenVPN-GUI\\configs", ulOptions=0x0, samDesired=0x2001f, phkResult=0x37ea50 | out: phkResult=0x37ea50*=0x0) returned 0x2
[0433.697] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x37e858, nSize=0xd8 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x22
[0433.698] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\The Bat!", nBufferLength=0x105, lpBuffer=0x37e53c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\The Bat!", lpFilePart=0x0) returned 0x2b
[0433.698] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e778) returned 1
[0433.698] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\The Bat!" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\the bat!"), fInfoLevelId=0x0, lpFileInformation=0x37ea3c | out: lpFileInformation=0x37ea3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0433.698] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e774) returned 1
[0433.729] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x37e834, nSize=0xd8 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x22
[0433.731] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Pocomail\\accounts.ini", nBufferLength=0x105, lpBuffer=0x37e520, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Pocomail\\accounts.ini", lpFilePart=0x0) returned 0x38
[0433.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e760) returned 1
[0433.731] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Pocomail\\accounts.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\pocomail\\accounts.ini"), fInfoLevelId=0x0, lpFileInformation=0x37ea24 | out: lpFileInformation=0x37ea24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0433.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e75c) returned 1
[0433.751] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x37e860, nSize=0xd8 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x22
[0433.753] GetEnvironmentVariableW (in: lpName="Username", lpBuffer=0x37e860, nSize=0xd8 | out: lpBuffer="kEecfMwgj") returned 0x9
[0433.758] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\AppData\\Roaming\\FlashFXP\\3quick.dat", nBufferLength=0x105, lpBuffer=0x37e55c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\AppData\\Roaming\\FlashFXP\\3quick.dat", lpFilePart=0x0) returned 0x36
[0433.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e79c) returned 1
[0433.758] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\AppData\\Roaming\\FlashFXP\\3quick.dat" (normalized: "c:\\users\\all users\\appdata\\roaming\\flashfxp\\3quick.dat"), fInfoLevelId=0x0, lpFileInformation=0x37ea60 | out: lpFileInformation=0x37ea60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0433.759] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e798) returned 1
[0433.785] CoTaskMemAlloc (cb=0x20c) returned 0x55a97e8
[0433.785] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x55a97e8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0
[0433.786] CoTaskMemFree (pv=0x55a97e8)
[0433.786] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22
[0433.787] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FTPGetter\\servers.xml", nBufferLength=0x105, lpBuffer=0x37e558, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FTPGetter\\servers.xml", lpFilePart=0x0) returned 0x38
[0433.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e798) returned 1
[0433.788] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FTPGetter\\servers.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ftpgetter\\servers.xml"), fInfoLevelId=0x0, lpFileInformation=0x37ea5c | out: lpFileInformation=0x37ea5c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0433.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e794) returned 1
[0433.804] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x37e874, nSize=0xd8 | out: lpBuffer="C:") returned 0x2
[0433.806] GetFullPathNameW (in: lpFileName="C:\\cftp\\Ftplist.txt", nBufferLength=0x105, lpBuffer=0x37e560, lpFilePart=0x0 | out: lpBuffer="C:\\cftp\\Ftplist.txt", lpFilePart=0x0) returned 0x13
[0433.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e7a0) returned 1
[0433.806] GetFileAttributesExW (in: lpFileName="C:\\cftp\\Ftplist.txt" (normalized: "c:\\cftp\\ftplist.txt"), fInfoLevelId=0x0, lpFileInformation=0x37ea64 | out: lpFileInformation=0x37ea64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0433.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e79c) returned 1
[0433.818] GetUserNameW (in: lpBuffer=0x37e850, pcbBuffer=0x2353010 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x2353010) returned 1
[0433.820] GetComputerNameW (in: lpBuffer=0x37e850, nSize=0x23534c4 | out: lpBuffer="Q9IATRKPRH", nSize=0x23534c4) returned 1
[0433.945] GetUserNameW (in: lpBuffer=0x37e840, pcbBuffer=0x2356f00 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x2356f00) returned 1
[0433.946] GetComputerNameW (in: lpBuffer=0x37e840, nSize=0x2357390 | out: lpBuffer="Q9IATRKPRH", nSize=0x2357390) returned 1
[0433.948] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x710
[0433.948] SetEvent (hEvent=0x2b8) returned 1
[0433.948] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37e9c0*=0x710, lpdwindex=0x37e7e4 | out: lpdwindex=0x37e7e4) returned 0x0
[0433.952] CoGetContextToken (in: pToken=0x37e894 | out: pToken=0x37e894) returned 0x0
[0433.952] CoGetContextToken (in: pToken=0x37e7f4 | out: pToken=0x37e7f4) returned 0x0
[0433.952] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016600, riid=0x37e8c4*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37e8c0 | out: ppvObject=0x37e8c0*=0x5016600) returned 0x0
[0433.952] WbemDefPath:IUnknown:AddRef (This=0x5016600) returned 0x3
[0433.952] WbemDefPath:IUnknown:Release (This=0x5016600) returned 0x2
[0433.952] WbemDefPath:IWbemPath:SetText (This=0x5016600, uMode=0x4, pszPath="Win32_OperatingSystem") returned 0x0
[0433.952] WbemDefPath:IWbemPath:GetInfo (in: This=0x5016600, uRequestedInfo=0x0, puResponse=0x37ea6c | out: puResponse=0x37ea6c*=0xc15) returned 0x0
[0433.953] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5016600, puCount=0x37ea64 | out: puCount=0x37ea64*=0x0) returned 0x0
[0433.953] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fe30, puCount=0x37ea3c | out: puCount=0x37ea3c*=0x2) returned 0x0
[0433.953] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37ea38*=0x0, pszText=0x0 | out: puBuffLength=0x37ea38*=0xf, pszText=0x0) returned 0x0
[0433.953] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37ea38*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ea38*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0433.973] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37e8d4*=0x724, lpdwindex=0x37e78c | out: lpdwindex=0x37e78c) returned 0x0
[0433.990] CoGetContextToken (in: pToken=0x37e78c | out: pToken=0x37e78c) returned 0x0
[0433.990] CoGetContextToken (in: pToken=0x37e6ec | out: pToken=0x37e6ec) returned 0x0
[0433.990] CoGetContextToken (in: pToken=0x37e6ec | out: pToken=0x37e6ec) returned 0x0
[0433.990] CoGetContextToken (in: pToken=0x37e68c | out: pToken=0x37e68c) returned 0x0
[0433.990] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x74618ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e664 | out: ppvObject=0x37e664*=0x5233f8) returned 0x0
[0433.990] CObjectContext::ContextCallback () returned 0x0
[0433.996] IUnknown:Release (This=0x5233f8) returned 0x1
[0433.997] CoUnmarshalInterface (in: pStm=0x5590ac8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37e6e0 | out: ppv=0x37e6e0*=0x57f2cc) returned 0x0
[0433.997] CoMarshalInterface (pStm=0x5590ac8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x57f2cc, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0433.997] WbemLocator:IUnknown:QueryInterface (in: This=0x57f2cc, riid=0x37e7bc*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x37e7b8 | out: ppvObject=0x37e7b8*=0x5019824) returned 0x0
[0434.001] WbemLocator:IUnknown:Release (This=0x57f2cc) returned 0x1
[0434.001] IWbemServices:ExecQuery (in: This=0x5019824, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x37e99c | out: ppEnum=0x37e99c*=0x502fddc) returned 0x0
[0434.044] IUnknown:QueryInterface (in: This=0x502fddc, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e7ec | out: ppvObject=0x37e7ec*=0x502fde0) returned 0x0
[0434.044] IClientSecurity:QueryBlanket (in: This=0x502fde0, pProxy=0x502fddc, pAuthnSvc=0x37e83c, pAuthzSvc=0x37e838, pServerPrincName=0x37e830, pAuthnLevel=0x37e834, pImpLevel=0x37e824, pAuthInfo=0x37e828, pCapabilites=0x37e82c | out: pAuthnSvc=0x37e83c*=0xa, pAuthzSvc=0x37e838*=0x0, pServerPrincName=0x37e830, pAuthnLevel=0x37e834*=0x6, pImpLevel=0x37e824*=0x2, pAuthInfo=0x37e828, pCapabilites=0x37e82c*=0x1) returned 0x0
[0434.044] IUnknown:Release (This=0x502fde0) returned 0x1
[0434.044] IUnknown:QueryInterface (in: This=0x502fddc, riid=0x6fc635a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e7e0 | out: ppvObject=0x37e7e0*=0x57f3bc) returned 0x0
[0434.044] IUnknown:QueryInterface (in: This=0x502fddc, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e7cc | out: ppvObject=0x37e7cc*=0x502fde0) returned 0x0
[0434.044] IClientSecurity:SetBlanket (This=0x502fde0, pProxy=0x502fddc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0434.046] IUnknown:Release (This=0x502fde0) returned 0x2
[0434.046] WbemLocator:IUnknown:Release (This=0x57f3bc) returned 0x1
[0434.046] CoTaskMemFree (pv=0x55b2bc0)
[0434.046] IUnknown:AddRef (This=0x502fddc) returned 0x2
[0434.047] CoGetContextToken (in: pToken=0x37dd0c | out: pToken=0x37dd0c) returned 0x0
[0434.047] CoGetContextToken (in: pToken=0x37e11c | out: pToken=0x37e11c) returned 0x0
[0434.047] IUnknown:QueryInterface (in: This=0x502fddc, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e0b8 | out: ppvObject=0x37e0b8*=0x57f3a4) returned 0x0
[0434.047] WbemLocator:IRpcOptions:Query (in: This=0x57f3a4, pPrx=0x55a6ba8, dwProperty=2, pdwValue=0x37e1ac | out: pdwValue=0x37e1ac) returned 0x80004002
[0434.047] WbemLocator:IUnknown:Release (This=0x57f3a4) returned 0x2
[0434.047] CoGetContextToken (in: pToken=0x37e6ec | out: pToken=0x37e6ec) returned 0x0
[0434.047] CoGetContextToken (in: pToken=0x37e64c | out: pToken=0x37e64c) returned 0x0
[0434.047] IUnknown:QueryInterface (in: This=0x502fddc, riid=0x37e71c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37e5e8 | out: ppvObject=0x37e5e8*=0x502fddc) returned 0x0
[0434.047] IUnknown:Release (This=0x502fddc) returned 0x2
[0434.047] WbemLocator:IUnknown:Release (This=0x5019824) returned 0x0
[0434.048] SysStringLen (param_1=0x0) returned 0x0
[0434.048] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fe30, puCount=0x37e9e8 | out: puCount=0x37e9e8*=0x2) returned 0x0
[0434.048] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37e9e4*=0x0, pszText=0x0 | out: puBuffLength=0x37e9e4*=0xf, pszText=0x0) returned 0x0
[0434.048] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37e9e4*=0xf, pszText="00000000000000" | out: puBuffLength=0x37e9e4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0434.048] CoGetContextToken (in: pToken=0x37e82c | out: pToken=0x37e82c) returned 0x0
[0434.048] IEnumWbemClassObject:Clone (in: This=0x502fddc, ppEnum=0x37e9e4 | out: ppEnum=0x37e9e4*=0x501986c) returned 0x0
[0434.049] IUnknown:QueryInterface (in: This=0x501986c, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e8a0 | out: ppvObject=0x37e8a0*=0x5019870) returned 0x0
[0434.049] IClientSecurity:QueryBlanket (in: This=0x5019870, pProxy=0x501986c, pAuthnSvc=0x37e8f0, pAuthzSvc=0x37e8ec, pServerPrincName=0x37e8e4, pAuthnLevel=0x37e8e8, pImpLevel=0x37e8d8, pAuthInfo=0x37e8dc, pCapabilites=0x37e8e0 | out: pAuthnSvc=0x37e8f0*=0xa, pAuthzSvc=0x37e8ec*=0x0, pServerPrincName=0x37e8e4, pAuthnLevel=0x37e8e8*=0x6, pImpLevel=0x37e8d8*=0x2, pAuthInfo=0x37e8dc, pCapabilites=0x37e8e0*=0x1) returned 0x0
[0434.049] IUnknown:Release (This=0x5019870) returned 0x1
[0434.049] IUnknown:QueryInterface (in: This=0x501986c, riid=0x6fc635a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e894 | out: ppvObject=0x37e894*=0x57f2cc) returned 0x0
[0434.050] IUnknown:QueryInterface (in: This=0x501986c, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e880 | out: ppvObject=0x37e880*=0x5019870) returned 0x0
[0434.050] IClientSecurity:SetBlanket (This=0x5019870, pProxy=0x501986c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0434.052] IUnknown:Release (This=0x5019870) returned 0x2
[0434.052] WbemLocator:IUnknown:Release (This=0x57f2cc) returned 0x1
[0434.052] CoTaskMemFree (pv=0x55b2b90)
[0434.052] IUnknown:AddRef (This=0x501986c) returned 0x2
[0434.052] CoGetContextToken (in: pToken=0x37ddb0 | out: pToken=0x37ddb0) returned 0x0
[0434.052] CoGetContextToken (in: pToken=0x37e1c4 | out: pToken=0x37e1c4) returned 0x0
[0434.052] IUnknown:QueryInterface (in: This=0x501986c, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e15c | out: ppvObject=0x37e15c*=0x57f2b4) returned 0x0
[0434.052] WbemLocator:IRpcOptions:Query (in: This=0x57f2b4, pPrx=0x55a6c20, dwProperty=2, pdwValue=0x37e250 | out: pdwValue=0x37e250) returned 0x80004002
[0434.052] WbemLocator:IUnknown:Release (This=0x57f2b4) returned 0x2
[0434.052] CoGetContextToken (in: pToken=0x37e794 | out: pToken=0x37e794) returned 0x0
[0434.052] CoGetContextToken (in: pToken=0x37e6f4 | out: pToken=0x37e6f4) returned 0x0
[0434.052] IUnknown:QueryInterface (in: This=0x501986c, riid=0x37e7c4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37e690 | out: ppvObject=0x37e690*=0x501986c) returned 0x0
[0434.053] IUnknown:Release (This=0x501986c) returned 0x2
[0434.053] SysStringLen (param_1=0x0) returned 0x0
[0434.053] IEnumWbemClassObject:Reset (This=0x501986c) returned 0x0
[0434.054] CoTaskMemAlloc (cb=0x4) returned 0x55fb378
[0434.054] IEnumWbemClassObject:Next (in: This=0x501986c, lTimeout=-1, uCount=0x1, apObjects=0x55fb378, puReturned=0x235a1fc | out: apObjects=0x55fb378*=0x5034150, puReturned=0x235a1fc*=0x1) returned 0x0
[0434.058] IUnknown:QueryInterface (in: This=0x5034150, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e03c | out: ppvObject=0x37e03c*=0x5034150) returned 0x0
[0434.058] IUnknown:QueryInterface (in: This=0x5034150, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37dff0 | out: ppvObject=0x37dff0*=0x0) returned 0x80004002
[0434.058] IUnknown:QueryInterface (in: This=0x5034150, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37de18 | out: ppvObject=0x37de18*=0x0) returned 0x80004002
[0434.058] IUnknown:AddRef (This=0x5034150) returned 0x3
[0434.058] IUnknown:QueryInterface (in: This=0x5034150, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37d94c | out: ppvObject=0x37d94c*=0x0) returned 0x80004002
[0434.058] IUnknown:QueryInterface (in: This=0x5034150, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37d8fc | out: ppvObject=0x37d8fc*=0x0) returned 0x80004002
[0434.058] IUnknown:QueryInterface (in: This=0x5034150, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37d908 | out: ppvObject=0x37d908*=0x5034154) returned 0x0
[0434.058] IMarshal:GetUnmarshalClass (in: This=0x5034154, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37d910 | out: pCid=0x37d910*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0434.058] IUnknown:Release (This=0x5034154) returned 0x3
[0434.058] CoGetContextToken (in: pToken=0x37d968 | out: pToken=0x37d968) returned 0x0
[0434.058] CoGetContextToken (in: pToken=0x37dd7c | out: pToken=0x37dd7c) returned 0x0
[0434.059] IUnknown:QueryInterface (in: This=0x5034150, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ddfc | out: ppvObject=0x37ddfc*=0x0) returned 0x80004002
[0434.059] IUnknown:Release (This=0x5034150) returned 0x2
[0434.059] CoGetContextToken (in: pToken=0x37e364 | out: pToken=0x37e364) returned 0x0
[0434.059] CoGetContextToken (in: pToken=0x37e2c4 | out: pToken=0x37e2c4) returned 0x0
[0434.059] IUnknown:QueryInterface (in: This=0x5034150, riid=0x37e394*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e390 | out: ppvObject=0x37e390*=0x5034150) returned 0x0
[0434.059] IUnknown:AddRef (This=0x5034150) returned 0x4
[0434.059] IUnknown:Release (This=0x5034150) returned 0x3
[0434.059] IUnknown:Release (This=0x5034150) returned 0x2
[0434.059] CoTaskMemFree (pv=0x55fb378)
[0434.059] CoGetContextToken (in: pToken=0x37e6d4 | out: pToken=0x37e6d4) returned 0x0
[0434.059] IUnknown:AddRef (This=0x5034150) returned 0x3
[0434.059] CoTaskMemAlloc (cb=0x4) returned 0x55fb378
[0434.060] IEnumWbemClassObject:Next (in: This=0x501986c, lTimeout=-1, uCount=0x1, apObjects=0x55fb378, puReturned=0x235a1fc | out: apObjects=0x55fb378*=0x0, puReturned=0x235a1fc*=0x0) returned 0x1
[0434.066] CoTaskMemFree (pv=0x55fb378)
[0434.067] CoGetContextToken (in: pToken=0x37e83c | out: pToken=0x37e83c) returned 0x0
[0434.067] IEnumWbemClassObject:Clone (in: This=0x502fddc, ppEnum=0x37e9f4 | out: ppEnum=0x37e9f4*=0x503021c) returned 0x0
[0434.068] IUnknown:QueryInterface (in: This=0x503021c, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e8b0 | out: ppvObject=0x37e8b0*=0x5030220) returned 0x0
[0434.068] IClientSecurity:QueryBlanket (in: This=0x5030220, pProxy=0x503021c, pAuthnSvc=0x37e900, pAuthzSvc=0x37e8fc, pServerPrincName=0x37e8f4, pAuthnLevel=0x37e8f8, pImpLevel=0x37e8e8, pAuthInfo=0x37e8ec, pCapabilites=0x37e8f0 | out: pAuthnSvc=0x37e900*=0xa, pAuthzSvc=0x37e8fc*=0x0, pServerPrincName=0x37e8f4, pAuthnLevel=0x37e8f8*=0x6, pImpLevel=0x37e8e8*=0x2, pAuthInfo=0x37e8ec, pCapabilites=0x37e8f0*=0x1) returned 0x0
[0434.069] IUnknown:Release (This=0x5030220) returned 0x1
[0434.069] IUnknown:QueryInterface (in: This=0x503021c, riid=0x6fc635a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e8a4 | out: ppvObject=0x37e8a4*=0x57f68c) returned 0x0
[0434.069] IUnknown:QueryInterface (in: This=0x503021c, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e890 | out: ppvObject=0x37e890*=0x5030220) returned 0x0
[0434.069] IClientSecurity:SetBlanket (This=0x5030220, pProxy=0x503021c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0434.070] IUnknown:Release (This=0x5030220) returned 0x2
[0434.070] WbemLocator:IUnknown:Release (This=0x57f68c) returned 0x1
[0434.070] CoTaskMemFree (pv=0x55b2bc0)
[0434.071] IUnknown:AddRef (This=0x503021c) returned 0x2
[0434.071] CoGetContextToken (in: pToken=0x37ddc0 | out: pToken=0x37ddc0) returned 0x0
[0434.071] CoGetContextToken (in: pToken=0x37e1d4 | out: pToken=0x37e1d4) returned 0x0
[0434.071] IUnknown:QueryInterface (in: This=0x503021c, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e16c | out: ppvObject=0x37e16c*=0x57f674) returned 0x0
[0434.071] WbemLocator:IRpcOptions:Query (in: This=0x57f674, pPrx=0x55a6ce0, dwProperty=2, pdwValue=0x37e260 | out: pdwValue=0x37e260) returned 0x80004002
[0434.071] WbemLocator:IUnknown:Release (This=0x57f674) returned 0x2
[0434.071] CoGetContextToken (in: pToken=0x37e7a4 | out: pToken=0x37e7a4) returned 0x0
[0434.071] CoGetContextToken (in: pToken=0x37e704 | out: pToken=0x37e704) returned 0x0
[0434.071] IUnknown:QueryInterface (in: This=0x503021c, riid=0x37e7d4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37e6a0 | out: ppvObject=0x37e6a0*=0x503021c) returned 0x0
[0434.072] IUnknown:Release (This=0x503021c) returned 0x2
[0434.072] SysStringLen (param_1=0x0) returned 0x0
[0434.072] IEnumWbemClassObject:Reset (This=0x503021c) returned 0x0
[0434.072] CoTaskMemAlloc (cb=0x4) returned 0x55fb3a8
[0434.073] IEnumWbemClassObject:Next (in: This=0x503021c, lTimeout=-1, uCount=0x1, apObjects=0x55fb3a8, puReturned=0x235a2e0 | out: apObjects=0x55fb3a8*=0x5034480, puReturned=0x235a2e0*=0x1) returned 0x0
[0434.075] IUnknown:QueryInterface (in: This=0x5034480, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e04c | out: ppvObject=0x37e04c*=0x5034480) returned 0x0
[0434.075] IUnknown:QueryInterface (in: This=0x5034480, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e000 | out: ppvObject=0x37e000*=0x0) returned 0x80004002
[0434.075] IUnknown:QueryInterface (in: This=0x5034480, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37de28 | out: ppvObject=0x37de28*=0x0) returned 0x80004002
[0434.075] IUnknown:AddRef (This=0x5034480) returned 0x3
[0434.075] IUnknown:QueryInterface (in: This=0x5034480, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37d95c | out: ppvObject=0x37d95c*=0x0) returned 0x80004002
[0434.075] IUnknown:QueryInterface (in: This=0x5034480, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37d90c | out: ppvObject=0x37d90c*=0x0) returned 0x80004002
[0434.075] IUnknown:QueryInterface (in: This=0x5034480, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37d918 | out: ppvObject=0x37d918*=0x5034484) returned 0x0
[0434.075] IMarshal:GetUnmarshalClass (in: This=0x5034484, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37d920 | out: pCid=0x37d920*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0434.075] IUnknown:Release (This=0x5034484) returned 0x3
[0434.075] CoGetContextToken (in: pToken=0x37d978 | out: pToken=0x37d978) returned 0x0
[0434.075] CoGetContextToken (in: pToken=0x37dd8c | out: pToken=0x37dd8c) returned 0x0
[0434.075] IUnknown:QueryInterface (in: This=0x5034480, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37de0c | out: ppvObject=0x37de0c*=0x0) returned 0x80004002
[0434.075] IUnknown:Release (This=0x5034480) returned 0x2
[0434.075] CoGetContextToken (in: pToken=0x37e374 | out: pToken=0x37e374) returned 0x0
[0434.076] CoGetContextToken (in: pToken=0x37e2d4 | out: pToken=0x37e2d4) returned 0x0
[0434.076] IUnknown:QueryInterface (in: This=0x5034480, riid=0x37e3a4*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e3a0 | out: ppvObject=0x37e3a0*=0x5034480) returned 0x0
[0434.076] IUnknown:AddRef (This=0x5034480) returned 0x4
[0434.076] IUnknown:Release (This=0x5034480) returned 0x3
[0434.076] IUnknown:Release (This=0x5034480) returned 0x2
[0434.076] CoTaskMemFree (pv=0x55fb3a8)
[0434.076] CoGetContextToken (in: pToken=0x37e6e4 | out: pToken=0x37e6e4) returned 0x0
[0434.076] IUnknown:AddRef (This=0x5034480) returned 0x3
[0434.076] IWbemClassObject:Get (in: This=0x5034480, wszName="__GENUS", lFlags=0, pVal=0x37e9e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ea64*=0, plFlavor=0x37ea60*=0 | out: pVal=0x37e9e4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37ea64*=3, plFlavor=0x37ea60*=64) returned 0x0
[0434.076] IWbemClassObject:Get (in: This=0x5034480, wszName="__PATH", lFlags=0, pVal=0x37e9c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ea4c*=0, plFlavor=0x37ea48*=0 | out: pVal=0x37e9c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"", varVal2=0x0), pType=0x37ea4c*=8, plFlavor=0x37ea48*=64) returned 0x0
[0434.076] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x82
[0434.076] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x82
[0434.076] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x758
[0434.076] SetEvent (hEvent=0x2b8) returned 1
[0434.077] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37e9a0*=0x758, lpdwindex=0x37e7c4 | out: lpdwindex=0x37e7c4) returned 0x0
[0434.079] CoGetContextToken (in: pToken=0x37e874 | out: pToken=0x37e874) returned 0x0
[0434.079] CoGetContextToken (in: pToken=0x37e7d4 | out: pToken=0x37e7d4) returned 0x0
[0434.079] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016670, riid=0x37e8a4*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37e8a0 | out: ppvObject=0x37e8a0*=0x5016670) returned 0x0
[0434.079] WbemDefPath:IUnknown:AddRef (This=0x5016670) returned 0x3
[0434.079] WbemDefPath:IUnknown:Release (This=0x5016670) returned 0x2
[0434.079] WbemDefPath:IWbemPath:SetText (This=0x5016670, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x0
[0434.079] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fe30, puCount=0x37ea20 | out: puCount=0x37ea20*=0x2) returned 0x0
[0434.079] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37ea1c*=0x0, pszText=0x0 | out: puBuffLength=0x37ea1c*=0xf, pszText=0x0) returned 0x0
[0434.079] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37ea1c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ea1c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0434.079] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fe30, puCount=0x37ea14 | out: puCount=0x37ea14*=0x2) returned 0x0
[0434.080] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37ea10*=0x0, pszText=0x0 | out: puBuffLength=0x37ea10*=0xf, pszText=0x0) returned 0x0
[0434.080] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37ea10*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ea10*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0434.080] IWbemClassObject:Get (in: This=0x5034480, wszName="Name", lFlags=0, pVal=0x37ea10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x235a6fc*=0, plFlavor=0x235a700*=0 | out: pVal=0x37ea10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x235a6fc*=8, plFlavor=0x235a700*=0) returned 0x0
[0434.080] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92
[0434.080] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92
[0434.080] IWbemClassObject:Get (in: This=0x5034480, wszName="Name", lFlags=0, pVal=0x37ea18*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x235a6fc*=8, plFlavor=0x235a700*=0 | out: pVal=0x37ea18*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x235a6fc*=8, plFlavor=0x235a700*=0) returned 0x0
[0434.080] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92
[0434.080] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92
[0434.103] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fe30, puCount=0x37ea2c | out: puCount=0x37ea2c*=0x2) returned 0x0
[0434.103] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37ea28*=0x0, pszText=0x0 | out: puBuffLength=0x37ea28*=0xf, pszText=0x0) returned 0x0
[0434.103] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37ea28*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ea28*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0434.114] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37e8d4*=0x76c, lpdwindex=0x37e78c | out: lpdwindex=0x37e78c) returned 0x0
[0434.127] CoGetContextToken (in: pToken=0x37e794 | out: pToken=0x37e794) returned 0x0
[0434.127] CoGetContextToken (in: pToken=0x37e6f4 | out: pToken=0x37e6f4) returned 0x0
[0434.127] CoGetContextToken (in: pToken=0x37e6f4 | out: pToken=0x37e6f4) returned 0x0
[0434.127] CoGetContextToken (in: pToken=0x37e694 | out: pToken=0x37e694) returned 0x0
[0434.127] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x74618ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e66c | out: ppvObject=0x37e66c*=0x5233f8) returned 0x0
[0434.128] CObjectContext::ContextCallback () returned 0x0
[0434.146] IUnknown:Release (This=0x5233f8) returned 0x1
[0434.146] CoUnmarshalInterface (in: pStm=0x5590c48, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37e6e8 | out: ppv=0x37e6e8*=0x57fa4c) returned 0x0
[0434.146] CoMarshalInterface (pStm=0x5590c48, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x57fa4c, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0434.147] WbemLocator:IUnknown:QueryInterface (in: This=0x57fa4c, riid=0x37e7c4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x37e7c0 | out: ppvObject=0x37e7c0*=0x503032c) returned 0x0
[0434.148] WbemLocator:IUnknown:Release (This=0x57fa4c) returned 0x1
[0434.148] IWbemServices:ExecQuery (in: This=0x503032c, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Processor", lFlags=16, pCtx=0x0, ppEnum=0x37e99c | out: ppEnum=0x37e99c*=0x503044c) returned 0x0
[0435.824] IUnknown:QueryInterface (in: This=0x503044c, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e7f8 | out: ppvObject=0x37e7f8*=0x5030450) returned 0x0
[0435.824] IClientSecurity:QueryBlanket (in: This=0x5030450, pProxy=0x503044c, pAuthnSvc=0x37e848, pAuthzSvc=0x37e844, pServerPrincName=0x37e83c, pAuthnLevel=0x37e840, pImpLevel=0x37e830, pAuthInfo=0x37e834, pCapabilites=0x37e838 | out: pAuthnSvc=0x37e848*=0xa, pAuthzSvc=0x37e844*=0x0, pServerPrincName=0x37e83c, pAuthnLevel=0x37e840*=0x6, pImpLevel=0x37e830*=0x2, pAuthInfo=0x37e834, pCapabilites=0x37e838*=0x1) returned 0x0
[0435.824] IUnknown:Release (This=0x5030450) returned 0x1
[0435.824] IUnknown:QueryInterface (in: This=0x503044c, riid=0x6fc635a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e7ec | out: ppvObject=0x37e7ec*=0x57fb3c) returned 0x0
[0435.824] IUnknown:QueryInterface (in: This=0x503044c, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e7d8 | out: ppvObject=0x37e7d8*=0x5030450) returned 0x0
[0435.824] IClientSecurity:SetBlanket (This=0x5030450, pProxy=0x503044c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0435.827] IUnknown:Release (This=0x5030450) returned 0x2
[0435.827] WbemLocator:IUnknown:Release (This=0x57fb3c) returned 0x1
[0435.827] CoTaskMemFree (pv=0x55b2bf0)
[0435.827] IUnknown:AddRef (This=0x503044c) returned 0x2
[0435.827] CoGetContextToken (in: pToken=0x37dd18 | out: pToken=0x37dd18) returned 0x0
[0435.827] CoGetContextToken (in: pToken=0x37e12c | out: pToken=0x37e12c) returned 0x0
[0435.827] IUnknown:QueryInterface (in: This=0x503044c, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e0c4 | out: ppvObject=0x37e0c4*=0x57fb24) returned 0x0
[0435.828] WbemLocator:IRpcOptions:Query (in: This=0x57fb24, pPrx=0x55a6f50, dwProperty=2, pdwValue=0x37e1b8 | out: pdwValue=0x37e1b8) returned 0x80004002
[0435.828] WbemLocator:IUnknown:Release (This=0x57fb24) returned 0x2
[0435.828] CoGetContextToken (in: pToken=0x37e6fc | out: pToken=0x37e6fc) returned 0x0
[0435.828] CoGetContextToken (in: pToken=0x37e65c | out: pToken=0x37e65c) returned 0x0
[0435.828] IUnknown:QueryInterface (in: This=0x503044c, riid=0x37e72c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37e5f8 | out: ppvObject=0x37e5f8*=0x503044c) returned 0x0
[0435.828] IUnknown:Release (This=0x503044c) returned 0x2
[0435.828] WbemLocator:IUnknown:Release (This=0x503032c) returned 0x0
[0435.828] SysStringLen (param_1=0x0) returned 0x0
[0435.828] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fe30, puCount=0x37e9e8 | out: puCount=0x37e9e8*=0x2) returned 0x0
[0435.828] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37e9e4*=0x0, pszText=0x0 | out: puBuffLength=0x37e9e4*=0xf, pszText=0x0) returned 0x0
[0435.828] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37e9e4*=0xf, pszText="00000000000000" | out: puBuffLength=0x37e9e4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0435.828] CoGetContextToken (in: pToken=0x37e83c | out: pToken=0x37e83c) returned 0x0
[0435.828] IEnumWbemClassObject:Clone (in: This=0x503044c, ppEnum=0x37e9f4 | out: ppEnum=0x37e9f4*=0x5030514) returned 0x0
[0435.829] IUnknown:QueryInterface (in: This=0x5030514, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e8b0 | out: ppvObject=0x37e8b0*=0x5030518) returned 0x0
[0435.830] IClientSecurity:QueryBlanket (in: This=0x5030518, pProxy=0x5030514, pAuthnSvc=0x37e900, pAuthzSvc=0x37e8fc, pServerPrincName=0x37e8f4, pAuthnLevel=0x37e8f8, pImpLevel=0x37e8e8, pAuthInfo=0x37e8ec, pCapabilites=0x37e8f0 | out: pAuthnSvc=0x37e900*=0xa, pAuthzSvc=0x37e8fc*=0x0, pServerPrincName=0x37e8f4, pAuthnLevel=0x37e8f8*=0x6, pImpLevel=0x37e8e8*=0x2, pAuthInfo=0x37e8ec, pCapabilites=0x37e8f0*=0x1) returned 0x0
[0435.830] IUnknown:Release (This=0x5030518) returned 0x1
[0435.830] IUnknown:QueryInterface (in: This=0x5030514, riid=0x6fc635a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e8a4 | out: ppvObject=0x37e8a4*=0x57fa4c) returned 0x0
[0435.830] IUnknown:QueryInterface (in: This=0x5030514, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e890 | out: ppvObject=0x37e890*=0x5030518) returned 0x0
[0435.830] IClientSecurity:SetBlanket (This=0x5030518, pProxy=0x5030514, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0435.831] IUnknown:Release (This=0x5030518) returned 0x2
[0435.831] WbemLocator:IUnknown:Release (This=0x57fa4c) returned 0x1
[0435.831] CoTaskMemFree (pv=0x55b2bc0)
[0435.832] IUnknown:AddRef (This=0x5030514) returned 0x2
[0435.832] CoGetContextToken (in: pToken=0x37ddc0 | out: pToken=0x37ddc0) returned 0x0
[0435.832] CoGetContextToken (in: pToken=0x37e1d4 | out: pToken=0x37e1d4) returned 0x0
[0435.832] IUnknown:QueryInterface (in: This=0x5030514, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e16c | out: ppvObject=0x37e16c*=0x57fa34) returned 0x0
[0435.832] WbemLocator:IRpcOptions:Query (in: This=0x57fa34, pPrx=0x55a6fc8, dwProperty=2, pdwValue=0x37e260 | out: pdwValue=0x37e260) returned 0x80004002
[0435.832] WbemLocator:IUnknown:Release (This=0x57fa34) returned 0x2
[0435.832] CoGetContextToken (in: pToken=0x37e7a4 | out: pToken=0x37e7a4) returned 0x0
[0435.832] CoGetContextToken (in: pToken=0x37e704 | out: pToken=0x37e704) returned 0x0
[0435.832] IUnknown:QueryInterface (in: This=0x5030514, riid=0x37e7d4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37e6a0 | out: ppvObject=0x37e6a0*=0x5030514) returned 0x0
[0435.832] IUnknown:Release (This=0x5030514) returned 0x2
[0435.832] SysStringLen (param_1=0x0) returned 0x0
[0435.832] IEnumWbemClassObject:Reset (This=0x5030514) returned 0x0
[0435.833] CoTaskMemAlloc (cb=0x4) returned 0x55fb458
[0435.833] IEnumWbemClassObject:Next (in: This=0x5030514, lTimeout=-1, uCount=0x1, apObjects=0x55fb458, puReturned=0x235b1ac | out: apObjects=0x55fb458*=0x50347b0, puReturned=0x235b1ac*=0x1) returned 0x0
[0436.850] IUnknown:QueryInterface (in: This=0x50347b0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e04c | out: ppvObject=0x37e04c*=0x50347b0) returned 0x0
[0436.850] IUnknown:QueryInterface (in: This=0x50347b0, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e000 | out: ppvObject=0x37e000*=0x0) returned 0x80004002
[0436.850] IUnknown:QueryInterface (in: This=0x50347b0, riid=0x74561e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37de28 | out: ppvObject=0x37de28*=0x0) returned 0x80004002
[0436.851] IUnknown:AddRef (This=0x50347b0) returned 0x3
[0436.851] IUnknown:QueryInterface (in: This=0x50347b0, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37d95c | out: ppvObject=0x37d95c*=0x0) returned 0x80004002
[0436.851] IUnknown:QueryInterface (in: This=0x50347b0, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37d90c | out: ppvObject=0x37d90c*=0x0) returned 0x80004002
[0436.851] IUnknown:QueryInterface (in: This=0x50347b0, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37d918 | out: ppvObject=0x37d918*=0x50347b4) returned 0x0
[0436.851] IMarshal:GetUnmarshalClass (in: This=0x50347b4, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37d920 | out: pCid=0x37d920*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
[0436.851] IUnknown:Release (This=0x50347b4) returned 0x3
[0436.851] CoGetContextToken (in: pToken=0x37d978 | out: pToken=0x37d978) returned 0x0
[0436.851] CoGetContextToken (in: pToken=0x37dd8c | out: pToken=0x37dd8c) returned 0x0
[0436.851] IUnknown:QueryInterface (in: This=0x50347b0, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37de0c | out: ppvObject=0x37de0c*=0x0) returned 0x80004002
[0436.851] IUnknown:Release (This=0x50347b0) returned 0x2
[0436.851] CoGetContextToken (in: pToken=0x37e374 | out: pToken=0x37e374) returned 0x0
[0436.851] CoGetContextToken (in: pToken=0x37e2d4 | out: pToken=0x37e2d4) returned 0x0
[0436.851] IUnknown:QueryInterface (in: This=0x50347b0, riid=0x37e3a4*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e3a0 | out: ppvObject=0x37e3a0*=0x50347b0) returned 0x0
[0436.851] IUnknown:AddRef (This=0x50347b0) returned 0x4
[0436.851] IUnknown:Release (This=0x50347b0) returned 0x3
[0436.851] IUnknown:Release (This=0x50347b0) returned 0x2
[0436.851] CoTaskMemFree (pv=0x55fb458)
[0436.851] CoGetContextToken (in: pToken=0x37e6e4 | out: pToken=0x37e6e4) returned 0x0
[0436.851] IUnknown:AddRef (This=0x50347b0) returned 0x3
[0436.851] IWbemClassObject:Get (in: This=0x50347b0, wszName="__GENUS", lFlags=0, pVal=0x37e9e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ea64*=0, plFlavor=0x37ea60*=0 | out: pVal=0x37e9e4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37ea64*=3, plFlavor=0x37ea60*=64) returned 0x0
[0436.852] IWbemClassObject:Get (in: This=0x50347b0, wszName="__PATH", lFlags=0, pVal=0x37e9c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ea4c*=0, plFlavor=0x37ea48*=0 | out: pVal=0x37e9c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x37ea4c*=8, plFlavor=0x37ea48*=64) returned 0x0
[0436.852] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e
[0436.852] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e
[0436.852] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x788
[0436.852] SetEvent (hEvent=0x2b8) returned 1
[0436.852] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37e9a0*=0x788, lpdwindex=0x37e7c4 | out: lpdwindex=0x37e7c4) returned 0x0
[0436.855] CoGetContextToken (in: pToken=0x37e874 | out: pToken=0x37e874) returned 0x0
[0436.855] CoGetContextToken (in: pToken=0x37e7d4 | out: pToken=0x37e7d4) returned 0x0
[0436.855] WbemDefPath:IUnknown:QueryInterface (in: This=0x50166e0, riid=0x37e8a4*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37e8a0 | out: ppvObject=0x37e8a0*=0x50166e0) returned 0x0
[0436.855] WbemDefPath:IUnknown:AddRef (This=0x50166e0) returned 0x3
[0436.855] WbemDefPath:IUnknown:Release (This=0x50166e0) returned 0x2
[0436.855] WbemDefPath:IWbemPath:SetText (This=0x50166e0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0
[0436.855] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fe30, puCount=0x37ea20 | out: puCount=0x37ea20*=0x2) returned 0x0
[0436.856] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37ea1c*=0x0, pszText=0x0 | out: puBuffLength=0x37ea1c*=0xf, pszText=0x0) returned 0x0
[0436.856] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37ea1c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ea1c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0436.856] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fe30, puCount=0x37e9f0 | out: puCount=0x37e9f0*=0x2) returned 0x0
[0436.856] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37e9ec*=0x0, pszText=0x0 | out: puBuffLength=0x37e9ec*=0xf, pszText=0x0) returned 0x0
[0436.856] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37e9ec*=0xf, pszText="00000000000000" | out: puBuffLength=0x37e9ec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0436.856] IWbemClassObject:Get (in: This=0x50347b0, wszName="Name", lFlags=0, pVal=0x37e9ec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x235b5b4*=0, plFlavor=0x235b5b8*=0 | out: pVal=0x37e9ec*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x235b5b4*=8, plFlavor=0x235b5b8*=0) returned 0x0
[0436.856] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e
[0436.856] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e
[0436.856] IWbemClassObject:Get (in: This=0x50347b0, wszName="Name", lFlags=0, pVal=0x37e9f4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x235b5b4*=8, plFlavor=0x235b5b8*=0 | out: pVal=0x37e9f4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x235b5b4*=8, plFlavor=0x235b5b8*=0) returned 0x0
[0436.856] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e
[0436.856] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e
[0436.856] CoTaskMemAlloc (cb=0x4) returned 0x55fb498
[0436.856] IEnumWbemClassObject:Next (in: This=0x5030514, lTimeout=-1, uCount=0x1, apObjects=0x55fb498, puReturned=0x235b1ac | out: apObjects=0x55fb498*=0x0, puReturned=0x235b1ac*=0x0) returned 0x1
[0436.857] CoTaskMemFree (pv=0x55fb498)
[0436.858] CoGetContextToken (in: pToken=0x37e918 | out: pToken=0x37e918) returned 0x0
[0436.858] IUnknown:Release (This=0x5030514) returned 0x1
[0436.858] IUnknown:Release (This=0x5030514) returned 0x0
[0436.861] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fe30, puCount=0x37ea2c | out: puCount=0x37ea2c*=0x2) returned 0x0
[0436.861] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37ea28*=0x0, pszText=0x0 | out: puBuffLength=0x37ea28*=0xf, pszText=0x0) returned 0x0
[0436.861] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=4, puBuffLength=0x37ea28*=0xf, pszText="00000000000000" | out: puBuffLength=0x37ea28*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0436.863] GlobalMemoryStatusEx (in: lpBuffer=0x235b7f0 | out: lpBuffer=0x235b7f0) returned 1
[0436.966] GetCurrentProcess () returned 0xffffffff
[0436.966] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37e65c | out: TokenHandle=0x37e65c*=0x7a4) returned 1
[0436.986] CloseHandle (hObject=0x7a4) returned 1
[0436.986] GetCurrentProcess () returned 0xffffffff
[0436.986] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37e674 | out: TokenHandle=0x37e674*=0x7a4) returned 1
[0436.986] CloseHandle (hObject=0x7a4) returned 1
[0437.007] SysStringLen (param_1="Ak6363Dogu2009\x02") returned 0x10
[0437.007] SystemFunction040 (in: Memory=0x55b2644, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x55b2644) returned 0x0
[0437.037] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=1048576, lpName=0x0) returned 0x7a4
[0437.038] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x7a8
[0437.041] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x7ac
[0437.041] SetEvent (hEvent=0x238) returned 1
[0437.042] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x186a0, cHandles=0x3, pHandles=0x37e800*=0x7a4, lpdwindex=0x37e6c4 | out: lpdwindex=0x37e6c4) returned 0x0
[0437.043] ReleaseMutex (hMutex=0x7ac) returned 1
[0437.043] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7b0
[0437.044] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x7b4
[0437.044] GetAddrInfoW (in: pNodeName="mail.akdogulojistik.com", pServiceName=0x0, pHints=0x37e7ac*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x37e754 | out: ppResult=0x37e754*=0x484ad8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="akdogulojistik.com", ai_addr=0x484b00*(sa_family=2, sin_port=0x0, sin_addr="94.199.200.93"), ai_next=0x0)) returned 0
[0437.195] FreeAddrInfoW (pAddrInfo=0x484ad8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="akdogulojistik.com", ai_addr=0x484b00*(sa_family=2, sin_port=0x0, sin_addr="94.199.200.93"), ai_next=0x0))
[0437.196] GetAddrInfoW (in: pNodeName="mail.akdogulojistik.com", pServiceName=0x0, pHints=0x37e7ac*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x37e754 | out: ppResult=0x37e754*=0x484ad8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="mail.akdogulojistik.com", ai_addr=0x484b00*(sa_family=2, sin_port=0x0, sin_addr="94.199.200.93"), ai_next=0x0)) returned 0
[0437.198] FreeAddrInfoW (pAddrInfo=0x484ad8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="mail.akdogulojistik.com", ai_addr=0x484b00*(sa_family=2, sin_port=0x0, sin_addr="94.199.200.93"), ai_next=0x0))
[0437.198] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x37e6f4*=0x4dc, lpdwindex=0x37e518 | out: lpdwindex=0x37e518) returned 0x80010115
[0437.198] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x37e6f4*=0x4e4, lpdwindex=0x37e518 | out: lpdwindex=0x37e518) returned 0x80010115
[0437.199] WSAConnect (in: s=0x7b0, name=0x2364148*(sa_family=2, sin_port=0x24b, sin_addr="94.199.200.93"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
[0437.277] closesocket (s=0x7b4) returned 0
[0437.277] setsockopt (s=0x7b0, level=6, optname=1, optval="\x01", optlen=4) returned 0
[0437.280] recv (in: s=0x7b0, buf=0x23641c0, len=256, flags=0 | out: buf=0x23641c0*) returned 174
[0438.140] send (s=0x7b0, buf=0x23627e0*, len=17, flags=0) returned 17
[0438.140] recv (in: s=0x7b0, buf=0x23641c0, len=256, flags=0 | out: buf=0x23641c0*) returned 190
[0438.222] send (s=0x7b0, buf=0x23627e0*, len=49, flags=0) returned 49
[0438.224] recv (in: s=0x7b0, buf=0x23641c0, len=256, flags=0 | out: buf=0x23641c0*) returned 18
[0438.286] SysStringLen (param_1="ᬼ烡硨셲ꂷ챍បܺⳘ⋝郕먫犏䯠ꚓ鱺") returned 0x10
[0438.286] SystemFunction041 (in: Memory=0x55b2644, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x55b2644) returned 0x0
[0438.286] SysStringLen (param_1="Ak6363Dogu2009\x02") returned 0x10
[0438.286] SystemFunction040 (in: Memory=0x55b2644, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x55b2644) returned 0x0
[0438.287] SysStringLen (param_1="Ak6363Dogu2009") returned 0xe
[0438.287] SysStringLen (param_1="Ak6363Dogu2009") returned 0xe
[0438.287] send (s=0x7b0, buf=0x23627e0*, len=22, flags=0) returned 22
[0438.289] recv (in: s=0x7b0, buf=0x23641c0, len=256, flags=0 | out: buf=0x23641c0*) returned 30
[0438.360] send (s=0x7b0, buf=0x23627e0*, len=39, flags=0) returned 39
[0438.360] recv (in: s=0x7b0, buf=0x23641c0, len=256, flags=0 | out: buf=0x23641c0*) returned 8
[0438.424] send (s=0x7b0, buf=0x23627e0*, len=37, flags=0) returned 37
[0438.424] recv (in: s=0x7b0, buf=0x23641c0, len=256, flags=0 | out: buf=0x23641c0*) returned 14
[0438.488] send (s=0x7b0, buf=0x23627e0*, len=6, flags=0) returned 6
[0438.488] recv (in: s=0x7b0, buf=0x23641c0, len=256, flags=0 | out: buf=0x23641c0*) returned 56
[0438.561] send (s=0x7b0, buf=0x236613c*, len=241, flags=0) returned 241
[0438.564] send (s=0x7b0, buf=0x236ca24*, len=375, flags=0) returned 375
[0438.566] send (s=0x7b0, buf=0x236613c*, len=2, flags=0) returned 2
[0438.566] send (s=0x7b0, buf=0x23627e0*, len=5, flags=0) returned 5
[0438.567] recv (in: s=0x7b0, buf=0x23641c0, len=256, flags=0 | out: buf=0x23641c0*) returned 28
[0438.647] ReleaseSemaphore (in: hSemaphore=0x7a4, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1
[0438.658] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc104
[0438.659] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc105
[0438.666] GetSystemMetrics (nIndex=75) returned 1
[0438.677] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0438.688] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76600000
[0438.689] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x37edd4, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory\x0b¸gcp\x0fîª\x0bDþEt\x84ñ7", lpUsedDefaultChar=0x0) returned 15
[0438.689] GetProcAddress (hModule=0x76600000, lpProcName="AddDllDirectory") returned 0x0
[0438.689] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6f660000
[0438.697] GetStockObject (i=5) returned 0x1900015
[0438.697] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0438.698] CoTaskMemAlloc (cb=0x5c) returned 0x563be0
[0438.698] RegisterClassW (lpWndClass=0x37ed08) returned 0xc10b
[0438.698] CoTaskMemFree (pv=0x563be0)
[0438.698] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0438.698] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.34f5582_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x30100
[0438.700] SetWindowLongW (hWnd=0x30100, nIndex=-4, dwNewLong=2000430557) returned 76288886
[0438.700] GetWindowLongW (hWnd=0x30100, nIndex=-4) returned 2000430557
[0438.700] SetWindowLongW (hWnd=0x30100, nIndex=-4, dwNewLong=76288926) returned 2000430557
[0438.700] GetWindowLongW (hWnd=0x30100, nIndex=-4) returned 76288926
[0438.700] GetWindowLongW (hWnd=0x30100, nIndex=-16) returned 113311744
[0438.701] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc107
[0438.701] CallWindowProcW (lpPrevWndFunc=0x773c25dd, hWnd=0x30100, Msg=0x24, wParam=0x0, lParam=0x37e8f4) returned 0x0
[0438.701] CallWindowProcW (lpPrevWndFunc=0x773c25dd, hWnd=0x30100, Msg=0x81, wParam=0x0, lParam=0x37e8e8) returned 0x1
[0438.702] CallWindowProcW (lpPrevWndFunc=0x773c25dd, hWnd=0x30100, Msg=0x83, wParam=0x0, lParam=0x37e8d4) returned 0x0
[0438.702] CallWindowProcW (lpPrevWndFunc=0x773c25dd, hWnd=0x30100, Msg=0x1, wParam=0x0, lParam=0x37e8e8) returned 0x0
[0438.702] GetClientRect (in: hWnd=0x30100, lpRect=0x37e650 | out: lpRect=0x37e650) returned 1
[0438.702] GetWindowRect (in: hWnd=0x30100, lpRect=0x37e650 | out: lpRect=0x37e650) returned 1
[0438.703] GetParent (hWnd=0x30100) returned 0x0
[0438.704] OleInitialize (pvReserved=0x0) returned 0x0
[0438.704] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x37ef38 | out: lplpMessageFilter=0x37ef38*=0x0) returned 0x0
[0438.705] PeekMessageW (in: lpMsg=0x37ef0c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x37ef0c) returned 0
[0438.707] PeekMessageW (in: lpMsg=0x37ef0c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x37ef0c) returned 0
[0438.707] WaitMessage ()
Thread:
id = 269
os_tid = 0x6a4
Thread:
id = 271
os_tid = 0x72c
[0325.424] CoGetContextToken (in: pToken=0x44efc3c | out: pToken=0x44efc3c) returned 0x800401f0
[0325.424] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
Thread:
id = 272
os_tid = 0x268
Thread:
id = 273
os_tid = 0x7d8
Thread:
id = 274
os_tid = 0x49c
Thread:
id = 275
os_tid = 0x5c8
Thread:
id = 286
os_tid = 0x554
[0335.070] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0335.091] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x543f3dc | out: lpiid=0x543f3dc) returned 0x0
[0335.092] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x500fce8) returned 0x0
[0335.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x500fce8, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0335.093] WbemDefPath:IClassFactory:CreateInstance (in: This=0x500fce8, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x500fcf8) returned 0x0
[0335.093] WbemDefPath:IUnknown:Release (This=0x500fce8) returned 0x0
[0335.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x500fcf8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x500fcf8) returned 0x0
[0335.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x500fcf8, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0335.093] WbemDefPath:IUnknown:AddRef (This=0x500fcf8) returned 0x3
[0335.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x500fcf8, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0335.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x500fcf8, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0335.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x500fcf8, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x56c9a8) returned 0x0
[0335.093] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56c9a8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0335.093] WbemDefPath:IUnknown:Release (This=0x56c9a8) returned 0x3
[0335.093] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0335.094] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0335.094] WbemDefPath:IUnknown:QueryInterface (in: This=0x500fcf8, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0335.094] WbemDefPath:IUnknown:Release (This=0x500fcf8) returned 0x2
[0335.094] WbemDefPath:IUnknown:Release (This=0x500fcf8) returned 0x1
[0335.094] SetEvent (hEvent=0x2b4) returned 1
[0335.104] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x500fdb8) returned 0x0
[0335.104] WbemDefPath:IUnknown:QueryInterface (in: This=0x500fdb8, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0335.104] WbemDefPath:IClassFactory:CreateInstance (in: This=0x500fdb8, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x500fe30) returned 0x0
[0335.104] WbemDefPath:IUnknown:Release (This=0x500fdb8) returned 0x0
[0335.104] WbemDefPath:IUnknown:QueryInterface (in: This=0x500fe30, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x500fe30) returned 0x0
[0335.104] WbemDefPath:IUnknown:QueryInterface (in: This=0x500fe30, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0335.105] WbemDefPath:IUnknown:AddRef (This=0x500fe30) returned 0x3
[0335.105] WbemDefPath:IUnknown:QueryInterface (in: This=0x500fe30, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0335.105] WbemDefPath:IUnknown:QueryInterface (in: This=0x500fe30, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0335.105] WbemDefPath:IUnknown:QueryInterface (in: This=0x500fe30, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x56cab8) returned 0x0
[0335.105] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56cab8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0335.105] WbemDefPath:IUnknown:Release (This=0x56cab8) returned 0x3
[0335.105] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0335.105] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0335.105] WbemDefPath:IUnknown:QueryInterface (in: This=0x500fe30, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0335.105] WbemDefPath:IUnknown:Release (This=0x500fe30) returned 0x2
[0335.105] WbemDefPath:IUnknown:Release (This=0x500fe30) returned 0x1
[0335.105] SetEvent (hEvent=0x2e8) returned 1
[0335.107] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x500ffd8) returned 0x0
[0335.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x500ffd8, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0335.107] WbemDefPath:IClassFactory:CreateInstance (in: This=0x500ffd8, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x500da38) returned 0x0
[0335.107] WbemDefPath:IUnknown:Release (This=0x500ffd8) returned 0x0
[0335.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x500da38, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x500da38) returned 0x0
[0335.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x500da38, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0335.107] WbemDefPath:IUnknown:AddRef (This=0x500da38) returned 0x3
[0335.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x500da38, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0335.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x500da38, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0335.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x500da38, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x56cae8) returned 0x0
[0335.107] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56cae8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0335.107] WbemDefPath:IUnknown:Release (This=0x56cae8) returned 0x3
[0335.107] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0335.107] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0335.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x500da38, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0335.107] WbemDefPath:IUnknown:Release (This=0x500da38) returned 0x2
[0335.108] WbemDefPath:IUnknown:Release (This=0x500da38) returned 0x1
[0335.108] SetEvent (hEvent=0x2ec) returned 1
[0335.732] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x500dbf8) returned 0x0
[0335.732] WbemDefPath:IUnknown:QueryInterface (in: This=0x500dbf8, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0335.732] WbemDefPath:IClassFactory:CreateInstance (in: This=0x500dbf8, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x500dc20) returned 0x0
[0335.732] WbemDefPath:IUnknown:Release (This=0x500dbf8) returned 0x0
[0335.732] WbemDefPath:IUnknown:QueryInterface (in: This=0x500dc20, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x500dc20) returned 0x0
[0335.732] WbemDefPath:IUnknown:QueryInterface (in: This=0x500dc20, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0335.732] WbemDefPath:IUnknown:AddRef (This=0x500dc20) returned 0x3
[0335.732] WbemDefPath:IUnknown:QueryInterface (in: This=0x500dc20, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0335.733] WbemDefPath:IUnknown:QueryInterface (in: This=0x500dc20, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0335.733] WbemDefPath:IUnknown:QueryInterface (in: This=0x500dc20, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x56cb78) returned 0x0
[0335.733] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56cb78, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0335.733] WbemDefPath:IUnknown:Release (This=0x56cb78) returned 0x3
[0335.733] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0335.733] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0335.733] WbemDefPath:IUnknown:QueryInterface (in: This=0x500dc20, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0335.733] WbemDefPath:IUnknown:Release (This=0x500dc20) returned 0x2
[0335.733] WbemDefPath:IUnknown:Release (This=0x500dc20) returned 0x1
[0335.733] SetEvent (hEvent=0x344) returned 1
[0339.421] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5014a78) returned 0x0
[0339.421] WbemDefPath:IUnknown:QueryInterface (in: This=0x5014a78, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.421] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5014a78, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x500e158) returned 0x0
[0339.421] WbemDefPath:IUnknown:Release (This=0x5014a78) returned 0x0
[0339.421] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e158, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x500e158) returned 0x0
[0339.422] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e158, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.422] WbemDefPath:IUnknown:AddRef (This=0x500e158) returned 0x3
[0339.422] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e158, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.422] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e158, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.422] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e158, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x56cc28) returned 0x0
[0339.422] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56cc28, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.422] WbemDefPath:IUnknown:Release (This=0x56cc28) returned 0x3
[0339.422] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.422] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.422] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e158, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.422] WbemDefPath:IUnknown:Release (This=0x500e158) returned 0x2
[0339.422] WbemDefPath:IUnknown:Release (This=0x500e158) returned 0x1
[0339.423] SetEvent (hEvent=0x34c) returned 1
[0339.450] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5014a78) returned 0x0
[0339.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x5014a78, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.451] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5014a78, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x5014b98) returned 0x0
[0339.451] WbemDefPath:IUnknown:Release (This=0x5014a78) returned 0x0
[0339.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x5014b98, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x5014b98) returned 0x0
[0339.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x5014b98, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.451] WbemDefPath:IUnknown:AddRef (This=0x5014b98) returned 0x3
[0339.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x5014b98, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x5014b98, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x5014b98, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x56cc68) returned 0x0
[0339.451] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56cc68, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.451] WbemDefPath:IUnknown:Release (This=0x56cc68) returned 0x3
[0339.451] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.451] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x5014b98, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.452] WbemDefPath:IUnknown:Release (This=0x5014b98) returned 0x2
[0339.452] WbemDefPath:IUnknown:Release (This=0x5014b98) returned 0x1
[0339.452] SetEvent (hEvent=0x350) returned 1
[0339.454] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5014c08) returned 0x0
[0339.454] WbemDefPath:IUnknown:QueryInterface (in: This=0x5014c08, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.455] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5014c08, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x500e790) returned 0x0
[0339.455] WbemDefPath:IUnknown:Release (This=0x5014c08) returned 0x0
[0339.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e790, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x500e790) returned 0x0
[0339.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e790, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.455] WbemDefPath:IUnknown:AddRef (This=0x500e790) returned 0x3
[0339.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e790, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e790, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e790, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x56cbf8) returned 0x0
[0339.455] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56cbf8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.455] WbemDefPath:IUnknown:Release (This=0x56cbf8) returned 0x3
[0339.455] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.455] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e790, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.455] WbemDefPath:IUnknown:Release (This=0x500e790) returned 0x2
[0339.455] WbemDefPath:IUnknown:Release (This=0x500e790) returned 0x1
[0339.456] SetEvent (hEvent=0x354) returned 1
[0339.522] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5014c28) returned 0x0
[0339.522] WbemDefPath:IUnknown:QueryInterface (in: This=0x5014c28, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.522] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5014c28, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x500e800) returned 0x0
[0339.522] WbemDefPath:IUnknown:Release (This=0x5014c28) returned 0x0
[0339.522] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e800, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x500e800) returned 0x0
[0339.522] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e800, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.523] WbemDefPath:IUnknown:AddRef (This=0x500e800) returned 0x3
[0339.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e800, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e800, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e800, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x56cc98) returned 0x0
[0339.523] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x56cc98, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.523] WbemDefPath:IUnknown:Release (This=0x56cc98) returned 0x3
[0339.523] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.523] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e800, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.523] WbemDefPath:IUnknown:Release (This=0x500e800) returned 0x2
[0339.523] WbemDefPath:IUnknown:Release (This=0x500e800) returned 0x1
[0339.523] SetEvent (hEvent=0x384) returned 1
[0339.727] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x500e870) returned 0x0
[0339.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e870, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.728] WbemDefPath:IClassFactory:CreateInstance (in: This=0x500e870, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x500e958) returned 0x0
[0339.728] WbemDefPath:IUnknown:Release (This=0x500e870) returned 0x0
[0339.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e958, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x500e958) returned 0x0
[0339.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e958, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.728] WbemDefPath:IUnknown:AddRef (This=0x500e958) returned 0x3
[0339.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e958, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e958, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e958, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x595520) returned 0x0
[0339.728] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x595520, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.728] WbemDefPath:IUnknown:Release (This=0x595520) returned 0x3
[0339.728] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.729] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.729] WbemDefPath:IUnknown:QueryInterface (in: This=0x500e958, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.729] WbemDefPath:IUnknown:Release (This=0x500e958) returned 0x2
[0339.729] WbemDefPath:IUnknown:Release (This=0x500e958) returned 0x1
[0339.729] SetEvent (hEvent=0x388) returned 1
[0339.804] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5014c28) returned 0x0
[0339.805] WbemDefPath:IUnknown:QueryInterface (in: This=0x5014c28, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.805] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5014c28, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x5019c68) returned 0x0
[0339.805] WbemDefPath:IUnknown:Release (This=0x5014c28) returned 0x0
[0339.805] WbemDefPath:IUnknown:QueryInterface (in: This=0x5019c68, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x5019c68) returned 0x0
[0339.805] WbemDefPath:IUnknown:QueryInterface (in: This=0x5019c68, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.805] WbemDefPath:IUnknown:AddRef (This=0x5019c68) returned 0x3
[0339.805] WbemDefPath:IUnknown:QueryInterface (in: This=0x5019c68, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.805] WbemDefPath:IUnknown:QueryInterface (in: This=0x5019c68, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.805] WbemDefPath:IUnknown:QueryInterface (in: This=0x5019c68, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x595560) returned 0x0
[0339.805] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x595560, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.805] WbemDefPath:IUnknown:Release (This=0x595560) returned 0x3
[0339.805] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.805] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.805] WbemDefPath:IUnknown:QueryInterface (in: This=0x5019c68, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.806] WbemDefPath:IUnknown:Release (This=0x5019c68) returned 0x2
[0339.806] WbemDefPath:IUnknown:Release (This=0x5019c68) returned 0x1
[0339.806] SetEvent (hEvent=0x38c) returned 1
[0339.811] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5014c38) returned 0x0
[0339.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x5014c38, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.811] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5014c38, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x5033b68) returned 0x0
[0339.811] WbemDefPath:IUnknown:Release (This=0x5014c38) returned 0x0
[0339.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x5033b68, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x5033b68) returned 0x0
[0339.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x5033b68, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.812] WbemDefPath:IUnknown:AddRef (This=0x5033b68) returned 0x3
[0339.812] WbemDefPath:IUnknown:QueryInterface (in: This=0x5033b68, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.812] WbemDefPath:IUnknown:QueryInterface (in: This=0x5033b68, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.812] WbemDefPath:IUnknown:QueryInterface (in: This=0x5033b68, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x5955a0) returned 0x0
[0339.812] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5955a0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.812] WbemDefPath:IUnknown:Release (This=0x5955a0) returned 0x3
[0339.812] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.812] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.812] WbemDefPath:IUnknown:QueryInterface (in: This=0x5033b68, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.812] WbemDefPath:IUnknown:Release (This=0x5033b68) returned 0x2
[0339.812] WbemDefPath:IUnknown:Release (This=0x5033b68) returned 0x1
[0339.812] SetEvent (hEvent=0x390) returned 1
[0339.817] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5014c48) returned 0x0
[0339.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x5014c48, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.817] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5014c48, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x50155f8) returned 0x0
[0339.817] WbemDefPath:IUnknown:Release (This=0x5014c48) returned 0x0
[0339.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x50155f8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x50155f8) returned 0x0
[0339.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x50155f8, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.818] WbemDefPath:IUnknown:AddRef (This=0x50155f8) returned 0x3
[0339.818] WbemDefPath:IUnknown:QueryInterface (in: This=0x50155f8, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.818] WbemDefPath:IUnknown:QueryInterface (in: This=0x50155f8, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.818] WbemDefPath:IUnknown:QueryInterface (in: This=0x50155f8, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x5955e0) returned 0x0
[0339.818] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5955e0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.818] WbemDefPath:IUnknown:Release (This=0x5955e0) returned 0x3
[0339.818] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.818] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.818] WbemDefPath:IUnknown:QueryInterface (in: This=0x50155f8, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.818] WbemDefPath:IUnknown:Release (This=0x50155f8) returned 0x2
[0339.818] WbemDefPath:IUnknown:Release (This=0x50155f8) returned 0x1
[0339.818] SetEvent (hEvent=0x394) returned 1
[0339.823] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5015a48) returned 0x0
[0339.823] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015a48, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.823] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5015a48, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x5015e30) returned 0x0
[0339.823] WbemDefPath:IUnknown:Release (This=0x5015a48) returned 0x0
[0339.823] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015e30, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x5015e30) returned 0x0
[0339.823] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015e30, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.823] WbemDefPath:IUnknown:AddRef (This=0x5015e30) returned 0x3
[0339.823] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015e30, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.823] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015e30, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.823] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015e30, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x595620) returned 0x0
[0339.823] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x595620, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.823] WbemDefPath:IUnknown:Release (This=0x595620) returned 0x3
[0339.823] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.824] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.824] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015e30, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.824] WbemDefPath:IUnknown:Release (This=0x5015e30) returned 0x2
[0339.824] WbemDefPath:IUnknown:Release (This=0x5015e30) returned 0x1
[0339.824] SetEvent (hEvent=0x398) returned 1
[0339.831] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5015a58) returned 0x0
[0339.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015a58, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.832] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5015a58, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x5016280) returned 0x0
[0339.832] WbemDefPath:IUnknown:Release (This=0x5015a58) returned 0x0
[0339.832] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016280, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x5016280) returned 0x0
[0339.832] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016280, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.832] WbemDefPath:IUnknown:AddRef (This=0x5016280) returned 0x3
[0339.832] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016280, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.832] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016280, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.832] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016280, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x595660) returned 0x0
[0339.832] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x595660, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.832] WbemDefPath:IUnknown:Release (This=0x595660) returned 0x3
[0339.832] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.832] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.832] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016280, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.832] WbemDefPath:IUnknown:Release (This=0x5016280) returned 0x2
[0339.832] WbemDefPath:IUnknown:Release (This=0x5016280) returned 0x1
[0339.832] SetEvent (hEvent=0x39c) returned 1
[0339.847] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5015a68) returned 0x0
[0339.847] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015a68, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.847] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5015a68, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x50162f0) returned 0x0
[0339.848] WbemDefPath:IUnknown:Release (This=0x5015a68) returned 0x0
[0339.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x50162f0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x50162f0) returned 0x0
[0339.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x50162f0, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.848] WbemDefPath:IUnknown:AddRef (This=0x50162f0) returned 0x3
[0339.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x50162f0, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x50162f0, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x50162f0, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x5956a0) returned 0x0
[0339.848] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5956a0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.848] WbemDefPath:IUnknown:Release (This=0x5956a0) returned 0x3
[0339.848] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.848] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x50162f0, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.848] WbemDefPath:IUnknown:Release (This=0x50162f0) returned 0x2
[0339.848] WbemDefPath:IUnknown:Release (This=0x50162f0) returned 0x1
[0339.848] SetEvent (hEvent=0x3a0) returned 1
[0339.853] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5015a78) returned 0x0
[0339.853] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015a78, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.853] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5015a78, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x5016360) returned 0x0
[0339.853] WbemDefPath:IUnknown:Release (This=0x5015a78) returned 0x0
[0339.853] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016360, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x5016360) returned 0x0
[0339.853] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016360, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.853] WbemDefPath:IUnknown:AddRef (This=0x5016360) returned 0x3
[0339.853] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016360, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.854] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016360, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.854] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016360, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x5956e0) returned 0x0
[0339.854] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5956e0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.854] WbemDefPath:IUnknown:Release (This=0x5956e0) returned 0x3
[0339.854] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.854] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.854] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016360, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.854] WbemDefPath:IUnknown:Release (This=0x5016360) returned 0x2
[0339.854] WbemDefPath:IUnknown:Release (This=0x5016360) returned 0x1
[0339.854] SetEvent (hEvent=0x3a4) returned 1
[0339.858] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5015a88) returned 0x0
[0339.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015a88, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.859] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5015a88, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x50163d0) returned 0x0
[0339.859] WbemDefPath:IUnknown:Release (This=0x5015a88) returned 0x0
[0339.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x50163d0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x50163d0) returned 0x0
[0339.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x50163d0, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.859] WbemDefPath:IUnknown:AddRef (This=0x50163d0) returned 0x3
[0339.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x50163d0, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x50163d0, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x50163d0, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x595720) returned 0x0
[0339.859] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x595720, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.859] WbemDefPath:IUnknown:Release (This=0x595720) returned 0x3
[0339.859] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.859] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x50163d0, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.859] WbemDefPath:IUnknown:Release (This=0x50163d0) returned 0x2
[0339.860] WbemDefPath:IUnknown:Release (This=0x50163d0) returned 0x1
[0339.860] SetEvent (hEvent=0x3a8) returned 1
[0339.864] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5015a98) returned 0x0
[0339.865] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015a98, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.865] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5015a98, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x5016440) returned 0x0
[0339.865] WbemDefPath:IUnknown:Release (This=0x5015a98) returned 0x0
[0339.865] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016440, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x5016440) returned 0x0
[0339.865] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016440, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.865] WbemDefPath:IUnknown:AddRef (This=0x5016440) returned 0x3
[0339.865] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016440, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.865] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016440, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.865] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016440, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x595760) returned 0x0
[0339.865] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x595760, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.865] WbemDefPath:IUnknown:Release (This=0x595760) returned 0x3
[0339.865] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.865] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.865] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016440, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.865] WbemDefPath:IUnknown:Release (This=0x5016440) returned 0x2
[0339.865] WbemDefPath:IUnknown:Release (This=0x5016440) returned 0x1
[0339.865] SetEvent (hEvent=0x3ac) returned 1
[0339.870] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5015aa8) returned 0x0
[0339.870] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015aa8, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.870] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5015aa8, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x50164b0) returned 0x0
[0339.870] WbemDefPath:IUnknown:Release (This=0x5015aa8) returned 0x0
[0339.870] WbemDefPath:IUnknown:QueryInterface (in: This=0x50164b0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x50164b0) returned 0x0
[0339.870] WbemDefPath:IUnknown:QueryInterface (in: This=0x50164b0, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.870] WbemDefPath:IUnknown:AddRef (This=0x50164b0) returned 0x3
[0339.870] WbemDefPath:IUnknown:QueryInterface (in: This=0x50164b0, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.870] WbemDefPath:IUnknown:QueryInterface (in: This=0x50164b0, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.870] WbemDefPath:IUnknown:QueryInterface (in: This=0x50164b0, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x5957a0) returned 0x0
[0339.870] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5957a0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.870] WbemDefPath:IUnknown:Release (This=0x5957a0) returned 0x3
[0339.871] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.871] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.871] WbemDefPath:IUnknown:QueryInterface (in: This=0x50164b0, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.871] WbemDefPath:IUnknown:Release (This=0x50164b0) returned 0x2
[0339.871] WbemDefPath:IUnknown:Release (This=0x50164b0) returned 0x1
[0339.871] SetEvent (hEvent=0x3b0) returned 1
[0339.875] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5015ab8) returned 0x0
[0339.875] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015ab8, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.875] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5015ab8, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x5016520) returned 0x0
[0339.876] WbemDefPath:IUnknown:Release (This=0x5015ab8) returned 0x0
[0339.876] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016520, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x5016520) returned 0x0
[0339.876] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016520, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.876] WbemDefPath:IUnknown:AddRef (This=0x5016520) returned 0x3
[0339.876] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016520, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.876] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016520, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.876] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016520, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x5957e0) returned 0x0
[0339.876] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5957e0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.876] WbemDefPath:IUnknown:Release (This=0x5957e0) returned 0x3
[0339.876] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.876] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.876] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016520, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.876] WbemDefPath:IUnknown:Release (This=0x5016520) returned 0x2
[0339.876] WbemDefPath:IUnknown:Release (This=0x5016520) returned 0x1
[0339.876] SetEvent (hEvent=0x3b4) returned 1
[0339.881] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5015ac8) returned 0x0
[0339.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015ac8, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0339.882] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5015ac8, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x5016590) returned 0x0
[0339.882] WbemDefPath:IUnknown:Release (This=0x5015ac8) returned 0x0
[0339.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016590, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x5016590) returned 0x0
[0339.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016590, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0339.882] WbemDefPath:IUnknown:AddRef (This=0x5016590) returned 0x3
[0339.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016590, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0339.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016590, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0339.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016590, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x595820) returned 0x0
[0339.882] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x595820, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0339.882] WbemDefPath:IUnknown:Release (This=0x595820) returned 0x3
[0339.882] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0339.882] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0339.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016590, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0339.883] WbemDefPath:IUnknown:Release (This=0x5016590) returned 0x2
[0339.883] WbemDefPath:IUnknown:Release (This=0x5016590) returned 0x1
[0339.883] SetEvent (hEvent=0x3b8) returned 1
[0433.950] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5015ad8) returned 0x0
[0433.951] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015ad8, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0433.951] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5015ad8, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x5016600) returned 0x0
[0433.951] WbemDefPath:IUnknown:Release (This=0x5015ad8) returned 0x0
[0433.951] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016600, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x5016600) returned 0x0
[0433.951] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016600, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0433.951] WbemDefPath:IUnknown:AddRef (This=0x5016600) returned 0x3
[0433.951] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016600, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0433.951] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016600, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0433.951] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016600, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x55fb258) returned 0x0
[0433.951] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55fb258, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0433.952] WbemDefPath:IUnknown:Release (This=0x55fb258) returned 0x3
[0433.952] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0433.952] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0433.952] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016600, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0433.952] WbemDefPath:IUnknown:Release (This=0x5016600) returned 0x2
[0433.952] WbemDefPath:IUnknown:Release (This=0x5016600) returned 0x1
[0433.952] SetEvent (hEvent=0x710) returned 1
[0434.077] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5015af8) returned 0x0
[0434.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015af8, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0434.078] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5015af8, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x5016670) returned 0x0
[0434.078] WbemDefPath:IUnknown:Release (This=0x5015af8) returned 0x0
[0434.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016670, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x5016670) returned 0x0
[0434.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016670, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0434.078] WbemDefPath:IUnknown:AddRef (This=0x5016670) returned 0x3
[0434.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016670, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0434.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016670, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0434.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016670, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x55fb3a8) returned 0x0
[0434.078] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55fb3a8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0434.078] WbemDefPath:IUnknown:Release (This=0x55fb3a8) returned 0x3
[0434.079] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0434.079] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0434.079] WbemDefPath:IUnknown:QueryInterface (in: This=0x5016670, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0434.079] WbemDefPath:IUnknown:Release (This=0x5016670) returned 0x2
[0434.079] WbemDefPath:IUnknown:Release (This=0x5016670) returned 0x1
[0434.079] SetEvent (hEvent=0x758) returned 1
[0436.853] CoGetClassObject (in: rclsid=0x564a34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x543f0f8 | out: ppv=0x543f0f8*=0x5015b08) returned 0x0
[0436.854] WbemDefPath:IUnknown:QueryInterface (in: This=0x5015b08, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x543f310 | out: ppvObject=0x543f310*=0x0) returned 0x80004002
[0436.854] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5015b08, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543f31c | out: ppvObject=0x543f31c*=0x50166e0) returned 0x0
[0436.854] WbemDefPath:IUnknown:Release (This=0x5015b08) returned 0x0
[0436.854] WbemDefPath:IUnknown:QueryInterface (in: This=0x50166e0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ef3c | out: ppvObject=0x543ef3c*=0x50166e0) returned 0x0
[0436.854] WbemDefPath:IUnknown:QueryInterface (in: This=0x50166e0, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x543eef0 | out: ppvObject=0x543eef0*=0x0) returned 0x80004002
[0436.854] WbemDefPath:IUnknown:AddRef (This=0x50166e0) returned 0x3
[0436.854] WbemDefPath:IUnknown:QueryInterface (in: This=0x50166e0, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x543e84c | out: ppvObject=0x543e84c*=0x0) returned 0x80004002
[0436.854] WbemDefPath:IUnknown:QueryInterface (in: This=0x50166e0, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x543e7fc | out: ppvObject=0x543e7fc*=0x0) returned 0x80004002
[0436.854] WbemDefPath:IUnknown:QueryInterface (in: This=0x50166e0, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543e808 | out: ppvObject=0x543e808*=0x55fb458) returned 0x0
[0436.854] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55fb458, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x543e810 | out: pCid=0x543e810*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0436.854] WbemDefPath:IUnknown:Release (This=0x55fb458) returned 0x3
[0436.854] CoGetContextToken (in: pToken=0x543e868 | out: pToken=0x543e868) returned 0x0
[0436.855] CoGetContextToken (in: pToken=0x543ec7c | out: pToken=0x543ec7c) returned 0x0
[0436.855] WbemDefPath:IUnknown:QueryInterface (in: This=0x50166e0, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x543ecfc | out: ppvObject=0x543ecfc*=0x0) returned 0x80004002
[0436.855] WbemDefPath:IUnknown:Release (This=0x50166e0) returned 0x2
[0436.855] WbemDefPath:IUnknown:Release (This=0x50166e0) returned 0x1
[0436.855] SetEvent (hEvent=0x788) returned 1
Thread:
id = 287
os_tid = 0x31c
[0335.112] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0335.112] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x563f1a4 | out: lpiid=0x563f1a4) returned 0x0
[0335.113] CoGetClassObject (in: rclsid=0x564ac4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x563eec0 | out: ppv=0x563eec0*=0x500dbf8) returned 0x0
[0335.113] WbemLocator:IUnknown:QueryInterface (in: This=0x500dbf8, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x563f0d8 | out: ppvObject=0x563f0d8*=0x0) returned 0x80004002
[0335.113] WbemLocator:IClassFactory:CreateInstance (in: This=0x500dbf8, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x563f0e4 | out: ppvObject=0x563f0e4*=0x500dc10) returned 0x0
[0335.113] WbemLocator:IUnknown:Release (This=0x500dbf8) returned 0x0
[0335.114] WbemLocator:IUnknown:QueryInterface (in: This=0x500dc10, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x563ed04 | out: ppvObject=0x563ed04*=0x500dc10) returned 0x0
[0335.114] WbemLocator:IUnknown:QueryInterface (in: This=0x500dc10, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x563ecb8 | out: ppvObject=0x563ecb8*=0x0) returned 0x80004002
[0335.114] WbemLocator:IUnknown:AddRef (This=0x500dc10) returned 0x3
[0335.114] WbemLocator:IUnknown:QueryInterface (in: This=0x500dc10, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x563e614 | out: ppvObject=0x563e614*=0x0) returned 0x80004002
[0335.114] WbemLocator:IUnknown:QueryInterface (in: This=0x500dc10, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x563e5c4 | out: ppvObject=0x563e5c4*=0x0) returned 0x80004002
[0335.114] WbemLocator:IUnknown:QueryInterface (in: This=0x500dc10, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x563e5d0 | out: ppvObject=0x563e5d0*=0x0) returned 0x80004002
[0335.114] CoGetContextToken (in: pToken=0x563e630 | out: pToken=0x563e630) returned 0x0
[0335.114] CoGetObjectContext (in: riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x583cbc | out: ppv=0x583cbc*=0x5233e8) returned 0x0
[0335.115] CoGetContextToken (in: pToken=0x563ea44 | out: pToken=0x563ea44) returned 0x0
[0335.115] WbemLocator:IUnknown:QueryInterface (in: This=0x500dc10, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x563eac4 | out: ppvObject=0x563eac4*=0x0) returned 0x80004002
[0335.115] WbemLocator:IUnknown:Release (This=0x500dc10) returned 0x2
[0335.115] WbemLocator:IUnknown:Release (This=0x500dc10) returned 0x1
[0335.116] CoGetContextToken (in: pToken=0x563f0bc | out: pToken=0x563f0bc) returned 0x0
[0335.116] CoGetContextToken (in: pToken=0x563f01c | out: pToken=0x563f01c) returned 0x0
[0335.116] WbemLocator:IUnknown:QueryInterface (in: This=0x500dc10, riid=0x563f0ec*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x563f0e8 | out: ppvObject=0x563f0e8*=0x500dc10) returned 0x0
[0335.116] WbemLocator:IUnknown:AddRef (This=0x500dc10) returned 0x3
[0335.116] WbemLocator:IUnknown:Release (This=0x500dc10) returned 0x2
[0335.119] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500da38, puCount=0x563f27c | out: puCount=0x563f27c*=0x2) returned 0x0
[0335.119] WbemDefPath:IWbemPath:GetText (in: This=0x500da38, lFlags=8, puBuffLength=0x563f278*=0x0, pszText=0x0 | out: puBuffLength=0x563f278*=0xf, pszText=0x0) returned 0x0
[0335.119] WbemDefPath:IWbemPath:GetText (in: This=0x500da38, lFlags=8, puBuffLength=0x563f278*=0xf, pszText="00000000000000" | out: puBuffLength=0x563f278*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0335.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x563e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0335.126] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x563e9c8, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63
[0335.126] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x6fc60000
[0335.191] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x563e9fc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecuritymÛq\x0fîª\x0bDþEtØìc\x05\x01", lpUsedDefaultChar=0x0) returned 13
[0335.191] GetProcAddress (hModule=0x6fc60000, lpProcName="ResetSecurity") returned 0x6fc67dd0
[0335.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x563e9fc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11
[0335.199] GetProcAddress (hModule=0x6fc60000, lpProcName="SetSecurity") returned 0x6fc67e20
[0335.208] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x563e9f8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 18
[0335.208] GetProcAddress (hModule=0x6fc60000, lpProcName="BlessIWbemServices") returned 0x6fc66e70
[0335.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x563e9f0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObject»mÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 24
[0335.232] GetProcAddress (hModule=0x6fc60000, lpProcName="BlessIWbemServicesObject") returned 0x6fc66ed0
[0335.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x563e9f8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandlemÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 17
[0335.261] GetProcAddress (hModule=0x6fc60000, lpProcName="GetPropertyHandle") returned 0x6fc67820
[0335.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x563e9f8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValueÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 18
[0335.273] GetProcAddress (hModule=0x6fc60000, lpProcName="WritePropertyValue") returned 0x6fc67fa0
[0335.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x563ea04, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ClonemÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 5
[0335.282] GetProcAddress (hModule=0x6fc60000, lpProcName="Clone") returned 0x6fc66f30
[0335.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x563e9f8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15
[0335.289] GetProcAddress (hModule=0x6fc60000, lpProcName="VerifyClientKey") returned 0x6fc67f20
[0335.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x563e9f8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15
[0335.293] GetProcAddress (hModule=0x6fc60000, lpProcName="GetQualifierSet") returned 0x6fc678e0
[0335.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x563ea04, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3
[0335.295] GetProcAddress (hModule=0x6fc60000, lpProcName="Get") returned 0x6fc675c0
[0335.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x563ea04, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3
[0335.311] GetProcAddress (hModule=0x6fc60000, lpProcName="Put") returned 0x6fc67a00
[0335.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x563ea04, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 6
[0335.325] GetProcAddress (hModule=0x6fc60000, lpProcName="Delete") returned 0x6fc67300
[0335.333] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x563ea00, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNames»mÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 8
[0335.333] GetProcAddress (hModule=0x6fc60000, lpProcName="GetNames") returned 0x6fc677c0
[0335.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x563e9f8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumeration»mÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 16
[0335.356] GetProcAddress (hModule=0x6fc60000, lpProcName="BeginEnumeration") returned 0x6fc66e30
[0335.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x563ea04, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Next»mÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 4
[0335.363] GetProcAddress (hModule=0x6fc60000, lpProcName="Next") returned 0x6fc679a0
[0335.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x563e9fc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumerationÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 14
[0335.377] GetProcAddress (hModule=0x6fc60000, lpProcName="EndEnumeration") returned 0x6fc673c0
[0335.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x563e9f0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23
[0335.383] GetProcAddress (hModule=0x6fc60000, lpProcName="GetPropertyQualifierSet") returned 0x6fc678b0
[0335.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x563ea04, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ClonemÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 5
[0335.392] GetProcAddress (hModule=0x6fc60000, lpProcName="Clone") returned 0x6fc66f30
[0335.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x563e9fc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectTextmÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 13
[0335.392] GetProcAddress (hModule=0x6fc60000, lpProcName="GetObjectText") returned 0x6fc677f0
[0335.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x563e9f8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClassmÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 17
[0335.403] GetProcAddress (hModule=0x6fc60000, lpProcName="SpawnDerivedClass") returned 0x6fc67e80
[0335.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x563e9fc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstancemÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 13
[0335.411] GetProcAddress (hModule=0x6fc60000, lpProcName="SpawnInstance") returned 0x6fc67eb0
[0335.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x563ea00, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTomÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 9
[0335.412] GetProcAddress (hModule=0x6fc60000, lpProcName="CompareTo") returned 0x6fc67020
[0335.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x563e9f8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOriginmÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 17
[0335.420] GetProcAddress (hModule=0x6fc60000, lpProcName="GetPropertyOrigin") returned 0x6fc67880
[0335.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x563e9fc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFrom»mÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 12
[0335.431] GetProcAddress (hModule=0x6fc60000, lpProcName="InheritsFrom") returned 0x6fc67900
[0335.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x563ea00, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodmÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 9
[0335.432] GetProcAddress (hModule=0x6fc60000, lpProcName="GetMethod") returned 0x6fc67730
[0335.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x563ea00, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethodmÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 9
[0335.444] GetProcAddress (hModule=0x6fc60000, lpProcName="PutMethod") returned 0x6fc67bf0
[0335.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x563e9fc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethod»mÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 12
[0335.455] GetProcAddress (hModule=0x6fc60000, lpProcName="DeleteMethod") returned 0x6fc67320
[0335.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x563e9f4, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumerationÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 22
[0335.456] GetProcAddress (hModule=0x6fc60000, lpProcName="BeginMethodEnumeration") returned 0x6fc66e50
[0335.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x563ea00, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethodÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 10
[0335.457] GetProcAddress (hModule=0x6fc60000, lpProcName="NextMethod") returned 0x6fc679d0
[0335.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x563e9f4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumeration»mÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 20
[0335.467] GetProcAddress (hModule=0x6fc60000, lpProcName="EndMethodEnumeration") returned 0x6fc673e0
[0335.468] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x563e9f4, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSetmÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 21
[0335.469] GetProcAddress (hModule=0x6fc60000, lpProcName="GetMethodQualifierSet") returned 0x6fc67790
[0335.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x563e9f8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15
[0335.470] GetProcAddress (hModule=0x6fc60000, lpProcName="GetMethodOrigin") returned 0x6fc67760
[0335.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x563e9f8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Get»mÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 16
[0335.471] GetProcAddress (hModule=0x6fc60000, lpProcName="QualifierSet_Get") returned 0x6fc67c80
[0335.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x563e9f8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Put»mÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 16
[0335.484] GetProcAddress (hModule=0x6fc60000, lpProcName="QualifierSet_Put") returned 0x6fc67d10
[0335.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x563e9f4, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19
[0335.500] GetProcAddress (hModule=0x6fc60000, lpProcName="QualifierSet_Delete") returned 0x6fc67c40
[0335.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x563e9f4, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNamesmÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 21
[0335.502] GetProcAddress (hModule=0x6fc60000, lpProcName="QualifierSet_GetNames") returned 0x6fc67cb0
[0335.517] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x563e9ec, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumerationmÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 29
[0335.517] GetProcAddress (hModule=0x6fc60000, lpProcName="QualifierSet_BeginEnumeration") returned 0x6fc67c20
[0335.519] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x563e9f8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_NextmÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 17
[0335.519] GetProcAddress (hModule=0x6fc60000, lpProcName="QualifierSet_Next") returned 0x6fc67ce0
[0335.533] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x563e9ec, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration", lpUsedDefaultChar=0x0) returned 27
[0335.533] GetProcAddress (hModule=0x6fc60000, lpProcName="QualifierSet_EndEnumeration") returned 0x6fc67c60
[0335.534] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x563e9f0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType", lpUsedDefaultChar=0x0) returned 23
[0335.535] GetProcAddress (hModule=0x6fc60000, lpProcName="GetCurrentApartmentType") returned 0x6fc678e0
[0335.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x563e9f4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStub»mÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 20
[0335.543] GetProcAddress (hModule=0x6fc60000, lpProcName="GetDemultiplexedStub") returned 0x6fc675f0
[0335.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x563e9f4, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmimÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 21
[0335.558] GetProcAddress (hModule=0x6fc60000, lpProcName="CreateInstanceEnumWmi") returned 0x6fc67230
[0335.596] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x563e9f8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmiÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 18
[0335.596] GetProcAddress (hModule=0x6fc60000, lpProcName="CreateClassEnumWmi") returned 0x6fc67160
[0335.597] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x563e9fc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmi»mÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 12
[0335.597] GetProcAddress (hModule=0x6fc60000, lpProcName="ExecQueryWmi") returned 0x6fc674e0
[0335.623] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x563e9f0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmi»mÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 24
[0335.623] GetProcAddress (hModule=0x6fc60000, lpProcName="ExecNotificationQueryWmi") returned 0x6fc67400
[0335.624] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x563e9fc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmiÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 14
[0335.625] GetProcAddress (hModule=0x6fc60000, lpProcName="PutInstanceWmi") returned 0x6fc67b10
[0335.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x563e9fc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi", lpUsedDefaultChar=0x0) returned 11
[0335.654] GetProcAddress (hModule=0x6fc60000, lpProcName="PutClassWmi") returned 0x6fc67a30
[0335.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x563e9f0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObject»mÛq\x0fîª\x0bDþEtØìc\x05", lpUsedDefaultChar=0x0) returned 24
[0335.655] GetProcAddress (hModule=0x6fc60000, lpProcName="CloneEnumWbemClassObject") returned 0x6fc66f50
[0335.663] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x563e9b0 | out: phkResult=0x563e9b0*=0x314) returned 0x0
[0335.664] RegQueryValueExW (in: hKey=0x314, lpValueName="WMIDisableCOMSecurity", lpReserved=0x0, lpType=0x563e9cc, lpData=0x0, lpcbData=0x563e9c8*=0x0 | out: lpType=0x563e9cc*=0x0, lpData=0x0, lpcbData=0x563e9c8*=0x0) returned 0x2
[0335.664] RegCloseKey (hKey=0x314) returned 0x0
[0335.665] CoCreateInstance (in: rclsid=0x6fc63734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6fc63794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x563f128 | out: ppv=0x563f128*=0x500dc20) returned 0x0
[0335.665] WbemLocator:IWbemLocator:ConnectServer (in: This=0x500dc20, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x563f1c8 | out: ppNamespace=0x563f1c8*=0x500dd1c) returned 0x0
[0335.680] WbemLocator:IUnknown:QueryInterface (in: This=0x500dd1c, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x563f04c | out: ppvObject=0x563f04c*=0x57e85c) returned 0x0
[0335.680] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x57e85c, pProxy=0x500dd1c, pAuthnSvc=0x563f09c, pAuthzSvc=0x563f098, pServerPrincName=0x563f090, pAuthnLevel=0x563f094, pImpLevel=0x563f084, pAuthInfo=0x563f088, pCapabilites=0x563f08c | out: pAuthnSvc=0x563f09c*=0xa, pAuthzSvc=0x563f098*=0x0, pServerPrincName=0x563f090, pAuthnLevel=0x563f094*=0x6, pImpLevel=0x563f084*=0x2, pAuthInfo=0x563f088, pCapabilites=0x563f08c*=0x1) returned 0x0
[0335.680] WbemLocator:IUnknown:Release (This=0x57e85c) returned 0x1
[0335.680] WbemLocator:IUnknown:QueryInterface (in: This=0x500dd1c, riid=0x6fc635a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x563f040 | out: ppvObject=0x563f040*=0x57e87c) returned 0x0
[0335.680] WbemLocator:IUnknown:QueryInterface (in: This=0x500dd1c, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x563f02c | out: ppvObject=0x563f02c*=0x57e85c) returned 0x0
[0335.680] WbemLocator:IClientSecurity:SetBlanket (This=0x57e85c, pProxy=0x500dd1c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0335.681] WbemLocator:IUnknown:Release (This=0x57e85c) returned 0x2
[0335.681] WbemLocator:IUnknown:Release (This=0x57e87c) returned 0x1
[0335.681] CoTaskMemFree (pv=0x564b78)
[0335.681] WbemLocator:IUnknown:AddRef (This=0x500dd1c) returned 0x2
[0335.681] WbemLocator:IUnknown:Release (This=0x500dc20) returned 0x0
[0335.681] CoGetContextToken (in: pToken=0x563e580 | out: pToken=0x563e580) returned 0x0
[0335.681] CoGetContextToken (in: pToken=0x563e994 | out: pToken=0x563e994) returned 0x0
[0335.681] WbemLocator:IUnknown:QueryInterface (in: This=0x500dd1c, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x563e92c | out: ppvObject=0x563e92c*=0x57e864) returned 0x0
[0335.682] WbemLocator:IRpcOptions:Query (in: This=0x57e864, pPrx=0x583e38, dwProperty=2, pdwValue=0x563ea20 | out: pdwValue=0x563ea20) returned 0x80004002
[0335.682] WbemLocator:IUnknown:Release (This=0x57e864) returned 0x2
[0335.682] CoGetContextToken (in: pToken=0x563ef64 | out: pToken=0x563ef64) returned 0x0
[0335.682] CoGetContextToken (in: pToken=0x563eec4 | out: pToken=0x563eec4) returned 0x0
[0335.682] WbemLocator:IUnknown:QueryInterface (in: This=0x500dd1c, riid=0x563ef94*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x563ee60 | out: ppvObject=0x563ee60*=0x500dd1c) returned 0x0
[0335.682] WbemLocator:IUnknown:Release (This=0x500dd1c) returned 0x2
[0335.687] SysStringLen (param_1=0x0) returned 0x0
[0335.689] CoUninitialize ()
Thread:
id = 288
os_tid = 0x308
Thread:
id = 289
os_tid = 0x4a0
[0335.700] CoGetContextToken (in: pToken=0x565f288 | out: pToken=0x565f288) returned 0x0
[0335.700] CoGetContextToken (in: pToken=0x565f274 | out: pToken=0x565f274) returned 0x0
[0335.700] CoGetMarshalSizeMax (in: pulSize=0x565f230, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x583e38, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x565f230) returned 0x0
[0335.702] CoMarshalInterface (pStm=0x551a00, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x583e38, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0335.709] IWbemServices:GetObject (in: This=0x500dd1c, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x565f290*=0x0, ppCallResult=0x0 | out: ppObject=0x565f290*=0x5014708, ppCallResult=0x0) returned 0x0
Thread:
id = 290
os_tid = 0x4b0
[0335.708] WbemLocator:IUnknown:QueryInterface (in: This=0x500dd1c, riid=0x554388*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x58af410 | out: ppvObject=0x58af410*=0x500dd1c) returned 0x0
[0335.708] WbemLocator:IUnknown:QueryInterface (in: This=0x500dd1c, riid=0x73b79fa8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x58af3c0 | out: ppvObject=0x58af3c0*=0x500dd1c) returned 0x0
[0335.708] WbemLocator:IUnknown:QueryInterface (in: This=0x500dd1c, riid=0x73b79fa8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x58af378 | out: ppvObject=0x58af378*=0x500dd1c) returned 0x0
[0339.493] CoGetContextToken (in: pToken=0x58af528 | out: pToken=0x58af528) returned 0x0
[0339.493] CoGetContextToken (in: pToken=0x58af514 | out: pToken=0x58af514) returned 0x0
[0339.493] CoGetMarshalSizeMax (in: pulSize=0x58af4d0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x593070, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x58af4d0) returned 0x0
[0339.493] CoMarshalInterface (pStm=0x551640, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x593070, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0339.495] WbemLocator:IUnknown:QueryInterface (in: This=0x500e8c4, riid=0x554568*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x58af410 | out: ppvObject=0x58af410*=0x500e8c4) returned 0x0
[0339.495] WbemLocator:IUnknown:QueryInterface (in: This=0x500e8c4, riid=0x73b79fa8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x58af3c0 | out: ppvObject=0x58af3c0*=0x500e8c4) returned 0x0
[0339.495] WbemLocator:IUnknown:QueryInterface (in: This=0x500e8c4, riid=0x73b79fa8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x58af378 | out: ppvObject=0x58af378*=0x500e8c4) returned 0x0
[0339.496] IWbemServices:GetObject (in: This=0x500e8c4, strObjectPath="Win32_NetworkAdapterConfiguration", lFlags=0, pCtx=0x0, ppObject=0x58af530*=0x0, ppCallResult=0x0 | out: ppObject=0x58af530*=0x5019520, ppCallResult=0x0) returned 0x0
Thread:
id = 304
os_tid = 0x23c
[0339.462] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0339.464] CoGetClassObject (in: rclsid=0x564ac4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5a5f450 | out: ppv=0x5a5f450*=0x500e420) returned 0x0
[0339.464] WbemLocator:IUnknown:QueryInterface (in: This=0x500e420, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a5f668 | out: ppvObject=0x5a5f668*=0x0) returned 0x80004002
[0339.464] WbemLocator:IClassFactory:CreateInstance (in: This=0x500e420, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a5f674 | out: ppvObject=0x5a5f674*=0x5014c18) returned 0x0
[0339.464] WbemLocator:IUnknown:Release (This=0x500e420) returned 0x0
[0339.465] WbemLocator:IUnknown:QueryInterface (in: This=0x5014c18, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a5f294 | out: ppvObject=0x5a5f294*=0x5014c18) returned 0x0
[0339.465] WbemLocator:IUnknown:QueryInterface (in: This=0x5014c18, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a5f248 | out: ppvObject=0x5a5f248*=0x0) returned 0x80004002
[0339.465] WbemLocator:IUnknown:AddRef (This=0x5014c18) returned 0x3
[0339.465] WbemLocator:IUnknown:QueryInterface (in: This=0x5014c18, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a5eba4 | out: ppvObject=0x5a5eba4*=0x0) returned 0x80004002
[0339.465] WbemLocator:IUnknown:QueryInterface (in: This=0x5014c18, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a5eb54 | out: ppvObject=0x5a5eb54*=0x0) returned 0x80004002
[0339.465] WbemLocator:IUnknown:QueryInterface (in: This=0x5014c18, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a5eb60 | out: ppvObject=0x5a5eb60*=0x0) returned 0x80004002
[0339.465] CoGetContextToken (in: pToken=0x5a5ebc0 | out: pToken=0x5a5ebc0) returned 0x0
[0339.466] CoGetContextToken (in: pToken=0x5a5efd4 | out: pToken=0x5a5efd4) returned 0x0
[0339.466] WbemLocator:IUnknown:QueryInterface (in: This=0x5014c18, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a5f054 | out: ppvObject=0x5a5f054*=0x0) returned 0x80004002
[0339.466] WbemLocator:IUnknown:Release (This=0x5014c18) returned 0x2
[0339.466] WbemLocator:IUnknown:Release (This=0x5014c18) returned 0x1
[0339.466] CoGetContextToken (in: pToken=0x5a5f64c | out: pToken=0x5a5f64c) returned 0x0
[0339.466] CoGetContextToken (in: pToken=0x5a5f5ac | out: pToken=0x5a5f5ac) returned 0x0
[0339.466] WbemLocator:IUnknown:QueryInterface (in: This=0x5014c18, riid=0x5a5f67c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5a5f678 | out: ppvObject=0x5a5f678*=0x5014c18) returned 0x0
[0339.466] WbemLocator:IUnknown:AddRef (This=0x5014c18) returned 0x3
[0339.466] WbemLocator:IUnknown:Release (This=0x5014c18) returned 0x2
[0339.466] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500e790, puCount=0x5a5f80c | out: puCount=0x5a5f80c*=0x2) returned 0x0
[0339.466] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=8, puBuffLength=0x5a5f808*=0x0, pszText=0x0 | out: puBuffLength=0x5a5f808*=0xf, pszText=0x0) returned 0x0
[0339.466] WbemDefPath:IWbemPath:GetText (in: This=0x500e790, lFlags=8, puBuffLength=0x5a5f808*=0xf, pszText="00000000000000" | out: puBuffLength=0x5a5f808*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0339.466] CoCreateInstance (in: rclsid=0x6fc63734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6fc63794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5a5f6b8 | out: ppv=0x5a5f6b8*=0x5014c28) returned 0x0
[0339.467] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5014c28, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5a5f758 | out: ppNamespace=0x5a5f758*=0x500e8c4) returned 0x0
[0339.484] WbemLocator:IUnknown:QueryInterface (in: This=0x500e8c4, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a5f5dc | out: ppvObject=0x5a5f5dc*=0x57ed0c) returned 0x0
[0339.484] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x57ed0c, pProxy=0x500e8c4, pAuthnSvc=0x5a5f62c, pAuthzSvc=0x5a5f628, pServerPrincName=0x5a5f620, pAuthnLevel=0x5a5f624, pImpLevel=0x5a5f614, pAuthInfo=0x5a5f618, pCapabilites=0x5a5f61c | out: pAuthnSvc=0x5a5f62c*=0xa, pAuthzSvc=0x5a5f628*=0x0, pServerPrincName=0x5a5f620, pAuthnLevel=0x5a5f624*=0x6, pImpLevel=0x5a5f614*=0x2, pAuthInfo=0x5a5f618, pCapabilites=0x5a5f61c*=0x1) returned 0x0
[0339.484] WbemLocator:IUnknown:Release (This=0x57ed0c) returned 0x1
[0339.484] WbemLocator:IUnknown:QueryInterface (in: This=0x500e8c4, riid=0x6fc635a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a5f5d0 | out: ppvObject=0x5a5f5d0*=0x57ed2c) returned 0x0
[0339.485] WbemLocator:IUnknown:QueryInterface (in: This=0x500e8c4, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a5f5bc | out: ppvObject=0x5a5f5bc*=0x57ed0c) returned 0x0
[0339.485] WbemLocator:IClientSecurity:SetBlanket (This=0x57ed0c, pProxy=0x500e8c4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0339.485] WbemLocator:IUnknown:Release (This=0x57ed0c) returned 0x2
[0339.485] WbemLocator:IUnknown:Release (This=0x57ed2c) returned 0x1
[0339.485] CoTaskMemFree (pv=0x591100)
[0339.485] WbemLocator:IUnknown:AddRef (This=0x500e8c4) returned 0x2
[0339.485] WbemLocator:IUnknown:Release (This=0x5014c28) returned 0x0
[0339.485] CoGetContextToken (in: pToken=0x5a5eb10 | out: pToken=0x5a5eb10) returned 0x0
[0339.486] CoGetContextToken (in: pToken=0x5a5ef24 | out: pToken=0x5a5ef24) returned 0x0
[0339.486] WbemLocator:IUnknown:QueryInterface (in: This=0x500e8c4, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a5eebc | out: ppvObject=0x5a5eebc*=0x57ed14) returned 0x0
[0339.486] WbemLocator:IRpcOptions:Query (in: This=0x57ed14, pPrx=0x593070, dwProperty=2, pdwValue=0x5a5efb0 | out: pdwValue=0x5a5efb0) returned 0x80004002
[0339.486] WbemLocator:IUnknown:Release (This=0x57ed14) returned 0x2
[0339.486] CoGetContextToken (in: pToken=0x5a5f4f4 | out: pToken=0x5a5f4f4) returned 0x0
[0339.486] CoGetContextToken (in: pToken=0x5a5f454 | out: pToken=0x5a5f454) returned 0x0
[0339.486] WbemLocator:IUnknown:QueryInterface (in: This=0x500e8c4, riid=0x5a5f524*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5a5f3f0 | out: ppvObject=0x5a5f3f0*=0x500e8c4) returned 0x0
[0339.486] WbemLocator:IUnknown:Release (This=0x500e8c4) returned 0x2
[0339.486] SysStringLen (param_1=0x0) returned 0x0
[0339.486] CoUninitialize ()
Thread:
id = 305
os_tid = 0x2a0
Thread:
id = 306
os_tid = 0x2bc
[0339.948] CoGetContextToken (in: pToken=0x52bf9b4 | out: pToken=0x52bf9b4) returned 0x0
[0339.948] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x744fb24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x52bf9d8 | out: ppvObject=0x52bf9d8*=0x5233f4) returned 0x0
[0339.949] IComThreadingInfo:GetCurrentThreadType (in: This=0x5233f4, pThreadType=0x52bfa04 | out: pThreadType=0x52bfa04*=0) returned 0x0
[0339.949] IUnknown:Release (This=0x5233f4) returned 0x1
[0339.949] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
Thread:
id = 307
os_tid = 0x204
[0340.056] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0340.057] CoGetContextToken (in: pToken=0x5a8f894 | out: pToken=0x5a8f894) returned 0x0
[0340.057] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x744fb24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a8f8b8 | out: ppvObject=0x5a8f8b8*=0x5233f4) returned 0x0
[0340.058] IComThreadingInfo:GetCurrentThreadType (in: This=0x5233f4, pThreadType=0x5a8f8e4 | out: pThreadType=0x5a8f8e4*=0) returned 0x0
[0340.058] IUnknown:Release (This=0x5233f4) returned 0x1
[0340.058] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0340.058] CoUninitialize ()
[0360.114] CoUninitialize ()
Thread:
id = 308
os_tid = 0x110
Thread:
id = 311
os_tid = 0x1dc
Thread:
id = 316
os_tid = 0x74c
[0371.570] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0371.571] CoGetContextToken (in: pToken=0x588f904 | out: pToken=0x588f904) returned 0x0
[0371.571] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x744fb24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x588f928 | out: ppvObject=0x588f928*=0x5233f4) returned 0x0
[0371.572] IComThreadingInfo:GetCurrentThreadType (in: This=0x5233f4, pThreadType=0x588f954 | out: pThreadType=0x588f954*=0) returned 0x0
[0371.572] IUnknown:Release (This=0x5233f4) returned 0x1
[0371.572] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0371.572] CoUninitialize ()
[0371.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x588f4ec | out: lpSystemTimeAsFileTime=0x588f4ec*(dwLowDateTime=0xc7ed21e0, dwHighDateTime=0x1d71a55))
[0371.576] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x588f15c | out: pTimeZoneInformation=0x588f15c) returned 0x1
[0371.644] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x588f240 | out: phkResult=0x588f240*=0x378) returned 0x0
[0371.644] RegQueryValueExW (in: hKey=0x378, lpValueName="TZI", lpReserved=0x0, lpType=0x588f25c, lpData=0x0, lpcbData=0x588f258*=0x0 | out: lpType=0x588f25c*=0x3, lpData=0x0, lpcbData=0x588f258*=0x2c) returned 0x0
[0371.644] RegQueryValueExW (in: hKey=0x378, lpValueName="TZI", lpReserved=0x0, lpType=0x588f25c, lpData=0x22c6a90, lpcbData=0x588f258*=0x2c | out: lpType=0x588f25c*=0x3, lpData=0x22c6a90*, lpcbData=0x588f258*=0x2c) returned 0x0
[0371.645] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x588f094 | out: phkResult=0x588f094*=0x0) returned 0x2
[0371.646] RegQueryValueExW (in: hKey=0x378, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x588f234, lpData=0x0, lpcbData=0x588f230*=0x0 | out: lpType=0x588f234*=0x1, lpData=0x0, lpcbData=0x588f230*=0x20) returned 0x0
[0371.646] RegQueryValueExW (in: hKey=0x378, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x588f234, lpData=0x22c6f9c, lpcbData=0x588f230*=0x20 | out: lpType=0x588f234*=0x1, lpData="@tzres.dll,-320", lpcbData=0x588f230*=0x20) returned 0x0
[0371.646] RegQueryValueExW (in: hKey=0x378, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x588f234, lpData=0x0, lpcbData=0x588f230*=0x0 | out: lpType=0x588f234*=0x1, lpData=0x0, lpcbData=0x588f230*=0x20) returned 0x0
[0371.646] RegQueryValueExW (in: hKey=0x378, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x588f234, lpData=0x22c6ff4, lpcbData=0x588f230*=0x20 | out: lpType=0x588f234*=0x1, lpData="@tzres.dll,-322", lpcbData=0x588f230*=0x20) returned 0x0
[0371.646] RegQueryValueExW (in: hKey=0x378, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x588f234, lpData=0x0, lpcbData=0x588f230*=0x0 | out: lpType=0x588f234*=0x1, lpData=0x0, lpcbData=0x588f230*=0x20) returned 0x0
[0371.646] RegQueryValueExW (in: hKey=0x378, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x588f234, lpData=0x22c704c, lpcbData=0x588f230*=0x20 | out: lpType=0x588f234*=0x1, lpData="@tzres.dll,-321", lpcbData=0x588f230*=0x20) returned 0x0
[0371.647] CoTaskMemAlloc (cb=0x20c) returned 0x58e778
[0371.647] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x58e778 | out: pszPath="C:\\Windows\\system32") returned 0x0
[0371.647] CoTaskMemFree (pv=0x58e778)
[0371.648] CoTaskMemAlloc (cb=0x20c) returned 0x58e778
[0371.648] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x588f250, pwszFileMUIPath=0x58e778, pcchFileMUIPath=0x588f254, pululEnumerator=0x588f248 | out: pwszLanguage=0x0, pcchLanguage=0x588f250, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x588f254, pululEnumerator=0x588f248) returned 1
[0371.723] CoTaskMemFree (pv=0x0)
[0371.723] CoTaskMemFree (pv=0x58e778)
[0371.724] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x460001
[0371.726] CoTaskMemAlloc (cb=0x3ec) returned 0x58e778
[0371.726] LoadStringW (in: hInstance=0x460001, uID=0x140, lpBuffer=0x58e778, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c
[0371.727] CoTaskMemFree (pv=0x58e778)
[0371.727] FreeLibrary (hLibModule=0x460001) returned 1
[0371.727] CoTaskMemAlloc (cb=0x20c) returned 0x58e778
[0371.728] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x58e778 | out: pszPath="C:\\Windows\\system32") returned 0x0
[0371.728] CoTaskMemFree (pv=0x58e778)
[0371.728] CoTaskMemAlloc (cb=0x20c) returned 0x58e778
[0371.728] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x588f250, pwszFileMUIPath=0x58e778, pcchFileMUIPath=0x588f254, pululEnumerator=0x588f248 | out: pwszLanguage=0x0, pcchLanguage=0x588f250, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x588f254, pululEnumerator=0x588f248) returned 1
[0371.730] CoTaskMemFree (pv=0x0)
[0371.730] CoTaskMemFree (pv=0x58e778)
[0371.731] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x460001
[0371.735] CoTaskMemAlloc (cb=0x3ec) returned 0x58e778
[0371.735] LoadStringW (in: hInstance=0x460001, uID=0x142, lpBuffer=0x58e778, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17
[0371.735] CoTaskMemFree (pv=0x58e778)
[0371.735] FreeLibrary (hLibModule=0x460001) returned 1
[0371.736] CoTaskMemAlloc (cb=0x20c) returned 0x58e778
[0371.736] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x58e778 | out: pszPath="C:\\Windows\\system32") returned 0x0
[0371.736] CoTaskMemFree (pv=0x58e778)
[0371.736] CoTaskMemAlloc (cb=0x20c) returned 0x58e778
[0371.736] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x588f250, pwszFileMUIPath=0x58e778, pcchFileMUIPath=0x588f254, pululEnumerator=0x588f248 | out: pwszLanguage=0x0, pcchLanguage=0x588f250, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x588f254, pululEnumerator=0x588f248) returned 1
[0371.740] CoTaskMemFree (pv=0x0)
[0371.740] CoTaskMemFree (pv=0x58e778)
[0371.740] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x460001
[0371.743] CoTaskMemAlloc (cb=0x3ec) returned 0x58e778
[0371.743] LoadStringW (in: hInstance=0x460001, uID=0x141, lpBuffer=0x58e778, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17
[0371.743] CoTaskMemFree (pv=0x58e778)
[0371.743] FreeLibrary (hLibModule=0x460001) returned 1
[0371.744] RegCloseKey (hKey=0x378) returned 0x0
[0371.782] GetLastInputInfo (in: plii=0x22322cc | out: plii=0x22322cc*(cbSize=0x8, dwTime=0x23f31)) returned 1
[0392.796] CoUninitialize ()
Thread:
id = 317
os_tid = 0x480
Thread:
id = 318
os_tid = 0x7a0
[0371.786] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0371.787] CoGetContextToken (in: pToken=0x5a0f694 | out: pToken=0x5a0f694) returned 0x0
[0371.787] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x744fb24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0f6b8 | out: ppvObject=0x5a0f6b8*=0x5233f4) returned 0x0
[0371.787] IComThreadingInfo:GetCurrentThreadType (in: This=0x5233f4, pThreadType=0x5a0f6e4 | out: pThreadType=0x5a0f6e4*=0) returned 0x0
[0371.787] IUnknown:Release (This=0x5233f4) returned 0x1
[0371.787] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0371.787] CoUninitialize ()
[0392.811] CoUninitialize ()
Thread:
id = 352
os_tid = 0x6a0
[0402.582] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0402.592] CoGetContextToken (in: pToken=0x559f6a4 | out: pToken=0x559f6a4) returned 0x0
[0402.592] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x744fb24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x559f6c8 | out: ppvObject=0x559f6c8*=0x5233f4) returned 0x0
[0402.592] IComThreadingInfo:GetCurrentThreadType (in: This=0x5233f4, pThreadType=0x559f6f4 | out: pThreadType=0x559f6f4*=0) returned 0x0
[0402.592] IUnknown:Release (This=0x5233f4) returned 0x1
[0402.592] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0402.592] CoUninitialize ()
[0402.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x559f28c | out: lpSystemTimeAsFileTime=0x559f28c*(dwLowDateTime=0xd9d358c0, dwHighDateTime=0x1d71a55))
[0402.594] GetLastInputInfo (in: plii=0x22322cc | out: plii=0x22322cc*(cbSize=0x8, dwTime=0x2ab8a)) returned 1
[0424.168] CoUninitialize ()
Thread:
id = 353
os_tid = 0x6c0
Thread:
id = 360
os_tid = 0x550
Thread:
id = 361
os_tid = 0x464
Thread:
id = 362
os_tid = 0x4c8
[0424.806] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0424.808] ResetEvent (hEvent=0x238) returned 1
[0487.930] ReleaseSemaphore (in: hSemaphore=0x7a4, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1
[0487.931] ReleaseSemaphore (in: hSemaphore=0x7a4, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1
[0487.931] SetEvent (hEvent=0x238) returned 1
[0531.250] QueryContextAttributesW (in: phContext=0x22e8f44, ulAttribute=0x1a, pBuffer=0x557ee68 | out: pBuffer=0x557ee68) returned 0x0
[0531.254] DeleteSecurityContext (phContext=0x22e8f44) returned 0x0
[0531.257] shutdown (s=0x4c4, how=2) returned 0
[0531.259] setsockopt (s=0x4c4, level=65535, optname=128, optval="\x01", optlen=4) returned 0
[0531.259] closesocket (s=0x4c4) returned 0
[0538.221] send (s=0x7b0, buf=0x2364888*, len=6, flags=0) returned 6
[0538.222] recv (in: s=0x7b0, buf=0x22da5f8, len=80, flags=0 | out: buf=0x22da5f8*) returned 41
[0538.289] shutdown (s=0x7b0, how=2) returned 0
[0538.290] closesocket (s=0x7b0) returned 0
[0538.290] SetEvent (hEvent=0x238) returned 1
[0588.311] SetEvent (hEvent=0x238) returned 1
[0638.340] SetEvent (hEvent=0x238) returned 1
Thread:
id = 363
os_tid = 0x4b4
Thread:
id = 364
os_tid = 0x124
Thread:
id = 366
os_tid = 0x308
[0433.958] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0433.959] CoGetClassObject (in: rclsid=0x564ac4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x605f0c0 | out: ppv=0x605f0c0*=0x502f9e0) returned 0x0
[0433.960] WbemLocator:IUnknown:QueryInterface (in: This=0x502f9e0, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x605f2d8 | out: ppvObject=0x605f2d8*=0x0) returned 0x80004002
[0433.960] WbemLocator:IClassFactory:CreateInstance (in: This=0x502f9e0, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x605f2e4 | out: ppvObject=0x605f2e4*=0x5015ae8) returned 0x0
[0433.960] WbemLocator:IUnknown:Release (This=0x502f9e0) returned 0x0
[0433.960] WbemLocator:IUnknown:QueryInterface (in: This=0x5015ae8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x605ef04 | out: ppvObject=0x605ef04*=0x5015ae8) returned 0x0
[0433.960] WbemLocator:IUnknown:QueryInterface (in: This=0x5015ae8, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x605eeb8 | out: ppvObject=0x605eeb8*=0x0) returned 0x80004002
[0433.960] WbemLocator:IUnknown:AddRef (This=0x5015ae8) returned 0x3
[0433.960] WbemLocator:IUnknown:QueryInterface (in: This=0x5015ae8, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x605e814 | out: ppvObject=0x605e814*=0x0) returned 0x80004002
[0433.960] WbemLocator:IUnknown:QueryInterface (in: This=0x5015ae8, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x605e7c4 | out: ppvObject=0x605e7c4*=0x0) returned 0x80004002
[0433.960] WbemLocator:IUnknown:QueryInterface (in: This=0x5015ae8, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x605e7d0 | out: ppvObject=0x605e7d0*=0x0) returned 0x80004002
[0433.960] CoGetContextToken (in: pToken=0x605e830 | out: pToken=0x605e830) returned 0x0
[0433.962] CoGetContextToken (in: pToken=0x605ec44 | out: pToken=0x605ec44) returned 0x0
[0433.962] WbemLocator:IUnknown:QueryInterface (in: This=0x5015ae8, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x605ecc4 | out: ppvObject=0x605ecc4*=0x0) returned 0x80004002
[0433.962] WbemLocator:IUnknown:Release (This=0x5015ae8) returned 0x2
[0433.962] WbemLocator:IUnknown:Release (This=0x5015ae8) returned 0x1
[0433.962] CoGetContextToken (in: pToken=0x605f2bc | out: pToken=0x605f2bc) returned 0x0
[0433.962] CoGetContextToken (in: pToken=0x605f21c | out: pToken=0x605f21c) returned 0x0
[0433.962] WbemLocator:IUnknown:QueryInterface (in: This=0x5015ae8, riid=0x605f2ec*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x605f2e8 | out: ppvObject=0x605f2e8*=0x5015ae8) returned 0x0
[0433.962] WbemLocator:IUnknown:AddRef (This=0x5015ae8) returned 0x3
[0433.962] WbemLocator:IUnknown:Release (This=0x5015ae8) returned 0x2
[0433.962] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fe30, puCount=0x605f47c | out: puCount=0x605f47c*=0x2) returned 0x0
[0433.962] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=8, puBuffLength=0x605f478*=0x0, pszText=0x0 | out: puBuffLength=0x605f478*=0xf, pszText=0x0) returned 0x0
[0433.962] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=8, puBuffLength=0x605f478*=0xf, pszText="00000000000000" | out: puBuffLength=0x605f478*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0433.962] CoCreateInstance (in: rclsid=0x6fc63734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6fc63794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x605f328 | out: ppv=0x605f328*=0x5015af8) returned 0x0
[0433.963] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5015af8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x605f3c8 | out: ppNamespace=0x605f3c8*=0x50172ac) returned 0x0
[0433.985] WbemLocator:IUnknown:QueryInterface (in: This=0x50172ac, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x605f24c | out: ppvObject=0x605f24c*=0x57f1bc) returned 0x0
[0433.985] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x57f1bc, pProxy=0x50172ac, pAuthnSvc=0x605f29c, pAuthzSvc=0x605f298, pServerPrincName=0x605f290, pAuthnLevel=0x605f294, pImpLevel=0x605f284, pAuthInfo=0x605f288, pCapabilites=0x605f28c | out: pAuthnSvc=0x605f29c*=0xa, pAuthzSvc=0x605f298*=0x0, pServerPrincName=0x605f290, pAuthnLevel=0x605f294*=0x6, pImpLevel=0x605f284*=0x2, pAuthInfo=0x605f288, pCapabilites=0x605f28c*=0x1) returned 0x0
[0433.985] WbemLocator:IUnknown:Release (This=0x57f1bc) returned 0x1
[0433.985] WbemLocator:IUnknown:QueryInterface (in: This=0x50172ac, riid=0x6fc635a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x605f240 | out: ppvObject=0x605f240*=0x57f1dc) returned 0x0
[0433.985] WbemLocator:IUnknown:QueryInterface (in: This=0x50172ac, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x605f22c | out: ppvObject=0x605f22c*=0x57f1bc) returned 0x0
[0433.985] WbemLocator:IClientSecurity:SetBlanket (This=0x57f1bc, pProxy=0x50172ac, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0433.985] WbemLocator:IUnknown:Release (This=0x57f1bc) returned 0x2
[0433.985] WbemLocator:IUnknown:Release (This=0x57f1dc) returned 0x1
[0433.985] CoTaskMemFree (pv=0x55b2b30)
[0433.986] WbemLocator:IUnknown:AddRef (This=0x50172ac) returned 0x2
[0433.986] WbemLocator:IUnknown:Release (This=0x5015af8) returned 0x0
[0433.986] CoGetContextToken (in: pToken=0x605e780 | out: pToken=0x605e780) returned 0x0
[0433.986] CoGetContextToken (in: pToken=0x605eb94 | out: pToken=0x605eb94) returned 0x0
[0433.986] WbemLocator:IUnknown:QueryInterface (in: This=0x50172ac, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x605eb2c | out: ppvObject=0x605eb2c*=0x57f1c4) returned 0x0
[0433.986] WbemLocator:IRpcOptions:Query (in: This=0x57f1c4, pPrx=0x55a6ae8, dwProperty=2, pdwValue=0x605ec20 | out: pdwValue=0x605ec20) returned 0x80004002
[0433.986] WbemLocator:IUnknown:Release (This=0x57f1c4) returned 0x2
[0433.986] CoGetContextToken (in: pToken=0x605f164 | out: pToken=0x605f164) returned 0x0
[0433.986] CoGetContextToken (in: pToken=0x605f0c4 | out: pToken=0x605f0c4) returned 0x0
[0433.986] WbemLocator:IUnknown:QueryInterface (in: This=0x50172ac, riid=0x605f194*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x605f060 | out: ppvObject=0x605f060*=0x50172ac) returned 0x0
[0433.987] WbemLocator:IUnknown:Release (This=0x50172ac) returned 0x2
[0433.987] SysStringLen (param_1=0x0) returned 0x0
[0433.987] CoUninitialize ()
Thread:
id = 367
os_tid = 0x388
Thread:
id = 368
os_tid = 0x2a0
[0433.995] CoGetContextToken (in: pToken=0x60ef660 | out: pToken=0x60ef660) returned 0x0
[0433.995] CoGetContextToken (in: pToken=0x60ef64c | out: pToken=0x60ef64c) returned 0x0
[0433.995] CoGetMarshalSizeMax (in: pulSize=0x60ef608, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x55a6ae8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x60ef608) returned 0x0
[0433.996] CoMarshalInterface (pStm=0x5590ac8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x55a6ae8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
Thread:
id = 369
os_tid = 0x110
[0434.000] WbemLocator:IUnknown:QueryInterface (in: This=0x50172ac, riid=0x554748*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x633f530 | out: ppvObject=0x633f530*=0x50172ac) returned 0x0
[0434.001] WbemLocator:IUnknown:QueryInterface (in: This=0x50172ac, riid=0x73b79fa8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x633f4e0 | out: ppvObject=0x633f4e0*=0x50172ac) returned 0x0
[0434.001] WbemLocator:IUnknown:QueryInterface (in: This=0x50172ac, riid=0x73b79fa8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x633f498 | out: ppvObject=0x633f498*=0x50172ac) returned 0x0
[0434.144] CoGetContextToken (in: pToken=0x633f648 | out: pToken=0x633f648) returned 0x0
[0434.144] CoGetContextToken (in: pToken=0x633f634 | out: pToken=0x633f634) returned 0x0
[0434.144] CoGetMarshalSizeMax (in: pulSize=0x633f5f0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x55a6ec0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x633f5f0) returned 0x0
[0434.145] CoMarshalInterface (pStm=0x5590c48, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x55a6ec0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0434.147] WbemLocator:IUnknown:QueryInterface (in: This=0x50303ac, riid=0x554b08*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x633f530 | out: ppvObject=0x633f530*=0x50303ac) returned 0x0
[0434.147] WbemLocator:IUnknown:QueryInterface (in: This=0x50303ac, riid=0x73b79fa8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x633f4e0 | out: ppvObject=0x633f4e0*=0x50303ac) returned 0x0
[0434.147] WbemLocator:IUnknown:QueryInterface (in: This=0x50303ac, riid=0x73b79fa8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x633f498 | out: ppvObject=0x633f498*=0x50303ac) returned 0x0
Thread:
id = 370
os_tid = 0x750
[0434.107] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0434.108] CoGetClassObject (in: rclsid=0x564ac4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x745c6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x64cefe0 | out: ppv=0x64cefe0*=0x502fa70) returned 0x0
[0434.109] WbemLocator:IUnknown:QueryInterface (in: This=0x502fa70, riid=0x7458dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x64cf1f8 | out: ppvObject=0x64cf1f8*=0x0) returned 0x80004002
[0434.109] WbemLocator:IClassFactory:CreateInstance (in: This=0x502fa70, pUnkOuter=0x0, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x64cf204 | out: ppvObject=0x64cf204*=0x5015af8) returned 0x0
[0434.109] WbemLocator:IUnknown:Release (This=0x502fa70) returned 0x0
[0434.109] WbemLocator:IUnknown:QueryInterface (in: This=0x5015af8, riid=0x74472a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x64cee24 | out: ppvObject=0x64cee24*=0x5015af8) returned 0x0
[0434.109] WbemLocator:IUnknown:QueryInterface (in: This=0x5015af8, riid=0x74561b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x64cedd8 | out: ppvObject=0x64cedd8*=0x0) returned 0x80004002
[0434.110] WbemLocator:IUnknown:AddRef (This=0x5015af8) returned 0x3
[0434.110] WbemLocator:IUnknown:QueryInterface (in: This=0x5015af8, riid=0x7456182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x64ce734 | out: ppvObject=0x64ce734*=0x0) returned 0x80004002
[0434.110] WbemLocator:IUnknown:QueryInterface (in: This=0x5015af8, riid=0x74561764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x64ce6e4 | out: ppvObject=0x64ce6e4*=0x0) returned 0x80004002
[0434.110] WbemLocator:IUnknown:QueryInterface (in: This=0x5015af8, riid=0x74491388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x64ce6f0 | out: ppvObject=0x64ce6f0*=0x0) returned 0x80004002
[0434.110] CoGetContextToken (in: pToken=0x64ce750 | out: pToken=0x64ce750) returned 0x0
[0434.110] CoGetContextToken (in: pToken=0x64ceb64 | out: pToken=0x64ceb64) returned 0x0
[0434.110] WbemLocator:IUnknown:QueryInterface (in: This=0x5015af8, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x64cebe4 | out: ppvObject=0x64cebe4*=0x0) returned 0x80004002
[0434.110] WbemLocator:IUnknown:Release (This=0x5015af8) returned 0x2
[0434.110] WbemLocator:IUnknown:Release (This=0x5015af8) returned 0x1
[0434.110] CoGetContextToken (in: pToken=0x64cf1dc | out: pToken=0x64cf1dc) returned 0x0
[0434.110] CoGetContextToken (in: pToken=0x64cf13c | out: pToken=0x64cf13c) returned 0x0
[0434.110] WbemLocator:IUnknown:QueryInterface (in: This=0x5015af8, riid=0x64cf20c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x64cf208 | out: ppvObject=0x64cf208*=0x5015af8) returned 0x0
[0434.111] WbemLocator:IUnknown:AddRef (This=0x5015af8) returned 0x3
[0434.111] WbemLocator:IUnknown:Release (This=0x5015af8) returned 0x2
[0434.111] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x500fe30, puCount=0x64cf39c | out: puCount=0x64cf39c*=0x2) returned 0x0
[0434.111] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=8, puBuffLength=0x64cf398*=0x0, pszText=0x0 | out: puBuffLength=0x64cf398*=0xf, pszText=0x0) returned 0x0
[0434.111] WbemDefPath:IWbemPath:GetText (in: This=0x500fe30, lFlags=8, puBuffLength=0x64cf398*=0xf, pszText="00000000000000" | out: puBuffLength=0x64cf398*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0434.111] CoCreateInstance (in: rclsid=0x6fc63734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6fc63794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x64cf248 | out: ppv=0x64cf248*=0x5015b08) returned 0x0
[0434.111] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5015b08, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x64cf2e8 | out: ppNamespace=0x64cf2e8*=0x50303ac) returned 0x0
[0434.122] WbemLocator:IUnknown:QueryInterface (in: This=0x50303ac, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x64cf16c | out: ppvObject=0x64cf16c*=0x57f93c) returned 0x0
[0434.122] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x57f93c, pProxy=0x50303ac, pAuthnSvc=0x64cf1bc, pAuthzSvc=0x64cf1b8, pServerPrincName=0x64cf1b0, pAuthnLevel=0x64cf1b4, pImpLevel=0x64cf1a4, pAuthInfo=0x64cf1a8, pCapabilites=0x64cf1ac | out: pAuthnSvc=0x64cf1bc*=0xa, pAuthzSvc=0x64cf1b8*=0x0, pServerPrincName=0x64cf1b0, pAuthnLevel=0x64cf1b4*=0x6, pImpLevel=0x64cf1a4*=0x2, pAuthInfo=0x64cf1a8, pCapabilites=0x64cf1ac*=0x1) returned 0x0
[0434.122] WbemLocator:IUnknown:Release (This=0x57f93c) returned 0x1
[0434.122] WbemLocator:IUnknown:QueryInterface (in: This=0x50303ac, riid=0x6fc635a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x64cf160 | out: ppvObject=0x64cf160*=0x57f95c) returned 0x0
[0434.122] WbemLocator:IUnknown:QueryInterface (in: This=0x50303ac, riid=0x6fc635b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x64cf14c | out: ppvObject=0x64cf14c*=0x57f93c) returned 0x0
[0434.122] WbemLocator:IClientSecurity:SetBlanket (This=0x57f93c, pProxy=0x50303ac, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0434.123] WbemLocator:IUnknown:Release (This=0x57f93c) returned 0x2
[0434.123] WbemLocator:IUnknown:Release (This=0x57f95c) returned 0x1
[0434.123] CoTaskMemFree (pv=0x55b2cb0)
[0434.123] WbemLocator:IUnknown:AddRef (This=0x50303ac) returned 0x2
[0434.123] WbemLocator:IUnknown:Release (This=0x5015b08) returned 0x0
[0434.123] CoGetContextToken (in: pToken=0x64ce6a0 | out: pToken=0x64ce6a0) returned 0x0
[0434.123] CoGetContextToken (in: pToken=0x64ceab4 | out: pToken=0x64ceab4) returned 0x0
[0434.123] WbemLocator:IUnknown:QueryInterface (in: This=0x50303ac, riid=0x74561aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x64cea4c | out: ppvObject=0x64cea4c*=0x57f944) returned 0x0
[0434.124] WbemLocator:IRpcOptions:Query (in: This=0x57f944, pPrx=0x55a6ec0, dwProperty=2, pdwValue=0x64ceb40 | out: pdwValue=0x64ceb40) returned 0x80004002
[0434.124] WbemLocator:IUnknown:Release (This=0x57f944) returned 0x2
[0434.124] CoGetContextToken (in: pToken=0x64cf084 | out: pToken=0x64cf084) returned 0x0
[0434.124] CoGetContextToken (in: pToken=0x64cefe4 | out: pToken=0x64cefe4) returned 0x0
[0434.124] WbemLocator:IUnknown:QueryInterface (in: This=0x50303ac, riid=0x64cf0b4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x64cef80 | out: ppvObject=0x64cef80*=0x50303ac) returned 0x0
[0434.124] WbemLocator:IUnknown:Release (This=0x50303ac) returned 0x2
[0434.124] SysStringLen (param_1=0x0) returned 0x0
[0434.124] CoUninitialize ()
Thread:
id = 371
os_tid = 0xb4
Thread:
id = 373
os_tid = 0x780
[0436.943] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0436.944] CoGetContextToken (in: pToken=0x64df1b4 | out: pToken=0x64df1b4) returned 0x0
[0436.944] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x744fb24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x64df1d8 | out: ppvObject=0x64df1d8*=0x5233f4) returned 0x0
[0436.944] IComThreadingInfo:GetCurrentThreadType (in: This=0x5233f4, pThreadType=0x64df204 | out: pThreadType=0x64df204*=0) returned 0x0
[0436.945] IUnknown:Release (This=0x5233f4) returned 0x1
[0436.945] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0436.945] CoUninitialize ()
[0436.945] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x64ded9c | out: lpSystemTimeAsFileTime=0x64ded9c*(dwLowDateTime=0xebb98fa0, dwHighDateTime=0x1d71a55))
[0436.946] GetLastInputInfo (in: plii=0x22322cc | out: plii=0x22322cc*(cbSize=0x8, dwTime=0x338ac)) returned 1
[0456.974] CoUninitialize ()
Thread:
id = 374
os_tid = 0x7ac
Thread:
id = 377
os_tid = 0x7a8
[0467.092] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0467.093] CoGetContextToken (in: pToken=0x61af674 | out: pToken=0x61af674) returned 0x0
[0467.093] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x744fb24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x61af698 | out: ppvObject=0x61af698*=0x5233f4) returned 0x0
[0467.094] IComThreadingInfo:GetCurrentThreadType (in: This=0x5233f4, pThreadType=0x61af6c4 | out: pThreadType=0x61af6c4*=0) returned 0x0
[0467.094] IUnknown:Release (This=0x5233f4) returned 0x1
[0467.094] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0467.094] CoUninitialize ()
[0467.096] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x61af25c | out: lpSystemTimeAsFileTime=0x61af25c*(dwLowDateTime=0xfd9d6520, dwHighDateTime=0x1d71a55))
[0467.096] GetLastInputInfo (in: plii=0x22322cc | out: plii=0x22322cc*(cbSize=0x8, dwTime=0x3ae48)) returned 1
[0487.847] CoUninitialize ()
Thread:
id = 378
os_tid = 0x5f8
Thread:
id = 387
os_tid = 0x204
Thread:
id = 399
os_tid = 0x4ac
[0498.107] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0498.109] CoGetContextToken (in: pToken=0x616f394 | out: pToken=0x616f394) returned 0x0
[0498.109] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x744fb24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x616f3b8 | out: ppvObject=0x616f3b8*=0x5233f4) returned 0x0
[0498.109] IComThreadingInfo:GetCurrentThreadType (in: This=0x5233f4, pThreadType=0x616f3e4 | out: pThreadType=0x616f3e4*=0) returned 0x0
[0498.109] IUnknown:Release (This=0x5233f4) returned 0x1
[0498.109] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0498.109] CoUninitialize ()
[0498.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x616ef7c | out: lpSystemTimeAsFileTime=0x616ef7c*(dwLowDateTime=0xf839c00, dwHighDateTime=0x1d71a56))
[0498.113] GetLastInputInfo (in: plii=0x22322cc | out: plii=0x22322cc*(cbSize=0x8, dwTime=0x4202c)) returned 1
[0518.149] CoUninitialize ()
Thread:
id = 400
os_tid = 0x3bc
Thread:
id = 401
os_tid = 0x3e4
[0498.117] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0498.118] CoGetContextToken (in: pToken=0x636f204 | out: pToken=0x636f204) returned 0x0
[0498.118] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x744fb24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x636f228 | out: ppvObject=0x636f228*=0x5233f4) returned 0x0
[0498.119] IComThreadingInfo:GetCurrentThreadType (in: This=0x5233f4, pThreadType=0x636f254 | out: pThreadType=0x636f254*=0) returned 0x0
[0498.119] IUnknown:Release (This=0x5233f4) returned 0x1
[0498.119] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0498.119] CoUninitialize ()
[0518.142] CoUninitialize ()
Thread:
id = 403
os_tid = 0x57c
[0528.117] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0528.118] CoGetContextToken (in: pToken=0x637f584 | out: pToken=0x637f584) returned 0x0
[0528.119] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x744fb24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x637f5a8 | out: ppvObject=0x637f5a8*=0x5233f4) returned 0x0
[0528.119] IComThreadingInfo:GetCurrentThreadType (in: This=0x5233f4, pThreadType=0x637f5d4 | out: pThreadType=0x637f5d4*=0) returned 0x0
[0528.119] IUnknown:Release (This=0x5233f4) returned 0x1
[0528.119] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0528.119] CoUninitialize ()
[0528.121] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x637f16c | out: lpSystemTimeAsFileTime=0x637f16c*(dwLowDateTime=0x21651020, dwHighDateTime=0x1d71a56))
[0528.122] GetLastInputInfo (in: plii=0x22322cc | out: plii=0x22322cc*(cbSize=0x8, dwTime=0x49655)) returned 1
[0548.156] CoUninitialize ()
Thread:
id = 404
os_tid = 0x7b4
Thread:
id = 405
os_tid = 0x570
[0528.137] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0528.139] CoGetContextToken (in: pToken=0x60eef54 | out: pToken=0x60eef54) returned 0x0
[0528.139] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x744fb24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x60eef78 | out: ppvObject=0x60eef78*=0x5233f4) returned 0x0
[0528.139] IComThreadingInfo:GetCurrentThreadType (in: This=0x5233f4, pThreadType=0x60eefa4 | out: pThreadType=0x60eefa4*=0) returned 0x0
[0528.139] IUnknown:Release (This=0x5233f4) returned 0x1
[0528.139] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0528.139] CoUninitialize ()
[0548.171] CoUninitialize ()
Thread:
id = 412
os_tid = 0x544
[0558.129] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0558.131] CoGetContextToken (in: pToken=0x644f174 | out: pToken=0x644f174) returned 0x0
[0558.131] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x744fb24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x644f198 | out: ppvObject=0x644f198*=0x5233f4) returned 0x0
[0558.132] IComThreadingInfo:GetCurrentThreadType (in: This=0x5233f4, pThreadType=0x644f1c4 | out: pThreadType=0x644f1c4*=0) returned 0x0
[0558.132] IUnknown:Release (This=0x5233f4) returned 0x1
[0558.132] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0558.132] CoUninitialize ()
[0558.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x644ed5c | out: lpSystemTimeAsFileTime=0x644ed5c*(dwLowDateTime=0x3348e5a0, dwHighDateTime=0x1d71a56))
[0558.134] GetLastInputInfo (in: plii=0x22322cc | out: plii=0x22322cc*(cbSize=0x8, dwTime=0x50c9d)) returned 1
[0578.155] CoUninitialize ()
Thread:
id = 413
os_tid = 0x6fc
Thread:
id = 414
os_tid = 0x4f4
Thread:
id = 416
os_tid = 0xb4
[0588.144] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0588.146] CoGetContextToken (in: pToken=0x645ee84 | out: pToken=0x645ee84) returned 0x0
[0588.146] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x744fb24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x645eea8 | out: ppvObject=0x645eea8*=0x5233f4) returned 0x0
[0588.146] IComThreadingInfo:GetCurrentThreadType (in: This=0x5233f4, pThreadType=0x645eed4 | out: pThreadType=0x645eed4*=0) returned 0x0
[0588.146] IUnknown:Release (This=0x5233f4) returned 0x1
[0588.146] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0588.146] CoUninitialize ()
[0588.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x645ea6c | out: lpSystemTimeAsFileTime=0x645ea6c*(dwLowDateTime=0x452cbb20, dwHighDateTime=0x1d71a56))
[0588.149] GetLastInputInfo (in: plii=0x22322cc | out: plii=0x22322cc*(cbSize=0x8, dwTime=0x58313)) returned 1
[0608.283] CoUninitialize ()
Thread:
id = 417
os_tid = 0x54c
Thread:
id = 422
os_tid = 0x7cc
[0618.164] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0618.166] CoGetContextToken (in: pToken=0x63aecd4 | out: pToken=0x63aecd4) returned 0x0
[0618.166] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x744fb24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x63aecf8 | out: ppvObject=0x63aecf8*=0x5233f4) returned 0x0
[0618.167] IComThreadingInfo:GetCurrentThreadType (in: This=0x5233f4, pThreadType=0x63aed24 | out: pThreadType=0x63aed24*=0) returned 0x0
[0618.167] IUnknown:Release (This=0x5233f4) returned 0x1
[0618.167] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0618.167] CoUninitialize ()
[0618.169] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x63ae8bc | out: lpSystemTimeAsFileTime=0x63ae8bc*(dwLowDateTime=0x5712f200, dwHighDateTime=0x1d71a56))
[0618.169] GetLastInputInfo (in: plii=0x22322cc | out: plii=0x22322cc*(cbSize=0x8, dwTime=0x5f90d)) returned 1
[0638.204] CoUninitialize ()
Thread:
id = 423
os_tid = 0x120
Thread:
id = 424
os_tid = 0x2a0
[0618.174] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0618.176] CoGetContextToken (in: pToken=0x64cee74 | out: pToken=0x64cee74) returned 0x0
[0618.176] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x744fb24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x64cee98 | out: ppvObject=0x64cee98*=0x5233f4) returned 0x0
[0618.176] IComThreadingInfo:GetCurrentThreadType (in: This=0x5233f4, pThreadType=0x64ceec4 | out: pThreadType=0x64ceec4*=0) returned 0x0
[0618.176] IUnknown:Release (This=0x5233f4) returned 0x1
[0618.176] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0618.176] CoUninitialize ()
[0638.201] CoUninitialize ()
Thread:
id = 425
os_tid = 0x5f8
Thread:
id = 429
os_tid = 0xc8
[0648.176] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0648.178] CoGetContextToken (in: pToken=0x624ed84 | out: pToken=0x624ed84) returned 0x0
[0648.178] IUnknown:QueryInterface (in: This=0x5233e8, riid=0x744fb24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x624eda8 | out: ppvObject=0x624eda8*=0x5233f4) returned 0x0
[0648.178] IComThreadingInfo:GetCurrentThreadType (in: This=0x5233f4, pThreadType=0x624edd4 | out: pThreadType=0x624edd4*=0) returned 0x0
[0648.178] IUnknown:Release (This=0x5233f4) returned 0x1
[0648.178] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0648.178] CoUninitialize ()
[0648.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x624e96c | out: lpSystemTimeAsFileTime=0x624e96c*(dwLowDateTime=0x68f46620, dwHighDateTime=0x1d71a56))
[0648.180] GetLastInputInfo (in: plii=0x22322cc | out: plii=0x22322cc*(cbSize=0x8, dwTime=0x66f55)) returned 1
Thread:
id = 430
os_tid = 0x7b0
Process:
id = "17"
image_name = "wmiprvse.exe"
filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
page_root = "0x69e48000"
os_pid = "0x25c"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "12"
os_parent_pid = "0x248"
cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Network Service"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0002a1a4" [0xc000000f]
Region:
id = 4189
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 4190
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 4191
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 4192
start_va = 0x1b0000
end_va = 0x22ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 4193
start_va = 0x771b0000
end_va = 0x77358fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 4194
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 4195
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 4196
start_va = 0xffee0000
end_va = 0xfff3efff
monitored = 0
entry_point = 0xffeea9b4
region_type = mapped_file
name = "wmiprvse.exe"
filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")
Region:
id = 4197
start_va = 0x7feff4d0000
end_va = 0x7feff4d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 4198
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 4199
start_va = 0x7fffffd5000
end_va = 0x7fffffd5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 4200
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 4201
start_va = 0x3b0000
end_va = 0x4affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003b0000"
filename = ""
Region:
id = 4202
start_va = 0x77090000
end_va = 0x771aefff
monitored = 0
entry_point = 0x770a5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 4203
start_va = 0x7fefd320000
end_va = 0x7fefd38afff
monitored = 0
entry_point = 0x7fefd3230e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 4204
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 4205
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 4206
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 4207
start_va = 0x50000
end_va = 0xb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 4208
start_va = 0x7feff3e0000
end_va = 0x7feff4bafff
monitored = 0
entry_point = 0x7feff400760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 4209
start_va = 0x7fefed20000
end_va = 0x7fefedbefff
monitored = 0
entry_point = 0x7fefed225a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 4210
start_va = 0x7fefd710000
end_va = 0x7fefd72efff
monitored = 0
entry_point = 0x7fefd7160e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 4211
start_va = 0x7fefd880000
end_va = 0x7fefd9acfff
monitored = 0
entry_point = 0x7fefd8ced50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 4212
start_va = 0x76f90000
end_va = 0x77089fff
monitored = 0
entry_point = 0x76faa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 4213
start_va = 0x7fefedd0000
end_va = 0x7fefee36fff
monitored = 0
entry_point = 0x7fefeddb03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 4214
start_va = 0x7fefedc0000
end_va = 0x7fefedcdfff
monitored = 0
entry_point = 0x7fefedc1080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 4215
start_va = 0x7fefee40000
end_va = 0x7fefef08fff
monitored = 0
entry_point = 0x7fefeeba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 4216
start_va = 0x7fef38b0000
end_va = 0x7fef3935fff
monitored = 0
entry_point = 0x7fef38bffd0
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 4217
start_va = 0x7fefdb30000
end_va = 0x7fefdc06fff
monitored = 0
entry_point = 0x7fefdb33274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 4218
start_va = 0x7feff1c0000
end_va = 0x7feff3c2fff
monitored = 0
entry_point = 0x7feff1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 4219
start_va = 0x7fefef90000
end_va = 0x7fefefdcfff
monitored = 0
entry_point = 0x7fefef91070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 4220
start_va = 0x7feff3d0000
end_va = 0x7feff3d7fff
monitored = 0
entry_point = 0x7feff3d1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 4221
start_va = 0x7fef32c0000
end_va = 0x7fef33a1fff
monitored = 0
entry_point = 0x7fef32e3814
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 4222
start_va = 0x7fef3290000
end_va = 0x7fef32b6fff
monitored = 0
entry_point = 0x7fef32911a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 4223
start_va = 0x7fef2e10000
end_va = 0x7fef2e25fff
monitored = 0
entry_point = 0x7fef2e11070
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 4224
start_va = 0xc0000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 4225
start_va = 0x230000
end_va = 0x32ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000230000"
filename = ""
Region:
id = 4226
start_va = 0xc0000
end_va = 0xe8fff
monitored = 0
entry_point = 0xc1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 4227
start_va = 0x180000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 4228
start_va = 0x4b0000
end_va = 0x637fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004b0000"
filename = ""
Region:
id = 4229
start_va = 0xc0000
end_va = 0xe8fff
monitored = 0
entry_point = 0xc1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 4230
start_va = 0x7fefd7b0000
end_va = 0x7fefd7ddfff
monitored = 0
entry_point = 0x7fefd7b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 4231
start_va = 0x7fefd4d0000
end_va = 0x7fefd5d8fff
monitored = 0
entry_point = 0x7fefd4d1064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 4232
start_va = 0xc0000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 4233
start_va = 0x640000
end_va = 0x7c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000640000"
filename = ""
Region:
id = 4234
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 4235
start_va = 0x190000
end_va = 0x190fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 4236
start_va = 0x7d0000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007d0000"
filename = ""
Region:
id = 4237
start_va = 0x930000
end_va = 0xb5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 4238
start_va = 0x930000
end_va = 0xa2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 4239
start_va = 0xae0000
end_va = 0xb5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ae0000"
filename = ""
Region:
id = 4240
start_va = 0xb60000
end_va = 0xe2efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 4241
start_va = 0x1a0000
end_va = 0x1a4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 4242
start_va = 0x330000
end_va = 0x3acfff
monitored = 0
entry_point = 0x33cec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 4243
start_va = 0x330000
end_va = 0x3acfff
monitored = 0
entry_point = 0x33cec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 4244
start_va = 0x7fefcff0000
end_va = 0x7fefcffefff
monitored = 0
entry_point = 0x7fefcff1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 4245
start_va = 0x7fefb180000
end_va = 0x7fefb1acfff
monitored = 0
entry_point = 0x7fefb181010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 4246
start_va = 0x7fefecc0000
end_va = 0x7fefed11fff
monitored = 0
entry_point = 0x7fefecc10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 4247
start_va = 0xed0000
end_va = 0xf4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ed0000"
filename = ""
Region:
id = 4248
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 4249
start_va = 0x330000
end_va = 0x330fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000330000"
filename = ""
Region:
id = 4250
start_va = 0xf70000
end_va = 0xfeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f70000"
filename = ""
Region:
id = 4251
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 4252
start_va = 0x340000
end_va = 0x340fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000340000"
filename = ""
Region:
id = 4253
start_va = 0x7fefde70000
end_va = 0x7fefdf08fff
monitored = 0
entry_point = 0x7fefde71c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 4254
start_va = 0x350000
end_va = 0x350fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000350000"
filename = ""
Region:
id = 4255
start_va = 0x7fefb3b0000
end_va = 0x7fefb3befff
monitored = 0
entry_point = 0x7fefb3b11d0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 4256
start_va = 0x10b0000
end_va = 0x112ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010b0000"
filename = ""
Region:
id = 4257
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 4258
start_va = 0x7fefc9f0000
end_va = 0x7fefca07fff
monitored = 0
entry_point = 0x7fefc9f3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 4259
start_va = 0x360000
end_va = 0x3a4fff
monitored = 0
entry_point = 0x361064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 4260
start_va = 0x360000
end_va = 0x3a4fff
monitored = 0
entry_point = 0x361064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 4261
start_va = 0x360000
end_va = 0x3a4fff
monitored = 0
entry_point = 0x361064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 4262
start_va = 0x360000
end_va = 0x3a4fff
monitored = 0
entry_point = 0x361064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 4263
start_va = 0x360000
end_va = 0x3a4fff
monitored = 0
entry_point = 0x361064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 4264
start_va = 0x7fefc6f0000
end_va = 0x7fefc736fff
monitored = 0
entry_point = 0x7fefc6f1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 4265
start_va = 0x7fefd0e0000
end_va = 0x7fefd0f3fff
monitored = 0
entry_point = 0x7fefd0e10e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 4266
start_va = 0x1140000
end_va = 0x11bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001140000"
filename = ""
Region:
id = 4267
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 4268
start_va = 0xa60000
end_va = 0xadffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a60000"
filename = ""
Region:
id = 4269
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 4270
start_va = 0x7fef30d0000
end_va = 0x7fef30e3fff
monitored = 0
entry_point = 0x7fef30d1070
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 4271
start_va = 0x1290000
end_va = 0x130ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001290000"
filename = ""
Region:
id = 4272
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 4273
start_va = 0x7fef2f90000
end_va = 0x7fef2fb5fff
monitored = 0
entry_point = 0x7fef2f97948
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 4278
start_va = 0x7fef2260000
end_va = 0x7fef2459fff
monitored = 0
entry_point = 0x7fef2274c9c
region_type = mapped_file
name = "cimwin32.dll"
filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll")
Region:
id = 4279
start_va = 0x7fef9280000
end_va = 0x7fef92cbfff
monitored = 0
entry_point = 0x7fef9281064
region_type = mapped_file
name = "framedynos.dll"
filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")
Region:
id = 4280
start_va = 0x7fefcfc0000
end_va = 0x7fefcfe4fff
monitored = 0
entry_point = 0x7fefcfc9658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 4281
start_va = 0x7fefb480000
end_va = 0x7fefb490fff
monitored = 0
entry_point = 0x7fefb481070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 4287
start_va = 0x71e80000
end_va = 0x71e82fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wmi.dll"
filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll")
Region:
id = 4288
start_va = 0x360000
end_va = 0x362fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000360000"
filename = ""
Region:
id = 4289
start_va = 0x1340000
end_va = 0x13bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001340000"
filename = ""
Region:
id = 4290
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 4328
start_va = 0x370000
end_va = 0x371fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000370000"
filename = ""
Region:
id = 4329
start_va = 0x380000
end_va = 0x384fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000380000"
filename = ""
Region:
id = 4330
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 4331
start_va = 0x3a0000
end_va = 0x3a5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 4332
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 4333
start_va = 0x3a0000
end_va = 0x3a5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 4334
start_va = 0x7d0000
end_va = 0x823fff
monitored = 0
entry_point = 0x7e3450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 4335
start_va = 0x8b0000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008b0000"
filename = ""
Region:
id = 4336
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 4337
start_va = 0x7d0000
end_va = 0x823fff
monitored = 0
entry_point = 0x7e3450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 4338
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 4339
start_va = 0x380000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x39a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 4340
start_va = 0x7d0000
end_va = 0x7d3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 4341
start_va = 0x380000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x39a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 4342
start_va = 0x7d0000
end_va = 0x7d3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 4343
start_va = 0x380000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x39a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 4344
start_va = 0x7d0000
end_va = 0x7d3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 4345
start_va = 0x380000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x39a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 4346
start_va = 0x7d0000
end_va = 0x7d3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 4347
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4348
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4349
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4350
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4351
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4352
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4353
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4354
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4355
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4356
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4357
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4358
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4359
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4360
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4361
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4362
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4363
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x8168c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 4364
start_va = 0x380000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 4365
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x8168c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 4366
start_va = 0x380000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 4367
start_va = 0x7d0000
end_va = 0x8abfff
monitored = 0
entry_point = 0x845ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 4368
start_va = 0x380000
end_va = 0x380fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 4369
start_va = 0x7d0000
end_va = 0x8abfff
monitored = 0
entry_point = 0x845ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 4370
start_va = 0x380000
end_va = 0x380fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 4371
start_va = 0x13c0000
end_va = 0x14a1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 4372
start_va = 0x380000
end_va = 0x3a8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 4373
start_va = 0x13c0000
end_va = 0x14a1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 4374
start_va = 0x380000
end_va = 0x3a8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 4375
start_va = 0x7d0000
end_va = 0x878fff
monitored = 0
entry_point = 0x7e18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 4376
start_va = 0x380000
end_va = 0x384fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 4377
start_va = 0x7d0000
end_va = 0x878fff
monitored = 0
entry_point = 0x7e18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 4378
start_va = 0x380000
end_va = 0x384fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 4379
start_va = 0x7d0000
end_va = 0x878fff
monitored = 0
entry_point = 0x7e18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 4380
start_va = 0x380000
end_va = 0x384fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 4381
start_va = 0x7d0000
end_va = 0x878fff
monitored = 0
entry_point = 0x7e18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 4382
start_va = 0x380000
end_va = 0x384fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 4383
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4384
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4385
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4386
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4387
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4388
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4389
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4390
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4391
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4392
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4393
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4394
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4395
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4396
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4397
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4398
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4399
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4400
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4401
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4402
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4403
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4404
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4405
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4406
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4407
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4408
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4409
start_va = 0x7d0000
end_va = 0x81ffff
monitored = 0
entry_point = 0x7d2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4410
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4411
start_va = 0x7d0000
end_va = 0x85afff
monitored = 0
entry_point = 0x8451ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4412
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4413
start_va = 0x7d0000
end_va = 0x85afff
monitored = 0
entry_point = 0x8451ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4414
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4415
start_va = 0x7d0000
end_va = 0x85afff
monitored = 0
entry_point = 0x8451ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4416
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4417
start_va = 0x7d0000
end_va = 0x85afff
monitored = 0
entry_point = 0x8451ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4418
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4419
start_va = 0x7d0000
end_va = 0x85afff
monitored = 0
entry_point = 0x8451ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4420
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4421
start_va = 0x7d0000
end_va = 0x85afff
monitored = 0
entry_point = 0x8451ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4422
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4423
start_va = 0x7d0000
end_va = 0x85afff
monitored = 0
entry_point = 0x8451ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4424
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4425
start_va = 0x7d0000
end_va = 0x85afff
monitored = 0
entry_point = 0x8451ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4426
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4427
start_va = 0x7d0000
end_va = 0x85afff
monitored = 0
entry_point = 0x8451ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4428
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4429
start_va = 0x7d0000
end_va = 0x85afff
monitored = 0
entry_point = 0x8451ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4430
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4431
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 4432
start_va = 0x3a0000
end_va = 0x3abfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 4433
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 4434
start_va = 0x3a0000
end_va = 0x3abfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 4435
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 4436
start_va = 0x3a0000
end_va = 0x3abfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 4437
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 4438
start_va = 0x3a0000
end_va = 0x3abfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 4439
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 4440
start_va = 0x3a0000
end_va = 0x3abfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 4441
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 4442
start_va = 0x3a0000
end_va = 0x3abfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 4443
start_va = 0x380000
end_va = 0x3a7fff
monitored = 0
entry_point = 0x381860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 4444
start_va = 0x7d0000
end_va = 0x7d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 4445
start_va = 0x380000
end_va = 0x3a7fff
monitored = 0
entry_point = 0x381860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 4446
start_va = 0x7d0000
end_va = 0x7d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 4447
start_va = 0x380000
end_va = 0x38afff
monitored = 0
entry_point = 0x3811a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 4448
start_va = 0x390000
end_va = 0x391fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 4449
start_va = 0x380000
end_va = 0x38afff
monitored = 0
entry_point = 0x3811a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 4450
start_va = 0x390000
end_va = 0x391fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 4451
start_va = 0x380000
end_va = 0x38afff
monitored = 0
entry_point = 0x3811a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 4452
start_va = 0x390000
end_va = 0x391fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 4453
start_va = 0x380000
end_va = 0x38afff
monitored = 0
entry_point = 0x3811a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 4454
start_va = 0x390000
end_va = 0x391fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 4455
start_va = 0x380000
end_va = 0x38afff
monitored = 0
entry_point = 0x3811a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 4456
start_va = 0x390000
end_va = 0x391fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 4457
start_va = 0x380000
end_va = 0x38afff
monitored = 0
entry_point = 0x3811a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 4458
start_va = 0x390000
end_va = 0x391fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 4459
start_va = 0x13c0000
end_va = 0x21b4fff
monitored = 0
entry_point = 0x14a3268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 4460
start_va = 0x13c0000
end_va = 0x21b4fff
monitored = 0
entry_point = 0x14a3268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 4461
start_va = 0x7d0000
end_va = 0x879fff
monitored = 0
entry_point = 0x7e4100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 4462
start_va = 0x380000
end_va = 0x383fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 4463
start_va = 0x7d0000
end_va = 0x879fff
monitored = 0
entry_point = 0x7e4100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 4464
start_va = 0x380000
end_va = 0x383fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 4465
start_va = 0x7d0000
end_va = 0x817fff
monitored = 0
entry_point = 0x80fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 4466
start_va = 0x380000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 4467
start_va = 0x7d0000
end_va = 0x817fff
monitored = 0
entry_point = 0x80fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 4468
start_va = 0x380000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 4469
start_va = 0x13c0000
end_va = 0x14a8fff
monitored = 0
entry_point = 0x149906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 4470
start_va = 0x380000
end_va = 0x388fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 4471
start_va = 0x13c0000
end_va = 0x14a8fff
monitored = 0
entry_point = 0x149906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 4472
start_va = 0x380000
end_va = 0x388fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 4473
start_va = 0x13c0000
end_va = 0x14a8fff
monitored = 0
entry_point = 0x149906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 4474
start_va = 0x380000
end_va = 0x388fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 4475
start_va = 0x13c0000
end_va = 0x14a8fff
monitored = 0
entry_point = 0x149906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 4476
start_va = 0x380000
end_va = 0x388fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 4477
start_va = 0x7d0000
end_va = 0x821fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32.dll.mui")
Region:
id = 4478
start_va = 0x13c0000
end_va = 0x150cfff
monitored = 0
entry_point = 0x14c2a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 4479
start_va = 0x380000
end_va = 0x385fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 4480
start_va = 0x13c0000
end_va = 0x150cfff
monitored = 0
entry_point = 0x14c2a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 4481
start_va = 0x380000
end_va = 0x385fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 4482
start_va = 0x380000
end_va = 0x38dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 4483
start_va = 0x830000
end_va = 0x87dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 4484
start_va = 0x380000
end_va = 0x38dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 4485
start_va = 0x830000
end_va = 0x87dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 4486
start_va = 0x380000
end_va = 0x38ffff
monitored = 0
entry_point = 0x38a33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 4487
start_va = 0x390000
end_va = 0x391fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 4488
start_va = 0x380000
end_va = 0x38ffff
monitored = 0
entry_point = 0x38a33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 4489
start_va = 0x390000
end_va = 0x391fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 4490
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 4491
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 4492
start_va = 0x3a0000
end_va = 0x3a5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 4493
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 4494
start_va = 0x3a0000
end_va = 0x3a5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 4495
start_va = 0x830000
end_va = 0x883fff
monitored = 0
entry_point = 0x843450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 4496
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 4497
start_va = 0x830000
end_va = 0x883fff
monitored = 0
entry_point = 0x843450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 4498
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 4499
start_va = 0x380000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x39a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 4500
start_va = 0x830000
end_va = 0x833fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 4501
start_va = 0x380000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x39a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 4502
start_va = 0x830000
end_va = 0x833fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 4503
start_va = 0x380000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x39a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 4504
start_va = 0x830000
end_va = 0x833fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 4505
start_va = 0x380000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x39a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 4506
start_va = 0x830000
end_va = 0x833fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 4507
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4508
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4509
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4510
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4511
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4512
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4513
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4514
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4515
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4516
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4517
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4518
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4519
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4520
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4521
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4522
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4523
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4524
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4525
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x8768c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 4526
start_va = 0x380000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 4527
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x8768c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 4528
start_va = 0x380000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 4529
start_va = 0x13c0000
end_va = 0x149bfff
monitored = 0
entry_point = 0x1435ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 4530
start_va = 0x380000
end_va = 0x380fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 4531
start_va = 0x13c0000
end_va = 0x149bfff
monitored = 0
entry_point = 0x1435ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 4532
start_va = 0x380000
end_va = 0x380fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 4533
start_va = 0x13c0000
end_va = 0x14a1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 4534
start_va = 0x380000
end_va = 0x3a8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 4535
start_va = 0x13c0000
end_va = 0x14a1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 4536
start_va = 0x380000
end_va = 0x3a8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 4537
start_va = 0xff0000
end_va = 0x1098fff
monitored = 0
entry_point = 0x10018d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 4538
start_va = 0x380000
end_va = 0x384fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 4539
start_va = 0xff0000
end_va = 0x1098fff
monitored = 0
entry_point = 0x10018d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 4540
start_va = 0x380000
end_va = 0x384fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 4541
start_va = 0xff0000
end_va = 0x1098fff
monitored = 0
entry_point = 0x10018d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 4542
start_va = 0x380000
end_va = 0x384fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 4543
start_va = 0xff0000
end_va = 0x1098fff
monitored = 0
entry_point = 0x10018d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 4544
start_va = 0x380000
end_va = 0x384fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 4545
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4546
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4547
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4548
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4549
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4550
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4551
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4552
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4553
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4554
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4555
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4556
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4557
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4558
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4559
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4560
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4561
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4562
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4563
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4564
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4565
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4566
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4567
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4568
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4569
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4570
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4571
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 4572
start_va = 0x380000
end_va = 0x392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 4573
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4574
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4575
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4576
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4577
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4578
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4579
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4580
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4581
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4582
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4583
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4584
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4585
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4586
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4587
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4588
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4589
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4590
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4591
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 4592
start_va = 0x380000
end_va = 0x389fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 4593
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 4594
start_va = 0x3a0000
end_va = 0x3abfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 4595
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 4596
start_va = 0x3a0000
end_va = 0x3abfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 4597
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 4598
start_va = 0x3a0000
end_va = 0x3abfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 4599
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 4600
start_va = 0x3a0000
end_va = 0x3abfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 4601
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 4602
start_va = 0x3a0000
end_va = 0x3abfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 4603
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 4604
start_va = 0x3a0000
end_va = 0x3abfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 4605
start_va = 0x380000
end_va = 0x399fff
monitored = 1
entry_point = 0x381380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 4606
start_va = 0x3a0000
end_va = 0x3abfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 4607
start_va = 0x380000
end_va = 0x3a7fff
monitored = 0
entry_point = 0x381860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 4608
start_va = 0x830000
end_va = 0x830fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 4609
start_va = 0x380000
end_va = 0x3a7fff
monitored = 0
entry_point = 0x381860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 4610
start_va = 0x830000
end_va = 0x830fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 4611
start_va = 0x380000
end_va = 0x38afff
monitored = 0
entry_point = 0x3811a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 4612
start_va = 0x390000
end_va = 0x391fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 4613
start_va = 0x380000
end_va = 0x38afff
monitored = 0
entry_point = 0x3811a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 4614
start_va = 0x390000
end_va = 0x391fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 4615
start_va = 0x380000
end_va = 0x38afff
monitored = 0
entry_point = 0x3811a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 4616
start_va = 0x390000
end_va = 0x391fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 4617
start_va = 0x380000
end_va = 0x38afff
monitored = 0
entry_point = 0x3811a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 4618
start_va = 0x390000
end_va = 0x391fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 4619
start_va = 0x380000
end_va = 0x38afff
monitored = 0
entry_point = 0x3811a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 4620
start_va = 0x390000
end_va = 0x391fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 4621
start_va = 0x380000
end_va = 0x38afff
monitored = 0
entry_point = 0x3811a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 4622
start_va = 0x390000
end_va = 0x391fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 4623
start_va = 0x13c0000
end_va = 0x21b4fff
monitored = 0
entry_point = 0x14a3268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 4624
start_va = 0x13c0000
end_va = 0x21b4fff
monitored = 0
entry_point = 0x14a3268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 4625
start_va = 0xff0000
end_va = 0x1099fff
monitored = 0
entry_point = 0x1004100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 4626
start_va = 0x380000
end_va = 0x383fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 4627
start_va = 0xff0000
end_va = 0x1099fff
monitored = 0
entry_point = 0x1004100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 4628
start_va = 0x380000
end_va = 0x383fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 4629
start_va = 0x830000
end_va = 0x877fff
monitored = 0
entry_point = 0x86fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 4630
start_va = 0x380000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 4631
start_va = 0x830000
end_va = 0x877fff
monitored = 0
entry_point = 0x86fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 4632
start_va = 0x380000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 4633
start_va = 0x13c0000
end_va = 0x14a8fff
monitored = 0
entry_point = 0x149906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 4634
start_va = 0x380000
end_va = 0x388fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 4635
start_va = 0x13c0000
end_va = 0x14a8fff
monitored = 0
entry_point = 0x149906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 4636
start_va = 0x380000
end_va = 0x388fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 4637
start_va = 0x13c0000
end_va = 0x14a8fff
monitored = 0
entry_point = 0x149906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 4638
start_va = 0x380000
end_va = 0x388fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 4639
start_va = 0x13c0000
end_va = 0x14a8fff
monitored = 0
entry_point = 0x149906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 4640
start_va = 0x380000
end_va = 0x388fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 4641
start_va = 0x13c0000
end_va = 0x150cfff
monitored = 0
entry_point = 0x14c2a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 4642
start_va = 0x380000
end_va = 0x385fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 4694
start_va = 0x7fef9270000
end_va = 0x7fef927afff
monitored = 0
entry_point = 0x7fef92746ec
region_type = mapped_file
name = "perfos.dll"
filename = "\\Windows\\System32\\perfos.dll" (normalized: "c:\\windows\\system32\\perfos.dll")
Region:
id = 4695
start_va = 0x13c0000
end_va = 0x14dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 4704
start_va = 0x13c0000
end_va = 0x14bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 4705
start_va = 0x14d0000
end_va = 0x14dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014d0000"
filename = ""
Region:
id = 4731
start_va = 0x1210000
end_va = 0x128ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001210000"
filename = ""
Region:
id = 4732
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 4747
start_va = 0x380000
end_va = 0x382fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000380000"
filename = ""
Region:
id = 4748
start_va = 0x7fefabd0000
end_va = 0x7fefabf6fff
monitored = 0
entry_point = 0x7fefabd98bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 4749
start_va = 0x7fefabc0000
end_va = 0x7fefabcafff
monitored = 0
entry_point = 0x7fefabc1198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 4750
start_va = 0x7fef8ad0000
end_va = 0x7fef8ae0fff
monitored = 0
entry_point = 0x7fef8ad16ac
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 4751
start_va = 0x7fef8ab0000
end_va = 0x7fef8ac7fff
monitored = 0
entry_point = 0x7fef8ab1bf8
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 4752
start_va = 0x390000
end_va = 0x3a2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000390000"
filename = ""
Region:
id = 4753
start_va = 0x390000
end_va = 0x390fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll")
Region:
id = 4754
start_va = 0x3a0000
end_va = 0x3a6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui")
Region:
id = 4755
start_va = 0x390000
end_va = 0x390fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll")
Region:
id = 4756
start_va = 0x3a0000
end_va = 0x3a6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui")
Region:
id = 4757
start_va = 0x390000
end_va = 0x390fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll")
Region:
id = 4758
start_va = 0x3a0000
end_va = 0x3a6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui")
Region:
id = 4759
start_va = 0x390000
end_va = 0x390fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll")
Region:
id = 4760
start_va = 0x3a0000
end_va = 0x3a6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui")
Region:
id = 4761
start_va = 0x7fefc810000
end_va = 0x7fefc86afff
monitored = 0
entry_point = 0x7fefc816940
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 4762
start_va = 0x14e0000
end_va = 0x16affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4763
start_va = 0x390000
end_va = 0x394fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000390000"
filename = ""
Region:
id = 5271
start_va = 0x14e0000
end_va = 0x155ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 5272
start_va = 0x1630000
end_va = 0x16affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001630000"
filename = ""
Region:
id = 5273
start_va = 0x7fef1420000
end_va = 0x7fef144bfff
monitored = 0
entry_point = 0x7fef1438194
region_type = mapped_file
name = "wmipcima.dll"
filename = "\\Windows\\System32\\wbem\\wmipcima.dll" (normalized: "c:\\windows\\system32\\wbem\\wmipcima.dll")
Region:
id = 5274
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 5275
start_va = 0x7fefd470000
end_va = 0x7fefd489fff
monitored = 0
entry_point = 0x7fefd471558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 5276
start_va = 0x7fefd390000
end_va = 0x7fefd3c5fff
monitored = 0
entry_point = 0x7fefd391474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 5478
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 5479
start_va = 0x390000
end_va = 0x395fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 5480
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 5481
start_va = 0x390000
end_va = 0x395fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 5482
start_va = 0x830000
end_va = 0x883fff
monitored = 0
entry_point = 0x843450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 5483
start_va = 0x370000
end_va = 0x371fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 5484
start_va = 0x830000
end_va = 0x883fff
monitored = 0
entry_point = 0x843450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 5485
start_va = 0x370000
end_va = 0x371fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 5486
start_va = 0x370000
end_va = 0x390fff
monitored = 0
entry_point = 0x38a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 5487
start_va = 0x3a0000
end_va = 0x3a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 5488
start_va = 0x370000
end_va = 0x390fff
monitored = 0
entry_point = 0x38a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 5489
start_va = 0x3a0000
end_va = 0x3a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 5490
start_va = 0x370000
end_va = 0x390fff
monitored = 0
entry_point = 0x38a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 5491
start_va = 0x3a0000
end_va = 0x3a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 5492
start_va = 0x370000
end_va = 0x390fff
monitored = 0
entry_point = 0x38a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 5493
start_va = 0x3a0000
end_va = 0x3a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 5494
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5495
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5496
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5497
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5498
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5499
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5500
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5501
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5502
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5503
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5504
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5505
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5506
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5507
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5508
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5509
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5510
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x8768c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 5511
start_va = 0x370000
end_va = 0x372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 5512
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x8768c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 5513
start_va = 0x370000
end_va = 0x372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 5514
start_va = 0xf50000
end_va = 0x102bfff
monitored = 0
entry_point = 0xfc5ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 5515
start_va = 0x370000
end_va = 0x370fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 5516
start_va = 0xf50000
end_va = 0x102bfff
monitored = 0
entry_point = 0xfc5ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 5517
start_va = 0x370000
end_va = 0x370fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 5518
start_va = 0xf50000
end_va = 0x1031fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 5519
start_va = 0x370000
end_va = 0x398fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 5520
start_va = 0xf50000
end_va = 0x1031fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 5521
start_va = 0x370000
end_va = 0x398fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 5522
start_va = 0xf50000
end_va = 0xff8fff
monitored = 0
entry_point = 0xf618d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 5523
start_va = 0x370000
end_va = 0x374fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 5524
start_va = 0xf50000
end_va = 0xff8fff
monitored = 0
entry_point = 0xf618d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 5525
start_va = 0x370000
end_va = 0x374fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 5526
start_va = 0xf50000
end_va = 0xff8fff
monitored = 0
entry_point = 0xf618d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 5527
start_va = 0x370000
end_va = 0x374fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 5528
start_va = 0xf50000
end_va = 0xff8fff
monitored = 0
entry_point = 0xf618d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 5529
start_va = 0x370000
end_va = 0x374fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 5530
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5531
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5532
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5533
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5534
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5535
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5536
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5537
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5538
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5539
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5540
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5541
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5542
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5543
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5544
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5545
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5546
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5547
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5548
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5549
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5550
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5551
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5552
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5553
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5554
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5555
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5556
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5557
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5558
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5559
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5560
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5561
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5562
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5563
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5564
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5565
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5566
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5567
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5568
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5569
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5570
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5571
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5572
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5573
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5574
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5575
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5576
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5577
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5578
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5579
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5580
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5581
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5582
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5583
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5584
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5585
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5586
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5587
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5588
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5589
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5590
start_va = 0x370000
end_va = 0x397fff
monitored = 0
entry_point = 0x371860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 5591
start_va = 0x3a0000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 5592
start_va = 0x370000
end_va = 0x397fff
monitored = 0
entry_point = 0x371860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 5593
start_va = 0x3a0000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 5594
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5595
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5596
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5597
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5598
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5599
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5600
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5601
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5602
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5603
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5604
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5605
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5606
start_va = 0x16b0000
end_va = 0x24a4fff
monitored = 0
entry_point = 0x1793268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 5607
start_va = 0x16b0000
end_va = 0x24a4fff
monitored = 0
entry_point = 0x1793268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 5608
start_va = 0xf50000
end_va = 0xff9fff
monitored = 0
entry_point = 0xf64100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 5609
start_va = 0x370000
end_va = 0x373fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 5610
start_va = 0xf50000
end_va = 0xff9fff
monitored = 0
entry_point = 0xf64100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 5611
start_va = 0x370000
end_va = 0x373fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 5612
start_va = 0x830000
end_va = 0x877fff
monitored = 0
entry_point = 0x86fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 5613
start_va = 0x370000
end_va = 0x372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 5614
start_va = 0x830000
end_va = 0x877fff
monitored = 0
entry_point = 0x86fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 5615
start_va = 0x370000
end_va = 0x372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 5616
start_va = 0xf50000
end_va = 0x1038fff
monitored = 0
entry_point = 0x102906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 5617
start_va = 0x370000
end_va = 0x378fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 5618
start_va = 0xf50000
end_va = 0x1038fff
monitored = 0
entry_point = 0x102906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 5619
start_va = 0x370000
end_va = 0x378fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 5620
start_va = 0xf50000
end_va = 0x1038fff
monitored = 0
entry_point = 0x102906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 5621
start_va = 0x370000
end_va = 0x378fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 5622
start_va = 0xf50000
end_va = 0x1038fff
monitored = 0
entry_point = 0x102906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 5623
start_va = 0x370000
end_va = 0x378fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 5624
start_va = 0xf50000
end_va = 0x109cfff
monitored = 0
entry_point = 0x1052a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 5625
start_va = 0x370000
end_va = 0x375fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 5626
start_va = 0xf50000
end_va = 0x109cfff
monitored = 0
entry_point = 0x1052a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 5627
start_va = 0x370000
end_va = 0x375fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 5628
start_va = 0x370000
end_va = 0x37dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 5629
start_va = 0x830000
end_va = 0x87dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 5630
start_va = 0x370000
end_va = 0x37dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 5631
start_va = 0x830000
end_va = 0x87dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 5632
start_va = 0x370000
end_va = 0x37ffff
monitored = 0
entry_point = 0x37a33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 5633
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 5634
start_va = 0x370000
end_va = 0x37ffff
monitored = 0
entry_point = 0x37a33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 5635
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 5636
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 5637
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 5638
start_va = 0x390000
end_va = 0x395fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 5639
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 5640
start_va = 0x390000
end_va = 0x395fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 5641
start_va = 0x830000
end_va = 0x883fff
monitored = 0
entry_point = 0x843450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 5642
start_va = 0x370000
end_va = 0x371fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 5643
start_va = 0x830000
end_va = 0x883fff
monitored = 0
entry_point = 0x843450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 5644
start_va = 0x370000
end_va = 0x371fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 5645
start_va = 0x370000
end_va = 0x390fff
monitored = 0
entry_point = 0x38a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 5646
start_va = 0x3a0000
end_va = 0x3a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 5647
start_va = 0x370000
end_va = 0x390fff
monitored = 0
entry_point = 0x38a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 5648
start_va = 0x3a0000
end_va = 0x3a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 5649
start_va = 0x370000
end_va = 0x390fff
monitored = 0
entry_point = 0x38a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 5650
start_va = 0x3a0000
end_va = 0x3a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 5651
start_va = 0x370000
end_va = 0x390fff
monitored = 0
entry_point = 0x38a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 5652
start_va = 0x3a0000
end_va = 0x3a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 5653
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5654
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5655
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5656
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5657
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5658
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5659
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5660
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5661
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5662
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5663
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5664
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5665
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5666
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5667
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5668
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5669
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5670
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5671
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x8768c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 5672
start_va = 0x370000
end_va = 0x372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 5673
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x8768c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 5674
start_va = 0x370000
end_va = 0x372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 5675
start_va = 0xf50000
end_va = 0x102bfff
monitored = 0
entry_point = 0xfc5ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 5676
start_va = 0x370000
end_va = 0x370fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 5677
start_va = 0xf50000
end_va = 0x102bfff
monitored = 0
entry_point = 0xfc5ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 5678
start_va = 0x370000
end_va = 0x370fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 5679
start_va = 0xf50000
end_va = 0x1031fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 5680
start_va = 0x370000
end_va = 0x398fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 5681
start_va = 0xf50000
end_va = 0x1031fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 5682
start_va = 0x370000
end_va = 0x398fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 5683
start_va = 0xf50000
end_va = 0xff8fff
monitored = 0
entry_point = 0xf618d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 5684
start_va = 0x370000
end_va = 0x374fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 5685
start_va = 0xf50000
end_va = 0xff8fff
monitored = 0
entry_point = 0xf618d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 5686
start_va = 0x370000
end_va = 0x374fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 5687
start_va = 0xf50000
end_va = 0xff8fff
monitored = 0
entry_point = 0xf618d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 5688
start_va = 0x370000
end_va = 0x374fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 5689
start_va = 0xf50000
end_va = 0xff8fff
monitored = 0
entry_point = 0xf618d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 5690
start_va = 0x370000
end_va = 0x374fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 5691
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5692
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5693
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5694
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5695
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5696
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5697
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5698
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5699
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5700
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5701
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5702
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5703
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5704
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5705
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5706
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5707
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5708
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5709
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5710
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5711
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5712
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5713
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5714
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5715
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5716
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5717
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5718
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5719
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5720
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5721
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5722
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5723
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5724
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5725
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5726
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5727
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5728
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5729
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5730
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5731
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5732
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5733
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5734
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5735
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5736
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5737
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5738
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5739
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5740
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5741
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5742
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5743
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5744
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5745
start_va = 0xf50000
end_va = 0x104ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f50000"
filename = ""
Region:
id = 5746
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5747
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5748
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5749
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5750
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5751
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5752
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5753
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5754
start_va = 0x370000
end_va = 0x397fff
monitored = 0
entry_point = 0x371860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 5755
start_va = 0x3a0000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 5756
start_va = 0x370000
end_va = 0x397fff
monitored = 0
entry_point = 0x371860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 5757
start_va = 0x3a0000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 5758
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5759
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5760
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5761
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5762
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5763
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5764
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5765
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5766
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5767
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5768
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5769
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5770
start_va = 0x16b0000
end_va = 0x24a4fff
monitored = 0
entry_point = 0x1793268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 5771
start_va = 0x16b0000
end_va = 0x24a4fff
monitored = 0
entry_point = 0x1793268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 5772
start_va = 0x1050000
end_va = 0x10f9fff
monitored = 0
entry_point = 0x1064100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 5773
start_va = 0x370000
end_va = 0x373fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 5774
start_va = 0x1050000
end_va = 0x10f9fff
monitored = 0
entry_point = 0x1064100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 5775
start_va = 0x370000
end_va = 0x373fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 5776
start_va = 0x830000
end_va = 0x877fff
monitored = 0
entry_point = 0x86fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 5777
start_va = 0x370000
end_va = 0x372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 5778
start_va = 0x830000
end_va = 0x877fff
monitored = 0
entry_point = 0x86fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 5779
start_va = 0x370000
end_va = 0x372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 5780
start_va = 0x1050000
end_va = 0x1138fff
monitored = 0
entry_point = 0x112906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 5781
start_va = 0x370000
end_va = 0x378fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 5782
start_va = 0x1050000
end_va = 0x1138fff
monitored = 0
entry_point = 0x112906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 5783
start_va = 0x370000
end_va = 0x378fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 5784
start_va = 0x1050000
end_va = 0x1138fff
monitored = 0
entry_point = 0x112906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 5785
start_va = 0x370000
end_va = 0x378fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 5786
start_va = 0x1050000
end_va = 0x1138fff
monitored = 0
entry_point = 0x112906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 5787
start_va = 0x370000
end_va = 0x378fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 5788
start_va = 0x16b0000
end_va = 0x17fcfff
monitored = 0
entry_point = 0x17b2a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 5789
start_va = 0x370000
end_va = 0x375fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 5790
start_va = 0x16b0000
end_va = 0x17fcfff
monitored = 0
entry_point = 0x17b2a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 5791
start_va = 0x370000
end_va = 0x375fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 5792
start_va = 0x370000
end_va = 0x37dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 5793
start_va = 0x830000
end_va = 0x87dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 5794
start_va = 0x370000
end_va = 0x37dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 5795
start_va = 0x830000
end_va = 0x87dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 5796
start_va = 0x370000
end_va = 0x37ffff
monitored = 0
entry_point = 0x37a33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 5797
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 5798
start_va = 0x370000
end_va = 0x37ffff
monitored = 0
entry_point = 0x37a33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 5799
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 5800
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 5801
start_va = 0x390000
end_va = 0x395fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 5802
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 5803
start_va = 0x390000
end_va = 0x395fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 5804
start_va = 0x830000
end_va = 0x883fff
monitored = 0
entry_point = 0x843450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 5805
start_va = 0x370000
end_va = 0x371fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 5806
start_va = 0x830000
end_va = 0x883fff
monitored = 0
entry_point = 0x843450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 5807
start_va = 0x370000
end_va = 0x371fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 5808
start_va = 0x370000
end_va = 0x390fff
monitored = 0
entry_point = 0x38a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 5809
start_va = 0x3a0000
end_va = 0x3a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 5810
start_va = 0x370000
end_va = 0x390fff
monitored = 0
entry_point = 0x38a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 5811
start_va = 0x3a0000
end_va = 0x3a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 5812
start_va = 0x370000
end_va = 0x390fff
monitored = 0
entry_point = 0x38a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 5813
start_va = 0x3a0000
end_va = 0x3a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 5814
start_va = 0x370000
end_va = 0x390fff
monitored = 0
entry_point = 0x38a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 5815
start_va = 0x3a0000
end_va = 0x3a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 5816
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5817
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5818
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5819
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5820
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5821
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5822
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5823
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5824
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5825
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5826
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5827
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5828
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5829
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5830
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5831
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5832
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x8768c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 5833
start_va = 0x370000
end_va = 0x372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 5834
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x8768c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 5835
start_va = 0x370000
end_va = 0x372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 5836
start_va = 0x1050000
end_va = 0x112bfff
monitored = 0
entry_point = 0x10c5ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 5837
start_va = 0x370000
end_va = 0x370fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 5838
start_va = 0x1050000
end_va = 0x112bfff
monitored = 0
entry_point = 0x10c5ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 5839
start_va = 0x370000
end_va = 0x370fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 5840
start_va = 0x1050000
end_va = 0x1131fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 5841
start_va = 0x370000
end_va = 0x398fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 5842
start_va = 0x1050000
end_va = 0x1131fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 5843
start_va = 0x370000
end_va = 0x398fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 5844
start_va = 0x1050000
end_va = 0x10f8fff
monitored = 0
entry_point = 0x10618d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 5845
start_va = 0x370000
end_va = 0x374fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 5846
start_va = 0x1050000
end_va = 0x10f8fff
monitored = 0
entry_point = 0x10618d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 5847
start_va = 0x370000
end_va = 0x374fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 5848
start_va = 0x1050000
end_va = 0x10f8fff
monitored = 0
entry_point = 0x10618d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 5849
start_va = 0x370000
end_va = 0x374fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 5850
start_va = 0x1050000
end_va = 0x10f8fff
monitored = 0
entry_point = 0x10618d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 5851
start_va = 0x370000
end_va = 0x374fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 5852
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5853
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5854
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5855
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5856
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5857
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5858
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5859
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5860
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5861
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5862
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5863
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5864
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5865
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5866
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5867
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5868
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5869
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5870
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5871
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5872
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5873
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5874
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5875
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5876
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5877
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5878
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5879
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5880
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5881
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5882
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5883
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5884
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5885
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5886
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5887
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5888
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5889
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5890
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5891
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5892
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5893
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5894
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5895
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5896
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5897
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5898
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 5899
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 5900
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5901
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5902
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5903
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5904
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5905
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5906
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5907
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5908
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5909
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5910
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 5911
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 5912
start_va = 0x370000
end_va = 0x397fff
monitored = 0
entry_point = 0x371860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 5913
start_va = 0x3a0000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 5914
start_va = 0x370000
end_va = 0x397fff
monitored = 0
entry_point = 0x371860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 5915
start_va = 0x3a0000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 5916
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5917
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5918
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5919
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5920
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5921
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5922
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5923
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5924
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5925
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5926
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 5927
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 5928
start_va = 0x16b0000
end_va = 0x24a4fff
monitored = 0
entry_point = 0x1793268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 5929
start_va = 0x16b0000
end_va = 0x24a4fff
monitored = 0
entry_point = 0x1793268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 5930
start_va = 0x1050000
end_va = 0x10f9fff
monitored = 0
entry_point = 0x1064100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 5931
start_va = 0x370000
end_va = 0x373fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 5932
start_va = 0x1050000
end_va = 0x10f9fff
monitored = 0
entry_point = 0x1064100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 5933
start_va = 0x370000
end_va = 0x373fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 5934
start_va = 0x830000
end_va = 0x877fff
monitored = 0
entry_point = 0x86fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 5935
start_va = 0x370000
end_va = 0x372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 5936
start_va = 0x830000
end_va = 0x877fff
monitored = 0
entry_point = 0x86fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 5937
start_va = 0x370000
end_va = 0x372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 5938
start_va = 0x1050000
end_va = 0x1138fff
monitored = 0
entry_point = 0x112906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 5939
start_va = 0x370000
end_va = 0x378fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 5940
start_va = 0x1050000
end_va = 0x1138fff
monitored = 0
entry_point = 0x112906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 5941
start_va = 0x370000
end_va = 0x378fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 5942
start_va = 0x1050000
end_va = 0x1138fff
monitored = 0
entry_point = 0x112906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 5943
start_va = 0x370000
end_va = 0x378fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 5944
start_va = 0x1050000
end_va = 0x1138fff
monitored = 0
entry_point = 0x112906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 5945
start_va = 0x370000
end_va = 0x378fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 5946
start_va = 0x16b0000
end_va = 0x17fcfff
monitored = 0
entry_point = 0x17b2a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 5947
start_va = 0x370000
end_va = 0x375fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 5948
start_va = 0x16b0000
end_va = 0x17fcfff
monitored = 0
entry_point = 0x17b2a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 5949
start_va = 0x370000
end_va = 0x375fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 5950
start_va = 0x370000
end_va = 0x37dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 5951
start_va = 0x830000
end_va = 0x87dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 5952
start_va = 0x370000
end_va = 0x37dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 5953
start_va = 0x830000
end_va = 0x87dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 5954
start_va = 0x370000
end_va = 0x37ffff
monitored = 0
entry_point = 0x37a33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 5955
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 5956
start_va = 0x370000
end_va = 0x37ffff
monitored = 0
entry_point = 0x37a33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 5957
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 5958
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 5959
start_va = 0x390000
end_va = 0x395fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 5960
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 5961
start_va = 0x390000
end_va = 0x395fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 5962
start_va = 0x830000
end_va = 0x883fff
monitored = 0
entry_point = 0x843450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 5963
start_va = 0x370000
end_va = 0x371fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 5964
start_va = 0x830000
end_va = 0x883fff
monitored = 0
entry_point = 0x843450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 5965
start_va = 0x370000
end_va = 0x371fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 5966
start_va = 0x370000
end_va = 0x390fff
monitored = 0
entry_point = 0x38a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 5967
start_va = 0x3a0000
end_va = 0x3a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 5968
start_va = 0x370000
end_va = 0x390fff
monitored = 0
entry_point = 0x38a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 5969
start_va = 0x3a0000
end_va = 0x3a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 5970
start_va = 0x370000
end_va = 0x390fff
monitored = 0
entry_point = 0x38a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 5971
start_va = 0x3a0000
end_va = 0x3a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 5972
start_va = 0x370000
end_va = 0x390fff
monitored = 0
entry_point = 0x38a06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 5973
start_va = 0x3a0000
end_va = 0x3a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 5974
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5975
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5976
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5977
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5978
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5979
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5980
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5981
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5982
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5983
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5984
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5985
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5986
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5987
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5988
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 5989
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 5990
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x8768c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 5991
start_va = 0x370000
end_va = 0x372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 5992
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x8768c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 5993
start_va = 0x370000
end_va = 0x372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 5994
start_va = 0x1050000
end_va = 0x112bfff
monitored = 0
entry_point = 0x10c5ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 5995
start_va = 0x370000
end_va = 0x370fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 5996
start_va = 0x1050000
end_va = 0x112bfff
monitored = 0
entry_point = 0x10c5ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 5997
start_va = 0x370000
end_va = 0x370fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 5998
start_va = 0x1050000
end_va = 0x1131fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 5999
start_va = 0x370000
end_va = 0x398fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 6000
start_va = 0x1050000
end_va = 0x1131fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 6001
start_va = 0x370000
end_va = 0x398fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 6002
start_va = 0x1050000
end_va = 0x10f8fff
monitored = 0
entry_point = 0x10618d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 6003
start_va = 0x370000
end_va = 0x374fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 6004
start_va = 0x1050000
end_va = 0x10f8fff
monitored = 0
entry_point = 0x10618d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 6005
start_va = 0x370000
end_va = 0x374fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 6006
start_va = 0x1050000
end_va = 0x10f8fff
monitored = 0
entry_point = 0x10618d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 6007
start_va = 0x370000
end_va = 0x374fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 6008
start_va = 0x1050000
end_va = 0x10f8fff
monitored = 0
entry_point = 0x10618d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 6009
start_va = 0x370000
end_va = 0x374fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 6010
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 6011
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 6012
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 6013
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 6014
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 6015
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 6016
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 6017
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 6018
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 6019
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 6020
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 6021
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 6022
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 6023
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 6024
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 6025
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 6026
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 6027
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 6028
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 6029
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 6030
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 6031
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 6032
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 6033
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 6034
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 6035
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 6036
start_va = 0x830000
end_va = 0x87ffff
monitored = 0
entry_point = 0x832b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 6037
start_va = 0x370000
end_va = 0x382fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 6038
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 6039
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 6040
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 6041
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 6042
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 6043
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 6044
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 6045
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 6046
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 6047
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 6048
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 6049
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 6050
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 6051
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 6052
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 6053
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 6054
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 6055
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 6056
start_va = 0xe30000
end_va = 0xebafff
monitored = 0
entry_point = 0xea51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 6057
start_va = 0x370000
end_va = 0x379fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 6058
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 6059
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 6060
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 6061
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 6062
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 6063
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 6064
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 6065
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 6066
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 6067
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 6068
start_va = 0x370000
end_va = 0x389fff
monitored = 1
entry_point = 0x371380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 6069
start_va = 0x390000
end_va = 0x39bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 6070
start_va = 0x370000
end_va = 0x397fff
monitored = 0
entry_point = 0x371860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 6071
start_va = 0x3a0000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 6072
start_va = 0x370000
end_va = 0x397fff
monitored = 0
entry_point = 0x371860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 6073
start_va = 0x3a0000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 6074
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 6075
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 6076
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 6077
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 6078
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 6079
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 6080
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 6081
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 6082
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 6083
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 6084
start_va = 0x370000
end_va = 0x37afff
monitored = 0
entry_point = 0x3711a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 6085
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 6086
start_va = 0x16b0000
end_va = 0x24a4fff
monitored = 0
entry_point = 0x1793268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 6087
start_va = 0x16b0000
end_va = 0x24a4fff
monitored = 0
entry_point = 0x1793268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 6088
start_va = 0x1050000
end_va = 0x10f9fff
monitored = 0
entry_point = 0x1064100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 6089
start_va = 0x370000
end_va = 0x373fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 6090
start_va = 0x1050000
end_va = 0x10f9fff
monitored = 0
entry_point = 0x1064100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 6091
start_va = 0x370000
end_va = 0x373fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Region:
id = 6092
start_va = 0x830000
end_va = 0x877fff
monitored = 0
entry_point = 0x86fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 6093
start_va = 0x370000
end_va = 0x372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 6094
start_va = 0x830000
end_va = 0x877fff
monitored = 0
entry_point = 0x86fd0c
region_type = mapped_file
name = "drt.dll"
filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll")
Region:
id = 6095
start_va = 0x370000
end_va = 0x372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "drt.dll.mui"
filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui")
Region:
id = 6096
start_va = 0x1050000
end_va = 0x1138fff
monitored = 0
entry_point = 0x112906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 6097
start_va = 0x370000
end_va = 0x378fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 6098
start_va = 0x1050000
end_va = 0x1138fff
monitored = 0
entry_point = 0x112906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 6099
start_va = 0x370000
end_va = 0x378fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 6100
start_va = 0x1050000
end_va = 0x1138fff
monitored = 0
entry_point = 0x112906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 6101
start_va = 0x370000
end_va = 0x378fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 6102
start_va = 0x1050000
end_va = 0x1138fff
monitored = 0
entry_point = 0x112906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 6103
start_va = 0x370000
end_va = 0x378fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 6104
start_va = 0x16b0000
end_va = 0x17fcfff
monitored = 0
entry_point = 0x17b2a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 6105
start_va = 0x370000
end_va = 0x375fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 6106
start_va = 0x16b0000
end_va = 0x17fcfff
monitored = 0
entry_point = 0x17b2a88
region_type = mapped_file
name = "peerdistsvc.dll"
filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll")
Region:
id = 6107
start_va = 0x370000
end_va = 0x375fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peerdistsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui")
Region:
id = 6108
start_va = 0x370000
end_va = 0x37dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 6109
start_va = 0x830000
end_va = 0x87dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 6110
start_va = 0x370000
end_va = 0x37dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll"
filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll")
Region:
id = 6111
start_va = 0x830000
end_va = 0x87dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wsmres.dll.mui"
filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui")
Region:
id = 6112
start_va = 0x370000
end_va = 0x37ffff
monitored = 0
entry_point = 0x37a33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 6113
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 6114
start_va = 0x370000
end_va = 0x37ffff
monitored = 0
entry_point = 0x37a33c
region_type = mapped_file
name = "tbssvc.dll"
filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll")
Region:
id = 6115
start_va = 0x380000
end_va = 0x381fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tbssvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui")
Region:
id = 6119
start_va = 0x370000
end_va = 0x372fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000370000"
filename = ""
Region:
id = 6475
start_va = 0x1050000
end_va = 0x10cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001050000"
filename = ""
Region:
id = 6490
start_va = 0x1150000
end_va = 0x11cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001150000"
filename = ""
Region:
id = 6491
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Thread:
id = 278
os_tid = 0x450
Thread:
id = 279
os_tid = 0x354
Thread:
id = 280
os_tid = 0x5dc
Thread:
id = 281
os_tid = 0x7e0
Thread:
id = 282
os_tid = 0x7dc
Thread:
id = 283
os_tid = 0x584
Thread:
id = 284
os_tid = 0x504
Thread:
id = 285
os_tid = 0x598
Thread:
id = 299
os_tid = 0x64
Thread:
id = 358
os_tid = 0x35c
Thread:
id = 402
os_tid = 0x574
Thread:
id = 428
os_tid = 0x6c4
Process:
id = "18"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0xa4b3000"
os_pid = "0x2c0"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "14"
os_parent_pid = "0x1c0"
cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Local Service"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b6f1" [0xc000000f], "LOCAL" [0x7]
Region:
id = 4879
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 4880
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 4881
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 4882
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 4883
start_va = 0x50000
end_va = 0xb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 4884
start_va = 0xc0000
end_va = 0x1bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 4885
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 4886
start_va = 0x1d0000
end_va = 0x24ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 4887
start_va = 0x250000
end_va = 0x250fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000250000"
filename = ""
Region:
id = 4888
start_va = 0x260000
end_va = 0x29ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 4889
start_va = 0x2a0000
end_va = 0x2bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002a0000"
filename = ""
Region:
id = 4890
start_va = 0x2c0000
end_va = 0x2dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002c0000"
filename = ""
Region:
id = 4891
start_va = 0x2e0000
end_va = 0x2fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002e0000"
filename = ""
Region:
id = 4892
start_va = 0x300000
end_va = 0x30ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000300000"
filename = ""
Region:
id = 4893
start_va = 0x310000
end_va = 0x40ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000310000"
filename = ""
Region:
id = 4894
start_va = 0x410000
end_va = 0x597fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000410000"
filename = ""
Region:
id = 4895
start_va = 0x5a0000
end_va = 0x720fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005a0000"
filename = ""
Region:
id = 4896
start_va = 0x730000
end_va = 0x7effff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000730000"
filename = ""
Region:
id = 4897
start_va = 0x7f0000
end_va = 0x7fcfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 4898
start_va = 0x800000
end_va = 0x802fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winmgmtr.dll"
filename = "\\Windows\\System32\\wbem\\WinMgmtR.dll" (normalized: "c:\\windows\\system32\\wbem\\winmgmtr.dll")
Region:
id = 4899
start_va = 0x810000
end_va = 0x811fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000810000"
filename = ""
Region:
id = 4900
start_va = 0x820000
end_va = 0x820fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000820000"
filename = ""
Region:
id = 4901
start_va = 0x830000
end_va = 0x830fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000830000"
filename = ""
Region:
id = 4902
start_va = 0x880000
end_va = 0x880fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000880000"
filename = ""
Region:
id = 4903
start_va = 0x890000
end_va = 0x890fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000890000"
filename = ""
Region:
id = 4904
start_va = 0x8a0000
end_va = 0x91ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 4905
start_va = 0x920000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 4906
start_va = 0xa20000
end_va = 0xa20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a20000"
filename = ""
Region:
id = 4907
start_va = 0xa30000
end_va = 0xa30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a30000"
filename = ""
Region:
id = 4908
start_va = 0xa40000
end_va = 0xa47fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a40000"
filename = ""
Region:
id = 4909
start_va = 0xa50000
end_va = 0xacffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a50000"
filename = ""
Region:
id = 4910
start_va = 0xad0000
end_va = 0xad0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ad0000"
filename = ""
Region:
id = 4911
start_va = 0xae0000
end_va = 0xb41fff
monitored = 0
entry_point = 0xaf08d8
region_type = mapped_file
name = "winlogon.exe"
filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe")
Region:
id = 4912
start_va = 0xb50000
end_va = 0xb51fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b50000"
filename = ""
Region:
id = 4913
start_va = 0xb60000
end_va = 0xe2efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 4914
start_va = 0xe70000
end_va = 0xeeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e70000"
filename = ""
Region:
id = 4915
start_va = 0xf10000
end_va = 0xf8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f10000"
filename = ""
Region:
id = 4916
start_va = 0xff0000
end_va = 0x106ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ff0000"
filename = ""
Region:
id = 4917
start_va = 0x1070000
end_va = 0x10effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 4918
start_va = 0x1100000
end_va = 0x117ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001100000"
filename = ""
Region:
id = 4919
start_va = 0x1180000
end_va = 0x11fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001180000"
filename = ""
Region:
id = 4920
start_va = 0x1200000
end_va = 0x127ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001200000"
filename = ""
Region:
id = 4921
start_va = 0x1280000
end_va = 0x12fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001280000"
filename = ""
Region:
id = 4922
start_va = 0x1320000
end_va = 0x139ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001320000"
filename = ""
Region:
id = 4923
start_va = 0x13e0000
end_va = 0x145ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013e0000"
filename = ""
Region:
id = 4924
start_va = 0x1470000
end_va = 0x156ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001470000"
filename = ""
Region:
id = 4925
start_va = 0x15d0000
end_va = 0x164ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000015d0000"
filename = ""
Region:
id = 4926
start_va = 0x1690000
end_va = 0x170ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001690000"
filename = ""
Region:
id = 4927
start_va = 0x1780000
end_va = 0x17fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001780000"
filename = ""
Region:
id = 4928
start_va = 0x1840000
end_va = 0x18bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001840000"
filename = ""
Region:
id = 4929
start_va = 0x18d0000
end_va = 0x194ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000018d0000"
filename = ""
Region:
id = 4930
start_va = 0x1950000
end_va = 0x19cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001950000"
filename = ""
Region:
id = 4931
start_va = 0x19e0000
end_va = 0x1a5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000019e0000"
filename = ""
Region:
id = 4932
start_va = 0x1a60000
end_va = 0x1c5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a60000"
filename = ""
Region:
id = 4933
start_va = 0x1c70000
end_va = 0x1ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c70000"
filename = ""
Region:
id = 4934
start_va = 0x1da0000
end_va = 0x21a2fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001da0000"
filename = ""
Region:
id = 4935
start_va = 0x21b0000
end_va = 0x25affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021b0000"
filename = ""
Region:
id = 4936
start_va = 0x2610000
end_va = 0x268ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 4937
start_va = 0x2700000
end_va = 0x277ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 4938
start_va = 0x2790000
end_va = 0x280ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4939
start_va = 0x2860000
end_va = 0x28dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002860000"
filename = ""
Region:
id = 4940
start_va = 0x2960000
end_va = 0x29dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002960000"
filename = ""
Region:
id = 4941
start_va = 0x74cb0000
end_va = 0x74cb2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winmgmtr.dll"
filename = "\\Windows\\System32\\wbem\\WinMgmtR.dll" (normalized: "c:\\windows\\system32\\wbem\\winmgmtr.dll")
Region:
id = 4942
start_va = 0x76f90000
end_va = 0x77089fff
monitored = 0
entry_point = 0x76faa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 4943
start_va = 0x77090000
end_va = 0x771aefff
monitored = 0
entry_point = 0x770a5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 4944
start_va = 0x771b0000
end_va = 0x77358fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 4945
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 4946
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 4947
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 4948
start_va = 0xff4e0000
end_va = 0xff532fff
monitored = 0
entry_point = 0xff4f3310
region_type = mapped_file
name = "services.exe"
filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe")
Region:
id = 4949
start_va = 0xffa90000
end_va = 0xffa9afff
monitored = 0
entry_point = 0xffa9246c
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 4950
start_va = 0xfff40000
end_va = 0xfffa1fff
monitored = 0
entry_point = 0xfff508d8
region_type = mapped_file
name = "winlogon.exe"
filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe")
Region:
id = 4951
start_va = 0x7fef1060000
end_va = 0x7fef110dfff
monitored = 0
entry_point = 0x7fef1064104
region_type = mapped_file
name = "wuapi.dll"
filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")
Region:
id = 4952
start_va = 0x7fef1450000
end_va = 0x7fef1574fff
monitored = 0
entry_point = 0x7fef14a1570
region_type = mapped_file
name = "dbghelp.dll"
filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll")
Region:
id = 4953
start_va = 0x7fef20c0000
end_va = 0x7fef20dbfff
monitored = 0
entry_point = 0x7fef20c1060
region_type = mapped_file
name = "wscsvc.dll"
filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll")
Region:
id = 4954
start_va = 0x7fef30d0000
end_va = 0x7fef30e3fff
monitored = 0
entry_point = 0x7fef30d1070
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 4955
start_va = 0x7fef3290000
end_va = 0x7fef32b6fff
monitored = 0
entry_point = 0x7fef32911a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 4956
start_va = 0x7fef32c0000
end_va = 0x7fef33a1fff
monitored = 0
entry_point = 0x7fef32e3814
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 4957
start_va = 0x7fef38b0000
end_va = 0x7fef3935fff
monitored = 0
entry_point = 0x7fef38bffd0
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 4958
start_va = 0x7fef74a0000
end_va = 0x7fef74bafff
monitored = 0
entry_point = 0x7fef74a1198
region_type = mapped_file
name = "cabinet.dll"
filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")
Region:
id = 4959
start_va = 0x7fef7f80000
end_va = 0x7fef7fcefff
monitored = 0
entry_point = 0x7fef7f82760
region_type = mapped_file
name = "audioses.dll"
filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll")
Region:
id = 4960
start_va = 0x7fef8ab0000
end_va = 0x7fef8ac7fff
monitored = 0
entry_point = 0x7fef8ab1bf8
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 4961
start_va = 0x7fef8ad0000
end_va = 0x7fef8ae0fff
monitored = 0
entry_point = 0x7fef8ad16ac
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 4962
start_va = 0x7fef8b90000
end_va = 0x7fef8bcafff
monitored = 0
entry_point = 0x7fef8b94520
region_type = mapped_file
name = "dhcpcore6.dll"
filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll")
Region:
id = 4963
start_va = 0x7fef8bd0000
end_va = 0x7fef8c20fff
monitored = 0
entry_point = 0x7fef8bdf6c0
region_type = mapped_file
name = "dhcpcore.dll"
filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll")
Region:
id = 4964
start_va = 0x7fef8c40000
end_va = 0x7fef8c47fff
monitored = 0
entry_point = 0x7fef8c4284c
region_type = mapped_file
name = "nrpsrv.dll"
filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll")
Region:
id = 4965
start_va = 0x7fef8c50000
end_va = 0x7fef8c59fff
monitored = 0
entry_point = 0x7fef8c51adc
region_type = mapped_file
name = "lmhsvc.dll"
filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll")
Region:
id = 4966
start_va = 0x7fefabc0000
end_va = 0x7fefabcafff
monitored = 0
entry_point = 0x7fefabc1198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 4967
start_va = 0x7fefabd0000
end_va = 0x7fefabf6fff
monitored = 0
entry_point = 0x7fefabd98bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 4968
start_va = 0x7fefb090000
end_va = 0x7fefb098fff
monitored = 0
entry_point = 0x7fefb091010
region_type = mapped_file
name = "avrt.dll"
filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")
Region:
id = 4969
start_va = 0x7fefb0a0000
end_va = 0x7fefb0cbfff
monitored = 0
entry_point = 0x7fefb0a15c4
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 4970
start_va = 0x7fefb0d0000
end_va = 0x7fefb17bfff
monitored = 0
entry_point = 0x7fefb0e6acc
region_type = mapped_file
name = "audiosrv.dll"
filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll")
Region:
id = 4971
start_va = 0x7fefb180000
end_va = 0x7fefb1acfff
monitored = 0
entry_point = 0x7fefb181010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 4972
start_va = 0x7fefb3b0000
end_va = 0x7fefb3befff
monitored = 0
entry_point = 0x7fefb3b11d0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 4973
start_va = 0x7fefb640000
end_va = 0x7fefb68afff
monitored = 0
entry_point = 0x7fefb64efcc
region_type = mapped_file
name = "mmdevapi.dll"
filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")
Region:
id = 4974
start_va = 0x7fefbab0000
end_va = 0x7fefbbdbfff
monitored = 0
entry_point = 0x7fefbab94bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 4975
start_va = 0x7fefc120000
end_va = 0x7fefc2b5fff
monitored = 0
entry_point = 0x7fefc1278e4
region_type = mapped_file
name = "wevtsvc.dll"
filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll")
Region:
id = 4976
start_va = 0x7fefc2c0000
end_va = 0x7fefc2cbfff
monitored = 0
entry_point = 0x7fefc2c1064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 4977
start_va = 0x7fefc2d0000
end_va = 0x7fefc38afff
monitored = 0
entry_point = 0x7fefc2d6de0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 4978
start_va = 0x7fefc390000
end_va = 0x7fefc396fff
monitored = 0
entry_point = 0x7fefc3914b0
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 4979
start_va = 0x7fefc480000
end_va = 0x7fefc49afff
monitored = 0
entry_point = 0x7fefc482068
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 4980
start_va = 0x7fefc4a0000
end_va = 0x7fefc4bdfff
monitored = 0
entry_point = 0x7fefc4a13b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 4981
start_va = 0x7fefc5f0000
end_va = 0x7fefc5f9fff
monitored = 0
entry_point = 0x7fefc5f3cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 4982
start_va = 0x7fefc6f0000
end_va = 0x7fefc736fff
monitored = 0
entry_point = 0x7fefc6f1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 4983
start_va = 0x7fefc810000
end_va = 0x7fefc86afff
monitored = 0
entry_point = 0x7fefc816940
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 4984
start_va = 0x7fefc980000
end_va = 0x7fefc986fff
monitored = 0
entry_point = 0x7fefc98142c
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 4985
start_va = 0x7fefc990000
end_va = 0x7fefc9e4fff
monitored = 0
entry_point = 0x7fefc991054
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 4986
start_va = 0x7fefc9f0000
end_va = 0x7fefca07fff
monitored = 0
entry_point = 0x7fefc9f3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 4987
start_va = 0x7fefcc20000
end_va = 0x7fefcc8cfff
monitored = 0
entry_point = 0x7fefcc21010
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 4988
start_va = 0x7fefcf90000
end_va = 0x7fefcf9afff
monitored = 0
entry_point = 0x7fefcf91030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 4989
start_va = 0x7fefcfc0000
end_va = 0x7fefcfe4fff
monitored = 0
entry_point = 0x7fefcfc9658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 4990
start_va = 0x7fefcff0000
end_va = 0x7fefcffefff
monitored = 0
entry_point = 0x7fefcff1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 4991
start_va = 0x7fefd0a0000
end_va = 0x7fefd0dcfff
monitored = 0
entry_point = 0x7fefd0a18f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 4992
start_va = 0x7fefd0e0000
end_va = 0x7fefd0f3fff
monitored = 0
entry_point = 0x7fefd0e10e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 4993
start_va = 0x7fefd100000
end_va = 0x7fefd10efff
monitored = 0
entry_point = 0x7fefd1019b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 4994
start_va = 0x7fefd1a0000
end_va = 0x7fefd1aefff
monitored = 0
entry_point = 0x7fefd1a1020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 4995
start_va = 0x7fefd1b0000
end_va = 0x7fefd31cfff
monitored = 0
entry_point = 0x7fefd1b10b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 4996
start_va = 0x7fefd320000
end_va = 0x7fefd38afff
monitored = 0
entry_point = 0x7fefd3230e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 4997
start_va = 0x7fefd390000
end_va = 0x7fefd3c5fff
monitored = 0
entry_point = 0x7fefd391474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 4998
start_va = 0x7fefd470000
end_va = 0x7fefd489fff
monitored = 0
entry_point = 0x7fefd471558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 4999
start_va = 0x7fefd490000
end_va = 0x7fefd4cafff
monitored = 0
entry_point = 0x7fefd491324
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 5000
start_va = 0x7fefd4d0000
end_va = 0x7fefd5d8fff
monitored = 0
entry_point = 0x7fefd4d1064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 5001
start_va = 0x7fefd710000
end_va = 0x7fefd72efff
monitored = 0
entry_point = 0x7fefd7160e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 5002
start_va = 0x7fefd7b0000
end_va = 0x7fefd7ddfff
monitored = 0
entry_point = 0x7fefd7b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 5003
start_va = 0x7fefd880000
end_va = 0x7fefd9acfff
monitored = 0
entry_point = 0x7fefd8ced50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 5004
start_va = 0x7fefdb30000
end_va = 0x7fefdc06fff
monitored = 0
entry_point = 0x7fefdb33274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 5005
start_va = 0x7fefde70000
end_va = 0x7fefdf08fff
monitored = 0
entry_point = 0x7fefde71c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 5006
start_va = 0x7fefecc0000
end_va = 0x7fefed11fff
monitored = 0
entry_point = 0x7fefecc10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 5007
start_va = 0x7fefed20000
end_va = 0x7fefedbefff
monitored = 0
entry_point = 0x7fefed225a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 5008
start_va = 0x7fefedc0000
end_va = 0x7fefedcdfff
monitored = 0
entry_point = 0x7fefedc1080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 5009
start_va = 0x7fefedd0000
end_va = 0x7fefee36fff
monitored = 0
entry_point = 0x7fefeddb03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 5010
start_va = 0x7fefee40000
end_va = 0x7fefef08fff
monitored = 0
entry_point = 0x7fefeeba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 5011
start_va = 0x7fefef10000
end_va = 0x7fefef80fff
monitored = 0
entry_point = 0x7fefef21e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 5012
start_va = 0x7fefef90000
end_va = 0x7fefefdcfff
monitored = 0
entry_point = 0x7fefef91070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 5013
start_va = 0x7fefefe0000
end_va = 0x7feff1b6fff
monitored = 0
entry_point = 0x7fefefe1010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 5014
start_va = 0x7feff1c0000
end_va = 0x7feff3c2fff
monitored = 0
entry_point = 0x7feff1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 5015
start_va = 0x7feff3d0000
end_va = 0x7feff3d7fff
monitored = 0
entry_point = 0x7feff3d1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 5016
start_va = 0x7feff3e0000
end_va = 0x7feff4bafff
monitored = 0
entry_point = 0x7feff400760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 5017
start_va = 0x7feff4d0000
end_va = 0x7feff4d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 5018
start_va = 0x7fffff8e000
end_va = 0x7fffff8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8e000"
filename = ""
Region:
id = 5019
start_va = 0x7fffff90000
end_va = 0x7fffff91fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff90000"
filename = ""
Region:
id = 5020
start_va = 0x7fffff92000
end_va = 0x7fffff93fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff92000"
filename = ""
Region:
id = 5021
start_va = 0x7fffff94000
end_va = 0x7fffff95fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff94000"
filename = ""
Region:
id = 5022
start_va = 0x7fffff96000
end_va = 0x7fffff97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff96000"
filename = ""
Region:
id = 5023
start_va = 0x7fffff98000
end_va = 0x7fffff99fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff98000"
filename = ""
Region:
id = 5024
start_va = 0x7fffff9a000
end_va = 0x7fffff9bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9a000"
filename = ""
Region:
id = 5025
start_va = 0x7fffff9c000
end_va = 0x7fffff9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9c000"
filename = ""
Region:
id = 5026
start_va = 0x7fffff9e000
end_va = 0x7fffff9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9e000"
filename = ""
Region:
id = 5027
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 5028
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 5029
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 5030
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 5031
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 5032
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 5033
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 5034
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 5035
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 5036
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 5037
start_va = 0x7fffffd5000
end_va = 0x7fffffd6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 5038
start_va = 0x7fffffd7000
end_va = 0x7fffffd8fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 5039
start_va = 0x7fffffd9000
end_va = 0x7fffffdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd9000"
filename = ""
Region:
id = 5040
start_va = 0x7fffffdb000
end_va = 0x7fffffdcfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdb000"
filename = ""
Region:
id = 5041
start_va = 0x7fffffdd000
end_va = 0x7fffffdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdd000"
filename = ""
Region:
id = 5042
start_va = 0x7fffffdf000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdf000"
filename = ""
Region:
id = 5214
start_va = 0x840000
end_va = 0x840fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000840000"
filename = ""
Region:
id = 5215
start_va = 0x29e0000
end_va = 0x2adffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000029e0000"
filename = ""
Region:
id = 5216
start_va = 0x7fefb320000
end_va = 0x7fefb334fff
monitored = 0
entry_point = 0x7fefb321050
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 5217
start_va = 0x7fefb340000
end_va = 0x7fefb34bfff
monitored = 0
entry_point = 0x7fefb3418a4
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 5218
start_va = 0xffba0000
end_va = 0xffefefff
monitored = 0
entry_point = 0xffbec21c
region_type = mapped_file
name = "sppsvc.exe"
filename = "\\Windows\\System32\\sppsvc.exe" (normalized: "c:\\windows\\system32\\sppsvc.exe")
Region:
id = 5219
start_va = 0x850000
end_va = 0x851fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000850000"
filename = ""
Region:
id = 5220
start_va = 0xffba0000
end_va = 0xffefefff
monitored = 0
entry_point = 0xffbec21c
region_type = mapped_file
name = "sppsvc.exe"
filename = "\\Windows\\System32\\sppsvc.exe" (normalized: "c:\\windows\\system32\\sppsvc.exe")
Region:
id = 5221
start_va = 0xffba0000
end_va = 0xffefefff
monitored = 0
entry_point = 0xffbec21c
region_type = mapped_file
name = "sppsvc.exe"
filename = "\\Windows\\System32\\sppsvc.exe" (normalized: "c:\\windows\\system32\\sppsvc.exe")
Region:
id = 5385
start_va = 0x7fef1180000
end_va = 0x7fef13d2fff
monitored = 0
entry_point = 0x7fef118236c
region_type = mapped_file
name = "wuaueng.dll"
filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll")
Region:
id = 6444
start_va = 0x1680000
end_va = 0x16fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001680000"
filename = ""
Region:
id = 6445
start_va = 0x7fef0fd0000
end_va = 0x7fef0ff6fff
monitored = 0
entry_point = 0x7fef0feb69c
region_type = mapped_file
name = "loadperf.dll"
filename = "\\Windows\\System32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll")
Region:
id = 6461
start_va = 0x850000
end_va = 0x852fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000850000"
filename = ""
Region:
id = 6462
start_va = 0x18e0000
end_va = 0x195ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000018e0000"
filename = ""
Region:
id = 6463
start_va = 0x2ae0000
end_va = 0x32dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ae0000"
filename = ""
Region:
id = 6497
start_va = 0x27e0000
end_va = 0x285ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 6498
start_va = 0x7fef0b40000
end_va = 0x7fef0cbffff
monitored = 0
entry_point = 0x7fef0b780d0
region_type = mapped_file
name = "racengn.dll"
filename = "\\Windows\\System32\\RacEngn.dll" (normalized: "c:\\windows\\system32\\racengn.dll")
Region:
id = 6499
start_va = 0x7fffff98000
end_va = 0x7fffff99fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff98000"
filename = ""
Thread:
id = 327
os_tid = 0x1cc
Thread:
id = 328
os_tid = 0x51c
Thread:
id = 329
os_tid = 0x118
Thread:
id = 330
os_tid = 0x588
Thread:
id = 331
os_tid = 0x5d0
Thread:
id = 332
os_tid = 0x3c8
Thread:
id = 333
os_tid = 0x6a8
Thread:
id = 334
os_tid = 0x620
Thread:
id = 335
os_tid = 0x61c
Thread:
id = 336
os_tid = 0x618
Thread:
id = 337
os_tid = 0x540
Thread:
id = 338
os_tid = 0x458
Thread:
id = 339
os_tid = 0x440
Thread:
id = 340
os_tid = 0x43c
Thread:
id = 341
os_tid = 0x41c
Thread:
id = 342
os_tid = 0x180
Thread:
id = 343
os_tid = 0x3b4
Thread:
id = 344
os_tid = 0x3ac
Thread:
id = 345
os_tid = 0x39c
Thread:
id = 346
os_tid = 0x2f4
Thread:
id = 347
os_tid = 0x2f0
Thread:
id = 348
os_tid = 0x2cc
Thread:
id = 349
os_tid = 0x2c4
Thread:
id = 375
os_tid = 0x13c
Thread:
id = 406
os_tid = 0x59c
Thread:
id = 410
os_tid = 0x244
Thread:
id = 411
os_tid = 0x728
Process:
id = "19"
image_name = "wmiadap.exe"
filename = "c:\\windows\\system32\\wbem\\wmiadap.exe"
page_root = "0x62d22000"
os_pid = "0x76c"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "child_process"
parent_id = "11"
os_parent_pid = "0x364"
cmd_line = "wmiadap.exe /F /T /R"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000cfa4" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 6154
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 6155
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 6156
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 6157
start_va = 0xb0000
end_va = 0x12ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000b0000"
filename = ""
Region:
id = 6158
start_va = 0x771b0000
end_va = 0x77358fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 6159
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 6160
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 6161
start_va = 0xff190000
end_va = 0xff1bffff
monitored = 0
entry_point = 0xff1aa050
region_type = mapped_file
name = "wmiadap.exe"
filename = "\\Windows\\System32\\wbem\\WMIADAP.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiadap.exe")
Region:
id = 6162
start_va = 0x7feff4d0000
end_va = 0x7feff4d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 6163
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 6164
start_va = 0x7fffffdd000
end_va = 0x7fffffdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdd000"
filename = ""
Region:
id = 6165
start_va = 0x7fffffdf000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdf000"
filename = ""
Region:
id = 6166
start_va = 0x200000
end_va = 0x2fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 6167
start_va = 0x77090000
end_va = 0x771aefff
monitored = 0
entry_point = 0x770a5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 6168
start_va = 0x7fefd320000
end_va = 0x7fefd38afff
monitored = 0
entry_point = 0x7fefd3230e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 6169
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 6170
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 6171
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 6172
start_va = 0x130000
end_va = 0x196fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 6173
start_va = 0x7feff3e0000
end_va = 0x7feff4bafff
monitored = 0
entry_point = 0x7feff400760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 6174
start_va = 0x7fefed20000
end_va = 0x7fefedbefff
monitored = 0
entry_point = 0x7fefed225a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 6175
start_va = 0x7fefd710000
end_va = 0x7fefd72efff
monitored = 0
entry_point = 0x7fefd7160e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 6176
start_va = 0x7fefd880000
end_va = 0x7fefd9acfff
monitored = 0
entry_point = 0x7fefd8ced50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 6177
start_va = 0x76f90000
end_va = 0x77089fff
monitored = 0
entry_point = 0x76faa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 6178
start_va = 0x7fefedd0000
end_va = 0x7fefee36fff
monitored = 0
entry_point = 0x7fefeddb03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 6179
start_va = 0x7fefedc0000
end_va = 0x7fefedcdfff
monitored = 0
entry_point = 0x7fefedc1080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 6180
start_va = 0x7fefee40000
end_va = 0x7fefef08fff
monitored = 0
entry_point = 0x7fefeeba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 6181
start_va = 0x7fef38b0000
end_va = 0x7fef3935fff
monitored = 0
entry_point = 0x7fef38bffd0
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 6182
start_va = 0x7fefdb30000
end_va = 0x7fefdc06fff
monitored = 0
entry_point = 0x7fefdb33274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 6183
start_va = 0x7feff1c0000
end_va = 0x7feff3c2fff
monitored = 0
entry_point = 0x7feff1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 6184
start_va = 0x7fefef90000
end_va = 0x7fefefdcfff
monitored = 0
entry_point = 0x7fefef91070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 6185
start_va = 0x7feff3d0000
end_va = 0x7feff3d7fff
monitored = 0
entry_point = 0x7feff3d1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 6186
start_va = 0x7fef0fd0000
end_va = 0x7fef0ff6fff
monitored = 0
entry_point = 0x7fef0feb69c
region_type = mapped_file
name = "loadperf.dll"
filename = "\\Windows\\System32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll")
Region:
id = 6187
start_va = 0x300000
end_va = 0x37ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000300000"
filename = ""
Region:
id = 6188
start_va = 0x380000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 6189
start_va = 0x480000
end_va = 0x607fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 6190
start_va = 0x50000
end_va = 0x78fff
monitored = 0
entry_point = 0x51010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 6191
start_va = 0x50000
end_va = 0x78fff
monitored = 0
entry_point = 0x51010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 6192
start_va = 0x7fefd7b0000
end_va = 0x7fefd7ddfff
monitored = 0
entry_point = 0x7fefd7b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 6193
start_va = 0x7fefd4d0000
end_va = 0x7fefd5d8fff
monitored = 0
entry_point = 0x7fefd4d1064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 6194
start_va = 0x610000
end_va = 0x790fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000610000"
filename = ""
Region:
id = 6195
start_va = 0x7a0000
end_va = 0x85ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007a0000"
filename = ""
Region:
id = 6196
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 6197
start_va = 0x50000
end_va = 0x50fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 6198
start_va = 0x860000
end_va = 0x98ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 6199
start_va = 0xa50000
end_va = 0xacffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a50000"
filename = ""
Region:
id = 6200
start_va = 0x7fffffdb000
end_va = 0x7fffffdcfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdb000"
filename = ""
Region:
id = 6201
start_va = 0x860000
end_va = 0x8dcfff
monitored = 0
entry_point = 0x86cec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 6202
start_va = 0x910000
end_va = 0x98ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000910000"
filename = ""
Region:
id = 6203
start_va = 0x860000
end_va = 0x8dcfff
monitored = 0
entry_point = 0x86cec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 6204
start_va = 0x7fefcff0000
end_va = 0x7fefcffefff
monitored = 0
entry_point = 0x7fefcff1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 6205
start_va = 0x880000
end_va = 0x8fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000880000"
filename = ""
Region:
id = 6206
start_va = 0x7fffffd9000
end_va = 0x7fffffdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd9000"
filename = ""
Region:
id = 6207
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 6208
start_va = 0x7fefde70000
end_va = 0x7fefdf08fff
monitored = 0
entry_point = 0x7fefde71c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 6209
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 6210
start_va = 0x7fefb3b0000
end_va = 0x7fefb3befff
monitored = 0
entry_point = 0x7fefb3b11d0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 6211
start_va = 0xc20000
end_va = 0xc9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c20000"
filename = ""
Region:
id = 6212
start_va = 0x7fefc9f0000
end_va = 0x7fefca07fff
monitored = 0
entry_point = 0x7fefc9f3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 6213
start_va = 0x7fffffd7000
end_va = 0x7fffffd8fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 6214
start_va = 0x1a0000
end_va = 0x1e4fff
monitored = 0
entry_point = 0x1a1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 6215
start_va = 0x1a0000
end_va = 0x1e4fff
monitored = 0
entry_point = 0x1a1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 6216
start_va = 0x1a0000
end_va = 0x1e4fff
monitored = 0
entry_point = 0x1a1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 6217
start_va = 0x1a0000
end_va = 0x1e4fff
monitored = 0
entry_point = 0x1a1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 6218
start_va = 0x1a0000
end_va = 0x1e4fff
monitored = 0
entry_point = 0x1a1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 6219
start_va = 0x7fefc6f0000
end_va = 0x7fefc736fff
monitored = 0
entry_point = 0x7fefc6f1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 6220
start_va = 0xca0000
end_va = 0xf6efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 6221
start_va = 0x7fefd0e0000
end_va = 0x7fefd0f3fff
monitored = 0
entry_point = 0x7fefd0e10e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 6222
start_va = 0x990000
end_va = 0xa0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000990000"
filename = ""
Region:
id = 6223
start_va = 0x7fffffd5000
end_va = 0x7fffffd6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 6224
start_va = 0xb10000
end_va = 0xb8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 6225
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 6226
start_va = 0x7fef30d0000
end_va = 0x7fef30e3fff
monitored = 0
entry_point = 0x7fef30d1070
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 6227
start_va = 0x7fef32c0000
end_va = 0x7fef33a1fff
monitored = 0
entry_point = 0x7fef32e3814
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 6228
start_va = 0x7fef3290000
end_va = 0x7fef32b6fff
monitored = 0
entry_point = 0x7fef32911a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 6241
start_va = 0x77380000
end_va = 0x77386fff
monitored = 0
entry_point = 0x7738106c
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 6413
start_va = 0x80000
end_va = 0x81fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 6414
start_va = 0x80000
end_va = 0x83fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 6424
start_va = 0x7fefb180000
end_va = 0x7fefb1acfff
monitored = 0
entry_point = 0x7fefb181010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 6425
start_va = 0x7fefecc0000
end_va = 0x7fefed11fff
monitored = 0
entry_point = 0x7fefecc10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 6426
start_va = 0xf70000
end_va = 0x106ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f70000"
filename = ""
Region:
id = 6427
start_va = 0x1070000
end_va = 0x1219fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 6428
start_va = 0x1220000
end_va = 0x13c9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001220000"
filename = ""
Region:
id = 6429
start_va = 0x1070000
end_va = 0x1176fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 6430
start_va = 0x1070000
end_va = 0x1176fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 6431
start_va = 0x1070000
end_va = 0x1176fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 6432
start_va = 0x1070000
end_va = 0x1176fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 6433
start_va = 0x1070000
end_va = 0x1176fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 6434
start_va = 0x1070000
end_va = 0x1176fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 6435
start_va = 0x1070000
end_va = 0x1176fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 6436
start_va = 0x1070000
end_va = 0x1176fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 6437
start_va = 0x1070000
end_va = 0x1176fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 6438
start_va = 0x1070000
end_va = 0x1176fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 6439
start_va = 0x1070000
end_va = 0x1176fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 6440
start_va = 0x1070000
end_va = 0x1176fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 6441
start_va = 0x1070000
end_va = 0x126ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 6442
start_va = 0x1270000
end_va = 0x1376fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001270000"
filename = ""
Region:
id = 6443
start_va = 0x1270000
end_va = 0x1376fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001270000"
filename = ""
Thread:
id = 379
os_tid = 0x310
Thread:
id = 380
os_tid = 0x33c
Thread:
id = 381
os_tid = 0x4a8
Thread:
id = 382
os_tid = 0x75c
Thread:
id = 383
os_tid = 0x548
Thread:
id = 384
os_tid = 0x7f0
Process:
id = "20"
image_name = "wmiprvse.exe"
filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
page_root = "0x6377b000"
os_pid = "0x518"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "child_process"
parent_id = "12"
os_parent_pid = "0x248"
cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000cfa4" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 6261
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 6262
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 6263
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 6264
start_va = 0x1b0000
end_va = 0x22ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 6265
start_va = 0x771b0000
end_va = 0x77358fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 6266
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 6267
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 6268
start_va = 0xffee0000
end_va = 0xfff3efff
monitored = 0
entry_point = 0xffeea9b4
region_type = mapped_file
name = "wmiprvse.exe"
filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")
Region:
id = 6269
start_va = 0x7feff4d0000
end_va = 0x7feff4d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 6270
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 6271
start_va = 0x7fffffd3000
end_va = 0x7fffffd3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 6272
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 6273
start_va = 0x3e0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 6274
start_va = 0x77090000
end_va = 0x771aefff
monitored = 0
entry_point = 0x770a5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 6275
start_va = 0x7fefd320000
end_va = 0x7fefd38afff
monitored = 0
entry_point = 0x7fefd3230e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 6276
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 6277
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 6278
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 6279
start_va = 0x50000
end_va = 0xb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 6280
start_va = 0x7feff3e0000
end_va = 0x7feff4bafff
monitored = 0
entry_point = 0x7feff400760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 6281
start_va = 0x7fefed20000
end_va = 0x7fefedbefff
monitored = 0
entry_point = 0x7fefed225a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 6282
start_va = 0x7fefd710000
end_va = 0x7fefd72efff
monitored = 0
entry_point = 0x7fefd7160e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 6283
start_va = 0x7fefd880000
end_va = 0x7fefd9acfff
monitored = 0
entry_point = 0x7fefd8ced50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 6284
start_va = 0x76f90000
end_va = 0x77089fff
monitored = 0
entry_point = 0x76faa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 6285
start_va = 0x7fefedd0000
end_va = 0x7fefee36fff
monitored = 0
entry_point = 0x7fefeddb03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 6286
start_va = 0x7fefedc0000
end_va = 0x7fefedcdfff
monitored = 0
entry_point = 0x7fefedc1080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 6287
start_va = 0x7fefee40000
end_va = 0x7fefef08fff
monitored = 0
entry_point = 0x7fefeeba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 6288
start_va = 0x7fef38b0000
end_va = 0x7fef3935fff
monitored = 0
entry_point = 0x7fef38bffd0
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 6289
start_va = 0x7fefdb30000
end_va = 0x7fefdc06fff
monitored = 0
entry_point = 0x7fefdb33274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 6290
start_va = 0x7feff1c0000
end_va = 0x7feff3c2fff
monitored = 0
entry_point = 0x7feff1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 6291
start_va = 0x7fefef90000
end_va = 0x7fefefdcfff
monitored = 0
entry_point = 0x7fefef91070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 6292
start_va = 0x7feff3d0000
end_va = 0x7feff3d7fff
monitored = 0
entry_point = 0x7feff3d1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 6293
start_va = 0x7fef32c0000
end_va = 0x7fef33a1fff
monitored = 0
entry_point = 0x7fef32e3814
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 6294
start_va = 0x7fef3290000
end_va = 0x7fef32b6fff
monitored = 0
entry_point = 0x7fef32911a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 6295
start_va = 0x7fef2e10000
end_va = 0x7fef2e25fff
monitored = 0
entry_point = 0x7fef2e11070
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 6296
start_va = 0xc0000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 6297
start_va = 0x230000
end_va = 0x32ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000230000"
filename = ""
Region:
id = 6298
start_va = 0xc0000
end_va = 0xe8fff
monitored = 0
entry_point = 0xc1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 6299
start_va = 0x180000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 6300
start_va = 0x4e0000
end_va = 0x667fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004e0000"
filename = ""
Region:
id = 6301
start_va = 0xc0000
end_va = 0xe8fff
monitored = 0
entry_point = 0xc1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 6302
start_va = 0x7fefd7b0000
end_va = 0x7fefd7ddfff
monitored = 0
entry_point = 0x7fefd7b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 6303
start_va = 0x7fefd4d0000
end_va = 0x7fefd5d8fff
monitored = 0
entry_point = 0x7fefd4d1064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 6304
start_va = 0xc0000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 6305
start_va = 0x670000
end_va = 0x7f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000670000"
filename = ""
Region:
id = 6306
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 6307
start_va = 0x190000
end_va = 0x190fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 6308
start_va = 0x330000
end_va = 0x3affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000330000"
filename = ""
Region:
id = 6309
start_va = 0x800000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 6310
start_va = 0x930000
end_va = 0xa2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 6311
start_va = 0xa30000
end_va = 0xcfefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 6312
start_va = 0x1a0000
end_va = 0x1a4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 6313
start_va = 0x800000
end_va = 0x87cfff
monitored = 0
entry_point = 0x80cec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 6314
start_va = 0x8b0000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008b0000"
filename = ""
Region:
id = 6315
start_va = 0x800000
end_va = 0x87cfff
monitored = 0
entry_point = 0x80cec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 6316
start_va = 0x7fefcff0000
end_va = 0x7fefcffefff
monitored = 0
entry_point = 0x7fefcff1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 6317
start_va = 0x7fefb180000
end_va = 0x7fefb1acfff
monitored = 0
entry_point = 0x7fefb181010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 6318
start_va = 0x7fefecc0000
end_va = 0x7fefed11fff
monitored = 0
entry_point = 0x7fefecc10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 6319
start_va = 0xd40000
end_va = 0xdbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d40000"
filename = ""
Region:
id = 6320
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 6321
start_va = 0x3b0000
end_va = 0x3b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003b0000"
filename = ""
Region:
id = 6322
start_va = 0xe80000
end_va = 0xefffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e80000"
filename = ""
Region:
id = 6323
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 6324
start_va = 0x3c0000
end_va = 0x3c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003c0000"
filename = ""
Region:
id = 6325
start_va = 0x7fefde70000
end_va = 0x7fefdf08fff
monitored = 0
entry_point = 0x7fefde71c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 6326
start_va = 0x3d0000
end_va = 0x3d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003d0000"
filename = ""
Region:
id = 6327
start_va = 0x7fefb3b0000
end_va = 0x7fefb3befff
monitored = 0
entry_point = 0x7fefb3b11d0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 6328
start_va = 0xf70000
end_va = 0xfeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f70000"
filename = ""
Region:
id = 6329
start_va = 0x7fefc9f0000
end_va = 0x7fefca07fff
monitored = 0
entry_point = 0x7fefc9f3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 6330
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 6331
start_va = 0x800000
end_va = 0x844fff
monitored = 0
entry_point = 0x801064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 6332
start_va = 0x800000
end_va = 0x844fff
monitored = 0
entry_point = 0x801064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 6333
start_va = 0x800000
end_va = 0x844fff
monitored = 0
entry_point = 0x801064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 6334
start_va = 0x800000
end_va = 0x844fff
monitored = 0
entry_point = 0x801064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 6335
start_va = 0x800000
end_va = 0x844fff
monitored = 0
entry_point = 0x801064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 6336
start_va = 0x7fefc6f0000
end_va = 0x7fefc736fff
monitored = 0
entry_point = 0x7fefc6f1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 6337
start_va = 0x7fefd0e0000
end_va = 0x7fefd0f3fff
monitored = 0
entry_point = 0x7fefd0e10e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 6338
start_va = 0x1100000
end_va = 0x117ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001100000"
filename = ""
Region:
id = 6339
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 6340
start_va = 0x1190000
end_va = 0x120ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001190000"
filename = ""
Region:
id = 6341
start_va = 0x7fffffd4000
end_va = 0x7fffffd5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Region:
id = 6342
start_va = 0x7fef30d0000
end_va = 0x7fef30e3fff
monitored = 0
entry_point = 0x7fef30d1070
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 6343
start_va = 0x12c0000
end_va = 0x133ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000012c0000"
filename = ""
Region:
id = 6344
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 6345
start_va = 0x7fef2f90000
end_va = 0x7fef2fb5fff
monitored = 0
entry_point = 0x7fef2f97948
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 6350
start_va = 0x7fef13e0000
end_va = 0x7fef141bfff
monitored = 0
entry_point = 0x7fef1405aa8
region_type = mapped_file
name = "wmiprov.dll"
filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll")
Region:
id = 6351
start_va = 0x13b0000
end_va = 0x142ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013b0000"
filename = ""
Region:
id = 6352
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 6355
start_va = 0xff0000
end_va = 0x10c6fff
monitored = 0
entry_point = 0x1010760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 6356
start_va = 0x800000
end_va = 0x851fff
monitored = 0
entry_point = 0x84fc30
region_type = mapped_file
name = "acpi.sys"
filename = "\\Windows\\System32\\drivers\\acpi.sys" (normalized: "c:\\windows\\system32\\drivers\\acpi.sys")
Region:
id = 6357
start_va = 0xff0000
end_va = 0x10d8fff
monitored = 0
entry_point = 0x10c906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 6358
start_va = 0x800000
end_va = 0x807fff
monitored = 0
entry_point = 0x808288
region_type = mapped_file
name = "mssmbios.sys"
filename = "\\Windows\\System32\\drivers\\mssmbios.sys" (normalized: "c:\\windows\\system32\\drivers\\mssmbios.sys")
Region:
id = 6359
start_va = 0x800000
end_va = 0x81dfff
monitored = 0
entry_point = 0x811e08
region_type = mapped_file
name = "hdaudbus.sys"
filename = "\\Windows\\System32\\drivers\\hdaudbus.sys" (normalized: "c:\\windows\\system32\\drivers\\hdaudbus.sys")
Region:
id = 6360
start_va = 0x800000
end_va = 0x80ffff
monitored = 0
entry_point = 0x8013d4
region_type = mapped_file
name = "intelppm.sys"
filename = "\\Windows\\System32\\drivers\\intelppm.sys" (normalized: "c:\\windows\\system32\\drivers\\intelppm.sys")
Region:
id = 6361
start_va = 0x800000
end_va = 0x838fff
monitored = 0
entry_point = 0x839070
region_type = mapped_file
name = "portcls.sys"
filename = "\\Windows\\System32\\drivers\\portcls.sys" (normalized: "c:\\windows\\system32\\drivers\\portcls.sys")
Region:
id = 6362
start_va = 0x800000
end_va = 0x807fff
monitored = 0
entry_point = 0x801e54
region_type = mapped_file
name = "monitor.sys"
filename = "\\Windows\\System32\\drivers\\monitor.sys" (normalized: "c:\\windows\\system32\\drivers\\monitor.sys")
Region:
id = 6373
start_va = 0xff0000
end_va = 0x10d8fff
monitored = 0
entry_point = 0x10c906c
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 6376
start_va = 0x800000
end_va = 0x808fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 6395
start_va = 0x800000
end_va = 0x807fff
monitored = 0
entry_point = 0x801e54
region_type = mapped_file
name = "monitor.sys"
filename = "\\Windows\\System32\\drivers\\monitor.sys" (normalized: "c:\\windows\\system32\\drivers\\monitor.sys")
Region:
id = 6476
start_va = 0x1030000
end_va = 0x10affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001030000"
filename = ""
Thread:
id = 390
os_tid = 0x4a0
Thread:
id = 391
os_tid = 0x29c
Thread:
id = 392
os_tid = 0x7e8
Thread:
id = 393
os_tid = 0x7f8
Thread:
id = 394
os_tid = 0x578
Thread:
id = 395
os_tid = 0x4b0
Thread:
id = 396
os_tid = 0x118
Thread:
id = 397
os_tid = 0x480
Thread:
id = 415
os_tid = 0x388